chore(deps): bump tempfile from 3.14.0 to 3.19.0

[dependabot]

Bumps tempfile from 3.14.0 to 3.19.0.

Changelog

Sourced from tempfile's changelog.

3.19.0

• Remove direct dependency on cfg-if. It's still in the tree, but we didn't really need to use it in this crate.
• Add an unstable feature (unstable-windows-keep-open-tempfile) to test a potential fix to #339.

3.18.0

• Update rustix to 1.0.0.
• Make NamedTempFile::persist_noclobber atomic on Apple operating systems. It's now atomic on MacOS, Windows, and Linux (depending on the OS version and filesystem used).

3.17.1

• Fix build with windows-sys 0.52. Unfortunately, we have no CI for older windows-sys versions at the moment...

3.17.0

• Make sure to use absolute paths in when creating unnamed temporary files (avoids a small race in the "immediate unlink" logic) and in Builder::make_in (when creating temporary files of arbitrary types).
• Prevent a theoretical crash that could (maybe) happen when a temporary file is created from a drop function run in a TLS destructor. Nobody has actually reported a case of this happening in practice and I have been unable to create this scenario in a test.
• When reseeding with getrandom, use platform (e.g., CPU) specific randomness sources where possible.
• Clarify some documentation.
• Unlink unnamed temporary files on windows immediately when possible instead of waiting for the handle to be closed. We open files with "Unix" semantics, so this is generally possible.

3.16.0

• Update getrandom to 0.3.0 (thanks to @​paolobarbolini).
• Allow windows-sys versions 0.59.x in addition to 0.59.0 (thanks @​ErichDonGubler).
• Improved security documentation (thanks to @​n0toose for collaborating with me on this).

3.15.0

Re-seed the per-thread RNG from system randomness when we repeatedly fail to create temporary files (#314). This resolves a potential DoS vector (#178) while avoiding getrandom in the common case where it's necessary. The feature is optional but enabled by default via the getrandom feature.

For libc-free builds, you'll either need to disable this feature or opt-in to a different getrandom backend.

Commits

• 42fff68 chore: release v3.19.0
• 61b4283 feat(windows): add a feature to immediate tempfile deletion (#340)
• c2d16b3 ci: downgrade once-cell on old rustc versions (#342)
• 35c204d chore: remove cfg-if dependency (#338)
• b8bddaf release 3.18.0
• 0e17869 update rustix (#336)
• 6cf6536 doc: fix markdown
• df39d15 doc: document atomicity of persist_noclobber (#334)
• 714a259 chore: release 3.17.1
• 78309ed fix: cast handle to the windows crate HANDLE (#332)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #81.