zcash_primitivies: Update zcash-specific dependencies.
* sapling-crypto 0.2 * orchard 0.9 * incrementalmerketree 0.6 * shardtree 0.4
This commit is contained in:
parent
05887be962
commit
12752cbcd6
|
@ -634,9 +634,9 @@ checksum = "64fa3c856b712db6612c019f14756e64e4bcea13337a6b33b696333a9eaa2d06"
|
|||
|
||||
[[package]]
|
||||
name = "bytemuck"
|
||||
version = "1.16.1"
|
||||
version = "1.16.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e"
|
||||
checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83"
|
||||
|
||||
[[package]]
|
||||
name = "byteorder"
|
||||
|
@ -2103,8 +2103,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
|
|||
|
||||
[[package]]
|
||||
name = "incrementalmerkletree"
|
||||
version = "0.5.1"
|
||||
source = "git+https://github.com/zcash/incrementalmerkletree?rev=337f59179eda51261e9ddfc6b18e8fb84ea277c9#337f59179eda51261e9ddfc6b18e8fb84ea277c9"
|
||||
version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "75346da3bd8e3d8891d02508245ed2df34447ca6637e343829f8d08986e9cde2"
|
||||
dependencies = [
|
||||
"either",
|
||||
"proptest",
|
||||
|
@ -2624,9 +2625,9 @@ checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
|
|||
|
||||
[[package]]
|
||||
name = "orchard"
|
||||
version = "0.8.0"
|
||||
version = "0.9.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0462569fc8b0d1b158e4d640571867a4e4319225ebee2ab6647e60c70af19ae3"
|
||||
checksum = "4dc7bde644aeb980be296cd908c6650894dc8541deb56f9f5294c52ed7ca568f"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"bitvec",
|
||||
|
@ -2648,6 +2649,7 @@ dependencies = [
|
|||
"serde",
|
||||
"subtle",
|
||||
"tracing",
|
||||
"visibility",
|
||||
"zcash_note_encryption",
|
||||
"zcash_spec",
|
||||
"zip32",
|
||||
|
@ -3641,9 +3643,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "sapling-crypto"
|
||||
version = "0.1.3"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "02f4270033afcb0c74c5c7d59c73cfd1040367f67f224fe7ed9a919ae618f1b7"
|
||||
checksum = "15e379398fffad84e49f9a45a05635fc004f66086e65942dbf4eb95332c26d2a"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"bellman",
|
||||
|
@ -3903,8 +3905,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "shardtree"
|
||||
version = "0.3.1"
|
||||
source = "git+https://github.com/zcash/incrementalmerkletree?rev=337f59179eda51261e9ddfc6b18e8fb84ea277c9#337f59179eda51261e9ddfc6b18e8fb84ea277c9"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "78222845cd8bbe5eb95687407648ff17693a35de5e8abaa39a4681fb21e033f9"
|
||||
dependencies = [
|
||||
"assert_matches",
|
||||
"bitflags 2.6.0",
|
||||
|
@ -5342,6 +5345,17 @@ version = "0.9.4"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
|
||||
|
||||
[[package]]
|
||||
name = "visibility"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d674d135b4a8c1d7e813e2f8d1c9a58308aee4a680323066025e53132218bd91"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 2.0.63",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "void"
|
||||
version = "1.0.2"
|
||||
|
|
12
Cargo.toml
12
Cargo.toml
|
@ -47,8 +47,8 @@ zcash_proofs = { version = "0.15", path = "zcash_proofs", default-features = fal
|
|||
bellman = { version = "0.14", default-features = false, features = ["groth16"] }
|
||||
ff = "0.13"
|
||||
group = "0.13"
|
||||
incrementalmerkletree = "0.5.1"
|
||||
shardtree = "0.3.1"
|
||||
incrementalmerkletree = "0.6"
|
||||
shardtree = "0.4"
|
||||
zcash_spec = "0.1"
|
||||
|
||||
# Payment protocols
|
||||
|
@ -57,11 +57,11 @@ bitvec = "1"
|
|||
blake2s_simd = "1"
|
||||
bls12_381 = "0.8"
|
||||
jubjub = "0.10"
|
||||
sapling = { package = "sapling-crypto", version = "0.1.3", default-features = false }
|
||||
sapling = { package = "sapling-crypto", version = "0.2", default-features = false }
|
||||
|
||||
# - Orchard
|
||||
nonempty = "0.7"
|
||||
orchard = { version = "0.8.0", default-features = false }
|
||||
orchard = { version = "0.9", default-features = false }
|
||||
pasta_curves = "0.5"
|
||||
|
||||
# - Transparent
|
||||
|
@ -155,7 +155,3 @@ zip32 = "0.1.1"
|
|||
lto = true
|
||||
panic = 'abort'
|
||||
codegen-units = 1
|
||||
|
||||
[patch.crates-io]
|
||||
incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "337f59179eda51261e9ddfc6b18e8fb84ea277c9" }
|
||||
shardtree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "337f59179eda51261e9ddfc6b18e8fb84ea277c9" }
|
||||
|
|
|
@ -524,6 +524,16 @@ who = "Jack Grigg <jack@electriccoin.co>"
|
|||
criteria = "safe-to-run"
|
||||
delta = "0.2.1 -> 0.2.2"
|
||||
|
||||
[[audits.visibility]]
|
||||
who = "Kris Nuttycombe <kris@nutty.land>"
|
||||
criteria = ["safe-to-deploy", "license-reviewed"]
|
||||
version = "0.1.1"
|
||||
notes = """
|
||||
- Crate has no unsafe code, and sets `#![forbid(unsafe_code)]`.
|
||||
- Crate has no powerful imports, and exclusively provides a proc macro
|
||||
that safely malleates a visibility modifier.
|
||||
"""
|
||||
|
||||
[[audits.walkdir]]
|
||||
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -572,13 +582,13 @@ delta = "1.6.0 -> 1.7.0"
|
|||
|
||||
[[trusted.equihash]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2020-06-26"
|
||||
end = "2025-04-22"
|
||||
|
||||
[[trusted.f4jumble]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-09-22"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -602,7 +612,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.incrementalmerkletree]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-12-17"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -620,7 +630,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.orchard]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-01-07"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -630,12 +640,36 @@ user-id = 1244 # ebfull
|
|||
start = "2022-10-19"
|
||||
end = "2025-04-22"
|
||||
|
||||
[[trusted.orchard]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 169181 # Kris Nuttycombe (nuttycom)
|
||||
start = "2024-08-12"
|
||||
end = "2025-08-12"
|
||||
|
||||
[[trusted.orchard]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 169181 # Kris Nuttycombe (nuttycom)
|
||||
start = "2024-08-12"
|
||||
end = "2025-08-12"
|
||||
|
||||
[[trusted.sapling-crypto]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2024-01-26"
|
||||
end = "2025-04-22"
|
||||
|
||||
[[trusted.sapling-crypto]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 169181 # Kris Nuttycombe (nuttycom)
|
||||
start = "2024-08-12"
|
||||
end = "2025-08-12"
|
||||
|
||||
[[trusted.sapling-crypto]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 169181 # Kris Nuttycombe (nuttycom)
|
||||
start = "2024-08-12"
|
||||
end = "2025-08-12"
|
||||
|
||||
[[trusted.shardtree]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 169181 # Kris Nuttycombe (nuttycom)
|
||||
|
@ -704,7 +738,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2024-07-15"
|
||||
end = "2025-07-19"
|
||||
|
||||
|
@ -716,7 +750,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_address]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-03-07"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -740,7 +774,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_extensions]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2020-04-24"
|
||||
end = "2025-04-23"
|
||||
|
||||
|
@ -752,7 +786,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_history]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2024-03-01"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -770,7 +804,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_primitives]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-03-26"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -782,7 +816,7 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_proofs]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2021-03-26"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
@ -794,13 +828,13 @@ end = "2025-04-22"
|
|||
|
||||
[[trusted.zcash_spec]]
|
||||
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2023-12-07"
|
||||
end = "2025-04-22"
|
||||
|
||||
[[trusted.zip32]]
|
||||
criteria = "safe-to-deploy"
|
||||
user-id = 6289 # str4d
|
||||
user-id = 6289 # Jack Grigg (str4d)
|
||||
start = "2023-12-06"
|
||||
end = "2025-04-22"
|
||||
|
||||
|
|
|
@ -175,10 +175,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.base64]]
|
||||
version = "0.22.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.base64ct]]
|
||||
version = "1.6.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -195,10 +191,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.11.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.bitflags]]
|
||||
version = "1.3.2"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.bitvec]]
|
||||
version = "1.0.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -295,10 +287,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.2.11"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.crc32fast]]
|
||||
version = "1.4.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.criterion]]
|
||||
version = "0.4.0"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -483,10 +471,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.4.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.flate2]]
|
||||
version = "1.0.30"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.fluid-let]]
|
||||
version = "1.0.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
# cargo-vet imports lock
|
||||
|
||||
[[publisher.bumpalo]]
|
||||
version = "3.15.4"
|
||||
when = "2024-03-07"
|
||||
version = "3.16.0"
|
||||
when = "2024-04-08"
|
||||
user-id = 696
|
||||
user-login = "fitzgen"
|
||||
user-name = "Nick Fitzgerald"
|
||||
|
@ -20,12 +20,14 @@ version = "0.2.0"
|
|||
when = "2022-06-24"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.f4jumble]]
|
||||
version = "0.1.0"
|
||||
when = "2022-05-10"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.halo2_gadgets]]
|
||||
version = "0.3.0"
|
||||
|
@ -47,27 +49,29 @@ user-id = 1244
|
|||
user-login = "ebfull"
|
||||
|
||||
[[publisher.incrementalmerkletree]]
|
||||
version = "0.5.1"
|
||||
when = "2024-03-25"
|
||||
version = "0.6.0"
|
||||
when = "2024-08-12"
|
||||
user-id = 169181
|
||||
user-login = "nuttycom"
|
||||
user-name = "Kris Nuttycombe"
|
||||
|
||||
[[publisher.orchard]]
|
||||
version = "0.8.0"
|
||||
when = "2024-03-25"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
version = "0.9.0"
|
||||
when = "2024-08-12"
|
||||
user-id = 169181
|
||||
user-login = "nuttycom"
|
||||
user-name = "Kris Nuttycombe"
|
||||
|
||||
[[publisher.sapling-crypto]]
|
||||
version = "0.1.3"
|
||||
when = "2024-03-25"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
version = "0.2.0"
|
||||
when = "2024-08-12"
|
||||
user-id = 169181
|
||||
user-login = "nuttycom"
|
||||
user-name = "Kris Nuttycombe"
|
||||
|
||||
[[publisher.shardtree]]
|
||||
version = "0.3.1"
|
||||
when = "2024-04-03"
|
||||
version = "0.4.0"
|
||||
when = "2024-08-12"
|
||||
user-id = 169181
|
||||
user-login = "nuttycom"
|
||||
user-name = "Kris Nuttycombe"
|
||||
|
@ -217,12 +221,14 @@ version = "0.1.0"
|
|||
when = "2024-07-15"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_address]]
|
||||
version = "0.3.2"
|
||||
when = "2024-03-06"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_client_backend]]
|
||||
version = "0.12.1"
|
||||
|
@ -249,12 +255,14 @@ version = "0.1.0"
|
|||
when = "2024-07-15"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_history]]
|
||||
version = "0.4.0"
|
||||
when = "2024-03-01"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_keys]]
|
||||
version = "0.2.0"
|
||||
|
@ -275,12 +283,14 @@ version = "0.15.1"
|
|||
when = "2024-05-24"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_proofs]]
|
||||
version = "0.15.0"
|
||||
when = "2024-03-25"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zcash_protocol]]
|
||||
version = "0.1.1"
|
||||
|
@ -294,12 +304,14 @@ version = "0.1.0"
|
|||
when = "2023-12-07"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zip32]]
|
||||
version = "0.1.1"
|
||||
when = "2024-03-14"
|
||||
user-id = 6289
|
||||
user-login = "str4d"
|
||||
user-name = "Jack Grigg"
|
||||
|
||||
[[publisher.zip321]]
|
||||
version = "0.0.0"
|
||||
|
@ -313,7 +325,7 @@ who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|||
criteria = "safe-to-deploy"
|
||||
user-id = 696 # Nick Fitzgerald (fitzgen)
|
||||
start = "2019-03-16"
|
||||
end = "2024-03-10"
|
||||
end = "2025-07-30"
|
||||
|
||||
[[audits.bytecode-alliance.audits.adler]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
|
@ -347,6 +359,11 @@ criteria = "safe-to-deploy"
|
|||
version = "0.21.0"
|
||||
notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
|
||||
|
||||
[[audits.bytecode-alliance.audits.base64]]
|
||||
who = "Andrew Brown <andrew.brown@intel.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.21.3 -> 0.22.1"
|
||||
|
||||
[[audits.bytecode-alliance.audits.block-buffer]]
|
||||
who = "Benjamin Bouvier <public@benj.me>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -842,6 +859,22 @@ and nothing changed from the baseline audit of 1.1.0. Skimmed through the
|
|||
'''
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.bitflags]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.3.2"
|
||||
notes = """
|
||||
Security review of earlier versions of the crate can be found at
|
||||
(Google-internal, sorry): go/image-crate-chromium-security-review
|
||||
|
||||
The crate exposes a function marked as `unsafe`, but doesn't use any
|
||||
`unsafe` blocks (except for tests of the single `unsafe` function). I
|
||||
think this justifies marking this crate as `ub-risk-1`.
|
||||
|
||||
Additional review comments can be found at https://crrev.com/c/4723145/31
|
||||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.bitflags]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -875,23 +908,13 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p
|
|||
[[audits.google.audits.bytemuck]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.14.3"
|
||||
notes = "Additional review notes may be found in https://crrev.com/c/5362675."
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.bytemuck]]
|
||||
who = "Adrian Taylor <adetaylor@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.14.3 -> 1.15.0"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.bytemuck]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.16.0 -> 1.16.1"
|
||||
version = "1.16.3"
|
||||
notes = """
|
||||
The delta only adds `f16` and `f128` support (with some other minor changes)
|
||||
and has no impact on the audit criteria.
|
||||
Review notes from the original audit (of 1.14.3) may be found in
|
||||
https://crrev.com/c/5362675. Note that this audit has initially missed UB risk
|
||||
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
|
||||
Because of this, the original audit has been edited to certify version `1.16.3`
|
||||
instead (see also https://crrev.com/c/5771867).
|
||||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
|
@ -964,6 +987,18 @@ criteria = "safe-to-run"
|
|||
version = "0.4.3"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.crc32fast]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.4.2"
|
||||
notes = """
|
||||
Security review of earlier versions of the crate can be found at
|
||||
(Google-internal, sorry): go/image-crate-chromium-security-review
|
||||
|
||||
Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145.
|
||||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.equivalent]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -980,6 +1015,41 @@ that the RNG here is not cryptographically secure.
|
|||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.flate2]]
|
||||
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.30"
|
||||
notes = '''
|
||||
WARNING: This certification is a result of a **partial** audit. The
|
||||
`any_zlib` code has **not** been audited. Ability to track partial
|
||||
audits is tracked in https://github.com/mozilla/cargo-vet/issues/380
|
||||
Chromium does use the `any_zlib` feature(s). Accidentally depending on
|
||||
this feature in the future is prevented using the `ban_features` feature
|
||||
of `gnrt` - see:
|
||||
https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml
|
||||
|
||||
Security review of earlier versions of the crate can be found at
|
||||
(Google-internal, sorry): go/image-crate-chromium-security-review
|
||||
|
||||
I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
|
||||
|
||||
All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`:
|
||||
|
||||
* The code under `src/ffi/...` will not be used because the `mod c`
|
||||
declaration in `src/ffi/mod.rs` depends on the `any_zlib` config
|
||||
* 7 uses of `unsafe` in `src/mem.rs` also all depend on the
|
||||
`any_zlib` config:
|
||||
- 2 in `fn set_dictionary` (under `impl Compress`)
|
||||
- 2 in `fn set_level` (under `impl Compress`)
|
||||
- 3 in `fn set_dictionary` (under `impl Decompress`)
|
||||
|
||||
All hits of `'\bfs\b'` are in comments, or example code, or test code
|
||||
(but not in product code).
|
||||
|
||||
There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`.
|
||||
'''
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.futures]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -2500,12 +2570,6 @@ criteria = "safe-to-deploy"
|
|||
delta = "0.5.0 -> 0.5.1"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.bumpalo]]
|
||||
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "3.15.4 -> 3.16.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.bytes]]
|
||||
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -25,7 +25,8 @@ and this library adheres to Rust's notion of
|
|||
|
||||
### Changed
|
||||
- MSRV is now 1.70.0.
|
||||
- Bumped dependencies to `secp256k1 0.27`.
|
||||
- Bumped dependencies to `secp256k1 0.27`, `incrementalmerkletree 0.6`,
|
||||
`orchard 0.9`, `sapling-crypto 0.2`.
|
||||
- `zcash_primitives::legacy::keys`:
|
||||
- `AccountPrivKey::{from_bytes, to_bytes}` now use the byte encoding from the
|
||||
inside of a `xprv` Base58 string encoding from BIP 32, excluding the prefix
|
||||
|
|
Loading…
Reference in New Issue