mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-04 11:27:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

cargo update

Browse source
This commit is contained in:
Jack Grigg 2023-12-17 16:28:29 +00:00
parent 488212d707
commit 69f755731a
3 changed files with 860 additions and 479 deletions
Download patch file Download diff file Expand all files Collapse all files

60
supply-chain/config.toml
View file

@ -70,14 +70,6 @@ criteria = "safe-to-run"
version = "1.6.0"
criteria = "safe-to-deploy"
[[exemptions.arrayvec]]
version = "0.7.4"
criteria = "safe-to-run"
[[exemptions.backtrace]]
version = "0.3.68"
criteria = "safe-to-run"
[[exemptions.base64ct]]
version = "1.6.0"
criteria = "safe-to-deploy"
@ -126,10 +118,6 @@ criteria = "safe-to-run"
version = "0.1.2"
criteria = "safe-to-deploy"
[[exemptions.cc]]
version = "1.0.81"
criteria = "safe-to-deploy"
[[exemptions.chacha20]]
version = "0.9.1"
criteria = "safe-to-deploy"
@ -238,10 +226,6 @@ criteria = "safe-to-deploy"
version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.either]]
version = "1.9.0"
criteria = "safe-to-deploy"
[[exemptions.encode_unicode]]
version = "0.3.6"
criteria = "safe-to-deploy"
@ -258,10 +242,6 @@ criteria = "safe-to-deploy"
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.fastrand]]
version = "2.0.0"
criteria = "safe-to-deploy"
[[exemptions.filetime]]
version = "0.2.22"
criteria = "safe-to-deploy"
@ -446,10 +426,6 @@ criteria = "safe-to-deploy"
version = "0.4.4"
criteria = "safe-to-run"
[[exemptions.num-traits]]
version = "0.2.16"
criteria = "safe-to-deploy"
[[exemptions.num_cpus]]
version = "1.16.0"
criteria = "safe-to-deploy"
@ -498,10 +474,6 @@ criteria = "safe-to-deploy"
version = "0.12.2"
criteria = "safe-to-deploy"
[[exemptions.percent-encoding]]
version = "2.3.0"
criteria = "safe-to-deploy"
[[exemptions.pin-project]]
version = "1.1.2"
criteria = "safe-to-deploy"
@ -510,10 +482,6 @@ criteria = "safe-to-deploy"
version = "1.1.2"
criteria = "safe-to-deploy"
[[exemptions.pin-project-lite]]
version = "0.2.10"
criteria = "safe-to-deploy"
[[exemptions.pinentry]]
version = "0.5.0"
criteria = "safe-to-deploy"
@ -570,10 +538,6 @@ criteria = "safe-to-run"
version = "1.0.3"
criteria = "safe-to-run"
[[exemptions.quote]]
version = "1.0.32"
criteria = "safe-to-deploy"
[[exemptions.rand]]
version = "0.7.3"
criteria = "safe-to-deploy"
@ -586,10 +550,6 @@ criteria = "safe-to-deploy"
version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.rand_chacha]]
version = "0.3.1"
criteria = "safe-to-deploy"
[[exemptions.rand_core]]
version = "0.5.1"
criteria = "safe-to-deploy"
@ -706,10 +666,6 @@ criteria = "safe-to-deploy"
version = "0.7.2"
criteria = "safe-to-deploy"
[[exemptions.static_assertions]]
version = "1.1.0"
criteria = "safe-to-deploy"
[[exemptions.str_stack]]
version = "0.1.0"
criteria = "safe-to-run"
@ -774,10 +730,6 @@ criteria = "safe-to-deploy"
version = "0.1.44"
criteria = "safe-to-deploy"
[[exemptions.time]]
version = "0.3.23"
criteria = "safe-to-deploy"
[[exemptions.tinytemplate]]
version = "1.2.1"
criteria = "safe-to-run"
@ -802,10 +754,6 @@ criteria = "safe-to-deploy"
version = "1.15.0"
criteria = "safe-to-deploy"
[[exemptions.unicode-ident]]
version = "1.0.11"
criteria = "safe-to-deploy"
[[exemptions.users]]
version = "0.11.0"
criteria = "safe-to-deploy"
@ -818,10 +766,6 @@ criteria = "safe-to-deploy"
version = "0.9.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
[[exemptions.wasi]]
version = "0.10.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
[[exemptions.wasi]]
version = "0.11.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
@ -866,10 +810,6 @@ criteria = "safe-to-deploy"
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.windows]]
version = "0.48.0"
criteria = "safe-to-deploy"
[[exemptions.winnow]]
version = "0.5.4"
criteria = "safe-to-deploy"

455
supply-chain/imports.lock
View file

@ -2,8 +2,8 @@
# cargo-vet imports lock
[[publisher.bumpalo]]
version = "3.13.0"
when = "2023-05-22"
version = "3.14.0"
when = "2023-09-14"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
@ -29,6 +29,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-sys]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.42.2"
when = "2023-03-13"
@ -37,8 +44,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.48.1"
when = "2023-06-28"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -51,8 +65,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_gnullvm]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_gnullvm]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -65,8 +86,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_msvc]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_msvc]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -79,8 +107,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_gnu]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_gnu]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -93,8 +128,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_msvc]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_msvc]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -107,8 +149,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnu]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnu]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -121,8 +170,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnullvm]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnullvm]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -135,8 +191,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_msvc]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_msvc]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -154,6 +217,12 @@ criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.0"
notes = "This version brings support for split-dwarf which while it uses the filesystem is always done at the behest of the caller, so everything is as expected for this update."
[[audits.bytecode-alliance.audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.20.0 -> 0.21.0"
notes = "This version bump updated some dependencies and optimized some internals. All looks good."
[[audits.bytecode-alliance.audits.adler]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -196,6 +265,12 @@ who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.2"
[[audits.bytecode-alliance.audits.cc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.73"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.cfg-if]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -227,11 +302,14 @@ who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.3"
[[audits.bytecode-alliance.audits.errno-dragonfly]]
who = "Jamey Sharp <jsharp@fastly.com>"
[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
delta = "2.0.0 -> 2.0.1"
notes = """
This update had a few doc updates but no otherwise-substantial source code
updates.
"""
[[audits.bytecode-alliance.audits.futures-channel]]
who = "Pat Hickey <phickey@fastly.com>"
@ -318,6 +396,16 @@ criteria = "safe-to-deploy"
delta = "0.30.3 -> 0.31.1"
notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -337,6 +425,11 @@ This is a routine update for new nightly features and new syntax popping up on
nightly, nothing out of the ordinary.
"""
[[audits.bytecode-alliance.audits.quote]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.23 -> 1.0.27"
[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -349,6 +442,11 @@ criteria = "safe-to-deploy"
version = "0.4.6"
notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
[[audits.bytecode-alliance.audits.unicode-ident]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.8"
[[audits.embark-studios.audits.quickcheck_macros]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
@ -367,6 +465,18 @@ criteria = "safe-to-run"
version = "0.19.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.arrayvec]]
who = "Nicholas Bishop <nicholasbishop@google.com>"
criteria = "safe-to-run"
version = "0.7.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.backtrace]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.3.67"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@ -379,12 +489,6 @@ criteria = "safe-to-run"
version = "0.4.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-channel]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.5.7"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-deque]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@ -415,6 +519,16 @@ criteria = "safe-to-run"
delta = "0.9.3 -> 0.8.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.futures]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -437,6 +551,26 @@ criteria = "safe-to-run"
version = "0.10.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.nix]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-run"
version = "0.26.2"
notes = """
Reviewed on https://fxrev.dev/780283
Issues:
- https://github.com/nix-rust/nix/issues/1975
- https://github.com/nix-rust/nix/issues/1977
- https://github.com/nix-rust/nix/pull/1978
- https://github.com/nix-rust/nix/pull/1979
- https://github.com/nix-rust/nix/issues/1980
- https://github.com/nix-rust/nix/issues/1981
- https://github.com/nix-rust/nix/pull/1983
- https://github.com/nix-rust/nix/issues/1990
- https://github.com/nix-rust/nix/pull/1992
- https://github.com/nix-rust/nix/pull/1993
"""
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.object]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@ -444,6 +578,19 @@ version = "0.30.3"
notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review."
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.object]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.31.1 -> 0.32.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -521,6 +668,16 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"
[[audits.isrg.audits.either]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "1.6.1"
[[audits.isrg.audits.getrandom]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.11"
[[audits.isrg.audits.ghash]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -531,6 +688,16 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.12.1"
[[audits.isrg.audits.num-traits]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.15 -> 0.2.16"
[[audits.isrg.audits.num-traits]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.17"
[[audits.isrg.audits.once_cell]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -551,11 +718,21 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.17.2 -> 1.18.0"
[[audits.isrg.audits.once_cell]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.18.0 -> 1.19.0"
[[audits.isrg.audits.opaque-debug]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.isrg.audits.rand_chacha]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.1"
[[audits.isrg.audits.rand_core]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -566,11 +743,21 @@ who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
[[audits.isrg.audits.rayon]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
[[audits.isrg.audits.rayon-core]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.10.2 -> 1.11.0"
[[audits.isrg.audits.rayon-core]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.11.0 -> 1.12.0"
[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -646,17 +833,35 @@ criteria = "safe-to-deploy"
delta = "2.2.1 -> 2.3.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.3.3 -> 2.4.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.4.0 -> 2.4.1"
notes = "Only allowing new clippy lints"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.block-buffer]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-channel]]
[[audits.mozilla.audits.cc]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.73 -> 1.0.78"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.cc]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.7 -> 0.5.8"
notes = "Reviewed the fix, previous versions indeed had were able to trigger a race condition"
delta = "1.0.78 -> 1.0.83"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crypto-common]]
@ -695,6 +900,24 @@ criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.env_logger]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -707,6 +930,12 @@ criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fluent]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
@ -901,6 +1130,12 @@ it's not exploitable.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.26.2 -> 0.27.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nom]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -921,12 +1156,31 @@ version = "0.1.43"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.num-traits]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.once_cell]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.16.0 -> 1.17.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.2.0 -> 2.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.3.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.ppv-lite86]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -995,6 +1249,48 @@ delta = "1.0.63 -> 1.0.66"
notes = "Removed special support for some really old Rust versions"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.18"
notes = """
`quote` is a utility crate used by proc-macros to generate TokenStreams
conveniently from source code. The bulk of the logic is some complex
interlocking `macro_rules!` macros which are used to parse and build the
`TokenStream` within the proc-macro.
This crate contains no unsafe code, and the internal logic, while difficult to
read, is generally straightforward. I have audited the the quote macros, ident
formatter, and runtime logic.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.27 -> 1.0.28"
notes = "Enabled on wasm targets"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.28 -> 1.0.31"
notes = "Minimal changes and removal of the build.rs"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.rand_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1083,6 +1379,18 @@ criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.time]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.45 -> 0.3.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.time]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.3.17 -> 0.3.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.time-core]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
@ -1144,6 +1452,13 @@ criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.9.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-ident]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.8 -> 1.0.9"
notes = "Dependency updates only"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.uuid]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
@ -1157,6 +1472,24 @@ criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.5.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.backtrace]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.67 -> 0.3.69"
notes = """
Changes to `unsafe` blocks:
- New call to `GetCurrentProcessId` on Windows, to help generate a process-unique name to
use inside an existing `CreateMutexA` call.
- Uses `libc::mmap64` on Linux instead of `libc::mmap`.
- Alters `Stash` to allow caching more than one `Mmap`; the existing `unsafe` safety
condition continues to be applicable.
There are also several more places where DWARF data is mmapped from a filesystem path and
then loaded. These appear to all derive from existing paths that themselves were already
being mmapped and loaded.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.block-buffer]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1178,6 +1511,12 @@ delta = "0.4.3 -> 0.4.4"
notes = "Adds panics to prevent a block size of zero from causing unsoundness."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.either]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.generic-array]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1214,6 +1553,12 @@ criteria = "safe-to-deploy"
delta = "0.4.18 -> 0.4.19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.log]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.4.19 -> 0.4.20"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.nix]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1221,6 +1566,32 @@ delta = "0.26.1 -> 0.26.2"
notes = "Fixes `SockaddrIn6` endianness bug."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.nix]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.26.2 -> 0.26.4"
notes = """
Most of the `unsafe` changes are cleaning up their usage:
- Replacing `data.len() * std::mem::size_of::<$ty>()` with `std::mem::size_of_val(data)`.
- Removing some `mem::transmute`s.
- Using `*mut` instead of `*const` to convey intended semantics.
A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look fine.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.pin-project-lite]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.quote]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.31 -> 1.0.33"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.rustc-demangle]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1281,6 +1652,18 @@ criteria = "safe-to-deploy"
delta = "0.6.2 -> 0.6.3"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.typenum]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.16.0 -> 1.17.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.unicode-ident]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.12"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1308,6 +1691,16 @@ delta = "4.3.0 -> 4.4.0"
notes = "New APIs are remixes of existing code."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.which]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "4.4.0 -> 4.4.2"
notes = """
Crate now has `#![forbid(unsafe_code)]`, replacing its last `unsafe` block with a
dependency on the `rustix` crate.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.zeroize]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"