diff --git a/NEWS.md b/NEWS.md index 76555e28..4d221489 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,6 +1,6 @@ # readxl 1.3.1 -Pragmatic patch release to update some tests in advance of a patch release of the tibble package, that tweaks name repair (standard suffix becomes `...j`, instead of `..j`). +Pragmatic patch release to update some tests in advance of v2.1.0 of the tibble package. That release updates name repair: standard suffix becomes `...j`, instead of `..j`, partially motivated by user experience in readxl. # readxl 1.3.0 diff --git a/cran-comments.md b/cran-comments.md index a3484cae..f44c3f01 100644 --- a/cran-comments.md +++ b/cran-comments.md @@ -7,31 +7,23 @@ - R 3.1.3, 3.2.5, 3.3.3 - R-oldrel = R 3.4.4 - R-release = R 3.5.2 - - R-devel = (unstable) (2019-02-12 r76095) + - R-devel = (unstable) (2019-03-09 r76216) * local Windows 10 VM, R 3.5.2 -* Windows Server 2012 + 3.5.2 Patched (2019-02-05 r76086) via appveyor -* Windows + R 3.5.2 & Under development (unstable) (2019-02-11 r76086) via win-builder +* Windows Server 2012 + R 3.5.3 Patched (2019-03-11 r76221) via appveyor +* Windows + R Under development (unstable) (2019-03-12 r76226) via win-builder ## R CMD check results -The main reason for this release is to embed an updated version of libxls. It has recently had its first official release in years (v1.5.0) and this release addresses two recently reported CVEs: +The only reason for this release is adapt a few tests for a patch release of tibble that is imminent. Otherwise the only change since readxl v1.3.0 is that I updated a few URLs. - * CVE-2018-20452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452 - * CVE-2018-20450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450 +Repeating an explanation from my v1.3.0 submission: -I see no errors, warnings, or notes for readxl. On some platforms, some of the time, we get this NOTE. This has always been the case; it's just a fact that we embed some fairly large libraries to parse both xls and xlsx. - -N checking installed package size - installed size is XMb - sub-directories of 1Mb or more: - libs YMb - -The current CRAN results show a NOTE on some platforms about "Namespace in Imports field not imported from: 'progress'". I now list 'progress' only in LinkingTo (no longer in Imports), which reflects how it's actually used. - -There is a memo from clang-UBSAN memtests from the UndefinedBehaviorSanitizer. There's an instance of "outside the range of representable values of type 'int'", emanating from embedded libxls code. I've reported this upstream and we've all taken a look at it. This code has been present in this exact form for at least one readxl release and in equivalent form since readxl first appeared on CRAN. This bit of libxls code may eventually be reworked but I believe there is nothing urgent about it. +There is a memo from clang-UBSAN memtests from the UndefinedBehaviorSanitizer. There's an instance of "outside the range of representable values of type 'int'", emanating from embedded libxls code. I've reported this upstream and we've all taken a look at it. This code has been present in this exact form for at least one readxl release and in equivalent form since readxl first appeared on CRAN. This bit of libxls code will likely be reworked in the next libxls release. I believe there is nothing urgent about it. readxl does not access the data affected by this. ## Reverse dependencies +I did not rerun revdeps, since I did it so recently and no readxl code has changed. I repeat results from the recent v1.3.0 release of readxl. + ## revdepcheck results We checked 91 reverse dependencies (83 from CRAN + 8 from BioConductor), comparing R CMD check results across CRAN and dev versions of this package.