Update Rust crate zerocopy to v0.6.6 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
zerocopy	dependencies	patch	0.6.1 → 0.6.6

GitHub Vulnerability Alerts

GHSA-3mv5-343c-w2qg

This advisory is also published as RUSTSEC-2023-0074.

The Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound and may allow safe code to exhibit undefined behavior when used with Ref<B, T> where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut.

See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.

The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.

GHSA-rjhf-4mh8-9xjq

The Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound and may allow safe code to exhibit undefined behavior when used with Ref<B, T> where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut.

See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.

The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.

---

Release Notes

google/zerocopy (zerocopy)

v0.6.6

Compare Source

This release fixes the soundness issue described in #​716. The affected versions will soon be yanked.

This release is also described in security advisories RUSTSEC-2023-0074 and GHSA-3mv5-343c-w2qg.

What's Changed

• Fix soundness hole in Ref::into_ref and into_mut (#​721) by @​joshlf in #​723

Full Changelog: google/zerocopy@v0.6.5...v0.6.6

v0.6.5

Compare Source

Security advisories for this bug have been published as
RUSTSEC-2023-0074 and GHSA-3mv5-343c-w2qg.

In these versions, the Ref methods into_ref, into_mut, into_slice, and
into_mut_slice were permitted in combination with the standard library
cell::Ref and cell::RefMut types for Ref<B, T>'s B type parameter. These
combinations are unsound, and may permit safe code to exhibit undefined
behavior. Fixes have been published to each affected minor version which do not
permit this code to compile.

See #​716 for more details.

v0.6.4

Compare Source

What's Changed

• Document some unsafe blocks by @​joshlf in #​237
• Reduce MSRV to 1.61.0 (#​234) by @​joshlf in #​236
• Restrict MaybeUninit trait impls to fix soundness by @​joshlf in #​309

Full Changelog: google/zerocopy@v0.6.3...v0.6.4

v0.6.3

Compare Source

What's Changed

• [0.6.x] Remove byteorder feature by @​joshlf in #​229
• Release 0.6.3-alpha by @​joshlf in #​231
• Release 0.6.3 by @​joshlf in #​232

Full Changelog: google/zerocopy@v0.6.2...v0.6.3

v0.6.2

Compare Source

What's Changed

• Cherry-pick 0fbc928 by @​joshlf in #​216
• Migrate to syn-2 (#​166) by @​joshlf in #​218
• Move now-stable aarch64 types to "simd" feature (#​172) by @​joshlf in #​220
• [ci] Update pinned toolchain versions (#​185) by @​joshlf in #​224
• Add Unalign::update method (#​212) by @​joshlf in #​223
• Release 0.6.2 by @​joshlf in #​226

Full Changelog: google/zerocopy@v0.6.1...v0.6.2

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - "after 8pm,before 6am" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.