fix(deps): update rust crate tracing-subscriber to v0.3.20

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
tracing-subscriber (source)	dependencies	patch	0.3.3 -> 0.3.20
tracing-subscriber (source)	workspace.dependencies	minor	0.2.18 -> 0.3.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

tokio-rs/tracing (tracing-subscriber)

v0.3.20: tracing-subscriber 0.3.20

Compare Source

Security Fix: ANSI Escape Sequence Injection (CVE-TBD)

Impact

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

• Manipulate terminal title bars
• Clear screens or modify terminal display
• Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

Solution

Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.

Affected Versions

All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.

Recommendations

Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:

• Logs user-provided input (form data, HTTP headers, query parameters, etc.)
• Runs in environments where terminal output is displayed to users

Migration

This is a patch release with no breaking API changes. Simply update your Cargo.toml:

[dependencies]
tracing-subscriber = "0.3.20"

Acknowledgments

We would like to thank zefr0x who responsibly reported the issue at [email protected].

If you believe you have found a security vulnerability in any tokio-rs project, please email us at [email protected].

v0.3.19: tracing-subscriber 0.3.19

Compare Source

[ crates.io ] | [ docs.rs ]

This release updates the tracing dependency to v0.1.41 and
the tracing-serde dependency to v0.2.0.

Added

• Add set_span_events to fmt::Subscriber (#​2962)
• tracing: Allow &[u8] to be recorded as event/span field (#​2954)

Changed

• Set log max level when reloading (#​1270)
• Bump MSRV to 1.63 (#​2793)
• Use const thread_locals when possible (#​2838)
• Don't gate with_ansi() on the "ansi" feature (#​3020)
• Updated tracing-serde to 0.2.0 (#​3160)

v0.3.18: tracing-subscriber 0.3.18

Compare Source

This release of tracing-subscriber adds support for the NO_COLOR environment
variable (an informal standard to disable emitting ANSI color escape codes) in
fmt::Layer, reintroduces support for the chrono crate, and increases the
minimum supported Rust version (MSRV) to Rust 1.63.0.

It also introduces several minor API improvements.

Added

• chrono: Add chrono implementations of FormatTime (#​2690)
• subscriber: Add support for the NO_COLOR environment variable in
  fmt::Layer (#​2647)
• fmt: make format::Writer::new() public (#​2680)
• filter: Implement layer::Filter for Option<Filter> (#​2407)

Changed

• log: bump version of tracing-log to 0.2 (#​2772)
• Increased minimum supported Rust version (MSRV) to 1.63.0+.

Thanks to @​shayne-fletcher, @​dmlary, @​kaifastromai, and @​jsgf for contributing!

v0.3.17: tracing-subscriber 0.3.17

Compare Source

This release of tracing-subscriber fixes a build error when using env-filter
with recent versions of the regex crate. It also introduces several minor API
improvements.

Fixed

• env-filter: Add "unicode-case" and "unicode-perl" to the regex
  dependency, fixing a build error with recent versions of regex (#​2566)
• A number of minor documentation typos and other fixes (#​2384, #​2378,
  #​2368, #​2548)

Added

• filter: Add fmt::Display impl for filter::Targets (#​2343)
• fmt: Made with_ansi(false) no longer require the "ansi" feature, so that
  ANSI formatting escapes can be disabled without requiring ANSI-specific
  dependencies (#​2532)

Changed

• fmt: Dim targets in the Compact formatter, matching the default
  formatter (#​2409)

Thanks to @​keepsimple1, @​andrewhalle, @​LeoniePhiline, @​LukeMathWalker,
@​howardjohn, @​daxpedda, and @​dbidwell94 for contributing to this release!

v0.3.16: tracing-subscriber 0.3.16

Compare Source

This release of tracing-subscriber fixes a regression introduced in
v0.3.15 where Option::None's Layer implementation would
set the max level hint to OFF. In addition, it adds several new APIs,
including the Filter::event_enabled method for filtering events based on
fields values, and the ability to log internal errors that occur when writing a
log line.

This release also replaces the dependency on the unmaintained [ansi-term]
crate with the [nu-ansi-term] crate, resolving an informational security
advisory (RUSTSEC-2021-0139) for [ansi-term]'s maintainance status. This
increases the minimum supported Rust version (MSRV) to Rust 1.50+, although the
crate should still compile for the previous MSRV of Rust 1.49+ when the ansi
feature is not enabled.

Fixed

• layer: Option::None's Layer impl always setting the max_level_hint
  to LevelFilter::OFF (#​2321)
• Compilation with -Z minimal versions (#​2246)
• env-filter: Clarify that disabled level warnings are emitted by
  tracing-subscriber (#​2285)

Added

• fmt: Log internal errors to stderr if writing a log line fails (#​2102)
• fmt: FmtLayer::log_internal_errors and
  FmtSubscriber::log_internal_errors methods for configuring whether internal
  writer errors are printed to stderr (#​2102)
• fmt: #[must_use] attributes on builders to warn if a Subscriber is
  configured but not set as the default subscriber (#​2239)
• filter: Filter::event_enabled method for filtering an event based on its
  fields (#​2245, #​2251)
• filter: Targets::default_level accessor ([#​2242])

Changed

• ansi: Replaced dependency on unmaintained ansi-term crate with
  nu-ansi-term ((#​2287, fixes informational advisory RUSTSEC-2021-0139)
• tracing-core: updated to 0.1.30
• Minimum Supported Rust Version (MSRV) increased to Rust 1.50+ (when the
  ansi) feature flag is enabled (#​2287)

Documented

• fmt: Correct inaccuracies in fmt::init documentation (#​2224)
• filter: Fix incorrect doc link in filter::Not combinator (#​2249)

Thanks to new contributors @​cgbur, @​DesmondWillowbrook, @​RalfJung, and
@​poliorcetics, as well as returning contributors @​CAD97, @​connec, @​jswrenn,
@​guswynn, and @​bryangarza, for contributing to this release!

v0.3.15: tracing-subscriber 0.3.15

Compare Source

This release fixes a bug where the reload layer would fail to pass through
max_level_hint to the underlying layer, potentially breaking filtering.

Fixed

• reload: pass through max_level_hint to the inner Layer (#​2204)

Thanks to @​guswynn for contributing to this release!

v0.3.14: tracing-subscriber 0.3.14

Compare Source

This release fixes multiple filtering bugs in the Layer implementations for
Option<impl Layer> and Vec<impl Layer>.

Fixed

• layer: Layer::event_enabled implementation for Option<impl Layer<S>>
  returning false when the Option is None, disabling all events globally
  (#​2193)
• layer: Layer::max_level_hint implementation for Option<impl Layer<S>>
  incorrectly disabling max level filtering when the option is None (#​2195)
• layer: Layer::max_level_hint implementation for Vec<impl Layer<S>>
  returning LevelFilter::ERROR rather than LevelFilter::OFF when the Vec
  is empty (#​2195)

Thanks to @​CAD97 and @​guswynn for contributing to this release!

v0.3.13: tracing-subscriber 0.3.13

Compare Source

This release of tracing-subscriber fixes a compilation failure due to an
incorrect tracing-core dependency that was introduced in v0.3.12.

Changed

• tracing_core: Updated minimum dependency version to 0.1.28 (#​2190)

v0.3.12: tracing-subscriber 0.3.12

Compare Source

This release of tracing-subscriber adds a new Layer::event_enabled method,
which allows Layers to filter events after their field values are recorded;
a Filter implementation for reload::Layer, to make using reload with
per-layer filtering more ergonomic, and additional inherent method downcasting
APIs for the Layered type. In addition, it includes dependency updates, and
minor fixes for documentation and feature flagging.

Added

• layer: Layer::event_enabled method, which can be implemented to filter
  events based on their field values (#​2008)
• reload: Filter implementation for reload::Layer (#​2159)
• layer: Layered::downcast_ref and Layered::is inherent methods
  (#​2160)

Changed

• parking_lot: Updated dependency on parking_lot to 0.13.0 (#​2143)
• Replaced lazy_static dependency with once_cell ([#​2147])

Fixed

• Don't enable tracing-core features by default (#​2107)
• Several documentation link and typo fixes (#​2064, #​2068, #[2077], #​2161,
  #​1088)

Thanks to @​ben0x539, @​jamesmunns, @​georgemp, @​james7132, @​jswrenn, @​CAD97, and
@​guswynn for contributing to this release!

v0.3.11: tracing-subscriber 0.3.11

Compare Source

This is a bugfix release for the Filter implementation for EnvFilter added
in v0.3.10.

Fixed

• env-filter: Added missing Filter::on_record callback to EnvFilter's
  Filter impl (#​2058)
• env-filter: Fixed method resolution issues when calling EnvFilter
  methods with both the Filter and Layer traits in scope (#​2057)
• env-filter: Fixed EnvFilter::builder().parse() and other parsing methods
  returning an error when parsing an empty string (#​2052)

Thanks to new contributor @​Ma124 for contributing to this release!

v0.3.10: tracing-subscriber 0.3.10

Compare Source

This release adds several new features, including a Filter implementation and
new builder API for EnvFilter, support for using a Vec<L> where L: Layer as
a Layer, and a number of smaller API improvements to make working with dynamic
and reloadable layers easier.

Added

• registry: Implement Filter for EnvFilter, allowing it to be used with
  per-layer filtering (#​1983)
• registry: Filter::on_new_span, Filter::on_enter,
  Filter::on_exit, Filter::on_close and Filter::on_record callbacks to
  allow Filters to track span states internally (#​1973, #​2017, #​2031)
• registry: Filtered::filter and Filtered::filter_mut accessors
  (#​1959)
• registry: Filtered::inner and Filtered::inner_mut accessors to borrow
  the wrapped Layer (#​2034)
• layer: Implement Layer for Vec<L: Layer>, to allow composing together
  a dynamically sized list of Layers (#​2027)
• layer: Layer::boxed method to make type-erasing Layers easier
  (#​2026)
• fmt: fmt::Layer::writer and fmt::Layer::writer_mut accessors (#​2034)
• fmt: fmt::Layer::set_ansi method to allow changing the ANSI formatting
  configuration at runtime (#​2034)
• env-filter: EnvFilter::builder to configure a new EnvFilter prior to
  parsing it (#​2035)
• Several documentation fixes and improvements (#​1972, #​1971, #​2023,
  #​2023)

Fixed

• fmt: fmt::Layer's auto traits no longer depend on the Subscriber type
  parameter's auto traits (#​2025)
• env-filter: Fixed missing help text when the ansi feature is disabled
  (#​2029)

Thanks to new contributors @​TimoFreiberg and @​wagenet, as well as @​CAD97 for
contributing to this release!

v0.3.9: tracing-subscriber 0.3.9

Compare Source

This release updates the minimum supported Rust version (MSRV) to 1.49.0, and
updates the (optional) dependency on parking_lot to v0.12.

Changed

• Updated minimum supported Rust version (MSRV) to 1.49.0 (#​1913)
• parking_lot: updated to v0.12 (008339d)

Added

• fmt: Documentation improvements (#​1926, #​1927)

v0.3.8: tracing-subscriber 0.3.8

Compare Source

This release adds experimental support for recording structured field
values using the valuable crate to the format::Json formatter. In
particular, user-defined types which are recorded using their
valuable::Valuable implementations will be serialized as JSON objects,
rather than using their fmt::Debug representation. See this blog post
for details on valuable.

Note that valuable support currently requires --cfg tracing_unstable. See
the documentation for details.

Additionally, this release includes a number of other smaller API improvements.

Added

• json: Experimental support for recording valuable values as structured
  JSON (#​1862, #​1901)
• filter: Targets::would_enable method for testing if a Targets filter
  would enable a given target (#​1903)
• fmt: map_event_format, map_fmt_fields, and map_writer methods to
  fmt::Layer and fmt::SubscriberBuilder (#​1871)

Changed

• tracing-core: updated to 0.1.22

Fixed

• Set smallvec minimal version to 1.2.0, to fix compilation errors with -Z minimal-versions (#​1890)
• Minor documentation fixes (#​1902, #​1893)

Thanks to @​guswynn, @​glts, and @​lilyball for contributing to this release!

v0.3.7: tracing-subscriber 0.3.7

Compare Source

This release adds combinators for combining filters.

Additionally, this release also updates the thread-local crate to v1.1.4,
fixing warnings for the security advisory RUSTSEC-2022-0006. Note that
previous versions of tracing-subscriber did not use any of the thread-local
crate's APIs effected by the vulnerability. However, updating the version fixes
warnings emitted by cargo audit and similar tools.

Added

• filter: Added combinators for combining filters (#​1578)

Fixed

• registry: Updated thread-local to v1.1.4 (#​1858)

Thanks to new contributor @​matze for contributing to this release!

v0.3.6: tracing-subscriber 0.3.6

Compare Source

This release adds configuration options to tracing_subscriber::fmt to log
source code locations for events.

Added

• fmt: Added with_file and with_line_number
  configuration methods to fmt::Format, fmt::SubscriberBuilder, and
  fmt::Layer (#​1773)

Fixed

• fmt: Removed incorrect leading comma from span fields with the Pretty
  formatter (#​1833)

Deprecated

• fmt: Deprecated Pretty::with_source_location, as it can now be replaced
  by the more general Format, SubscriberBuilder, and Layer methods
  (#​1773)

Thanks to new contributor @​renecouto for contributing to this release!

v0.3.5: tracing-subscriber 0.3.5

Compare Source

This release re-enables RUST_LOG filtering in tracing_subscriber::fmt's
default initialization methods, and adds an OffsetLocalTime formatter for
using local timestamps with the time crate.

Added

• fmt: Added OffsetLocalTime formatter to fmt::time for formatting local
  timestamps with a fixed offset (#​1772)

Fixed

• fmt: Added a Targets filter to fmt::init() and fmt::try_init() when
  the "env-filter" feature is disabled, so that RUST_LOG is still honored
  (#​1781)

Thanks to @​marienz and @​ishitatsuyuki for contributing to this release!

v0.3.4: tracing-subscriber 0.3.4

Compare Source

This release contains bugfixes for the fmt module, as well as documentation
improvements.

Fixed

• fmt: Fixed fmt not emitting log lines when timestamp formatting fails
  (#​1689)
• fmt: Fixed double space before thread IDs with Pretty formatter
  (#​1778)
• Several documentation improvements (#​1608, #​1699, #​1701)

Thanks to new contributors @​Swatinem and @​rukai for contributing to this
release!

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/agent/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path src/agent/Cargo.toml --workspace
info: syncing channel updates for '1.85.1-x86_64-unknown-linux-gnu'
info: latest update on 2025-03-18, rust version 1.85.1 (4eb161250 2025-03-15)
info: downloading component 'cargo'
error: component download failed for cargo-x86_64-unknown-linux-gnu: error opening file for download: cleaning up cached downloads: No such file or directory (os error 2)

File name: src/tools/trace-forwarder/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path src/tools/trace-forwarder/Cargo.toml --workspace
info: syncing channel updates for '1.85.1-x86_64-unknown-linux-gnu'
info: latest update on 2025-03-18, rust version 1.85.1 (4eb161250 2025-03-15)
info: downloading component 'cargo'
error: component download failed for cargo-x86_64-unknown-linux-gnu: error opening file for download: cleaning up cached downloads: No such file or directory (os error 2)

[littlejawa]

/hold