diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..58dfc30 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "rust-analyzer.server.extraEnv": { "RUSTUP_TOOLCHAIN": "stable" } +} \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index a984dd0..8758b64 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -266,6 +266,15 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "basic-toml" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8" +dependencies = [ + "serde", +] + [[package]] name = "bcrypt-pbkdf" version = "0.10.0" @@ -352,9 +361,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.16.1" +version = "1.16.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" +checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83" [[package]] name = "byteorder" @@ -400,12 +409,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -510,7 +520,7 @@ dependencies = [ "anstream", "anstyle", "clap_lex", - "strsim", + "strsim 0.10.0", ] [[package]] @@ -531,7 +541,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -659,10 +669,11 @@ dependencies = [ [[package]] name = "criterion-cycles-per-byte" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5281161544b8f2397e14942c2045efa3446470348121a65c37263f8e76c1e2ff" +checksum = "1029452fa751c93f8834962dd74807d69f0a6c7624d5b06625b393aeb6a14fc2" dependencies = [ + "cfg-if", "criterion", ] @@ -760,16 +771,17 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "dashmap" -version = "5.5.3" +version = "6.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" +checksum = "804c8821570c3f8b70230c2ba75ffa5c0f9a4189b9a432b6656c536712acae28" dependencies = [ "cfg-if", + "crossbeam-utils", "hashbrown", "lock_api", "once_cell", @@ -815,14 +827,14 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "either" @@ -879,14 +891,14 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" -version = "0.2.23" +version = "0.2.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" +checksum = "bf401df4a4e3872c4fe8151134cf483738e74b67fc934d6532c882b3d24a4550" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.4.1", - "windows-sys 0.52.0", + "libredox", + "windows-sys 0.59.0", ] [[package]] @@ -895,7 +907,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59a98bbaacea1c0eb6a0876280051b892eb73594fd90cf3b20e9c817029c57d2" dependencies = [ - "toml 0.5.11", + "toml", ] [[package]] @@ -1053,7 +1065,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1173,6 +1185,12 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +[[package]] +name = "hermit-abi" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" + [[package]] name = "hex" version = "0.4.3" @@ -1224,23 +1242,23 @@ dependencies = [ [[package]] name = "i18n-config" -version = "0.4.5" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6691f16c6a35c1bb99a0f01aa39dd2b884d342b646689e9b8e4d51faf2cfdbd9" +checksum = "8e88074831c0be5b89181b05e6748c4915f77769ecc9a4c372f88b169a8509c9" dependencies = [ + "basic-toml", "log", "serde", "serde_derive", "thiserror", - "toml 0.7.6", "unic-langid", ] [[package]] name = "i18n-embed" -version = "0.14.1" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c" +checksum = "e901c87176ac0b615033c81dbe927c230f74700abfd60ed953a6f547c87bbe6d" dependencies = [ "arc-swap", "fluent", @@ -1260,9 +1278,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.8.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" +checksum = "d73fe51b9655599147183495551696628b335f75b2dbfa225196b16d69d7288e" dependencies = [ "dashmap", "find-crate", @@ -1274,8 +1292,8 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "strsim", - "syn 2.0.72", + "strsim 0.11.1", + "syn 2.0.75", "unic-langid", ] @@ -1289,7 +1307,7 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1317,9 +1335,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.6" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c" dependencies = [ "equivalent", "hashbrown", @@ -1380,11 +1398,11 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ - "hermit-abi", + "hermit-abi 0.4.0", "libc", "windows-sys 0.52.0", ] @@ -1433,9 +1451,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libm" @@ -1443,6 +1461,17 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +[[package]] +name = "libredox" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +dependencies = [ + "bitflags 2.6.0", + "libc", + "redox_syscall", +] + [[package]] name = "linux-raw-sys" version = "0.4.14" @@ -1618,7 +1647,7 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", ] @@ -1653,9 +1682,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.2" +version = "0.36.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" +checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" dependencies = [ "memchr", ] @@ -1680,12 +1709,12 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "os_pipe" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29d73ba8daf8fac13b0501d1abeddcfe21ba7401ada61a819144b6c2a4f32209" +checksum = "5ffd2b0a5634335b135d5728d84c5e0fd726954b87111f7506a61c502280d982" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -1716,7 +1745,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.3", + "redox_syscall", "smallvec", "windows-targets 0.52.6", ] @@ -1777,7 +1806,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1908,9 +1937,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy 0.7.35", +] [[package]] name = "proc-macro-error" @@ -2076,15 +2108,6 @@ dependencies = [ "crossbeam-utils", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "redox_syscall" version = "0.5.3" @@ -2125,9 +2148,9 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.45" +version = "0.8.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ade4539f42266ded9e755c605bdddf546242b2c961b03b06a7375260788a0523" +checksum = "0f86ae463694029097b846d8f99fd5536740602ae00022c0c50c5600720b2f71" dependencies = [ "bytemuck", ] @@ -2199,7 +2222,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.72", + "syn 2.0.75", "walkdir", ] @@ -2332,31 +2355,32 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "serde_json" -version = "1.0.120" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -2494,6 +2518,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "subtle" version = "2.6.1" @@ -2535,9 +2565,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" dependencies = [ "proc-macro2", "quote", @@ -2594,7 +2624,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2605,7 +2635,7 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "test-case-core", ] @@ -2626,7 +2656,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2693,7 +2723,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2705,18 +2735,6 @@ dependencies = [ "serde", ] -[[package]] -name = "toml" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" -dependencies = [ - "serde", - "serde_spanned", - "toml_datetime", - "toml_edit", -] - [[package]] name = "toml_datetime" version = "0.6.3" @@ -2875,7 +2893,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-shared", ] @@ -2897,7 +2915,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2948,11 +2966,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -2997,6 +3015,15 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -3229,6 +3256,7 @@ version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ + "byteorder", "zerocopy-derive 0.7.35", ] @@ -3240,7 +3268,7 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3251,7 +3279,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3271,7 +3299,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3315,9 +3343,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" +checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa" dependencies = [ "cc", "pkg-config", diff --git a/Cargo.toml b/Cargo.toml index 86cb889..1e24c15 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,8 +54,8 @@ subtle = "2" zeroize = "1" # Localization -i18n-embed = { version = "0.14", features = ["fluent-system"] } -i18n-embed-fl = "0.8" +i18n-embed = { version = "0.15", features = ["fluent-system"] } +i18n-embed-fl = "0.9" lazy_static = "1" rust-embed = "8" diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index ab7b138..9186e0f 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -16,6 +16,7 @@ to 1.0.0 are beta releases. - Partial French translation! ### Changed +- Migrated to `i18n-embed 0.15`. - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: diff --git a/age/src/i18n.rs b/age/src/i18n.rs index ebe5439..fb1c9f1 100644 --- a/age/src/i18n.rs +++ b/age/src/i18n.rs @@ -16,7 +16,7 @@ lazy_static! { // Ensure that the fallback language is always loaded, even if the library user // doesn't call `localizer().select(languages)`. let fallback: LanguageIdentifier = "en-US".parse().unwrap(); - language_loader.load_languages(&Localizations, &[&fallback]).unwrap(); + language_loader.load_languages(&Localizations, &[fallback]).unwrap(); language_loader }; } diff --git a/supply-chain/config.toml b/supply-chain/config.toml index a04aab5..86bb2aa 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -97,6 +97,10 @@ criteria = "safe-to-run" version = "1.6.0" criteria = "safe-to-deploy" +[[exemptions.basic-toml]] +version = "0.1.9" +criteria = "safe-to-deploy" + [[exemptions.bcrypt-pbkdf]] version = "0.10.0" criteria = "safe-to-deploy" @@ -105,10 +109,6 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.block]] version = "0.1.6" criteria = "safe-to-deploy" @@ -137,6 +137,10 @@ criteria = "safe-to-deploy" version = "0.1.2" criteria = "safe-to-deploy" +[[exemptions.cc]] +version = "1.1.14" +criteria = "safe-to-deploy" + [[exemptions.chacha20]] version = "0.9.1" criteria = "safe-to-deploy" @@ -217,16 +221,12 @@ criteria = "safe-to-deploy" version = "0.2.2" criteria = "safe-to-deploy" -[[exemptions.crc32fast]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.criterion]] version = "0.3.6" criteria = "safe-to-run" [[exemptions.criterion-cycles-per-byte]] -version = "0.6.0" +version = "0.6.1" criteria = "safe-to-run" [[exemptions.criterion-plot]] @@ -254,7 +254,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.dashmap]] -version = "5.5.3" +version = "6.0.1" criteria = "safe-to-deploy" [[exemptions.der]] @@ -270,7 +270,7 @@ version = "0.2.5" criteria = "safe-to-deploy" [[exemptions.dunce]] -version = "1.0.4" +version = "1.0.5" criteria = "safe-to-run" [[exemptions.encode_unicode]] @@ -282,7 +282,7 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.filetime]] -version = "0.2.23" +version = "0.2.24" criteria = "safe-to-deploy" [[exemptions.find-crate]] @@ -293,10 +293,6 @@ criteria = "safe-to-deploy" version = "0.10.2" criteria = "safe-to-run" -[[exemptions.flate2]] -version = "1.0.28" -criteria = "safe-to-deploy" - [[exemptions.fluent]] version = "0.16.1" criteria = "safe-to-deploy" @@ -357,6 +353,10 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" +[[exemptions.hermit-abi]] +version = "0.4.0" +criteria = "safe-to-deploy" + [[exemptions.hkdf]] version = "0.12.4" criteria = "safe-to-deploy" @@ -374,15 +374,15 @@ version = "1.1.1" criteria = "safe-to-run" [[exemptions.i18n-config]] -version = "0.4.5" +version = "0.4.7" criteria = "safe-to-deploy" [[exemptions.i18n-embed]] -version = "0.14.1" +version = "0.15.0" criteria = "safe-to-deploy" [[exemptions.i18n-embed-fl]] -version = "0.8.0" +version = "0.9.1" criteria = "safe-to-deploy" [[exemptions.i18n-embed-impl]] @@ -394,8 +394,8 @@ version = "0.1.60" criteria = "safe-to-deploy" [[exemptions.indexmap]] -version = "2.2.6" -criteria = "safe-to-deploy" +version = "2.4.0" +criteria = "safe-to-run" [[exemptions.inferno]] version = "0.11.17" @@ -410,7 +410,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.is-terminal]] -version = "0.4.12" +version = "0.4.13" criteria = "safe-to-deploy" [[exemptions.jobserver]] @@ -422,13 +422,17 @@ version = "0.3.60" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.155" +version = "0.2.158" criteria = "safe-to-deploy" [[exemptions.libm]] version = "0.2.2" criteria = "safe-to-deploy" +[[exemptions.libredox]] +version = "0.0.1" +criteria = "safe-to-deploy" + [[exemptions.linux-raw-sys]] version = "0.4.14" criteria = "safe-to-deploy" @@ -453,10 +457,6 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" -[[exemptions.miniz_oxide]] -version = "0.7.4" -criteria = "safe-to-deploy" - [[exemptions.nix]] version = "0.26.1" criteria = "safe-to-deploy" @@ -486,7 +486,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.36.2" +version = "0.36.3" criteria = "safe-to-run" [[exemptions.once_cell]] @@ -494,7 +494,7 @@ version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.os_pipe]] -version = "1.2.0" +version = "1.2.1" criteria = "safe-to-run" [[exemptions.page_size]] @@ -566,7 +566,7 @@ version = "0.13.0" criteria = "safe-to-run" [[exemptions.ppv-lite86]] -version = "0.2.16" +version = "0.2.20" criteria = "safe-to-deploy" [[exemptions.proc-macro-error]] @@ -589,10 +589,6 @@ criteria = "safe-to-run" version = "0.8.5" criteria = "safe-to-deploy" -[[exemptions.redox_syscall]] -version = "0.4.1" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.5.3" criteria = "safe-to-deploy" @@ -610,7 +606,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.45" +version = "0.8.48" criteria = "safe-to-run" [[exemptions.roff]] @@ -683,7 +679,7 @@ criteria = "safe-to-deploy" [[exemptions.serde_spanned]] version = "0.6.3" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.sha1]] version = "0.10.6" @@ -693,6 +689,10 @@ criteria = "safe-to-deploy" version = "0.10.8" criteria = "safe-to-deploy" +[[exemptions.shlex]] +version = "1.3.0" +criteria = "safe-to-deploy" + [[exemptions.similar]] version = "2.6.0" criteria = "safe-to-run" @@ -725,6 +725,10 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" +[[exemptions.strsim]] +version = "0.11.1" +criteria = "safe-to-deploy" + [[exemptions.symbolic-common]] version = "12.10.0" criteria = "safe-to-run" @@ -738,7 +742,7 @@ version = "1.0.102" criteria = "safe-to-deploy" [[exemptions.syn]] -version = "2.0.72" +version = "2.0.75" criteria = "safe-to-deploy" [[exemptions.tar]] @@ -785,13 +789,9 @@ criteria = "safe-to-run" version = "0.5.9" criteria = "safe-to-deploy" -[[exemptions.toml]] -version = "0.7.6" -criteria = "safe-to-deploy" - [[exemptions.toml_edit]] version = "0.19.14" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.trycmd]] version = "0.14.16" @@ -834,7 +834,7 @@ version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] -version = "0.2.89" +version = "0.2.88" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro]] @@ -842,7 +842,7 @@ version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.web-sys]] -version = "0.3.66" +version = "0.3.65" criteria = "safe-to-deploy" [[exemptions.which]] @@ -858,7 +858,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.8" +version = "0.1.9" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -875,7 +875,7 @@ criteria = "safe-to-deploy" [[exemptions.winnow]] version = "0.5.40" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.wsl]] version = "0.1.0" @@ -885,17 +885,13 @@ criteria = "safe-to-deploy" version = "2.0.1" criteria = "safe-to-deploy" -[[exemptions.xattr]] -version = "1.3.1" -criteria = "safe-to-deploy" - [[exemptions.zerocopy]] version = "0.6.6" criteria = "safe-to-deploy" [[exemptions.zerocopy]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.6.6" @@ -903,7 +899,7 @@ criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zeroize]] version = "1.8.1" @@ -926,5 +922,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index e84f19a..294cef0 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -36,6 +36,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-sys]] +version = "0.59.0" +when = "2024-07-30" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows-targets]] version = "0.42.2" when = "2023-03-13" @@ -209,7 +216,7 @@ who = "Nick Fitzgerald " criteria = "safe-to-deploy" user-id = 696 # Nick Fitzgerald (fitzgen) start = "2019-03-16" -end = "2024-03-10" +end = "2025-07-30" [[audits.bytecode-alliance.audits.addr2line]] who = "Alex Crichton " @@ -251,17 +258,6 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.73" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.83 -> 1.1.6" - [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -473,6 +469,18 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.8" +[[audits.bytecode-alliance.audits.xattr]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "This crate contains `unsafe` calls to libc `extattr_*` functions as one would expect from the crate's purpose." + +[[audits.bytecode-alliance.audits.xattr]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.3.1" +notes = "Minor changes to MacOS-specific code." + [[audits.embark-studios.audits.thiserror]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -541,6 +549,22 @@ and nothing changed from the baseline audit of 1.1.0. Skimmed through the ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.3.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +The crate exposes a function marked as `unsafe`, but doesn't use any +`unsafe` blocks (except for tests of the single `unsafe` function). I +think this justifies marking this crate as `ub-risk-1`. + +Additional review comments can be found at https://crrev.com/c/4723145/31 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.bitflags]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -574,29 +598,13 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p [[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -version = "1.14.3" -notes = "Additional review notes may be found in https://crrev.com/c/5362675." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "Adrian Taylor " -criteria = "safe-to-deploy" -delta = "1.14.3 -> 1.15.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "danakj " -criteria = "safe-to-deploy" -delta = "1.15.0 -> 1.16.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.16.1" +version = "1.16.3" notes = """ -The delta only adds `f16` and `f128` support (with some other minor changes) -and has no impact on the audit criteria. +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" @@ -612,6 +620,18 @@ criteria = "safe-to-run" version = "0.4.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.crc32fast]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.crossbeam-deque]] who = "George Burgess IV " criteria = "safe-to-run" @@ -646,6 +666,41 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.30" +notes = ''' +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. Ability to track partial +audits is tracked in https://github.com/mozilla/cargo-vet/issues/380 +Chromium does use the `any_zlib` feature(s). Accidentally depending on +this feature in the future is prevented using the `ban_features` feature +of `gnrt` - see: +https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml + +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`: + +* The code under `src/ffi/...` will not be used because the `mod c` + declaration in `src/ffi/mod.rs` depends on the `any_zlib` config +* 7 uses of `unsafe` in `src/mem.rs` also all depend on the + `any_zlib` config: + - 2 in `fn set_dictionary` (under `impl Compress`) + - 2 in `fn set_level` (under `impl Compress`) + - 3 in `fn set_dictionary` (under `impl Decompress`) + +All hits of `'\bfs\b'` are in comments, or example code, or test code +(but not in product code). + +There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.futures]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -730,6 +785,22 @@ criteria = "safe-to-run" version = "0.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.miniz_oxide]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.7.4" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` +and there were no hits, except for some mentions of "unsafe" in the `README.md` +and in a comment in `src/deflate/core.rs`. The comment discusses whether a +function should be treated as unsafe, but there is no actual `unsafe` code, so +the crate meets the `ub-risk-0` criteria. + +Note that some additional, internal notes about an older version of this crate +can be found at go/image-crate-chromium-security-review. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nix]] who = "David Koloski " criteria = "safe-to-run" @@ -932,6 +1003,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -964,6 +1042,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_json]] who = "danakj@chromium.org" criteria = "safe-to-run" @@ -987,17 +1072,17 @@ criteria = "safe-to-run" delta = "1.0.117 -> 1.0.120" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "George Burgess IV " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -version = "1.1.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.120 -> 1.0.122" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "Daniel Verkamp " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -delta = "1.1.0 -> 1.3.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.122 -> 1.0.124" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.stable_deref_trait]] who = "George Burgess IV " @@ -1349,18 +1434,6 @@ criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.cc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.73 -> 1.0.78" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.cc]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.78 -> 1.0.83" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.cpufeatures]] who = "Gabriele Svelto " criteria = "safe-to-deploy" @@ -1368,13 +1441,6 @@ delta = "0.2.7 -> 0.2.8" notes = "This release contains a single fix for an issue that affected Firefox" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.crc32fast]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 1.4.2" -notes = "Minor, safe changes." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1449,13 +1515,6 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.flate2]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.30" -notes = "Some new unsafe code, however it has been verified and there are unit tests as well." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.fluent-langneg]] who = "Zibi Braniecki " criteria = "safe-to-deploy" @@ -1625,12 +1684,6 @@ criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.ppv-lite86]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.17" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1676,6 +1729,12 @@ criteria = "safe-to-deploy" delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tempfile]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "3.9.0 -> 3.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.time]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2169,6 +2228,12 @@ delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.libredox]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.0.1 -> 0.1.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.memchr]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2445,12 +2510,6 @@ delta = "1.0.107 -> 1.0.109" notes = "Fixes string literal parsing to only skip specified whitespace characters." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tempfile]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "3.9.0 -> 3.10.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2598,6 +2657,12 @@ delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.88 -> 0.2.89" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-backend]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -2647,6 +2712,12 @@ criteria = "safe-to-deploy" delta = "0.2.89 -> 0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.65 -> 0.3.66" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.web-sys]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy"