Skip to content

Bump tempfile from 3.24.0 to 3.27.0#3133

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/tempfile-3.27.0
Open

Bump tempfile from 3.24.0 to 3.27.0#3133
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/tempfile-3.27.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026

Copy link
Copy Markdown
Contributor

Bumps tempfile from 3.24.0 to 3.27.0.

Changelog

Sourced from tempfile's changelog.

3.27.0

This release adds TempPath::try_from_path and deprecates TempPath::from_path.

Prior to this release, TempPath::from_path made no attempts to convert relative paths into absolute paths. The following code would have deleted the wrong file:

let tmp_path = TempPath::from_path("foo")
std::env::set_current_dir("/some/other/path").unwrap();
drop(tmp_path);

Now:

  1. TempPath::from_path will attempt to convert relative paths into absolute paths. However, this isn't always possible as we need to call std::env::current_dir, which can fail. If we fail to convert the relative path to an absolute path, we simply keep the relative path.
  2. The TempPath::try_from_path behaves exactly like TempPath::from_path, except that it returns an error if we fail to convert a relative path into an absolute path (or if the passed path is empty).

Neither function attempt to verify the existence of the file in question.

Thanks to @​meng-xu-cs for reporting this issue.

3.26.0

3.25.0

  • Allow getrandom 0.4.x while retaining support for getrandom 0.3.x.
Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/tempfile-3.27.0 branch from a72399f to 136b2b9 Compare March 31, 2026 13:11
@socket-security

socket-security Bot commented Mar 31, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcargo/​tempfile@​3.24.0 ⏵ 3.27.098 -110093100100

View full report

@dependabot dependabot Bot force-pushed the dependabot/cargo/tempfile-3.27.0 branch from 136b2b9 to df8c2af Compare March 31, 2026 13:49
@dependabot dependabot Bot force-pushed the dependabot/cargo/tempfile-3.27.0 branch from df8c2af to b7269c4 Compare April 10, 2026 08:34
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.24.0 to 3.27.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.24.0...v3.27.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-version: 3.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/tempfile-3.27.0 branch from b7269c4 to b600acd Compare April 13, 2026 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants