Skip to content

Update font dependencies: read-fonts 0.38.0, write-fonts 0.46.0 #290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
solarhell merged 1 commit into from
Mar 23, 2026
Merged

Update font dependencies: read-fonts 0.38.0, write-fonts 0.46.0 #290

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 58 additions & 58 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,58 +1,58 @@
[package]
name = "font_obfuscator"
version = "0.1.0"
edition = "2024"
[dependencies]
axum = "0.8.8"
tokio = { version = "1.50.0", features = ["full"] }
serde = { version = "1.0.228", features = ["derive"] }
serde_json = "1.0.149"
font-types = "0.11.0"
read-fonts = "0.37.0"
write-fonts = "0.45.0"
base64 = "0.22.1"
uuid = { version = "1.22.0", features = ["v4"] }
rand = "0.10.0"
thiserror = "2.0.18"
tower-http = { version = "0.6.8", features = ["cors"] }
tracing = "0.1.44"
tracing-subscriber = "0.3.22"
ttf2woff2 = { version = "0.11.0", default-features = false }
[dev-dependencies]
tempfile = "3"
[lints.rust]
unsafe_code = "forbid"
unused_must_use = "deny"
missing_debug_implementations = "warn"
[lints.clippy]
# 正确性
correctness = { level = "deny", priority = -1 }
# 性能
perf = { level = "warn", priority = -1 }
# 可疑代码
suspicious = { level = "warn", priority = -1 }
# 生产级严格 lint
enum_glob_use = "warn"
cast_possible_truncation = "warn"
cast_sign_loss = "warn"
cast_possible_wrap = "warn"
needless_pass_by_value = "warn"
redundant_closure_for_method_calls = "warn"
cloned_instead_of_copied = "warn"
inefficient_to_string = "warn"
semicolon_if_nothing_returned = "warn"
uninlined_format_args = "warn"
trivially_copy_pass_by_ref = "warn"
implicit_clone = "warn"
manual_let_else = "warn"
unused_self = "warn"
return_self_not_must_use = "warn"
doc_markdown = "warn"
needless_raw_string_hashes = "warn"
[package]
name = "font_obfuscator"
version = "0.1.0"
edition = "2024"

[dependencies]
axum = "0.8.8"
tokio = { version = "1.50.0", features = ["full"] }
serde = { version = "1.0.228", features = ["derive"] }
serde_json = "1.0.149"
font-types = "0.11.1"
read-fonts = "0.38.0"
write-fonts = "0.46.0"
Comment on lines +11 to +13
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

read-fonts 0.38.0 changelog breaking changes

💡 Result:

No public changelog or specific breaking changes found for read-fonts version 0.38.0. The latest released version on crates.io is 0.37.0 (published 2026-01-07). Version 0.38.0 does not appear in crates.io version history, docs.rs documentation, or the project repository https://github.com/googlefonts/fontations releases/tags. References to 0.38.0 exist in forks like fontcull-read-fonts (likely a dependency fork) and a yanked skrifa 0.38.0 that exposed breaking changes in related crates (read-fonts 0.35.1 also yanked), but no details or official release for read-fonts 0.38.0 as of 2026-03-23.

Citations:

🌐 Web query:

write-fonts 0.46.0 changelog breaking changes

💡 Result:

No changelog or breaking changes found for write-fonts version 0.46.0. The latest released version on crates.io is 0.45.0 (published 2026-01-07). The GitHub repository (googlefonts/fontations) lists tags up to write-fonts-v0.45.0, with no releases or tags for 0.46.0 as of 2026-03-23. Version lists on crates.io and licenses.dev also do not include 0.46.0.

Citations:

🏁 Script executed:

#!/bin/bash
# 描述:检查 font-types、read-fonts 和 write-fonts 的安全公告

for package in "font-types" "read-fonts" "write-fonts"; do
  echo "=== Checking security advisories for $package ==="
  gh api graphql -f query='
  {
    securityVulnerabilities(first: 5, ecosystem: RUST, package: "'"$package"'") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }'
done

Repository: solarhell/font_obfuscator

Length of output: 672

🏁 Script executed:

cat -n Cargo.toml | head -30

Repository: solarhell/font_obfuscator

Length of output: 983

🏁 Script executed:

grep -r "read-fonts\|write-fonts" --include="*.toml" --include="*.rs"

Repository: solarhell/font_obfuscator

Length of output: 298

修正依赖版本号:指定的 read-fonts 和 write-fonts 版本在官方仓库中不存在。

Cargo.toml 指定的 read-fonts 0.38.0 和 write-fonts 0.46.0 在 crates.io 中不存在。根据官方记录,这些库的最新版本分别为 0.37.0 和 0.45.0(均发布于 2026-01-07)。项目将无法通过版本解析,导致编译失败。

请更正版本号为存在的版本,或说明这些是否为预发布版本/本地依赖。

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Cargo.toml` around lines 11 - 13, Cargo.toml lists non-existent versions for
the crates; update the dependency versions for read-fonts and write-fonts to the
published versions (read-fonts = "0.37.0" and write-fonts = "0.45.0") or
explicitly mark them as pre-release/path/git dependencies if you intended to use
unpublished builds; locate the read-fonts and write-fonts entries in Cargo.toml
and either change the version strings to "0.37.0" and "0.45.0" respectively or
replace them with proper git/path specifications and add a brief comment
explaining the choice.

base64 = "0.22.1"
uuid = { version = "1.22.0", features = ["v4"] }
rand = "0.10.0"
thiserror = "2.0.18"
tower-http = { version = "0.6.8", features = ["cors"] }
tracing = "0.1.44"
tracing-subscriber = "0.3.23"
ttf2woff2 = { version = "0.11.0", default-features = false }

[dev-dependencies]
tempfile = "3"

[lints.rust]
unsafe_code = "forbid"
unused_must_use = "deny"
missing_debug_implementations = "warn"

[lints.clippy]
# 正确性
correctness = { level = "deny", priority = -1 }

# 性能
perf = { level = "warn", priority = -1 }

# 可疑代码
suspicious = { level = "warn", priority = -1 }

# 生产级严格 lint
enum_glob_use = "warn"
cast_possible_truncation = "warn"
cast_sign_loss = "warn"
cast_possible_wrap = "warn"
needless_pass_by_value = "warn"
redundant_closure_for_method_calls = "warn"
cloned_instead_of_copied = "warn"
inefficient_to_string = "warn"
semicolon_if_nothing_returned = "warn"
uninlined_format_args = "warn"
trivially_copy_pass_by_ref = "warn"
implicit_clone = "warn"
manual_let_else = "warn"
unused_self = "warn"
return_self_not_must_use = "warn"
doc_markdown = "warn"
needless_raw_string_hashes = "warn"