Skip to content

Commit

Permalink
Work on NEWS and cran-comments
Browse files Browse the repository at this point in the history
  • Loading branch information
jennybc committed Mar 13, 2019
1 parent 1f75bd2 commit 1fcae56
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 17 deletions.
2 changes: 1 addition & 1 deletion NEWS.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# readxl 1.3.1

Pragmatic patch release to update some tests in advance of a patch release of the tibble package, that tweaks name repair (standard suffix becomes `...j`, instead of `..j`).
Pragmatic patch release to update some tests in advance of v2.1.0 of the tibble package. That release updates name repair: standard suffix becomes `...j`, instead of `..j`, partially motivated by user experience in readxl.

# readxl 1.3.0

Expand Down
24 changes: 8 additions & 16 deletions cran-comments.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,23 @@
- R 3.1.3, 3.2.5, 3.3.3
- R-oldrel = R 3.4.4
- R-release = R 3.5.2
- R-devel = (unstable) (2019-02-12 r76095)
- R-devel = (unstable) (2019-03-09 r76216)
* local Windows 10 VM, R 3.5.2
* Windows Server 2012 + 3.5.2 Patched (2019-02-05 r76086) via appveyor
* Windows + R 3.5.2 & Under development (unstable) (2019-02-11 r76086) via win-builder
* Windows Server 2012 + R 3.5.3 Patched (2019-03-11 r76221) via appveyor
* Windows + R Under development (unstable) (2019-03-12 r76226) via win-builder

## R CMD check results

The main reason for this release is to embed an updated version of libxls. It has recently had its first official release in years (v1.5.0) and this release addresses two recently reported CVEs:
The only reason for this release is adapt a few tests for a patch release of tibble that is imminent. Otherwise the only change since readxl v1.3.0 is that I updated a few URLs.

* CVE-2018-20452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452
* CVE-2018-20450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450
Repeating an explanation from my v1.3.0 submission:

I see no errors, warnings, or notes for readxl. On some platforms, some of the time, we get this NOTE. This has always been the case; it's just a fact that we embed some fairly large libraries to parse both xls and xlsx.

N checking installed package size
installed size is XMb
sub-directories of 1Mb or more:
libs YMb

The current CRAN results show a NOTE on some platforms about "Namespace in Imports field not imported from: 'progress'". I now list 'progress' only in LinkingTo (no longer in Imports), which reflects how it's actually used.

There is a memo from clang-UBSAN memtests from the UndefinedBehaviorSanitizer. There's an instance of "outside the range of representable values of type 'int'", emanating from embedded libxls code. I've reported this upstream and we've all taken a look at it. This code has been present in this exact form for at least one readxl release and in equivalent form since readxl first appeared on CRAN. This bit of libxls code may eventually be reworked but I believe there is nothing urgent about it.
There is a memo from clang-UBSAN memtests from the UndefinedBehaviorSanitizer. There's an instance of "outside the range of representable values of type 'int'", emanating from embedded libxls code. I've reported this upstream and we've all taken a look at it. This code has been present in this exact form for at least one readxl release and in equivalent form since readxl first appeared on CRAN. This bit of libxls code will likely be reworked in the next libxls release. I believe there is nothing urgent about it. readxl does not access the data affected by this.

## Reverse dependencies

I did not rerun revdeps, since I did it so recently and no readxl code has changed. I repeat results from the recent v1.3.0 release of readxl.

## revdepcheck results

We checked 91 reverse dependencies (83 from CRAN + 8 from BioConductor), comparing R CMD check results across CRAN and dev versions of this package.
Expand Down

0 comments on commit 1fcae56

Please sign in to comment.