chore(deps): update rust crate regex to v1 [security] #12378
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
⚠ Artifact update problemRenovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: Cargo.lockFile name: Cargo.lock |
|
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @epage (or someone else) soon. Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (
|
rustbot
added
the
S-waiting-on-review
weihanglo
reviewed
Jul 19, 2023
epage
added a commit
to epage/cargo
that referenced
this pull request
Jul 19, 2023
Inspired by rust-lang#12378 There is a preset for ignores but I feel like we'd more likely want to be able to easily see whats actuazlly ignored.
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 1.x releases. But if you manually upgrade to 1.x then Renovate will re-enable If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
bors
added a commit
that referenced
this pull request
Jul 19, 2023
chore: Don't update test data Inspired by #12378 There is a preset for ignores but I feel like we'd more likely want to be able to easily see whats actuazlly ignored.
bors
added a commit
that referenced
this pull request
Jul 19, 2023
chore: Don't update test data Inspired by #12378 There is a preset for ignores but I feel like we'd more likely want to be able to easily see whats actuazlly ignored.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.1.1->1.5.5⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
GitHub Vulnerability Alerts
CVE-2022-24713
The Rust Security Response WG was notified that the
regexcrate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the
regexcrate is used to parse untrusted regexes. Other uses of theregexcrate are not affected by this vulnerability.Overview
The
regexcrate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.
Affected versions
All versions of the
regexcrate before or equal to 1.5.4 are affected by this issue. The fix is include starting fromregex1.5.5.Mitigations
We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the
regexcrate.Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.
Acknowledgements
We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.
We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.
Release Notes
rust-lang/regex (regex)
v1.5.5Compare Source
==================
This releases fixes a security bug in the regex compiler. This bug permits a
vector for a denial-of-service attack in cases where the regex being compiled
is untrusted. There are no known problems where the regex is itself trusted,
including in cases of untrusted haystacks.
Fixes a bug in the regex compiler where empty sub-expressions subverted the
existing mitigations in place to enforce a size limit on compiled regexes.
The Rust Security Response WG published an advisory about this:
https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw
v1.5.4Compare Source
==================
This release fixes another compilation failure when building regex. This time,
the fix is for when the
patternfeature is enabled, which only works onnightly Rust. CI has been updated to test this case.
Fix build when
patternfeature is enabled.v1.5.3Compare Source
==================
This releases fixes a bug when building regex with only the
unicode-perlfeature. It turns out that while CI was building this configuration, it wasn't
actually failing the overall build on a failed compilation.
Fix build in
regex-syntaxwhen only theunicode-perlfeature is enabled.v1.5.2Compare Source
==================
This release fixes a performance bug when Unicode word boundaries are used.
Namely, for certain regexes on certain inputs, it's possible for the lazy DFA
to stop searching (causing a fallback to a slower engine) when it doesn't
actually need to.
PR #768 fixes the bug, which was
originally reported in
ripgrep#1860.
v1.5.1Compare Source
==================
This is a patch release that fixes a compilation error when the
perf-literalfeature is not enabled.
v1.5.0Compare Source
==================
This release primarily updates to Rust 2018 (finally) and bumps the MSRV to
Rust 1.41 (from Rust 1.28). Rust 1.41 was chosen because it's still reasonably
old, and is what's in Debian stable at the time of writing.
This release also drops this crate's own bespoke substring search algorithms
in favor of a new
memmemimplementation provided by thememchrcrate.This will change the performance profile of some regexes, sometimes getting a
little worse, and hopefully more frequently, getting a lot better. Please
report any serious performance regressions if you find them.
v1.4.6Compare Source
==================
This is a small patch release that fixes the compiler's size check on how much
heap memory a regex uses. Previously, the compiler did not account for the
heap usage of Unicode character classes. Now it does. It's possible that this
may make some regexes fail to compile that previously did compile. If that
happens, please file an issue.
Some regexes can use more heap memory than one would expect.
v1.4.5Compare Source
==================
This is a small patch release that fixes a regression in the size of a
Regexin the 1.4.4 release. Prior to 1.4.4, a
Regexwas 552 bytes. In the 1.4.4release, it was 856 bytes due to internal changes. In this release, a
Regexis now 16 bytes. In general, the size of a
Regexwas never something that wason my radar, but this increased size in the 1.4.4 release seems to have crossed
a threshold and resulted in stack overflows in some programs.
Fixes stack overflows seemingly caused by a large
Regexsize by decreasingits size.
v1.4.4Compare Source
==================
This is a small patch release that contains some bug fixes. Notably, it also
drops the
thread_local(andlazy_static, via transitivity) dependencies.Bug fixes:
Memory leaks caused by an internal caching strategy should now be fixed.
All regex types now implement
UnwindSafeandRefUnwindSafe.Add missing
Replacerimpls forVec<u8>,String,Cow, etc.v1.4.3Compare Source
==================
This is a small patch release that adds some missing standard trait
implementations for some types in the public API.
Bug fixes:
Add
FusedIteratorandExactSizeIteratorimpls to iterator types.Add missing
Debugimpls to public API types.v1.4.2Compare Source
==================
This is a small bug fix release that bans
\P{any}. We previously banned emptyclasses like
[^\w\W], but missed the\P{any}case. In the future, we hopeto permit empty classes.
Ban
\P{any}to avoid a panic in the regex compiler. Found by OSS-Fuzz.v1.4.1Compare Source
==================
This is a small bug fix release that makes
\p{cf}work. Previously, it wouldreport "property not found" even though
cfis a valid abbreviation for theFormatgeneral category.Fixes bug that prevented
\p{cf}from working.v1.4.0Compare Source
==================
This releases has a few minor documentation fixes as well as some very minor
API additions. The MSRV remains at Rust 1.28 for now, but this is intended to
increase to at least Rust 1.41.1 soon.
This release also adds support for OSS-Fuzz. Kudos to
@DavidKorczynski
for doing the heavy lifting for that!
New features:
Support
[,]and.in capture group names.Add
is_emptypredicate toRegexSet.Implement
CloneforSubCaptureMatches.Add
emptyconstructor toRegexSetfor convenience.Bug fixes:
Fix doc example for
Replacer::replace_append.Clarify docs for
sflag when using abytes::Regex.Clarify
is_matchdocs to indicate that it can match anywhere in string.v1.3.9Compare Source
==================
This release fixes a MSRV (Minimum Support Rust Version) regression in the
1.3.8 release. Namely, while 1.3.8 compiles on Rust 1.28, it actually does not
compile on other Rust versions, such as Rust 1.39.
Bug fixes:
Remove use of
doc_commentcrate, which cannot be used before Rust 1.43.v1.3.8Compare Source
==================
This release contains a couple of important bug fixes driven
by better support for empty-subexpressions in regexes. For
example, regexes like
b|are now allowed. Major thanks to@sliquister for implementing support for this
in #677.
Bug fixes:
Add note to documentation that spaces can be escaped in
xmode.Add support for empty sub-expressions, including empty alternations.
Fix match bug caused by an empty sub-expression miscompilation.
v1.3.7Compare Source
==================
This release contains a small bug fix that fixes how
regexforwards cratefeatures to
regex-syntax. In particular, this will reduce recompilations insome cases.
Bug fixes:
Fix feature forwarding to
regex-syntax.v1.3.6Compare Source
==================
This release contains a sizable (~30%) performance improvement when compiling
some kinds of large regular expressions.
Performance improvements:
Improvement performance of compiling large regular expressions.
v1.3.5Compare Source
==================
This release updates this crate to Unicode 13.
New features:
Update
regex-syntaxto Unicode 13.v1.3.4Compare Source
==================
This is a small bug fix release that fixes a bug related to the scoping of
flags in a regex. Namely, before this fix, a regex like
((?i)a)b)wouldmatch
aBdespite the fact thatbshould not be matched case insensitively.Bug fixes:
Fix bug related to the scoping of flags in a regex.
v1.3.3Compare Source
==================
This is a small maintenance release that upgrades the dependency on
thread_localfrom0.3to1.0. The minimum supported Rust version remainsat Rust 1.28.
v1.3.2Compare Source
==================
This is a small maintenance release with some house cleaning and bug fixes.
New features:
Add a
Match::rangemethod an aFrom<Match> for Rangeimpl.Bug fixes:
Corrects
/-/.splitn("a", 2)to return["a"]instead of["a", ""].Improve error reporting when writing
\p\.Corrects
/-/.split("a-")to return["a", ""]instead of["a"].Squash deprecation warnings for the
std::error::Error::descriptionmethod.v1.3.1Compare Source
==================
This is a maintenance release with no changes in order to try to work-around
a docs.rs/Cargo issue.
v1.3.0Compare Source
==================
This release adds a plethora of new crate features that permit users of regex
to shrink its size considerably, in exchange for giving up either functionality
(such as Unicode support) or runtime performance. When all such features are
disabled, the dependency tree for
regexshrinks to exactly 1 crate(
regex-syntax). More information about the new crate features can befound in the docs.
Note that while this is a new minor version release, the minimum supported
Rust version for this crate remains at
1.28.0.New features:
The
use_stdfeature has been deprecated in favor of thestdfeature.The
use_stdfeature will be removed in regex 2. Until then,use_stdwillremain as an alias for the
stdfeature.Add a substantial number of crate features shrinking
regex.v1.2.1Compare Source
==================
This release does a bit of house cleaning. Namely:
Rust project.
regexcrate, and is now part of theaho-corasickcrate.See
aho-corasick's newpackedsub-module for details.utf8-rangescrate has been deprecated, with its functionality movinginto the
utf8sub-module ofregex-syntax.ucd-utildependency has been dropped, in favor of implementing whatlittle we need inside of
regex-syntaxitself.In general, this is part of an ongoing (long term) effort to make optimizations
in the regex engine easier to reason about. The current code is too convoluted
and thus it is very easy to introduce new bugs. This simplification effort is
the primary motivation behind re-working the
aho-corasickcrate to not onlybundle algorithms like Teddy, but to also provide regex-like match semantics
automatically.
Moving forward, the plan is to join up with the
bstrandregex-automatacrates, with the former providing more sophisticated substring search
algorithms (thereby deleting existing code in
regex) and the latter providingahead-of-time compiled DFAs for cases where they are inexpensive to compute.
v1.2.0Compare Source
==================
This release updates regex's minimum supported Rust version to 1.28, which was
release almost 1 year ago. This release also updates regex's Unicode data
tables to 12.1.0.
v1.1.9Compare Source
==================
This release contains a bug fix that caused regex's tests to fail, due to a
dependency on an unreleased behavior in regex-syntax.
Move an integration-style test on error messages into regex-syntax.
v1.1.8Compare Source
==================
This release contains a few small internal refactorings. One of which fixes
an instance of undefined behavior in a part of the SIMD code.
Bug fixes:
Improves error messages when a repetition operator is used without a number.
Removes use of a repr(Rust) union used for type punning in the Teddy matcher.
Update docs for running benchmarks and improve failure modes.
v1.1.7Compare Source
==================
This release fixes up a few warnings as a result of recent deprecations.
v1.1.6Compare Source
==================
This release fixes a regression introduced by a bug fix (for
BUG #557) which could cause
the regex engine to enter an infinite loop. This bug was originally
reported against ripgrep.
v1.1.5Compare Source
==================
This release fixes a bug in regex's dependency specification where it requires
a newer version of regex-syntax, but this wasn't communicated correctly in the
Cargo.toml. This would have been caught by a minimal version check, but this
check was disabled because the
randcrate itself advertises incorrectdependency specifications.
Bug fixes:
Fix regex-syntax minimal version.
v1.1.4Compare Source
==================
This release fixes a backwards compatibility regression where Regex was no
longer UnwindSafe. This was caused by the upgrade to aho-corasick 0.7, whose
AhoCorasick type was itself not UnwindSafe. This has been fixed in aho-corasick
0.7.4, which we now require.
Bug fixes:
Fix an API regression where Regex was no longer UnwindSafe.
v1.1.3Compare Source
==================
This releases fixes a few bugs and adds a performance improvement when a regex
is a simple alternation of literals.
Performance improvements:
Upgrades
aho-corasickto 0.7 and uses it forfoo|bar|...|quuxregexes.Bug fixes:
Fix a bug where the parser would panic on patterns like
((?x)).Fix a bug where the parser would panic on patterns like
(?m){1,1}.Fix a bug where captures could lead to an incorrect match.
v1.1.2Compare Source
==================
This release fixes a bug found in the fix introduced in 1.1.1.
Bug fixes:
Fix bug introduced in reverse suffix literal matcher in the 1.1.1 release.
v1.1.1Compare Source
==================
This is a small release with one fix for a bug caused by literal optimizations.
Bug fixes:
Fixes a bug in the reverse suffix literal optimization. This was originally
reported
against ripgrep.
v1.1.0Compare Source
==================
This is a small release with a couple small enhancements. This release also
increases the minimal supported Rust version (MSRV) to 1.24.1 (from 1.20.0). In
accordance with this crate's MSRV policy, this release bumps the minor version
number.
Performance improvements:
OPT #540:
Improve lazy DFA construction for large regex sets.
New features:
Add Emoji and "break" Unicode properties. See UNICODE.md.
Bug fixes:
Add Unicode license (for data tables).
v1.0.6Compare Source
==================
This is a small release.
Performance improvements:
Improve performance of compiling large Unicode classes by 8-10%.
Bug fixes:
Fix definition of
[[:blank:]]class that regressed inregex-syntax 0.5.v1.0.5Compare Source
==================
This is a small release with an API enhancement.
New features:
Generalize impls of the
Replacertrait.v1.0.4Compare Source
==================
This is a small release that bumps the quickcheck dependency.
v1.0.3Compare Source
==================
This is a small bug fix release.
Bug fixes:
Fix for Cargo's "minimal version" support.
Fix doc examples for byte regexes.
v1.0.2Compare Source
==================
This release exposes some new lower level APIs on
Regexthat permitamortizing allocation and controlling the location at which a search is
performed in a more granular way. Most users of the regex crate will not
need or want to use these APIs.
New features:
Add a few lower level APIs for amortizing allocation and more fine grained
searching.
Bug fixes:
Correct outdated documentation on
RegexBuilder::dot_matches_new_line.Correct outdated documentation on
Parser::allow_invalid_utf8in theregex-syntaxcrate.Fix a bug in the HIR printer where it wouldn't correctly escape meta
characters in character classes.
v1.0.1Compare Source
==================
This release upgrades regex's Unicode tables to Unicode 11, and enables SIMD
optimizations automatically on Rust stable (1.27 or newer).
New features:
Implement
size_hintonRegexSetmatch iterators.Update Unicode tables for Unicode 11.
SIMD optimizations are now enabled automatically in Rust stable, for versions
1.27 and up. No compilation flags or features need to be set. CPU support
SIMD is detected automatically at runtime.
Bug fixes:
Present a better compilation error when the
use_stdfeature isn't used.v1.0.0Compare Source
==================
This release marks the 1.0 release of regex.
While this release includes some breaking changes, most users of older versions
of the regex library should be able to migrate to 1.0 by simply bumping the
version number. The important changes are as follows:
We also tentativley adopt a policy that permits bumping the minimum supported
version of Rust in minor version releases of regex, but no patch releases.
That is, with respect to semver, we do not strictly consider bumping the
minimum version of Rust to be a breaking change, but adopt a conservative
stance as a compromise.
permits better error messages that inform users that backreferences aren't
available. Octal syntax can be re-enabled via the corresponding option on
RegexBuilder.(?-u:\B)is no longer allowed in Unicode regexes since it can match atinvalid UTF-8 code unit boundaries.
(?-u:\b)is still allowed in Unicoderegexes.
From<regex_syntax::Error>impl has been removed. This formally removesthe public dependency on
regex-syntax.use_std, has been added and enabled by default. Disablingthe feature will result in a compilation error. In the future, this may
permit us to support
no_stdenvironments (w/alloc) in a backwardscompatible way.
For more information and discussion, please see
1.0 release tracking issue.
v0.2.11Compare Source
===================
This release primarily contains bug fixes. Some of them resolve bugs where
the parser could panic.
New features:
Include C++'s standard regex library and Boost's regex library in the
benchmark harness. We now include D/libphobos, C++/std, C++/boost, Oniguruma,
PCRE1, PCRE2, RE2 and Tcl in the harness.
Bug fixes:
Clarify order of indices returned by RegexSet match iterator.
Improve error messages for invalid regexes like
[\d-a].Fix a bug in the error message pretty printer that could cause a panic when
a regex contained a literal
\ncharacter.Fix a panic in the parser that was caused by applying a repetition operator
to
(?flags).Fix a bug where
\pCwas not recognized as an alias for\p{Other}.Fix a bug where literal searches did more work than necessary for anchored
regexes.
v0.2.10Compare Source
===================
This release primarily updates the regex crate to changes made in
std::archon nightly Rust.
New features:
The
Hirtype inregex-syntaxnow has a printer.v0.2.9Compare Source
==================
This release introduces a new nightly only feature,
unstable, which enablesSIMD optimizations for certain types of regexes. No additional compile time
options are necessary, and the regex crate will automatically choose the
best CPU features at run time. As a result, the
simd(nightly only) cratedependency has been dropped.
New features:
The regex crate now includes AVX2 optimizations in addition to the extant
SSSE3 optimization.
Bug fixes:
Fix a bug where
(?x)[ / - ]failed to parse.v0.2.8Compare Source
==================
Bug gixes:
Fix a bug in the nest limit checker being too aggressive.
v0.2.7Compare Source
==================
This release includes a ground-up rewrite of the regex-syntax crate, which has
been in development for over a year.
731
New features:
automatically; you don't need to do anything. In addition to better
formatting, error messages will now explicitly call out the use of look
around. When regex 1.0 is released, this will happen for backreferences as
well.
character classes. These can be used via the
&&,--and~~binaryoperators within classes.
\p{..}character classes.Things like
\p{scx:Hira},\p{age:3.2}or\p{Changes_When_Casefolded}now work. All property name and value aliases are supported, and properties
are selected via loose matching. e.g.,
\p{Greek}is the same as\p{G r E e K}.UNICODE.mddocument has been added to this repository thatexhaustively documents support for UTS#18.
()+isnow a valid regex.
performing analysis that requires structural induction. This reduces the risk
of a user provided regular expression causing a stack overflow.
The
Asttype inregex-syntaxnow contains span information.Support
\u,\u{...},\Uand\U{...}syntax for specifying code pointsin a regular expression.
Add a
Replace::by_refadapter for use of a replacer without consuming it.Bug fixes:
We re-enable the Boyer-Moore literal matcher.
v0.2.6Compare Source
==================
Bug fixes:
Fixes a bug in the new Boyer-Moore searcher that results in a match failure.
We fix this bug by temporarily disabling Boyer-Moore.
v0.2.5Compare Source
==================
Bug fixes:
Fixes a bug in the new Boyer-Moore searcher that results in a panic.
v0.2.4Compare Source
==================
New features:
Improve performance for capture searches on anchored regex.
(Contributed by @ethanpailes. Nice work!)
Expand literal searching to include Tuned Boyer-Moore in some cases.
(Contributed by @ethanpailes. Nice work!)
Bug fixes:
The regex compiler plugin has been removed.
simdhas been bumped to0.2.1, which fixes a Rust nightly build error.Bring the benchmark harness up to date.
v0.2.3Compare Source
==================
New features:
Add
impl From<Match> for &str.Derive
CloneandPartialEqonError.Update to Unicode 10.
Bug fixes:
Fix a bug that prevented the bounded backtracker from terminating.
BUG #394:
Fix bug with
replacemethods for empty matches.v0.2.2Compare Source
==================
New features:
Support nested character classes and intersection operation.
For example,
[\p{Greek}&&\pL]matches greek letters and[[0-9]&&[^4]]matches every decimal digit except4.(Much thanks to @robinst, who contributed this awesome feature.)
Bug fixes:
Fix bug in literal extraction and UTF-8 decoding.
Add documentation tip about the
(?x)flag.Show additional replacement example using curly braces.
Fix bug when resolving captures after a match.
Add example that uses
Captures::getto API documentation.Fix RegexSet bug that caused match failure in some cases.
Fix panic in parser when
(?x)is used.Fix literal optimization bug with RegexSet.
Fix example code in README.
Fix bug in
rure_captures_lenin the C binding.Fix byte class bug that caused a panic.
v0.2.1Compare Source
===================
This release primarily contains bug fixes. Some of them resolve bugs where
the parser could panic.
New features:
Include C++'s standard regex library and Boost's regex library in the
benchmark harness. We now include D/libphobos, C++/std, C++/boost, Oniguruma,
PCRE1, PCRE2, RE2 and Tcl in the harness.
Bug fixes:
Clarify order of indices returned by RegexSet match iterator.
Improve error messages for invalid regexes like
[\d-a].Fix a bug in the error message pretty printer that could cause a panic when
a regex contained a literal
\ncharacter.Fix a panic in the parser that was caused by applying a repetition operator
to
(?flags).Fix a bug where
\pCwas not recognized as an alias for\p{Other}.Fix a bug where literal searches did more work than necessary for anchored
regexes.
v0.2.0Compare Source
=====
This is a new major release of the regex crate, and is an implementation of the
regex 1.0 RFC.
We are releasing a
0.2first, and if there are no major problems, we willrelease a
1.0shortly. For0.2, the minimum supported Rust version is1.12.
There are a number of breaking changes in
0.2. They are split into twotypes. The first type correspond to breaking changes in regular expression
syntax. The second type correspond to breaking changes in the API.
Breaking changes for regex syntax:
[:upper:]would parse as theupperPOSIX character class. Now it parsesas the character class containing the characters
:upper:. The fix to thischange is to use
[[:upper:]]instead. Note that variants like[[:upper:][:blank:]]continue to work.[must always be escaped inside a character class.&,-and~must be escaped if any one of them arerepeated consecutively. For example,
[&],[\&],[\&\&],[&-&]are allequivalent while
[&&]is illegal. (The motivation for this and the priorchange is to provide a backwards compatible path for adding character class
set notation.)
bytes::Regexnow has Unicode mode enabled by default (like the mainRegextype). This means regexes compiled withbytes::Regex::newthatdon't have the Unicode flag set should add
(?-u)to recover the originalbehavior.
Breaking changes for the regex API:
findandfind_iternow returnMatchvalues instead of(usize, usize).Matchvalues havestartandendmethods, whichreturn the match offsets.
Matchvalues also have anas_strmethod,which returns the text of the match itself.
Capturestype now only provides a single iterator over all capturingmatches, which should replace uses of
iteranditer_pos. Uses ofiter_namedshould use thecapture_namesmethod onRegex.atmethod on theCapturestype has been renamed toget, and itnow returns a
Match. Similarly, thenamemethod onCapturesnow returnsa
Match.replacemethods now returnCowvalues. TheCow::Borrowedvariantis returned when no replacements are made.
Replacertrait has been completely overhauled. This should onlyimpact clients that implement this trait explicitly. Standard uses of
the
replacemethods should continue to work unchanged. If you implementthe
Replacertrait, please consult the new documentation.quotefree function has been renamed toescape.Regex::with_size_limitmethod has been removed. It is replaced byRegexBuilder::size_limit.RegexBuildertype has switched from ownedselfmethod receivers to&mut selfmethod receivers. Most uses will continue to work unchanged, butsome code may require naming an intermediate variable to hold the builder.
compilemethod onRegexBuilderhas been renamed tobuild.is_matchfunction has been removed. It is replaced by compilinga
Regexand calling itsis_matchmethod.PartialEqandEqimpls onRegexhave been dropped. If you reliedon these impls, the fix is to define a wrapper type around
Regex, implDerefon it and provide the necessary impls.is_emptymethod onCaptureshas been removed. This always returnsfalse, so its use is superfluous.Syntaxvariant of theErrortype now contains a string instead ofa
regex_syntax::Error. If you were examining syntax errors more closely,you'll need to explicitly use the
regex_syntaxcrate to re-parse the regex.InvalidSetvariant of theErrortype has been removed since it isno longer used.
were using these iterator types explicitly, please consult the documentation
for its new name. For example,
RegexSplitshas been renamed toSplit.A number of bugs have been fixed:
The
Replacertrait has been changed to permit the caller to controlallocation.
Remove the free
is_matchfunction.Expose more knobs (available in
0.1) and removewith_size_limit.Iterators produced by
Capturesnow have the correct lifetime parameters.Fix a corner case in the parsing of POSIX character classes.
Drop the
PartialEqandEqimpls onRegex.Remove
is_emptyfromCapturessince it always returns false.Position of named capture can now be retrieved from a
Captures.Remove winapi/kernel32-sys dependency on UNIX.
Fix error on emscripten.
v0.1.80Compare Source
======
Fixes bug #291, which was introduced by PR #290.
v0.1.79Compare Source
======
v0.1.78Compare Source
======
Fixes bug #289, which caused some regexes with a certain combination
of literals to match incorrectly.
v0.1.77Compare Source
======
Fixes bug #280 by disabling all literal optimizations when a pattern
is partially anchored.
v0.1.76Compare Source
======
v0.1.75Compare Source
======
Improves match verification performance in the Teddy SIMD searcher.
Replaces slow substring loop in the Teddy SIMD searcher with Aho-Corasick.
v0.1.74Compare Source
======
Fixes bugs #264, #268 and an unreported where the DFA cache size could be
drastically under estimated in some cases (leading to high unexpected memory
usage).
v0.1.73Compare Source
======
regex-syntax 0.3.4.regex-syntaxdependency version forregexto0.3.4.v0.1.72Compare Source
======
Fixes a number of small bugs caught by fuzz testing (AFL).
v0.1.71Compare Source
======
Fix a bug in how suffix literals were extracted, which could lead
to invalid match behavior in some cases.
v0.1.70Compare Source
======
Add SIMD accelerated multiple pattern search.
Reintroduce the reverse suffix literal optimization.
Implements NFA state compression in the lazy DFA.
A fully anchored RegexSet can now short-circuit.
v0.1.69Compare Source
======
Tweak the threshold for running backtracking.
Add upper limit (from the DFA) to capture search (for the NFA).
Add rure, a C API.
v0.1.68Compare Source
======
Fixed a performance bug in
bytes::Regex::replacewhereextendwas usedinstead of
extend_from_slice.Fixed a bug in the handling of word boundaries in the DFA.
Added RE2 and Tcl to the benchmark harness. Also added a CLI utility from
running regexes using any of the following regex engines: PCRE1, PCRE2,
Oniguruma, RE2, Tcl and of course Rust's own regexes.
v0.1.67Compare Source
======
Fix undefined behavior in the
regex!compiler plugin macro.More improvements to DFA performance. Competitive with RE2. See PR for
benchmarks.
Release 0.1.66 was semver incompatible since it required a newer version
of Rust than previous releases. This PR fixes that. (And
0.1.66wasyanked.)
v0.1.66Compare Source
======
should remove the last common case that disqualified use of the DFA.
expression in reverse was removed because it had worst case quadratic time
complexity. It was replaced with a more limited optimization where, given any
regex of the form
re$, it will be matched in reverse from the end of thehaystack.
The inner loop of the DFA was heavily optimized to improve cache locality
and reduce the overall number of instructions run on each iteration. This
represents the first use of
unsafeinregex(to elide bounds checks).Use of the
mempoolcrate (which used thread local storage) was replacedwith a faster version of a similar API in @Amanieu's
thread_localcrate.It should reduce contention when using a regex from multiple threads
simultaneously.
here.
(Includes a comparison with PCRE1's JIT and Oniguruma.)
fixed. This only affected use of
bytes::Regex.Capturesnow has aDebugimpl.v0.1.65Compare Source
v0.1.64Compare Source
v0.1.63Compare Source
v0.1.62Compare Source
v0.1.61Compare Source
v0.1.60Compare Source
v0.1.59Compare Source
v0.1.58Compare Source
v0.1.57[Compare Source](https://github.com/rust-lang/regex/compare/0.1.56
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.