mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
acdbd8edc508c19f6bfe58d464eeb1f459fb7585
431 Commits
-
feat(linux-sandbox): add bwrap support (#9938)
## Summary This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The curent Linux sandbox path relies on in-process restrictions (including Landlock). Bubblewrap gives us a more uniform filesystem isolation model, especially explicit writable roots with the option to make some directories read-only and granular network controls. This is behind a feature flag so we can validate behavior safely before making it the default. - Added temporary rollout flag: - `features.use_linux_sandbox_bwrap` - Preserved existing default path when the flag is off. - In Bubblewrap mode: - Added internal retry without /proc when /proc mount is not permitted by the host/container.
viyatb-oai ·
2026-02-04 11:13:17 -08:00 -
chore: add
codex debug app-servertooling (#10367)codex debug app-server <user message> forwards the message through codex-app-server-test-client’s send_message_v2 library entry point, using std::env::current_exe() to resolve the codex binary. for how it looks like, see: ``` celia@com-92114 codex-rs % cargo build -p codex-cli && target/debug/codex debug app-server --help Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.34s Tooling: helps debug the app server Usage: codex debug app-server [OPTIONS] <COMMAND> Commands: send-message-v2 help Print this message or the help of the given subcommand(s) ```` and ``` celia@com-92114 codex-rs % cargo build -p codex-cli && target/debug/codex debug app-server send-message-v2 "hello world" Compiling codex-cli v0.0.0 (/Users/celia/code/codex/codex-rs/cli) Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.38s > { > "method": "initialize", > "id": "f8ba9f60-3a49-4ea9-81d6-4ab6853e3954", > "params": { > "clientInfo": { > "name": "codex-toy-app-server", > "title": "Codex Toy App Server", > "version": "0.0.0" > }, > "capabilities": { > "experimentalApi": true > } > } > } < { < "id": "f8ba9f60-3a49-4ea9-81d6-4ab6853e3954", < "result": { < "userAgent": "codex-toy-app-server/0.0.0 (Mac OS 26.2.0; arm64) vscode/2.4.27 (codex-toy-app-server; 0.0.0)" < } < } < initialize response: InitializeResponse { user_agent: "codex-toy-app-server/0.0.0 (Mac OS 26.2.0; arm64) vscode/2.4.27 (codex-toy-app-server; 0.0.0)" } > { > "method": "thread/start", > "id": "203f1630-beee-4e60-b17b-9eff16b1638b", > "params": { > "model": null, > "modelProvider": null, > "cwd": null, > "approvalPolicy": null, > "sandbox": null, > "config": null, > "baseInstructions": null, > "developerInstructions": null, > "personality": null, > "ephemeral": null, > "dynamicTools": null, > "mockExperimentalField": null, > "experimentalRawEvents": false > } > } ... ```Celia Chen ·
2026-02-03 23:17:34 +00:00 -
feat: add APIs to list and download public remote skills (#10448)
Add API to list / download from remote public skills
xl-openai ·
2026-02-03 14:09:37 -08:00 -
chore: update bytes crate in response to security advisory (#10525)
While here, remove one advisory from `deny.toml` that has been addressed (it was showing up as a warning).
Michael Bolin ·
2026-02-03 17:08:04 +00:00 -
feat(secrets): add codex-secrets crate (#10142)
## Summary This introduces the first working foundation for Codex managed secrets: a small Rust crate that can securely store and retrieve secrets locally. Concretely, it adds a `codex-secrets` crate that: - encrypts a local secrets file using `age` - generates a high-entropy encryption key - stores that key in the OS keyring ## What this enables - A secure local persistence model for secrets - A clean, isolated place for future provider backends - A clear boundary: Codex can become a credential broker without putting plaintext secrets in config files ## Implementation details - New crate: `codex-rs/secrets/` - Encryption: `age` with scrypt recipient/identity - Key generation: `OsRng` (32 random bytes) - Key storage: OS keyring via `codex-keyring-store` ## Testing - `cd codex-rs && just fmt` - `cd codex-rs && cargo test -p codex-secrets`
viyatb-oai ·
2026-02-03 08:14:39 +00:00 -
feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413)
## Summary Vendor Bubblewrap into the repo and add minimal build plumbing in `codex-linux-sandbox` to compile/link it. ## Why We want to move Linux sandboxing toward Bubblewrap, but in a safe two-step rollout: 1) vendoring/build setup (this PR), 2) runtime integration (follow-up PR). ## Included - Add `codex-rs/vendor/bubblewrap` sources. - Add build-time FFI path in `codex-rs/linux-sandbox`. - Update `build.rs` rerun tracking for vendored files. - Small vendored compile warning fix (`sockaddr_nl` full init). follow up in https://github.com/openai/codex/pull/9938
viyatb-oai ·
2026-02-02 23:33:46 -08:00 -
chore: remove deprecated mcp-types crate (#10357)
https://github.com/openai/codex/pull/10349 migrated us off of `mcp-types`, so this PR deletes the code. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/10357). * __->__ #10357 * #10349 * #10356
Michael Bolin ·
2026-02-03 02:33:16 +00:00 -
feat: replace custom mcp-types crate with equivalents from rmcp (#10349)
We started working with MCP in Codex before https://crates.io/crates/rmcp was mature, so we had our own crate for MCP types that was generated from the MCP schema: https://github.com/openai/codex/blob/8b95d3e082376f4cb23e92641705a22afb28a9da/codex-rs/mcp-types/README.md Now that `rmcp` is more mature, it makes more sense to use their MCP types in Rust, as they handle details (like the `_meta` field) that our custom version ignored. Though one advantage that our custom types had is that our generated types implemented `JsonSchema` and `ts_rs::TS`, whereas the types in `rmcp` do not. As such, part of the work of this PR is leveraging the adapters between `rmcp` types and the serializable types that are API for us (app server and MCP) introduced in #10356. Note this PR results in a number of changes to `codex-rs/app-server-protocol/schema`, which merit special attention during review. We must ensure that these changes are still backwards-compatible, which is possible because we have: ```diff - export type CallToolResult = { content: Array<ContentBlock>, isError?: boolean, structuredContent?: JsonValue, }; + export type CallToolResult = { content: Array<JsonValue>, structuredContent?: JsonValue, isError?: boolean, _meta?: JsonValue, }; ``` so `ContentBlock` has been replaced with the more general `JsonValue`. Note that `ContentBlock` was defined as: ```typescript export type ContentBlock = TextContent | ImageContent | AudioContent | ResourceLink | EmbeddedResource; ``` so the deletion of those individual variants should not be a cause of great concern. Similarly, we have the following change in `codex-rs/app-server-protocol/schema/typescript/Tool.ts`: ``` - export type Tool = { annotations?: ToolAnnotations, description?: string, inputSchema: ToolInputSchema, name: string, outputSchema?: ToolOutputSchema, title?: string, }; + export type Tool = { name: string, title?: string, description?: string, inputSchema: JsonValue, outputSchema?: JsonValue, annotations?: JsonValue, icons?: Array<JsonValue>, _meta?: JsonValue, }; ``` so: - `annotations?: ToolAnnotations` ➡️ `JsonValue` - `inputSchema: ToolInputSchema` ➡️ `JsonValue` - `outputSchema?: ToolOutputSchema` ➡️ `JsonValue` and two new fields: `icons?: Array<JsonValue>, _meta?: JsonValue` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/10349). * #10357 * __->__ #10349 * #10356
Michael Bolin ·
2026-02-02 17:41:55 -08:00 -
feat: Read personal skills from .agents/skills (#10437)
- Issue: https://github.com/agentskills/agentskills/issues/15 - Follow-up to https://github.com/openai/codex/pull/10317 (for team/repo skills) - This change now also loads personal/user skills from `$HOME/.agents/skills` (or `~/.agents/skills`) in addition to loading from `.agents/skills` inside of git repos. - The location of `.system` skills remains unchanged. - Keeping backwards compatibility with `~/.codex/skills` for now until we fully deprecate. With skills in both personal folders: <img width="831" height="421" alt="image" src="https://github.com/user-attachments/assets/ad8ac918-bfe6-4a2d-8a8e-d608c9d3d701" /> We load from both places: <img width="607" height="236" alt="image" src="https://github.com/user-attachments/assets/480f4db0-ae64-4dc1-bdf5-c5de98c16f5c" />
Gav Verma ·
2026-02-02 16:49:23 -08:00 -
jif-oai ·
2026-02-02 19:26:58 +00:00 -
feat: experimental flags (#10231)
## Problem being solved - We need a single, reliable way to mark app-server API surface as experimental so that: 1. the runtime can reject experimental usage unless the client opts in 2. generated TS/JSON schemas can exclude experimental methods/fields for stable clients. Right now that’s easy to drift or miss when done ad-hoc. ## How to declare experimental methods and fields - **Experimental method**: add `#[experimental("method/name")]` to the `ClientRequest` variant in `client_request_definitions!`. - **Experimental field**: on the params struct, derive `ExperimentalApi` and annotate the field with `#[experimental("method/name.field")]` + set `inspect_params: true` for the method variant so `ClientRequest::experimental_reason()` inspects params for experimental fields. ## How the macro solves it - The new derive macro lives in `codex-rs/codex-experimental-api-macros/src/lib.rs` and is used via `#[derive(ExperimentalApi)]` plus `#[experimental("reason")]` attributes. - **Structs**: - Generates `ExperimentalApi::experimental_reason(&self)` that checks only annotated fields. - The “presence” check is type-aware: - `Option<T>`: `is_some_and(...)` recursively checks inner. - `Vec`/`HashMap`/`BTreeMap`: must be non-empty. - `bool`: must be `true`. - Other types: considered present (returns `true`). - Registers each experimental field in an `inventory` with `(type_name, serialized field name, reason)` and exposes `EXPERIMENTAL_FIELDS` for that type. Field names are converted from `snake_case` to `camelCase` for schema/TS filtering. - **Enums**: - Generates an exhaustive `match` returning `Some(reason)` for annotated variants and `None` otherwise (no wildcard arm). - **Wiring**: - Runtime gating uses `ExperimentalApi::experimental_reason()` in `codex-rs/app-server/src/message_processor.rs` to reject requests unless `InitializeParams.capabilities.experimental_api == true`. - Schema/TS export filters use the inventory list and `EXPERIMENTAL_CLIENT_METHODS` from `client_request_definitions!` to strip experimental methods/fields when `experimental_api` is false.jif-oai ·
2026-02-02 11:06:50 +00:00 -
feat: vendor app-server protocol schema fixtures (#10371)
Similar to what @sayan-oai did in openai/codex#8956 for `config.schema.json`, this PR updates the repo so that it includes the output of `codex app-server generate-json-schema` and `codex app-server generate-ts` and adds a test to verify it is in sync with the current code. Motivation: - This makes any schema changes introduced by a PR transparent during code review. - In particular, this should help us catch PRs that would introduce a non-backwards-compatible change to the app schema (eventually, this should also be enforced by tooling). - Once https://github.com/openai/codex/pull/10231 is in to formalize the notion of "experimental" fields, we can work on ensuring the non-experimental bits are backwards-compatible. `codex-rs/app-server-protocol/tests/schema_fixtures.rs` was added as the test and `just write-app-server-schema` can be use to generate the vendored schema files. Incidentally, when I run: ``` rg _ codex-rs/app-server-protocol/schema/typescript/v2 ``` I see a number of `snake_case` names that should be `camelCase`.
Michael Bolin ·
2026-02-01 23:38:43 -08:00 -
Add websocket telemetry metrics and labels (#10316)
Summary - expose websocket telemetry hooks through the responses client so request durations and event processing can be reported - record websocket request/event metrics and emit runtime telemetry events that the history UI now surfaces - improve tests to cover websocket telemetry reporting and guard runtime summary updates <img width="824" height="79" alt="Screenshot 2026-01-31 at 5 28 12 PM" src="https://github.com/user-attachments/assets/ea9a7965-d8b4-4e3c-a984-ef4fdc44c81d" />
Anton Panasenko ·
2026-01-31 19:16:44 -08:00 -
Wire up cloud reqs in exec, app-server (#10241)
We're fetching cloud requirements in TUI in https://github.com/openai/codex/pull/10167. This adds the same fetching in exec and app-server binaries also.
gt-oai ·
2026-01-30 23:53:41 +00:00 -
Validate CODEX_HOME before resolving (#10249)
Summary - require `CODEX_HOME` to point to an existing directory before canonicalizing and surface clear errors otherwise - share the same helper logic in both `core` and `rmcp-client` and add unit tests that cover missing, non-directory, valid, and default paths This addresses #9222
Eric Traut ·
2026-01-30 15:46:33 -08:00 -
chore: fix the build breakage that came from a merge race (#10239)
I think I needed to rebase on top of https://github.com/openai/codex/pull/10167 before merging https://github.com/openai/codex/pull/10208.
Michael Bolin ·
2026-01-30 10:29:54 -08:00 -
Fetch Requirements from cloud (#10167)
Load requirements from Codex Backend. It only does this for enterprise customers signed in with ChatGPT. Todo in follow-up PRs: * Add to app-server and exec too * Switch from fail-open to fail-closed on failure
gt-oai ·
2026-01-30 12:03:29 +00:00 -
feat(app-server): support external auth mode (#10012)
This enables a new use case where `codex app-server` is embedded into a parent application that will directly own the user's ChatGPT auth lifecycle, which means it owns the user’s auth tokens and refreshes it when necessary. The parent application would just want a way to pass in the auth tokens for codex to use directly. The idea is that we are introducing a new "auth mode" currently only exposed via app server: **`chatgptAuthTokens`** which consist of the `id_token` (stores account metadata) and `access_token` (the bearer token used directly for backend API calls). These auth tokens are only stored in-memory. This new mode is in addition to the existing `apiKey` and `chatgpt` auth modes. This PR reuses the shape of our existing app-server account APIs as much as possible: - Update `account/login/start` with a new `chatgptAuthTokens` variant, which will allow the client to pass in the tokens and have codex app-server use them directly. Upon success, the server emits `account/login/completed` and `account/updated` notifications. - A new server->client request called `account/chatgptAuthTokens/refresh` which the server can use whenever the access token previously passed in has expired and it needs a new one from the parent application. I leveraged the core 401 retry loop which typically triggers auth token refreshes automatically, but made it pluggable: - **chatgpt** mode refreshes internally, as usual. - **chatgptAuthTokens** mode calls the client via `account/chatgptAuthTokens/refresh`, the client responds with updated tokens, codex updates its in-memory auth, then retries. This RPC has a 10s timeout and handles JSON-RPC errors from the client. Also some additional things: - chatgpt logins are blocked while external auth is active (have to log out first. typically clients will pick one OR the other, not support both) - `account/logout` clears external auth in memory - Ensures that if `forced_chatgpt_workspace_id` is set via the user's config, we respect it in both: - `account/login/start` with `chatgptAuthTokens` (returns a JSON-RPC error back to the client) - `account/chatgptAuthTokens/refresh` (fails the turn, and on next request app-server will send another `account/chatgptAuthTokens/refresh` request to the client).
Owen Lin ·
2026-01-29 23:46:04 +00:00 -
chore: improve client (#10149)
<img width="883" height="84" alt="Screenshot 2026-01-29 at 11 13 12" src="https://github.com/user-attachments/assets/090a2fec-94ed-4c0f-aee5-1653ed8b1439" />
jif-oai ·
2026-01-29 11:25:22 +01:00 -
feat: log db client (#10087)
``` just log -h if [ "${1:-}" = "--" ]; then shift; fi; cargo run -p codex-state --bin logs_client -- "$@" Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.21s Running `target/debug/logs_client -h` Tail Codex logs from state.sqlite with simple filters Usage: logs_client [OPTIONS] Options: --codex-home <CODEX_HOME> Path to CODEX_HOME. Defaults to $CODEX_HOME or ~/.codex [env: CODEX_HOME=] --db <DB> Direct path to the SQLite database. Overrides --codex-home --level <LEVEL> Log level to match exactly (case-insensitive) --from <RFC3339|UNIX> Start timestamp (RFC3339 or unix seconds) --to <RFC3339|UNIX> End timestamp (RFC3339 or unix seconds) --module <MODULE> Substring match on module_path --file <FILE> Substring match on file path --backfill <BACKFILL> Number of matching rows to show before tailing [default: 200] --poll-ms <POLL_MS> Poll interval in milliseconds [default: 500] -h, --help Print help ```jif-oai ·
2026-01-29 11:11:47 +01:00 -
feat: add log db (#10086)
Add a log DB. The goal is just to store our logs in a `.sqlite` DB to make it easier to crawl them and drop the oldest ones.
jif-oai ·
2026-01-29 10:23:03 +01:00 -
[connectors] Support connectors part 2 - slash command and tui (#9728)
- [x] Support `/apps` slash command to browse the apps in tui. - [x] Support inserting apps to prompt using `$`. - [x] Lots of simplification/renaming from connectors to apps.
Matthew Zeng ·
2026-01-28 19:51:58 -08:00 -
[bazel] Improve runfiles handling (#10098)
we can't use runfiles directory on Windows due to path lengths, so swap to manifest strategy. Parsing the manifest is a bit complex and the format is changing in Bazel upstream, so pull in the official Rust library (via a small hack to make it importable...) and cleanup all the associated logic to work cleanly in both bazel and cargo without extra confusion
zbarsky-openai ·
2026-01-29 00:15:44 +00:00 -
default enable compression, update test helpers (#10102)
set `enable_request_compression` flag to default-enabled. update integration test helpers to decompress `zstd` if flag set.
sayan-oai ·
2026-01-28 12:25:40 -08:00 -
file-search: improve file query perf (#9939)
switch nucleo-matcher for nucleo and use a "file search session" w/ live updating query instead of a single hermetic run per query.
Jeremy Rose ·
2026-01-28 10:54:43 -08:00 -
feat: sqlite 1 (#10004)
Add a `.sqlite` database to be used to store rollout metatdata (and later logs) This PR is phase 1: * Add the database and the required infrastructure * Add a backfill of the database * Persist the newly created rollout both in files and in the DB * When we need to get metadata or a rollout, consider the `JSONL` as the source of truth but compare the results with the DB and show any errors
jif-oai ·
2026-01-28 15:29:14 +01:00 -
Add exec policy TOML representation (#10026)
We'd like to represent these in `requirements.toml`. This just adds the representation and the tests, doesn't wire it up anywhere yet.
gt-oai ·
2026-01-28 12:00:10 +00:00 -
feat(core) RequestRule (#9489)
## Summary Instead of trying to derive the prefix_rule for a command mechanically, let's let the model decide for us. ## Testing - [x] tested locally
Dylan Hurd ·
2026-01-28 08:43:17 +00:00 -
feat(network-proxy): add a SOCKS5 proxy with policy enforcement (#9803)
### Summary - Adds an optional SOCKS5 listener via `rama-socks5` - SOCKS5 is disabled by default and gated by config - Reuses existing policy enforcement and blocked-request recording - Blocks SOCKS5 in limited mode to prevent method-policy bypass - Applies bind clamping to the SOCKS5 listener ### Config New/used fields under `network_proxy`: - `enable_socks5` - `socks_url` - `enable_socks5_udp` ### Scope - Changes limited to `codex-rs/network-proxy` (+ `codex-rs/Cargo.lock`) ### Testing ```bash cd codex-rs just fmt cargo test -p codex-network-proxy --offline
viyatb-oai ·
2026-01-27 10:09:39 -08:00 -
chore(deps): bump globset from 0.4.16 to 0.4.18 in /codex-rs (#9884)
Bumps [globset](https://github.com/BurntSushi/ripgrep) from 0.4.16 to 0.4.18. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/BurntSushi/ripgrep/commit/0b0e013f5ac6ae1dbfdf97f6f6aaa27d7c9bc317"><code>0b0e013</code></a> globset-0.4.18</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/cac9870a0264014ab7015bf07e154c06a668a72c"><code>cac9870</code></a> doc: update date in man page template</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/24e88dc15b58b6fcc16d217158994871e756a6ca"><code>24e88dc</code></a> ignore/types: add <code>ssa</code> type</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/5748f81bb107ce65f32cff330fe90dc639af262c"><code>5748f81</code></a> printer: use <code>doc_cfg</code> instead of <code>doc_auto_cfg</code></li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/d47663b1b4548e4fa02d6e4b575718d0f5f5e7d6"><code>d47663b</code></a> searcher: fix regression with <code>--line-buffered</code> flag</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/38d630261aded3a8e535fe85761e68af35bc462d"><code>38d6302</code></a> printer: add Cursor hyperlink alias</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/b3dc4b09988b4fe7d8ff69ad576623d57f7c3b75"><code>b3dc4b0</code></a> globset: improve debug log</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/ca2e34f37c5fa3021d0c14a67a7f0590166ade4f"><code>ca2e34f</code></a> grep-0.4.0</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/a0d61a063f5ff7c1d1b131882d92999c923c3420"><code>a0d61a0</code></a> grep-printer-0.3.0</li> <li><a href="https://github.com/BurntSushi/ripgrep/commit/c22fc0f13ce1cbe3bd40b659628aea21874938a2"><code>c22fc0f</code></a> deps: bump to grep-searcher 0.1.15</li> <li>Additional commits viewable in <a href="https://github.com/BurntSushi/ripgrep/compare/globset-0.4.16...globset-0.4.18">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-26 15:55:19 -08:00 -
chore(deps): bump axum from 0.8.4 to 0.8.8 in /codex-rs (#9883)
Bumps [axum](https://github.com/tokio-rs/axum) from 0.8.4 to 0.8.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/axum/releases">axum's releases</a>.</em></p> <blockquote> <h2>axum v0.8.8</h2> <ul> <li>Clarify documentation for <code>Router::route_layer</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3567">#3567</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/3567">#3567</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3567">tokio-rs/axum#3567</a></p> <h2>axum v0.8.7</h2> <ul> <li>Relax implicit <code>Send</code> / <code>Sync</code> bounds on <code>RouterAsService</code>, <code>RouterIntoService</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3555">#3555</a>)</li> <li>Make it easier to visually scan for default features (<a href="https://redirect.github.com/tokio-rs/axum/issues/3550">#3550</a>)</li> <li>Fix some documentation typos</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/3550">#3550</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3550">tokio-rs/axum#3550</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3555">#3555</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3555">tokio-rs/axum#3555</a></p> <h2>axum v0.8.5</h2> <ul> <li><strong>fixed:</strong> Reject JSON request bodies with trailing characters after the JSON document (<a href="https://redirect.github.com/tokio-rs/axum/issues/3453">#3453</a>)</li> <li><strong>added:</strong> Implement <code>OptionalFromRequest</code> for <code>Multipart</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3220">#3220</a>)</li> <li><strong>added:</strong> Getter methods <code>Location::{status_code, location}</code></li> <li><strong>added:</strong> Support for writing arbitrary binary data into server-sent events (<a href="https://redirect.github.com/tokio-rs/axum/issues/3425">#3425</a>)]</li> <li><strong>added:</strong> <code>middleware::ResponseAxumBodyLayer</code> for mapping response body to <code>axum::body::Body</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3469">#3469</a>)</li> <li><strong>added:</strong> <code>impl FusedStream for WebSocket</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/3443">#3443</a>)</li> <li><strong>changed:</strong> The <code>sse</code> module and <code>Sse</code> type no longer depend on the <code>tokio</code> feature (<a href="https://redirect.github.com/tokio-rs/axum/issues/3154">#3154</a>)</li> <li><strong>changed:</strong> If the location given to one of <code>Redirect</code>s constructors is not a valid header value, instead of panicking on construction, the <code>IntoResponse</code> impl now returns an HTTP 500, just like <code>Json</code> does when serialization fails (<a href="https://redirect.github.com/tokio-rs/axum/issues/3377">#3377</a>)</li> <li><strong>changed:</strong> Update minimum rust version to 1.78 (<a href="https://redirect.github.com/tokio-rs/axum/issues/3412">#3412</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/3154">#3154</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3154">tokio-rs/axum#3154</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3220">#3220</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3220">tokio-rs/axum#3220</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3377">#3377</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3377">tokio-rs/axum#3377</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3412">#3412</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3412">tokio-rs/axum#3412</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3425">#3425</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3425">tokio-rs/axum#3425</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3443">#3443</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3443">tokio-rs/axum#3443</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3453">#3453</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3453">tokio-rs/axum#3453</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/3469">#3469</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/3469">tokio-rs/axum#3469</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/axum/commit/d07863f97d2649c414d2cdd162d1a10750e29a25"><code>d07863f</code></a> Release axum v0.8.8 and axum-extra v0.12.3</li> <li><a href="https://github.com/tokio-rs/axum/commit/287c674b65fa363fa8e60a5b2de7502dfda0decc"><code>287c674</code></a> axum-extra: Make typed-routing feature enable routing feature (<a href="https://redirect.github.com/tokio-rs/axum/issues/3514">#3514</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/f5804aa6a13f8af1ae1a8998b872b300b0859d81"><code>f5804aa</code></a> SecondElementIs: Correct a small inconsistency (<a href="https://redirect.github.com/tokio-rs/axum/issues/3559">#3559</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/f51f3ba4366e1060206efc41fde1227055164c45"><code>f51f3ba</code></a> axum-extra: Add trailing newline to pretty JSON response (<a href="https://redirect.github.com/tokio-rs/axum/issues/3526">#3526</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/816407a8166491217168890ee96856469c3b424c"><code>816407a</code></a> Fix integer underflow in <code>try_range_response</code> for empty files (<a href="https://redirect.github.com/tokio-rs/axum/issues/3566">#3566</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/78656ebb4a925329dc19c17a4dbef31d7551d4f5"><code>78656eb</code></a> docs: Clarify <code>route_layer</code> does not apply middleware to the fallback handler...</li> <li><a href="https://github.com/tokio-rs/axum/commit/4404f27cea206b0dca63637b1c76dff23772a5cc"><code>4404f27</code></a> Release axum v0.8.7 and axum-extra v0.12.2</li> <li><a href="https://github.com/tokio-rs/axum/commit/8f1545adecc86036ed9c8f252edcc099f7016103"><code>8f1545a</code></a> Fix typo in extractors guide (<a href="https://redirect.github.com/tokio-rs/axum/issues/3554">#3554</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/4fc3faa0b4d82db870d8daaf49978da960bcfc42"><code>4fc3faa</code></a> Relax implicit Send / Sync bounds (<a href="https://redirect.github.com/tokio-rs/axum/issues/3555">#3555</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/a05920c906fb5fe3c5b734f80465a3a6f06948f1"><code>a05920c</code></a> Make it easier to visually scan for default features (<a href="https://redirect.github.com/tokio-rs/axum/issues/3550">#3550</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/axum/compare/axum-v0.8.4...axum-v0.8.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-26 15:54:58 -08:00 -
chore(deps): bump tokio-test from 0.4.4 to 0.4.5 in /codex-rs (#9882)
Bumps [tokio-test](https://github.com/tokio-rs/tokio) from 0.4.4 to 0.4.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/41d1877689f8669902b003a6affce60bdfeb3025"><code>41d1877</code></a> chore: prepare tokio-test 0.4.5 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7831">#7831</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/60b083b630ed279d579368e513406d735d739511"><code>60b083b</code></a> chore: prepare tokio-stream 0.1.18 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7830">#7830</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/9cc02cc88d083113cd9889a74b382e39e430e180"><code>9cc02cc</code></a> chore: prepare tokio-util 0.7.18 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7829">#7829</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/d2799d791b10388e60a2a5fe5e4a33b3336e1465"><code>d2799d7</code></a> task: improve the docs of <code>Builder::spawn_local</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7828">#7828</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4d4870f291b69e2426232440e03c9e66fe77b525"><code>4d4870f</code></a> task: doc that task drops before JoinHandle completion (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7825">#7825</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/fdb150901afb0456037c6232eab8ce80116ccd02"><code>fdb1509</code></a> fs: check for io-uring opcode support (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7815">#7815</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/426a56278017c30e7da7b4c9365a2610f4695f76"><code>426a562</code></a> rt: remove <code>allow(dead_code)</code> after <code>JoinSet</code> stabilization (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7826">#7826</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/e3b89bbefa7564e2eba2fb9f849ef7bf87d60fad"><code>e3b89bb</code></a> chore: prepare Tokio v1.49.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7824">#7824</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4f577b84e939c8d427d79fdc73919842d8735de2"><code>4f577b8</code></a> Merge 'tokio-1.47.3' into 'master'</li> <li><a href="https://github.com/tokio-rs/tokio/commit/f320197693ee09e28f1fca0e55418081adcdfc25"><code>f320197</code></a> chore: prepare Tokio v1.47.3 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7823">#7823</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tokio/compare/tokio-test-0.4.4...tokio-test-0.4.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-26 15:51:21 -08:00 -
chore(deps): bump tracing from 0.1.43 to 0.1.44 in /codex-rs (#9880)
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.43 to 0.1.44. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tracing/releases">tracing's releases</a>.</em></p> <blockquote> <h2>tracing 0.1.44</h2> <h3>Fixed</h3> <ul> <li>Fix <code>record_all</code> panic (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3432">#3432</a>)</li> </ul> <h3>Changed</h3> <ul> <li><code>tracing-core</code>: updated to 0.1.36 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3440">#3440</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tracing/issues/3432">#3432</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/3432">tokio-rs/tracing#3432</a> <a href="https://redirect.github.com/tokio-rs/tracing/issues/3440">#3440</a>: <a href="https://redirect.github.com/tokio-rs/tracing/pull/3440">tokio-rs/tracing#3440</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tracing/commit/2d55f6faf9be83e7e4634129fb96813241aac2b8"><code>2d55f6f</code></a> chore: prepare tracing 0.1.44 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3439">#3439</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/10a9e838a35e6ded79d66af246be2ee05417136d"><code>10a9e83</code></a> chore: prepare tracing-core 0.1.36 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3440">#3440</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/ee82cf92a8c750f98cfb7a417cc8defb37e26a00"><code>ee82cf9</code></a> tracing: fix record_all panic (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3432">#3432</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/9978c3663bcd58de14b3cf089ad24cb63d00a922"><code>9978c36</code></a> chore: prepare tracing-mock 0.1.0-beta.3 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3429">#3429</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/cc44064b3a41cb586bd633f8a024354928e25819"><code>cc44064</code></a> chore: prepare tracing-subscriber 0.3.22 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3428">#3428</a>)</li> <li>See full diff in <a href="https://github.com/tokio-rs/tracing/compare/tracing-0.1.43...tracing-0.1.44">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-26 15:48:45 -08:00 -
fix: handle utf-8 in windows sandbox logs (#8647)
Currently `apply_patch` will fail on Windows if the file contents happen to have a multi-byte character at the point where the `preview` function truncates. I've used the existing `take_bytes_at_char_boundary` helper and added a regression test (that fails without the fix). This is related to #4013 but doesn't fix it.
David Gilbertson ·
2026-01-26 15:11:27 -08:00 -
feat: ephemeral threads (#9765)
Add ephemeral threads capabilities. Only exposed through the `app-server` v2 The idea is to disable the rollout recorder for those threads.
jif-oai ·
2026-01-24 14:57:40 +00:00 -
Another round of improvements for config error messages (#9746)
In a [recent PR](https://github.com/openai/codex/pull/9182), I made some improvements to config error messages so errors didn't leave app server clients in a dead state. This is a follow-on PR to make these error messages more readable and actionable for both TUI and GUI users. For example, see #9668 where the user was understandably confused about the source of the problem and how to fix it. The improved error message: 1. Clearly identifies the config file where the error was found (which is more important now that we support layered configs) 2. Provides a line and column number of the error 3. Displays the line where the error occurred and underlines it For example, if my `config.toml` includes the following: ```toml [features] collaboration_modes = "true" ``` Here's the current CLI error message: ``` Error loading config.toml: invalid type: string "true", expected a boolean in `features` ``` And here's the improved message: ``` Error loading config.toml: /Users/etraut/.codex/config.toml:43:23: invalid type: string "true", expected a boolean | 43 | collaboration_modes = "true" | ^^^^^^ ``` The bulk of the new logic is contained within a new module `config_loader/diagnostics.rs` that is responsible for calculating the text range for a given toml path (which is more involved than I would have expected). In addition, this PR adds the file name and text range to the `ConfigWarningNotification` app server struct. This allows GUI clients to present the user with a better error message and an optional link to open the errant config file. This was a suggestion from @.bolinfest when he reviewed my previous PR.
Eric Traut ·
2026-01-23 20:11:09 -08:00 -
feat: introducing a network sandbox proxy (#8442)
This add a new crate, `codex-network-proxy`, a local network proxy service used by Codex to enforce fine-grained network policy (domain allow/deny) and to surface blocked network events for interactive approvals. - New crate: `codex-rs/network-proxy/` (`codex-network-proxy` binary + library) - Core capabilities: - HTTP proxy support (including CONNECT tunneling) - SOCKS5 proxy support (in the later PR) - policy evaluation (allowed/denied domain lists; denylist wins; wildcard support) - small admin API for polling/reload/mode changes - optional MITM support for HTTPS CONNECT to enforce “limited mode” method restrictions (later PR) Will follow up integration with codex in subsequent PRs. ## Testing - `cd codex-rs && cargo build -p codex-network-proxy` - `cd codex-rs && cargo run -p codex-network-proxy -- proxy`
viyatb-oai ·
2026-01-23 17:47:09 -08:00 -
[connectors] Support connectors part 1 - App server & MCP (#9667)
In order to make Codex work with connectors, we add a built-in gateway MCP that acts as a transparent proxy between the client and the connectors. The gateway MCP collects actions that are accessible to the user and sends them down to the user, when a connector action is chosen to be called, the client invokes the action through the gateway MCP as well. - [x] Add the system built-in gateway MCP to list and run connectors. - [x] Add the app server methods and protocol
Matthew Zeng ·
2026-01-22 16:48:43 -08:00 -
feat: support proxy for ws connection (#9719)
reapply websocket changes without changing tls lib.
Anton Panasenko ·
2026-01-22 15:23:15 -08:00 -
pakrym-oai ·
2026-01-22 15:57:18 +00:00 -
feat(tui): retire the tui2 experiment (#9640)
## Summary - Retire the experimental TUI2 implementation and its feature flag. - Remove TUI2-only config/schema/docs so the CLI stays on the terminal-native path. - Keep docs aligned with the legacy TUI while we focus on redraw-based improvements. ## Customer impact - Retires the TUI2 experiment and keeps Codex on the proven terminal-native UI while we invest in redraw-based improvements to the existing experience. ## Migration / compatibility - If you previously set tui2-related options in config.toml, they are now ignored and Codex continues using the existing terminal-native TUI (no action required). ## Context - What worked: a transcript-owned viewport delivered excellent resize rewrap and high-fidelity copy (especially for code). - Why stop: making that experience feel fully native across the environment matrix (terminal emulator, OS, input modality, multiplexer, font/theme, alt-screen behavior) creates a combinatorial explosion of edge cases. - What next: we are focusing on redraw-based improvements to the existing terminal-native TUI so scrolling, selection, and copy remain native while resize/redraw correctness improves. ## Testing - just write-config-schema - just fmt - cargo clippy --fix --all-features --tests --allow-dirty --allow-no-vcs -p codex-core - cargo clippy --fix --all-features --tests --allow-dirty --allow-no-vcs -p codex-cli - cargo check - cargo test -p codex-core - cargo test -p codex-cli
Josh McKinney ·
2026-01-22 01:02:29 +00:00 -
define/emit some metrics for windows sandbox setup (#9573)
This should give us visibility into how users are using the elevated sandbox nux flow, and the timing of the elevated setup.
iceweasel-oai ·
2026-01-21 11:07:26 -08:00 -
fix:
writable_rootsdoesn't recognize home directory symbol in non-windows OS (#9193)Fixes: ``` [sandbox_workspace_write] writable_roots = ["~/code/"] ``` translates to ``` /Users/ccunningham/.codex/~/code ``` (i.e. the home dir symbol isn't recognized)
Tiffany Citra ·
2026-01-20 10:55:01 -08:00 -
feat: support proxy for ws connection (#9409)
unfortunately tokio-tungstenite doesn't support proxy configuration outbox, while https://github.com/snapview/tokio-tungstenite/pull/370 is in review, we can depend on source code for now.
Anton Panasenko ·
2026-01-20 09:36:30 -08:00 -
chore(deps): bump chrono from 0.4.42 to 0.4.43 in /codex-rs (#9465)
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.42 to 0.4.43. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chronotope/chrono/releases">chrono's releases</a>.</em></p> <blockquote> <h2>0.4.43</h2> <h2>What's Changed</h2> <ul> <li>Install extra components for lint workflow by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1741">chronotope/chrono#1741</a></li> <li>Upgrade windows-bindgen to 0.64 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1742">chronotope/chrono#1742</a></li> <li>Improve windows-bindgen setup by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1744">chronotope/chrono#1744</a></li> <li>Drop stabilized feature doc_auto_cfg by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1745">chronotope/chrono#1745</a></li> <li>Faster RFC 3339 parsing by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1748">chronotope/chrono#1748</a></li> <li>Update windows-bindgen requirement from 0.64 to 0.65 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/chronotope/chrono/pull/1751">chronotope/chrono#1751</a></li> <li>add <code>NaiveDate::abs_diff</code> by <a href="https://github.com/Kinrany"><code>@Kinrany</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1752">chronotope/chrono#1752</a></li> <li>Add feature gated defmt support. by <a href="https://github.com/pebender"><code>@pebender</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1747">chronotope/chrono#1747</a></li> <li>Drop deny lints, eager Debug impls are a mixed blessing by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1753">chronotope/chrono#1753</a></li> <li>chore: minor improvement for docs by <a href="https://github.com/spuradage"><code>@spuradage</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1756">chronotope/chrono#1756</a></li> <li>Added doctest for the NaiveDate years_since function by <a href="https://github.com/LucasBou"><code>@LucasBou</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1755">chronotope/chrono#1755</a></li> <li>Prepare 0.4.43 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1765">chronotope/chrono#1765</a></li> <li>Update copyright year to 2026 in LICENSE.txt by <a href="https://github.com/taozui472"><code>@taozui472</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1767">chronotope/chrono#1767</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chronotope/chrono/commit/45caaa970ce443b11106a710ee24bd2480e5ff99"><code>45caaa9</code></a> Update copyright year to 2026 in LICENSE.txt</li> <li><a href="https://github.com/chronotope/chrono/commit/1c0b8f011ab2f2e53c195df1866a1fb4c7fd193a"><code>1c0b8f0</code></a> Bump version to 0.4.43</li> <li><a href="https://github.com/chronotope/chrono/commit/a03e43b1c3ef3aea77f12200d84144f275560aa9"><code>a03e43b</code></a> Upgrade windows-bindgen to 0.66</li> <li><a href="https://github.com/chronotope/chrono/commit/4fedaba2a214aa560e1c6a70d0a09e6955ed3ff4"><code>4fedaba</code></a> Ignore bincode advisory</li> <li><a href="https://github.com/chronotope/chrono/commit/f4b7bbda679199e7509da813849a10242b2f7aa1"><code>f4b7bbd</code></a> Bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/chronotope/chrono/commit/db129730e8f21ca66b3808c133b7147cbc62fc41"><code>db12973</code></a> Added doctest for the NaiveDate years_since function (<a href="https://redirect.github.com/chronotope/chrono/issues/1755">#1755</a>)</li> <li><a href="https://github.com/chronotope/chrono/commit/34b5f49e9d7cdcabda6eea054609a2ce4ba947f0"><code>34b5f49</code></a> chore: minor improvement for docs</li> <li><a href="https://github.com/chronotope/chrono/commit/8c827116b9d67fe926eceb553ce95656dd7627d0"><code>8c82711</code></a> Bump actions/setup-node from 5 to 6</li> <li><a href="https://github.com/chronotope/chrono/commit/ea1f11b356fde5c2825679378e8ddf6e153942e5"><code>ea1f11b</code></a> Drop deny lints, eager Debug impls are a mixed blessing</li> <li><a href="https://github.com/chronotope/chrono/commit/35f9f2daef4c3132546d0004fdf37284df023fd3"><code>35f9f2d</code></a> Add feature gated defmt support.</li> <li>Additional commits viewable in <a href="https://github.com/chronotope/chrono/compare/v0.4.42...v0.4.43">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-19 06:43:34 +00:00 -
chore(deps): bump ctor from 0.5.0 to 0.6.3 in /codex-rs (#9469)
Bumps [ctor](https://github.com/mmastrac/rust-ctor) from 0.5.0 to 0.6.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/mmastrac/rust-ctor/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-18 22:37:11 -08:00 -
chore(deps): bump arc-swap from 1.7.1 to 1.8.0 in /codex-rs (#9468)
Bumps [arc-swap](https://github.com/vorner/arc-swap) from 1.7.1 to 1.8.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vorner/arc-swap/blob/master/CHANGELOG.md">arc-swap's changelog</a>.</em></p> <blockquote> <h1>1.8.0</h1> <ul> <li>Support for Pin (<a href="https://redirect.github.com/vorner/arc-swap/issues/185">#185</a>, <a href="https://redirect.github.com/vorner/arc-swap/issues/183">#183</a>).</li> <li>Fix (hopefully) crash on ARM (<a href="https://redirect.github.com/vorner/arc-swap/issues/164">#164</a>).</li> <li>Fix Miri check (<a href="https://redirect.github.com/vorner/arc-swap/issues/186">#186</a>, <a href="https://redirect.github.com/vorner/arc-swap/issues/156">#156</a>).</li> <li>Fix support for Rust 1.31.0.</li> <li>Some minor clippy lints.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vorner/arc-swap/commit/2540d266a837143948a0541a05d200fa1087a7db"><code>2540d26</code></a> Version bump to 1.8.0</li> <li><a href="https://github.com/vorner/arc-swap/commit/9981e3af2351d82fe6f77761ee1e4a8479ec1fc7"><code>9981e3a</code></a> Keep "old" Cargo.lock around</li> <li><a href="https://github.com/vorner/arc-swap/commit/57a8abbfc4100d918bcc4511eaa3c61740fe9c10"><code>57a8abb</code></a> Fix documentation links</li> <li><a href="https://github.com/vorner/arc-swap/commit/346c5b642b00acb30ea8756f8186599a30e1edbc"><code>346c5b6</code></a> Fix some clippy warnings</li> <li><a href="https://github.com/vorner/arc-swap/commit/0bd349a56bd448e0712a034f8892edfb6d4a41f2"><code>0bd349a</code></a> Fix support for Rust 1.31.0</li> <li><a href="https://github.com/vorner/arc-swap/commit/57aa5224c19124ad2fa26eae70fa7778dd2224ac"><code>57aa522</code></a> Merge pull request <a href="https://redirect.github.com/vorner/arc-swap/issues/185">#185</a> from SpriteOvO/pin</li> <li><a href="https://github.com/vorner/arc-swap/commit/4c0c4ab3218beeb0ae0b73d00e2a6c71b5b612f3"><code>4c0c4ab</code></a> Implement <code>RefCnt</code> for <code>Pin\<Arc></code> and <code>Pin\<Rc></code></li> <li><a href="https://github.com/vorner/arc-swap/commit/e596275acf37fceceb643a835e8b42563c42d919"><code>e596275</code></a> Avoid warnings about hidden lifetimes</li> <li><a href="https://github.com/vorner/arc-swap/commit/d849a2d17e02b66c58a67f95beff8f072e6a306c"><code>d849a2d</code></a> Use SeqCst in debt-lists</li> <li><a href="https://github.com/vorner/arc-swap/commit/1f9b221da9907d690ff10a119c7d0155e99d09cb"><code>1f9b221</code></a> Merge pull request <a href="https://redirect.github.com/vorner/arc-swap/issues/186">#186</a> from nbdd0121/prov</li> <li>Additional commits viewable in <a href="https://github.com/vorner/arc-swap/compare/v1.7.1...v1.8.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-18 22:25:23 -08:00 -
chore(deps): bump tokio from 1.48.0 to 1.49.0 in /codex-rs (#9467)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.48.0 to 1.49.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.49.0</h2> <h1>1.49.0 (January 3rd, 2026)</h1> <h3>Added</h3> <ul> <li>net: add support for <code>TCLASS</code> option on IPv6 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7781">#7781</a>)</li> <li>runtime: stabilize <code>runtime::id::Id</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7125">#7125</a>)</li> <li>task: implement <code>Extend</code> for <code>JoinSet</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7195">#7195</a>)</li> <li>task: stabilize the <code>LocalSet::id()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7776">#7776</a>)</li> </ul> <h3>Changed</h3> <ul> <li>net: deprecate <code>{TcpStream,TcpSocket}::set_linger</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7752">#7752</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>macros: fix the hygiene issue of <code>join!</code> and <code>try_join!</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7766">#7766</a>)</li> <li>runtime: revert "replace manual vtable definitions with Wake" (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7699">#7699</a>)</li> <li>sync: return <code>TryRecvError::Disconnected</code> from <code>Receiver::try_recv</code> after <code>Receiver::close</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7686">#7686</a>)</li> <li>task: remove unnecessary trait bounds on the <code>Debug</code> implementation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7720">#7720</a>)</li> </ul> <h3>Unstable</h3> <ul> <li>fs: handle <code>EINTR</code> in <code>fs::write</code> for io-uring (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7786">#7786</a>)</li> <li>fs: support io-uring with <code>tokio::fs::read</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7696">#7696</a>)</li> <li>runtime: disable io-uring on <code>EPERM</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7724">#7724</a>)</li> <li>time: add alternative timer for better multicore scalability (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7467">#7467</a>)</li> </ul> <h3>Documented</h3> <ul> <li>docs: fix a typos in <code>bounded.rs</code> and <code>park.rs</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7817">#7817</a>)</li> <li>io: add <code>SyncIoBridge</code> cross-references to <code>copy</code> and <code>copy_buf</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7798">#7798</a>)</li> <li>io: doc that <code>AsyncWrite</code> does not inherit from <code>std::io::Write</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7705">#7705</a>)</li> <li>metrics: clarify that <code>num_alive_tasks</code> is not strongly consistent (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7614">#7614</a>)</li> <li>net: clarify the cancellation safety of the <code>TcpStream::peek</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7305">#7305</a>)</li> <li>net: clarify the drop behavior of <code>unix::OwnedWriteHalf</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7742">#7742</a>)</li> <li>net: clarify the platform-dependent backlog in <code>TcpSocket</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7738">#7738</a>)</li> <li>runtime: mention <code>LocalRuntime</code> in <code>new_current_thread</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7820">#7820</a>)</li> <li>sync: add missing period to <code>mpsc::Sender::try_send</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7721">#7721</a>)</li> <li>sync: clarify the cancellation safety of <code>oneshot::Receiver</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7780">#7780</a>)</li> <li>sync: improve the docs for the <code>errors</code> of mpsc (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7722">#7722</a>)</li> <li>task: add example for <code>spawn_local</code> usage on local runtime (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7689">#7689</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7125">#7125</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7125">tokio-rs/tokio#7125</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7195">#7195</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7195">tokio-rs/tokio#7195</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7305">#7305</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7305">tokio-rs/tokio#7305</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7467">#7467</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7467">tokio-rs/tokio#7467</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7614">#7614</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7614">tokio-rs/tokio#7614</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7686">#7686</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7686">tokio-rs/tokio#7686</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7689">#7689</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7689">tokio-rs/tokio#7689</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/e3b89bbefa7564e2eba2fb9f849ef7bf87d60fad"><code>e3b89bb</code></a> chore: prepare Tokio v1.49.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7824">#7824</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4f577b84e939c8d427d79fdc73919842d8735de2"><code>4f577b8</code></a> Merge 'tokio-1.47.3' into 'master'</li> <li><a href="https://github.com/tokio-rs/tokio/commit/f320197693ee09e28f1fca0e55418081adcdfc25"><code>f320197</code></a> chore: prepare Tokio v1.47.3 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7823">#7823</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/ea6b144cd1042d6841a7830b18f2df77c3db904b"><code>ea6b144</code></a> ci: freeze rustc on nightly-2025-01-25 in <code>netlify.toml</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7652">#7652</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/264e703296bccd6783a438815d91055d4517099b"><code>264e703</code></a> Merge <code>tokio-1.43.4</code> into <code>tokio-1.47.x</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7822">#7822</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/dfb0f00838ca1986dee04a54a6299d35b0a4072c"><code>dfb0f00</code></a> chore: prepare Tokio v1.43.4 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7821">#7821</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4a91f197b03dc335010fffcf0e0c14e1f4011b42"><code>4a91f19</code></a> ci: fix wasm32-wasip1 tests (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7788">#7788</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/601c383ab6def5a6d2f95a434c95a97b65059628"><code>601c383</code></a> ci: upgrade FreeBSD from 14.2 to 14.3 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7758">#7758</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/484cb52d8d21cb8156decbeba9569651fcc09d0d"><code>484cb52</code></a> sync: return <code>TryRecvError::Disconnected</code> from <code>Receiver::try_recv</code> after `Re...</li> <li><a href="https://github.com/tokio-rs/tokio/commit/16f20c34ed9bc11eb1e7cdec441ab844b198d2cd"><code>16f20c3</code></a> rt: mention <code>LocalRuntime</code> in <code>new_current_thread</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7820">#7820</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.48.0...tokio-1.49.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-18 22:24:55 -08:00 -
chore(deps): bump log from 0.4.28 to 0.4.29 in /codex-rs (#9466)
Bumps [log](https://github.com/rust-lang/log) from 0.4.28 to 0.4.29. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/releases">log's releases</a>.</em></p> <blockquote> <h2>0.4.29</h2> <h2>MSRV</h2> <p>This release increases <code>log</code>'s MSRV from <code>1.61.0</code> to <code>1.68.0</code>.</p> <h2>What's Changed</h2> <ul> <li>docs: Add missing impls from README.md by <a href="https://github.com/AldaronLau"><code>@AldaronLau</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/703">rust-lang/log#703</a></li> <li>Point to new URLs for favicon and logo by <a href="https://github.com/AldaronLau"><code>@AldaronLau</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/704">rust-lang/log#704</a></li> <li>perf: reduce llvm-lines of FromStr for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/dishmaker"><code>@dishmaker</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/709">rust-lang/log#709</a></li> <li>Replace serde with serde_core by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/712">rust-lang/log#712</a></li> <li>Fix clippy lints by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/713">rust-lang/log#713</a></li> <li>Use GitHub Actions to install Rust and cargo-hack by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/715">rust-lang/log#715</a></li> <li>Exclude old unstable_kv features from testing matrix by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/716">rust-lang/log#716</a></li> <li>Fix up CI by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/718">rust-lang/log#718</a></li> <li>Prepare for 0.4.29 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/719">rust-lang/log#719</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/AldaronLau"><code>@AldaronLau</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/703">rust-lang/log#703</a></li> <li><a href="https://github.com/dishmaker"><code>@dishmaker</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/709">rust-lang/log#709</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.28...0.4.29">https://github.com/rust-lang/log/compare/0.4.28...0.4.29</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.29] - 2025-12-02</h2> <h2>What's Changed</h2> <ul> <li>perf: reduce llvm-lines of FromStr for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/dishmaker"><code>@dishmaker</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/709">rust-lang/log#709</a></li> <li>Replace serde with serde_core by <a href="https://github.com/Thomasdezeeuw"><code>@Thomasdezeeuw</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/712">rust-lang/log#712</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/AldaronLau"><code>@AldaronLau</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/703">rust-lang/log#703</a></li> <li><a href="https://github.com/dishmaker"><code>@dishmaker</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/709">rust-lang/log#709</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.28...0.4.29">https://github.com/rust-lang/log/compare/0.4.28...0.4.29</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/log/commit/b1e2df7bce7a1b685aa9bfd1db0a5cac1f0fc27d"><code>b1e2df7</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/719">#719</a> from rust-lang/cargo/0.4.29</li> <li><a href="https://github.com/rust-lang/log/commit/3fe1a546dc323e614c35d136920a112406910e06"><code>3fe1a54</code></a> prepare for 0.4.29 release</li> <li><a href="https://github.com/rust-lang/log/commit/7a432d9ab570c49d42fcbd1c3b9e1e300064c2b9"><code>7a432d9</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/718">#718</a> from rust-lang/ci/msrv</li> <li><a href="https://github.com/rust-lang/log/commit/0689d568479bb578f66e48df43628cc04aa6269b"><code>0689d56</code></a> rebump msrv to 1.68.0</li> <li><a href="https://github.com/rust-lang/log/commit/46b448e2a76a14210a7270ec11ad97cb9cbda6dc"><code>46b448e</code></a> try drop msrv back to 1.61.0</li> <li><a href="https://github.com/rust-lang/log/commit/929ab3812e86915bb5edb65609cd6d5cb17939fb"><code>929ab38</code></a> fix up doc test feature gate</li> <li><a href="https://github.com/rust-lang/log/commit/957cece4780cb006cbe2f819bd2f893822aad7cb"><code>957cece</code></a> bump serde-dependent crates</li> <li><a href="https://github.com/rust-lang/log/commit/bea40c847c77ecb7b7e9f2d858a21edaa2aa6159"><code>bea40c8</code></a> bump msrv to 1.68.0</li> <li><a href="https://github.com/rust-lang/log/commit/c540184ee9581d7373135f5511b6b174b5cee2d6"><code>c540184</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/716">#716</a> from rust-lang/ci-smaller-matrix2</li> <li><a href="https://github.com/rust-lang/log/commit/c971e636c4b44ff01ff21e6aa82607272d2d0bf2"><code>c971e63</code></a> Merge branch 'master' into ci-smaller-matrix2</li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/log/compare/0.4.28...0.4.29">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2026-01-18 22:24:34 -08:00 -
fix: fallback to Landlock-only when user namespaces unavailable and set PR_SET_NO_NEW_PRIVS early (#9250)
fixes https://github.com/openai/codex/issues/9236 ### Motivation - Prevent sandbox setup from failing when unprivileged user namespaces are denied so Landlock-only protections can still be applied. - Ensure `PR_SET_NO_NEW_PRIVS` is set before installing seccomp and Landlock restrictions to avoid kernel `EPERM`/`LandlockRestrict` ordering issues. ### Description - Add `is_permission_denied` helper that detects `EPERM` / `PermissionDenied` from `CodexErr` to drive fallback logic. - In `apply_read_only_mounts` skip read-only bind-mount setup and return `Ok(())` when `unshare_user_and_mount_namespaces()` fails with permission-denied so Landlock rules can still be installed. - Add `set_no_new_privs()` and call it from `apply_sandbox_policy_to_current_thread` before installing seccomp filters and Landlock rules when disk or network access is restricted.
viyatb-oai ·
2026-01-14 22:24:34 -08:00