zec
/
zcash
mirror of https://github.com/zcash/zcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #6864 from daira/more-updates-for-5.9.0 

More dependency updates, postponements, and audits for 5.9.0
This commit is contained in:
Kris Nuttycombe 2024-04-17 16:26:53 -06:00 committed by GitHub
parent db47b3cd05 35f140a4ab
commit 771bc67cd7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 836 additions and 624 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

444
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

4
depends/packages/native_cmake.mk
View File

@ -1,8 +1,8 @@
package=native_cmake
$(package)_version=3.28.3
$(package)_version=3.29.2
$(package)_download_path=https://github.com/Kitware/CMake/releases/download/v$($(package)_version)
$(package)_file_name=cmake-$($(package)_version).tar.gz
$(package)_sha256_hash=72b7570e5c8593de6ac4ab433b73eab18c5fb328880460c86ce32608141ad5c1
$(package)_sha256_hash=36db4b6926aab741ba6e4b2ea2d99c9193222132308b4dc824d4123cb730352e
define $(package)_set_vars
$(package)_config_opts += -DCMAKE_BUILD_TYPE:STRING=Release

4
depends/packages/native_zstd.mk
View File

@ -1,8 +1,8 @@
package=native_zstd
$(package)_version=1.5.5
$(package)_version=1.5.6
$(package)_download_path=https://github.com/facebook/zstd/releases/download/v$($(package)_version)
$(package)_file_name=zstd-$($(package)_version).tar.gz
$(package)_sha256_hash=9c4396cc829cfae319a6e2615202e82aad41372073482fce286fac78646d3ee4
$(package)_sha256_hash=8c29e06cf42aacc1eafc4077ae2ec6c6fcb96a626157e0593d5e82a34fd403c1
$(package)_build_subdir=build/cmake
$(package)_dependencies=native_cmake

305
qa/supply-chain/audits.toml
View File

@ -30,11 +30,21 @@ criteria = "safe-to-deploy"
delta = "0.8.6 -> 0.8.7"
notes = "Build-time `stdsimd` detection is replaced with a nightly-only feature flag."
[[audits.ahash]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.7 -> 0.8.11"
[[audits.aho-corasick]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.1.1 -> 1.1.2"
[[audits.aho-corasick]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.1.2 -> 1.1.3"
[[audits.allocator-api2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -52,6 +62,11 @@ criteria = "safe-to-deploy"
delta = "0.2.15 -> 0.2.16"
notes = "Change to `unsafe` block is to fix the `Drop` impl of `Box` to drop its value."
[[audits.allocator-api2]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.18"
[[audits.anyhow]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -105,6 +120,11 @@ Build script changes are to refactor the existing probe into a separate file
changes in the build environment.
"""
[[audits.anyhow]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.82"
[[audits.arrayref]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -127,6 +147,12 @@ then loaded. These appear to all derive from existing paths that themselves were
being mmapped and loaded.
"""
[[audits.backtrace]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.69 -> 0.3.71"
notes = "This crate inherently requires a lot of `unsafe` code, but the changes look plausible."
[[audits.base64]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -137,6 +163,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.21.4 -> 0.21.5"
[[audits.base64]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.21.5 -> 0.21.7"
[[audits.bech32]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -204,12 +235,22 @@ criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "I previously reviewed the crypto-sensitive portions of these changes as well."
[[audits.bs58]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.1"
[[audits.bumpalo]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.11.1 -> 3.12.0"
notes = "Changes to `unsafe` code are to replace `mem::forget` uses with `ManuallyDrop`."
[[audits.bumpalo]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "3.15.4 -> 3.16.0"
[[audits.byte-slice-cast]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -246,6 +287,32 @@ notes = """
almost identically to the existing `unsafe impl BufMut for &mut [u8]`.
"""
[[audits.bytes]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.5.0 -> 1.6.0"
notes = """
There is significant use of `unsafe` code, but safety requirements are well documented
and appear correct as far as I can see.
"""
[[audits.cc]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.83 -> 1.0.94"
notes = """
The optimization to use `buffer.set_len(buffer.capacity())` in `command_helpers::StderrForwarder::forward_available`
doesn't look panic-safe: if `stderr.read` panics and that panic is caught by a caller of `forward_available`, then
the inner buffer of `StderrForwarder` will contain uninitialized data. This looks difficult to trigger in practice,
but I have opened an issue <https://github.com/rust-lang/cc-rs/issues/1036>.
`parallel::async_executor` contains `unsafe` pinning code but it looks reasonable. Similarly for the `unsafe`
initialization code in `parallel::job_token::JobTokenServer` and file operations in `parallel::stderr`.
This crate executes commands, and my review is likely not sufficient to detect subtle backdoors.
I did not review the use of library handles in the `com` package on Windows.
"""
[[audits.chacha20]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
@ -345,6 +412,11 @@ LoongArch64 CPU feature detection support. This and the supporting macro code is
the same as the existing Linux code for AArch64.
"""
[[audits.cpufeatures]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.11 -> 0.2.12"
[[audits.crossbeam-channel]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -376,6 +448,12 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.3 -> 0.8.4"
[[audits.crossbeam-deque]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.5"
notes = "Changes to `unsafe` code look okay."
[[audits.crossbeam-epoch]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -403,6 +481,11 @@ Changes to `unsafe` code are to replace manual pointer logic with equivalent
`unsafe` stdlib methods, now that MSRV is high enough to use them.
"""
[[audits.crossbeam-epoch]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.9.17 -> 0.9.18"
[[audits.crossbeam-utils]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -455,6 +538,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "4.1.0 -> 4.1.1"
[[audits.curve25519-dalek]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "4.1.1 -> 4.1.2"
[[audits.curve25519-dalek-derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
@ -675,6 +763,12 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.111 -> 1.0.113"
[[audits.der]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.8 -> 0.7.9"
notes = "The change to ignore RUSTSEC-2023-0071 is correct for this crate."
[[audits.deranged]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -760,6 +854,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.0"
[[audits.either]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 1.11.0"
[[audits.equivalent]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -785,6 +884,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
[[audits.fastrand]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.0.2"
[[audits.ff]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1037,11 +1141,21 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.2"
[[audits.hermit-abi]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.3 -> 0.3.9"
[[audits.http]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"
[[audits.http]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.11 -> 0.2.12"
[[audits.http]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1171,6 +1285,11 @@ notes = """
MDN documentation.
"""
[[audits.js-sys]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.66 -> 0.3.69"
[[audits.jubjub]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1221,6 +1340,11 @@ criteria = "safe-to-deploy"
delta = "0.2.7 -> 0.2.8"
notes = "Forces some intermediate values to not have too much precision on the x87 FPU."
[[audits.libredox]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.0.1 -> 0.1.3"
[[audits.link-cplusplus]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1231,6 +1355,12 @@ who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.7 -> 1.0.8"
[[audits.linux-raw-sys]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.12 -> 0.4.13"
notes = "Low-level OS interface crate, so `unsafe` code is expected."
[[audits.lock_api]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1253,6 +1383,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.4.19 -> 0.4.20"
[[audits.log]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.20 -> 0.4.21"
[[audits.maybe-rayon]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1273,6 +1408,11 @@ comparison between `u8` pointers. The new tail code matches the existing head
code (but adapted to `u16` and `u8` reads, instead of `u32`).
"""
[[audits.memchr]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "2.7.1 -> 2.7.2"
[[audits.memoffset]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1330,6 +1470,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.15.0 -> 0.15.1"
[[audits.miniz_oxide]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.7.2"
[[audits.mio]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1371,6 +1516,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.6 -> 0.8.8"
[[audits.mio]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.10 -> 0.8.11"
[[audits.nix]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1390,6 +1540,11 @@ Most of the `unsafe` changes are cleaning up their usage:
A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look fine.
"""
[[audits.num-conv]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.num-integer]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1427,6 +1582,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.32.0 -> 0.32.1"
[[audits.object]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.32.1 -> 0.32.2"
[[audits.once_cell]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1436,6 +1596,11 @@ Small refactor that reduces the overall amount of `unsafe` code. The new strict
approach looks reasonable.
"""
[[audits.opaque-debug]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
[[audits.pairing]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1568,6 +1733,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
[[audits.pin-project-lite]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.13 -> 0.2.14"
[[audits.platforms]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1593,6 +1763,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "3.2.0 -> 3.3.0"
[[audits.platforms]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "3.3.0 -> 3.4.0"
[[audits.poly1305]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1761,6 +1936,11 @@ criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.4.4"
notes = "Switches from `redox_syscall` crate to `libredox` crate for syscalls."
[[audits.redox_users]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.4 -> 0.4.5"
[[audits.regex]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1776,6 +1956,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.9.5 -> 1.10.2"
[[audits.regex]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.10.2 -> 1.10.4"
[[audits.regex-automata]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1785,6 +1970,11 @@ There were additions to an `unsafe` trait, but the new code itself doesn't use
any `unsafe` functions.
"""
[[audits.regex-automata]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.4.6"
[[audits.regex-syntax]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1800,6 +1990,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.7.5 -> 0.8.2"
[[audits.regex-syntax]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.3"
[[audits.rustc-demangle]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1824,6 +2019,12 @@ execute arbitrary code. But when this crate is used within a build script, `$RUS
be set correctly by `cargo`.
"""
[[audits.rustix]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.38.28 -> 0.38.32"
notes = "Cursory review."
[[audits.ryu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1839,6 +2040,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.15 -> 1.0.16"
[[audits.ryu]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.16 -> 1.0.17"
[[audits.scopeguard]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1860,6 +2066,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.19 -> 1.0.20"
[[audits.semver]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.20 -> 1.0.22"
[[audits.serde]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1978,6 +2189,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.108 -> 1.0.110"
[[audits.serde_json]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.110 -> 1.0.116"
[[audits.sha2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2025,6 +2241,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
[[audits.sketches-ddsketch]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.1 -> 0.2.2"
[[audits.socket2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2043,6 +2264,11 @@ Adds support for Sony Vita targets. New `unsafe` blocks are for Vita-specific
`libc` calls to `getsockopt` and `setsockopt` for non-blocking behaviour.
"""
[[audits.socket2]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.5.5 -> 0.5.6"
[[audits.syn]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -2109,6 +2335,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.43 -> 2.0.46"
[[audits.syn]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "2.0.46 -> 2.0.59"
[[audits.tempfile]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2130,6 +2361,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "3.8.1 -> 3.9.0"
[[audits.tempfile]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "3.9.0 -> 3.10.1"
[[audits.terminfo]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2174,6 +2410,11 @@ Build script changes are to refactor the existing probe into a separate file
changes in the build environment.
"""
[[audits.thiserror]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.58"
[[audits.thiserror-impl]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2206,6 +2447,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.52 -> 1.0.56"
[[audits.thiserror-impl]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.58"
[[audits.thread_local]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2216,6 +2462,15 @@ New `unsafe` usage:
- Setting and getting a `#[thread_local] static mut Option<Thread>` on nightly.
"""
[[audits.thread_local]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.1.7 -> 1.1.8"
notes = """
Adds `unsafe` code that makes an assumption that `ptr::null_mut::<Entry<T>>()` is a valid representation
of an `AtomicPtr<Entry<T>>`, but this is likely a correct assumption.
"""
[[audits.time]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2235,6 +2490,12 @@ Removes one `unsafe` block by repurposing a constructor containing a more
general invocation of the same `unsafe` function.
"""
[[audits.time]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.31 -> 0.3.36"
notes = "Some use of `unsafe` code but its safety requirements are documented and look okay."
[[audits.time-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2289,6 +2550,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.15 -> 0.2.16"
[[audits.time-macros]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.18"
[[audits.tinyvec_macros]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2300,6 +2566,12 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.35.0 -> 1.35.1"
[[audits.tokio]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.35.1 -> 1.37.0"
notes = "Cursory review, but new and changed uses of `unsafe` code look fine, as far as I can see."
[[audits.toml_datetime]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2468,11 +2740,26 @@ Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked
`unsafe` (but that were being used safely).
"""
[[audits.wasm-bindgen-backend]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.89 -> 0.2.92"
[[audits.wasm-bindgen-macro]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.87 -> 0.2.89"
[[audits.wasm-bindgen-macro]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.89 -> 0.2.92"
[[audits.wasm-bindgen-macro-support]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.2.92"
[[audits.wasm-bindgen-macro-support]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -2494,6 +2781,16 @@ who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.87 -> 0.2.89"
[[audits.wasm-bindgen-shared]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.2.89 -> 0.2.92"
[[audits.web-sys]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.66 -> 0.3.69"
[[audits.which]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -2594,7 +2891,7 @@ end = "2024-09-21"
[[trusted.halo2_legacy_pdqsort]]
criteria = ["safe-to-deploy", "crypto-reviewed"]
user-id = 199950 # Daira Hopwood (daira)
user-id = 199950 # Daira Emma Hopwood (daira)
start = "2023-02-24"
end = "2024-09-21"
@ -2748,6 +3045,12 @@ user-id = 6289 # str4d
start = "2021-03-26"
end = "2024-09-21"
[[trusted.zcash_protocol]]
criteria = "safe-to-deploy"
user-id = 169181 # Kris Nuttycombe (nuttycom)
start = "2024-01-27"
end = "2025-04-16"
[[trusted.zcash_spec]]
criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
user-id = 6289 # str4d

26
qa/supply-chain/config.toml
View File

@ -279,10 +279,6 @@ criteria = "safe-to-deploy"
version = "2.5.0"
criteria = "safe-to-deploy"
[[exemptions.itoa]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.js-sys]]
version = "0.3.60"
criteria = "safe-to-deploy"
@ -443,10 +439,6 @@ criteria = "safe-to-deploy"
version = "0.3.0"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.4.1"
criteria = "safe-to-deploy"
[[exemptions.redox_users]]
version = "0.4.3"
criteria = "safe-to-deploy"
@ -503,14 +495,6 @@ criteria = "safe-to-deploy"
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.serde]]
version = "1.0.136"
criteria = "safe-to-deploy"
[[exemptions.serde_derive]]
version = "1.0.136"
criteria = "safe-to-deploy"
[[exemptions.serde_json]]
version = "1.0.81"
criteria = "safe-to-deploy"
@ -608,7 +592,7 @@ version = "0.11.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen]]
version = "0.2.89"
version = "0.2.92"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-backend]]
@ -619,10 +603,6 @@ criteria = "safe-to-deploy"
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro-support]]
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.web-sys]]
version = "0.3.66"
criteria = "safe-to-deploy"
@ -643,6 +623,10 @@ criteria = "safe-to-deploy"
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.windows_i686_gnullvm]]
version = "0.52.5"
criteria = "safe-to-deploy"
[[exemptions.wyz]]
version = "0.5.0"
criteria = "safe-to-deploy"

662
qa/supply-chain/imports.lock
View File

@ -8,8 +8,8 @@ user-id = 6289
user-login = "str4d"
[[publisher.bumpalo]]
version = "3.14.0"
when = "2023-09-14"
version = "3.15.4"
when = "2024-03-07"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
@ -37,7 +37,7 @@ version = "0.1.0"
when = "2023-03-10"
user-id = 199950
user-login = "daira"
user-name = "Daira Hopwood"
user-name = "Daira Emma Hopwood"
[[publisher.halo2_proofs]]
version = "0.3.0"
@ -46,10 +46,11 @@ user-id = 1244
user-login = "ebfull"
[[publisher.incrementalmerkletree]]
version = "0.5.0"
when = "2023-09-08"
user-id = 6289
user-login = "str4d"
version = "0.5.1"
when = "2024-03-25"
user-id = 169181
user-login = "nuttycom"
user-name = "Kris Nuttycombe"
[[publisher.orchard]]
version = "0.7.1"
@ -58,11 +59,18 @@ user-id = 6289
user-login = "str4d"
[[publisher.sapling-crypto]]
version = "0.1.1"
when = "2024-02-15"
version = "0.1.3"
when = "2024-03-25"
user-id = 6289
user-login = "str4d"
[[publisher.unicode-normalization]]
version = "0.1.23"
when = "2024-02-20"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.windows-sys]]
version = "0.48.0"
when = "2023-03-31"
@ -85,8 +93,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -99,8 +107,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_gnullvm]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -113,8 +121,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_msvc]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -127,8 +135,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_gnu]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -141,8 +149,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_msvc]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -155,8 +163,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnu]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -169,8 +177,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnullvm]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -183,15 +191,15 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_msvc]]
version = "0.52.0"
when = "2023-11-15"
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.zcash_address]]
version = "0.3.1"
when = "2024-01-12"
version = "0.3.2"
when = "2024-03-06"
user-id = 6289
user-login = "str4d"
@ -226,6 +234,13 @@ when = "2024-03-01"
user-id = 6289
user-login = "str4d"
[[publisher.zcash_protocol]]
version = "0.1.1"
when = "2024-03-25"
user-id = 169181
user-login = "nuttycom"
user-name = "Kris Nuttycombe"
[[publisher.zcash_spec]]
version = "0.1.0"
when = "2023-12-07"
@ -233,8 +248,8 @@ user-id = 6289
user-login = "str4d"
[[publisher.zip32]]
version = "0.1.0"
when = "2023-12-06"
version = "0.1.1"
when = "2024-03-14"
user-id = 6289
user-login = "str4d"
@ -283,25 +298,6 @@ criteria = "safe-to-deploy"
version = "0.21.0"
notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
[[audits.bytecode-alliance.audits.bitflags]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.2.1"
notes = """
This version adds unsafe impls of traits from the bytemuck crate when built
with that library enabled, but I believe the impls satisfy the documented
safety requirements for bytemuck. The other changes are minor.
"""
[[audits.bytecode-alliance.audits.bitflags]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.3.2 -> 2.3.3"
notes = """
Nothing outside the realm of what one would expect from a bitflags generator,
all as expected.
"""
[[audits.bytecode-alliance.audits.block-buffer]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
@ -371,6 +367,12 @@ criteria = "safe-to-deploy"
delta = "0.2.9 -> 1.0.0"
notes = "Minor changes leading up to the 1.0.0 release and nothing fundamentally new here."
[[audits.bytecode-alliance.audits.libc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.151 -> 0.2.153"
notes = "More bindings for more platforms. I have not verified that everything is exactly as-is on the platform as specified but nothing major is otherwise introduced as part of this bump."
[[audits.bytecode-alliance.audits.libm]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -390,6 +392,12 @@ This is a minor update which has some testing affordances as well as some
updated math algorithms.
"""
[[audits.bytecode-alliance.audits.mach2]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.4.2"
notes = "It does unsafe FFI bindings, as expected. I didn't check the FFI bindings against the C headers."
[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -447,25 +455,6 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.proc-macro2]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.51 -> 1.0.57"
[[audits.bytecode-alliance.audits.proc-macro2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.0.59 -> 1.0.63"
notes = """
This is a routine update for new nightly features and new syntax popping up on
nightly, nothing out of the ordinary.
"""
[[audits.bytecode-alliance.audits.quote]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.23 -> 1.0.27"
[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -537,18 +526,6 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.8"
[[audits.bytecode-alliance.audits.unicode-normalization]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.19"
notes = """
This crate contains one usage of `unsafe` which I have manually checked to see
it as correct. This crate's size comes in large part due to the generated
unicode tables that it contains. This crate is additionally widely used
throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
and nothing suspicious.
"""
[[audits.bytecode-alliance.audits.want]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -583,6 +560,62 @@ criteria = "safe-to-deploy"
version = "0.1.0"
notes = "No unsafe usage or ambient capabilities, sane build script"
[[audits.google.audits.aes]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.4"
notes = "Audited at https://fxrev.dev/987054"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for reasonable, client-controlled usage of
`std::fs` in `AutoCfg::with_dir`.
This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb
The CL description contains a link to a Google-internal document with audit details.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.2.0"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and nothing changed from the baseline audit of 1.1.0. Skimmed through the
1.1.0 => 1.2.0 delta and everything seemed okay.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "2.4.2"
notes = """
Audit notes:
* I've checked for any discussion in Google-internal cl/546819168 (where audit
of version 2.3.3 happened)
* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]`
* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be
correct in a straightforward way - they just propagate the marker trait's
impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type
* Additional discussion and/or notes may be found in https://crrev.com/c/5238056
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bitflags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.4.2 -> 2.5.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.cxxbridge-flags]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -605,6 +638,35 @@ criteria = "safe-to-deploy"
version = "1.0.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.10"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
There are a few places where `unsafe` is used. Unsafe review notes can be found
in https://crrev.com/c/5350697.
Version 1.0.1 of this crate has been added to Chromium in
https://crrev.com/c/3321896.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"
notes = """
Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits:
* Bumping up the version
* A touch up of comments
* And my own PR to make `unsafe` blocks more granular:
https://github.com/dtolnay/itoa/pull/42
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.link-cplusplus]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -631,17 +693,82 @@ version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.78"
notes = """
Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for a benign \"fs\" hit in a doc comment)
Notes from the `unsafe` review can be found in https://crrev.com/c/5385745.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.80"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.35"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"net\" hit in tests and \"fs\" hit in README.md)
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.quote]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.35 -> 1.0.36"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.197"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
There were some hits for `net`, but they were related to serialization and
not actually opening any connections or anything like that.
There were 2 hits of `unsafe` when grepping:
* In `fn as_str` in `impl Buf`
* In `fn serialize` in `impl Serialize for net::Ipv4Addr`
Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this
review also covered `serde_json_lenient`).
Version 1.0.130 of the crate has been added to Chromium in
https://crrev.com/c/3265545. The CL description contains a link to a
(Google-internal, sorry) document with a mini security review.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.197"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.isrg.audits.aes]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.3"
[[audits.isrg.audits.base64]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
@ -736,6 +863,16 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"
[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.5 -> 0.2.6"
[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
[[audits.isrg.audits.getrandom]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
@ -747,6 +884,16 @@ who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.11"
[[audits.isrg.audits.getrandom]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.11 -> 0.2.12"
[[audits.isrg.audits.getrandom]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.12 -> 0.2.14"
[[audits.isrg.audits.hmac]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -757,6 +904,11 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.4.4"
[[audits.isrg.audits.num-integer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.45 -> 0.1.46"
[[audits.isrg.audits.num-traits]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -767,6 +919,11 @@ who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.17"
[[audits.isrg.audits.num-traits]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.17 -> 0.2.18"
[[audits.isrg.audits.once_cell]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
@ -807,75 +964,25 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
[[audits.isrg.audits.rayon-core]]
[[audits.isrg.audits.rayon]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.10.2 -> 1.11.0"
delta = "1.8.1 -> 1.9.0"
[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 1.10.0"
[[audits.isrg.audits.rayon-core]]
who = "David Cook <dcook@divviup.org>"
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.11.0 -> 1.12.0"
[[audits.isrg.audits.serde]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.152 -> 1.0.153"
[[audits.isrg.audits.serde]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.153 -> 1.0.154"
[[audits.isrg.audits.serde]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.154 -> 1.0.155"
[[audits.isrg.audits.serde]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.156 -> 1.0.159"
[[audits.isrg.audits.serde]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.160 -> 1.0.162"
[[audits.isrg.audits.serde]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.162 -> 1.0.163"
[[audits.isrg.audits.serde_derive]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.152 -> 1.0.153"
[[audits.isrg.audits.serde_derive]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.153 -> 1.0.154"
[[audits.isrg.audits.serde_derive]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.154 -> 1.0.155"
[[audits.isrg.audits.serde_derive]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.156 -> 1.0.159"
[[audits.isrg.audits.serde_derive]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.160 -> 1.0.162"
[[audits.isrg.audits.serde_derive]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.162 -> 1.0.163"
version = "1.12.1"
[[audits.isrg.audits.serde_json]]
who = "Brandon Pitman <bran@bran.land>"
@ -922,6 +1029,15 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.83"
[[audits.mozilla.wildcard-audits.unicode-normalization]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-11-06"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -947,13 +1063,6 @@ criteria = "safe-to-deploy"
delta = "1.0.62 -> 1.0.68"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.autocfg]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
@ -974,32 +1083,6 @@ version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 2.0.2"
notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.2.1 -> 2.3.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.4.0 -> 2.4.1"
notes = "Only allowing new clippy lints"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.block-buffer]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1031,6 +1114,19 @@ delta = "0.5.7 -> 0.5.8"
notes = "Reviewed the fix, previous versions indeed had were able to trigger a race condition"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.8 -> 0.5.11"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.11 -> 0.5.12"
notes = "Minimal change fixing a memory leak."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-epoch]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1055,6 +1151,12 @@ criteria = "safe-to-deploy"
delta = "0.8.11 -> 0.8.14"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-utils]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.8.14 -> 0.8.19"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.digest]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1123,18 +1225,6 @@ criteria = "safe-to-deploy"
delta = "1.9.1 -> 1.9.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.itoa]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.2 -> 1.0.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.itoa]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.5"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.lazy_static]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@ -1200,104 +1290,6 @@ criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.39"
notes = """
`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
`proc_macro` crate, or as a fallback implementation of the crate, depending on
where it is used.
If using this crate on older versions of rustc (1.56 and earlier), it will
temporarily replace the panic handler while initializing in order to detect if
it is running within a `proc_macro`, which could lead to surprising behaviour.
This should not be an issue for more recent compiler versions, which support
`proc_macro::is_available()`.
The `proc-macro2` crate's fallback behaviour is not identical to the complex
behaviour of the rustc compiler (e.g. it does not perform unicode normalization
for identifiers), however it behaves well enough for its intended use-case
(tests and scripts processing rust code).
`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
allow bypassing checks in the fallback implementation when constructing
`Literal` using `from_str_unchecked`. This was intended to only be used by the
`quote!` macro, however it has been removed
(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
and is likely completely unused. Even when used, this API shouldn't be able to
cause unsoundness.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.39 -> 1.0.43"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.43 -> 1.0.49"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.57 -> 1.0.59"
notes = "Enabled on Wasm"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.63 -> 1.0.66"
notes = "Removed special support for some really old Rust versions"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.18"
notes = """
`quote` is a utility crate used by proc-macros to generate TokenStreams
conveniently from source code. The bulk of the logic is some complex
interlocking `macro_rules!` macros which are used to parse and build the
`TokenStream` within the proc-macro.
This crate contains no unsafe code, and the internal logic, while difficult to
read, is generally straightforward. I have audited the the quote macros, ident
formatter, and runtime logic.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.27 -> 1.0.28"
notes = "Enabled on wasm targets"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.28 -> 1.0.31"
notes = "Minimal changes and removal of the build.rs"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.rand_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1317,25 +1309,6 @@ criteria = "safe-to-deploy"
delta = "1.5.3 -> 1.6.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rayon-core]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.9.3"
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rayon-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.3 -> 1.10.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rayon-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.10.1 -> 1.10.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex-syntax]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1348,56 +1321,6 @@ criteria = "safe-to-deploy"
delta = "1.0.11 -> 1.0.12"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.144"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.144 -> 1.0.151"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.151 -> 1.0.152"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.163 -> 1.0.179"
notes = "Internal refactorings and some new trait implementations"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.144"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.144 -> 1.0.151"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.151 -> 1.0.152"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_derive]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.163 -> 1.0.179"
notes = "Internal refactorings and dependency updates"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_json]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1447,22 +1370,3 @@ criteria = "safe-to-deploy"
delta = "1.0.8 -> 1.0.9"
notes = "Dependency updates only"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.1.20"
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.20 -> 0.1.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.21 -> 0.1.22"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

15
qa/zcash/postponed-updates.txt
View File

@ -6,7 +6,9 @@
# Boost 1.84.0 causes gtests to fail on macOS.
boost 1.84.0 2024-06-15
boost 1.85.0 2024-06-15
native_b2 1.84.0 2024-06-15
native_b2 1.85.0 2024-06-15
# Clang and Rust are currently pinned to LLVM 15
libcxx 15.0.7 2024-06-15
@ -27,6 +29,9 @@ libcxx 17.0.5 2024-06-15
libcxx 17.0.6 2024-06-15
libcxx 18.1.0 2024-06-15
libcxx 18.1.1 2024-06-15
libcxx 18.1.2 2024-06-15
libcxx 18.1.3 2024-06-15
libcxx 18.1.4 2024-06-15
native_clang 15.0.7 2024-06-15
native_clang 16.0.0 2024-06-15
native_clang 16.0.1 2024-06-15
@ -44,6 +49,9 @@ native_clang 17.0.5 2024-06-15
native_clang 17.0.6 2024-06-15
native_clang 18.1.0 2024-06-15
native_clang 18.1.1 2024-06-15
native_clang 18.1.2 2024-06-15
native_clang 18.1.3 2024-06-15
native_clang 18.1.4 2024-06-15
native_rust 1.70.0 2024-06-15
native_rust 1.71.0 2024-06-15
native_rust 1.71.1 2024-06-15
@ -54,6 +62,9 @@ native_rust 1.74.0 2024-06-15
native_rust 1.74.1 2024-06-15
native_rust 1.75.0 2024-06-15
native_rust 1.76.0 2024-06-15
native_rust 1.77.0 2024-06-15
native_rust 1.77.1 2024-06-15
native_rust 1.77.2 2024-06-15
native_cxxbridge 1.0.114 2024-06-15
native_cxxbridge 1.0.115 2024-06-15
@ -61,12 +72,16 @@ native_cxxbridge 1.0.116 2024-06-15
native_cxxbridge 1.0.117 2024-06-15
native_cxxbridge 1.0.118 2024-06-15
native_cxxbridge 1.0.119 2024-06-15
native_cxxbridge 1.0.120 2024-06-15
native_cxxbridge 1.0.121 2024-06-15
rustcxx 1.0.114 2024-06-15
rustcxx 1.0.115 2024-06-15
rustcxx 1.0.116 2024-06-15
rustcxx 1.0.117 2024-06-15
rustcxx 1.0.118 2024-06-15
rustcxx 1.0.119 2024-06-15
rustcxx 1.0.120 2024-06-15
rustcxx 1.0.121 2024-06-15
# We follow upstream Bitcoin Core's LevelDB updates
leveldb 1.23 2024-06-15