From f64f110f3e1bf080fdad8f3334957cf77fc38aab Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 14:07:34 +0000 Subject: [PATCH] cargo update --- Cargo.lock | 164 ++++++++++++++++++++++---------------- supply-chain/config.toml | 54 ++++++++----- supply-chain/imports.lock | 117 +++++++++++++-------------- 3 files changed, 186 insertions(+), 149 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a984dd0..9ab62a5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -352,9 +352,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.16.1" +version = "1.16.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" +checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83" [[package]] name = "byteorder" @@ -400,12 +400,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -531,7 +532,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -659,10 +660,11 @@ dependencies = [ [[package]] name = "criterion-cycles-per-byte" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5281161544b8f2397e14942c2045efa3446470348121a65c37263f8e76c1e2ff" +checksum = "1029452fa751c93f8834962dd74807d69f0a6c7624d5b06625b393aeb6a14fc2" dependencies = [ + "cfg-if", "criterion", ] @@ -760,7 +762,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -815,14 +817,14 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "either" @@ -879,14 +881,14 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" -version = "0.2.23" +version = "0.2.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" +checksum = "bf401df4a4e3872c4fe8151134cf483738e74b67fc934d6532c882b3d24a4550" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.4.1", - "windows-sys 0.52.0", + "libredox", + "windows-sys 0.59.0", ] [[package]] @@ -1053,7 +1055,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1173,6 +1175,12 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +[[package]] +name = "hermit-abi" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" + [[package]] name = "hex" version = "0.4.3" @@ -1275,7 +1283,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.72", + "syn 2.0.75", "unic-langid", ] @@ -1289,7 +1297,7 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1317,9 +1325,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.6" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c" dependencies = [ "equivalent", "hashbrown", @@ -1380,11 +1388,11 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ - "hermit-abi", + "hermit-abi 0.4.0", "libc", "windows-sys 0.52.0", ] @@ -1433,9 +1441,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libm" @@ -1443,6 +1451,17 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +[[package]] +name = "libredox" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +dependencies = [ + "bitflags 2.6.0", + "libc", + "redox_syscall", +] + [[package]] name = "linux-raw-sys" version = "0.4.14" @@ -1618,7 +1637,7 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", ] @@ -1653,9 +1672,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.2" +version = "0.36.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" +checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" dependencies = [ "memchr", ] @@ -1680,12 +1699,12 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "os_pipe" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29d73ba8daf8fac13b0501d1abeddcfe21ba7401ada61a819144b6c2a4f32209" +checksum = "5ffd2b0a5634335b135d5728d84c5e0fd726954b87111f7506a61c502280d982" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -1716,7 +1735,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.3", + "redox_syscall", "smallvec", "windows-targets 0.52.6", ] @@ -1777,7 +1796,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1908,9 +1927,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy 0.7.35", +] [[package]] name = "proc-macro-error" @@ -2076,15 +2098,6 @@ dependencies = [ "crossbeam-utils", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "redox_syscall" version = "0.5.3" @@ -2125,9 +2138,9 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.45" +version = "0.8.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ade4539f42266ded9e755c605bdddf546242b2c961b03b06a7375260788a0523" +checksum = "0f86ae463694029097b846d8f99fd5536740602ae00022c0c50c5600720b2f71" dependencies = [ "bytemuck", ] @@ -2199,7 +2212,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.72", + "syn 2.0.75", "walkdir", ] @@ -2332,31 +2345,32 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "serde_json" -version = "1.0.120" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -2535,9 +2549,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" dependencies = [ "proc-macro2", "quote", @@ -2594,7 +2608,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2605,7 +2619,7 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "test-case-core", ] @@ -2626,7 +2640,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2693,7 +2707,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2875,7 +2889,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-shared", ] @@ -2897,7 +2911,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2948,11 +2962,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.48.0", ] [[package]] @@ -2997,6 +3011,15 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -3229,6 +3252,7 @@ version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ + "byteorder", "zerocopy-derive 0.7.35", ] @@ -3240,7 +3264,7 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3251,7 +3275,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3271,7 +3295,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3315,9 +3339,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" +checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa" dependencies = [ "cc", "pkg-config", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index e514e9b..4397ebc 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -133,6 +133,10 @@ criteria = "safe-to-deploy" version = "0.1.2" criteria = "safe-to-deploy" +[[exemptions.cc]] +version = "1.1.14" +criteria = "safe-to-deploy" + [[exemptions.chacha20]] version = "0.9.1" criteria = "safe-to-deploy" @@ -218,7 +222,7 @@ version = "0.3.6" criteria = "safe-to-run" [[exemptions.criterion-cycles-per-byte]] -version = "0.6.0" +version = "0.6.1" criteria = "safe-to-run" [[exemptions.criterion-plot]] @@ -262,7 +266,7 @@ version = "0.2.5" criteria = "safe-to-deploy" [[exemptions.dunce]] -version = "1.0.4" +version = "1.0.5" criteria = "safe-to-run" [[exemptions.encode_unicode]] @@ -274,7 +278,7 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.filetime]] -version = "0.2.23" +version = "0.2.24" criteria = "safe-to-deploy" [[exemptions.find-crate]] @@ -345,6 +349,10 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" +[[exemptions.hermit-abi]] +version = "0.4.0" +criteria = "safe-to-deploy" + [[exemptions.hkdf]] version = "0.12.4" criteria = "safe-to-deploy" @@ -382,7 +390,7 @@ version = "0.1.60" criteria = "safe-to-deploy" [[exemptions.indexmap]] -version = "2.2.6" +version = "2.4.0" criteria = "safe-to-deploy" [[exemptions.inferno]] @@ -398,7 +406,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.is-terminal]] -version = "0.4.12" +version = "0.4.13" criteria = "safe-to-deploy" [[exemptions.jobserver]] @@ -410,13 +418,17 @@ version = "0.3.60" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.155" +version = "0.2.158" criteria = "safe-to-deploy" [[exemptions.libm]] version = "0.2.2" criteria = "safe-to-deploy" +[[exemptions.libredox]] +version = "0.0.1" +criteria = "safe-to-deploy" + [[exemptions.linux-raw-sys]] version = "0.4.14" criteria = "safe-to-deploy" @@ -470,7 +482,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.36.2" +version = "0.36.3" criteria = "safe-to-run" [[exemptions.once_cell]] @@ -478,7 +490,7 @@ version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.os_pipe]] -version = "1.2.0" +version = "1.2.1" criteria = "safe-to-run" [[exemptions.page_size]] @@ -550,7 +562,7 @@ version = "0.13.0" criteria = "safe-to-run" [[exemptions.ppv-lite86]] -version = "0.2.16" +version = "0.2.20" criteria = "safe-to-deploy" [[exemptions.proc-macro-error]] @@ -573,10 +585,6 @@ criteria = "safe-to-run" version = "0.8.5" criteria = "safe-to-deploy" -[[exemptions.redox_syscall]] -version = "0.4.1" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.5.3" criteria = "safe-to-deploy" @@ -594,7 +602,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.45" +version = "0.8.48" criteria = "safe-to-run" [[exemptions.roff]] @@ -677,6 +685,10 @@ criteria = "safe-to-deploy" version = "0.10.8" criteria = "safe-to-deploy" +[[exemptions.shlex]] +version = "1.3.0" +criteria = "safe-to-deploy" + [[exemptions.similar]] version = "2.6.0" criteria = "safe-to-run" @@ -722,7 +734,7 @@ version = "1.0.102" criteria = "safe-to-deploy" [[exemptions.syn]] -version = "2.0.72" +version = "2.0.75" criteria = "safe-to-deploy" [[exemptions.tar]] @@ -818,7 +830,7 @@ version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] -version = "0.2.89" +version = "0.2.88" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro]] @@ -826,7 +838,7 @@ version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.web-sys]] -version = "0.3.66" +version = "0.3.65" criteria = "safe-to-deploy" [[exemptions.which]] @@ -842,7 +854,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.8" +version = "0.1.9" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -875,7 +887,7 @@ criteria = "safe-to-deploy" [[exemptions.zerocopy]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.6.6" @@ -883,7 +895,7 @@ criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zeroize]] version = "1.8.1" @@ -906,5 +918,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index ab1cc89..294cef0 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -36,6 +36,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-sys]] +version = "0.59.0" +when = "2024-07-30" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows-targets]] version = "0.42.2" when = "2023-03-13" @@ -251,17 +258,6 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.73" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.83 -> 1.1.6" - [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -599,25 +595,16 @@ delta = "2.5.0 -> 2.6.0" notes = "The changes from the previous version are negligible and thus it retains the same properties." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bytemuck]] -who = "Adrian Taylor " -criteria = "safe-to-deploy" -delta = "1.14.3 -> 1.15.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "danakj " -criteria = "safe-to-deploy" -delta = "1.15.0 -> 1.16.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.16.1" +version = "1.16.3" notes = """ -The delta only adds `f16` and `f128` support (with some other minor changes) -and has no impact on the audit criteria. +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" @@ -1016,6 +1003,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1048,6 +1042,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_json]] who = "danakj@chromium.org" criteria = "safe-to-run" @@ -1071,17 +1072,17 @@ criteria = "safe-to-run" delta = "1.0.117 -> 1.0.120" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "George Burgess IV " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -version = "1.1.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.120 -> 1.0.122" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "Daniel Verkamp " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -delta = "1.1.0 -> 1.3.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.122 -> 1.0.124" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.stable_deref_trait]] who = "George Burgess IV " @@ -1433,18 +1434,6 @@ criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.cc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.73 -> 1.0.78" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.cc]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.78 -> 1.0.83" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.cpufeatures]] who = "Gabriele Svelto " criteria = "safe-to-deploy" @@ -1695,12 +1684,6 @@ criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.ppv-lite86]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.17" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1746,6 +1729,12 @@ criteria = "safe-to-deploy" delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tempfile]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "3.9.0 -> 3.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.time]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2239,6 +2228,12 @@ delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.libredox]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.0.1 -> 0.1.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.memchr]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2515,12 +2510,6 @@ delta = "1.0.107 -> 1.0.109" notes = "Fixes string literal parsing to only skip specified whitespace characters." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tempfile]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "3.9.0 -> 3.10.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2668,6 +2657,12 @@ delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.88 -> 0.2.89" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-backend]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -2717,6 +2712,12 @@ criteria = "safe-to-deploy" delta = "0.2.89 -> 0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.65 -> 0.3.66" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.web-sys]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy"