[stable 1.94] Update tar to 0.4.45#16769
Merged
epage merged 13 commits intorust-lang:rust-1.94.0from Mar 20, 2026
Merged
Conversation
### What does this PR try to resolve? Blocks a compiler change, see [#t-cargo > &rust-lang#96;replace::use_a_spec_to_select&rust-lang#96; test failure @ 💬](https://rust-lang.zulipchat.com/#narrow/channel/246057-t-cargo/topic/.60replace.3A.3Ause_a_spec_to_select.60.20test.20failure/near/577341461) ### How to test and review this PR?
### What does this PR try to resolve? Fixes rust-lang#16704 ### How to test and review this PR?
…16714) ### What does this PR try to resolve? rust-lang/rust#152164 added a warn-by-default `unused_features` lint. Cargo injects `#![feature(frontmatter)]` for all embedded scripts, but scripts without frontmatter syntax never trigger feature gate check, and causes causing the lint warning. Given the stabilization FCP of frontmatter [is complete](rust-lang/rust#148051 (comment)) already, we could expect it will soon be stabilized (?). It should be fine we suppress this new unstable lint. ### How to test and review this PR? Test suite passes. See <rust-lang#16713 (comment)> for more.
I do not want to backport the unstable JSON spec support to 1.94, and these tests do not pass CI on the latest nightly.
### What does this PR try to resolve? Unblocking CI. Maybe other work is needed for submodule sync but resolving that doesn't have to block fixing CI. ### How to test and review this PR?
This updates cargo-semver-checks so that it can work correctly in CI because 0.45.0 doesn't seem to support Rust 1.94.
### What does this PR try to resolve? Fixes the docs CI jobs that are currently failing since Rust 1.93 was released Example failed job: https://github.com/rust-lang/cargo/actions/runs/21252805301/job/61158769843?pr=16542 ### How to test and review this PR? See the CI jobs status r? @weihanglo
This particular test was failing occasionally because the order of the output is not deterministic. Sometimes `test` would run first, and sometimes `rustc-std-workspace-std` would run first. This is because they start in parallel, and it is a race which one prints first. The exact output here isn't particularly interesting. I would prefer to not check the particular structure of the standard library, so this just elides all the output.
We've been seeing occasional failures on CI with these tests timing out. I'm guessing that the runners are too overloaded and are unable to complete the test within 1 second. This bumps up the timeout to 10s to see if that will resolve the problem.
The schema seems to have changed and this is no longer working.
This adds a test for a registry package where it has a symlink and a directory with the same name. The `tar` crate is incorrectly changing the permissions of the destination of the symlink (which can be anywhere on the filesystem).
This updates tar to 0.4.45 to fix CVE-2026-33055 and CVE-2026-33056.
rustbot
added
A-build-execution
Collaborator
|
r? @epage rustbot has assigned @epage. Use Why was this reviewer chosen?The reviewer was selected based on:
|
rustbot
added
A-infrastructure
Collaborator
|
epage
reviewed
Mar 20, 2026
| cargo-platform = { path = "crates/cargo-platform", version = "0.3.0" } | ||
| cargo-test-macro = { version = "0.4.9", path = "crates/cargo-test-macro" } | ||
| cargo-test-support = { version = "0.10.0", path = "crates/cargo-test-support" } | ||
| cargo-test-support = { version = "0.11.0", path = "crates/cargo-test-support" } |
Contributor
There was a problem hiding this comment.
This is safe across the different branches?
Contributor
Author
There was a problem hiding this comment.
I believe so. The only other differences on the beta branch are:
diff -r crates/cargo-test-support/Cargo.toml /Users/eric/Proj/rust/cargo2/crates/cargo-test-support/Cargo.toml
5c5
< rust-version = "1.92" # MSRV:1
---
> rust-version = "1.93" # MSRV:1
7d6
< homepage.workspace = truewhich I think should be fine to ignore.
What will happen is that when the stable patch release is made, 0.11.0 will get published. Since there are no differences that really matter, when 1.95 is published, it will just skip cargo-test-support. That should be fine since there are no semver incompatibilities.
Contributor
There was a problem hiding this comment.
The bump version script will fail but that isn't blocking at this time
epage
approved these changes
Mar 20, 2026
rustbot
removed
the
S-waiting-on-review
ehuss
added a commit
to ehuss/cargo
that referenced
this pull request
Mar 21, 2026
The stable branch bumped cargo-test-support to 0.11.0 in rust-lang#16769. Because there are some minor differences shown below, the bump-check is failing on the beta branch. I've updated the patch version since this is a relatively inconsequential change. ```diff diff -r crates/cargo-test-support/Cargo.toml /Users/eric/Proj/rust/cargo2/crates/cargo-test-support/Cargo.toml 5c5 < rust-version = "1.92" # MSRV:1 --- > rust-version = "1.93" # MSRV:1 7d6 < homepage.workspace = true ``` This is already on master via rust-lang#16710. I'm not sure if this will require also bumping master to 0.11.2, but I will look at that later.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This updates tar to 0.4.45 to fix CVE-2026-33055 and CVE-2026-33056.
This also includes backports to get CI passing:
unused_featureslint for embedded #16714 -- fix(script): surpressunused_featureslint for embedded (fix(script): surpressunused_featureslint for embedded #16714)--remap-path-scopestabilized in 1.95-nightly #16536 -- fix:--remap-path-scopestabilized in 1.95-nightlyAnd includes the additional commits: