From a883a5d6d8865665c6cc54d13db9786292b29c01 Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Tue, 2 Jun 2026 22:25:37 +0000 Subject: [PATCH 1/2] Upgrade shlex to version 2 The cc crate already upgraded to shlex 2.x. Bumping our dependency avoids having both shlex 1.x and 2.x in the lock file. This also pulls in the soundness fix in comex/rust-shlex#26, which this project was not affected by. --- Cargo.lock | 14 ++++++++++---- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a66dc93ab9..0df201ffe5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -88,7 +88,7 @@ dependencies = [ "quote", "regex", "rustc-hash", - "shlex", + "shlex 2.0.1", "syn", ] @@ -100,7 +100,7 @@ dependencies = [ "env_logger 0.10.2", "log", "proc-macro2", - "shlex", + "shlex 2.0.1", ] [[package]] @@ -120,7 +120,7 @@ dependencies = [ "prettyplease", "proc-macro2", "regex", - "shlex", + "shlex 2.0.1", "similar", "syn", "tempfile", @@ -144,7 +144,7 @@ version = "1.2.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c1599538de2394445747c8cf7935946e3cc27e9625f889d979bfb2aaf569362" dependencies = [ - "shlex", + "shlex 1.3.0", ] [[package]] @@ -558,6 +558,12 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +[[package]] +name = "shlex" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8fadd59c855ef2080decdef8ff161eb6661b86933c9d82e5ba29dc602a55aba" + [[package]] name = "similar" version = "2.7.0" diff --git a/Cargo.toml b/Cargo.toml index bec0559923..6ab91199c3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,7 +42,7 @@ quickcheck = "1.0" quote = { version = "1", default-features = false } regex = { version = "1.5.3", default-features = false } rustc-hash = "2.1.0" -shlex = "1" +shlex = "2" similar = "2.2.1" syn = "2.0" tempfile = "3.27.0" From 6e55cc9f915688b709e18ff02b415493e8b5b58f Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Wed, 3 Jun 2026 15:11:25 +0000 Subject: [PATCH 2/2] Bump cc to the latest version --- Cargo.lock | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0df201ffe5..05eaf1cd9f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -88,7 +88,7 @@ dependencies = [ "quote", "regex", "rustc-hash", - "shlex 2.0.1", + "shlex", "syn", ] @@ -100,7 +100,7 @@ dependencies = [ "env_logger 0.10.2", "log", "proc-macro2", - "shlex 2.0.1", + "shlex", ] [[package]] @@ -120,7 +120,7 @@ dependencies = [ "prettyplease", "proc-macro2", "regex", - "shlex 2.0.1", + "shlex", "similar", "syn", "tempfile", @@ -140,11 +140,12 @@ checksum = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a" [[package]] name = "cc" -version = "1.2.29" +version = "1.2.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c1599538de2394445747c8cf7935946e3cc27e9625f889d979bfb2aaf569362" +checksum = "556e016178bb5662a08681bbe0f00f8e17631781a4dfc8c45e466e4b185ec27f" dependencies = [ - "shlex 1.3.0", + "find-msvc-tools", + "shlex", ] [[package]] @@ -273,6 +274,12 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + [[package]] name = "getrandom" version = "0.2.16" @@ -552,12 +559,6 @@ dependencies = [ "windows-sys", ] -[[package]] -name = "shlex" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" - [[package]] name = "shlex" version = "2.0.1"