From 0b77f8f79af3a98e8bcec1020491a3071e1405b5 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Mar 2023 21:52:47 +0000 Subject: [PATCH] cargo update --- Cargo.lock | 229 ++++++++++++++++------------------- qa/supply-chain/audits.toml | 190 +++++++++++++++++++++++++++++ qa/supply-chain/config.toml | 22 ++-- qa/supply-chain/imports.lock | 96 +++++++++------ 4 files changed, 369 insertions(+), 168 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9727f7dac..478251d90 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -196,9 +196,9 @@ dependencies = [ [[package]] name = "block-buffer" -version = "0.10.3" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" dependencies = [ "generic-array", ] @@ -284,7 +284,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7fc89c7c5b9e7a02dfe45cd2367bae382f9ed31c61ca8debe5f827c420a2f08" dependencies = [ "cfg-if", - "cipher 0.4.3", + "cipher 0.4.4", "cpufeatures", ] @@ -296,7 +296,7 @@ checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" dependencies = [ "aead", "chacha20", - "cipher 0.4.3", + "cipher 0.4.4", "poly1305", "zeroize", ] @@ -312,9 +312,9 @@ dependencies = [ [[package]] name = "cipher" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ "crypto-common", "inout", @@ -336,9 +336,9 @@ dependencies = [ [[package]] name = "constant_time_eq" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3ad85c1f65dc7b37604eb0e89748faf0b9653065f2a8ef69f96a687ec1e9279" +checksum = "13418e745008f7349ec7e449155f419a61b92b58a99cc3616942b926825ec76b" [[package]] name = "cpufeatures" @@ -351,9 +351,9 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.6" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" +checksum = "cf2b3e8478797446514c91ef04bafcb59faba183e621ad488df88983cc14128c" dependencies = [ "cfg-if", "crossbeam-utils", @@ -361,9 +361,9 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "715e8152b692bba2d374b53d4875445368fdf21a94751410af607a5ac677d1fc" +checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" dependencies = [ "cfg-if", "crossbeam-epoch", @@ -372,9 +372,9 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.13" +version = "0.9.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01a9af1f4c2ef74bb8aa1f7e19706bc72d03598c8a570bb5de72243c7a9d9d5a" +checksum = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" dependencies = [ "autocfg", "cfg-if", @@ -385,9 +385,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.14" +version = "0.8.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fb766fa798726286dbbb842f174001dab8abc7b627a1dd86e0b7222a95d929f" +checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" dependencies = [ "cfg-if", ] @@ -475,7 +475,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ - "block-buffer 0.10.3", + "block-buffer 0.10.4", "crypto-common", ] @@ -599,30 +599,30 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures-channel" -version = "0.3.26" +version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e5317663a9089767a1ec00a487df42e0ca174b61b4483213ac24448e4664df5" +checksum = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac" dependencies = [ "futures-core", ] [[package]] name = "futures-core" -version = "0.3.26" +version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec90ff4d0fe1f57d600049061dc6bb68ed03c7d2fbd697274c41805dcb3f8608" +checksum = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd" [[package]] name = "futures-task" -version = "0.3.26" +version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcf79a1bf610b10f42aea489289c5a2c478a786509693b80cd39c44ccd936366" +checksum = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879" [[package]] name = "futures-util" -version = "0.3.26" +version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c1d6de3acfef38d2be4b1f543f553131788603495be83da675e180c8d6b7bd1" +checksum = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab" dependencies = [ "futures-core", "futures-task", @@ -770,9 +770,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.8" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" +checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" dependencies = [ "bytes", "fnv", @@ -804,9 +804,9 @@ checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" [[package]] name = "hyper" -version = "0.14.24" +version = "0.14.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e011372fa0b68db8350aa7a248930ecc7839bf46d8485577d69f117a75f164c" +checksum = "cc5e554ff619822309ffd57d8734d77cd5ce6238bc956f037ea06c58238c9899" dependencies = [ "bytes", "futures-channel", @@ -847,9 +847,9 @@ dependencies = [ [[package]] name = "incrementalmerkletree" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "068c5bdd31006d55536655cf1eb0d22d84d28de7c725b419480fd5d005c83216" +checksum = "d5ad43a3f5795945459d577f6589cf62a476e92c79b75e70cd954364e14ce17b" dependencies = [ "serde", ] @@ -881,9 +881,9 @@ checksum = "30e22bd8629359895450b59ea7a776c850561b96a3b1d31321c1949d9e6c9146" [[package]] name = "itoa" -version = "1.0.5" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440" +checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" [[package]] name = "js-sys" @@ -916,9 +916,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.139" +version = "0.2.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" +checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c" [[package]] name = "libm" @@ -1037,9 +1037,9 @@ checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "memoffset" -version = "0.7.1" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" +checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" dependencies = [ "autocfg", ] @@ -1130,7 +1130,7 @@ dependencies = [ "libc", "log", "wasi 0.11.0+wasi-snapshot-preview1", - "windows-sys 0.45.0", + "windows-sys", ] [[package]] @@ -1155,15 +1155,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "nom8" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae01545c9c7fc4486ab7debaf2aad7003ac19431791868fb2e8066df97fad2f8" -dependencies = [ - "memchr", -] - [[package]] name = "nonempty" version = "0.7.0" @@ -1330,7 +1321,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-sys 0.45.0", + "windows-sys", ] [[package]] @@ -1455,9 +1446,9 @@ dependencies = [ [[package]] name = "proc-macro-crate" -version = "1.3.0" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66618389e4ec1c7afe67d51a9bf34ff9236480f8d51e7489b7d5ab0303c13f34" +checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" dependencies = [ "once_cell", "toml_edit", @@ -1465,9 +1456,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.51" +version = "1.0.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d727cae5b39d21da60fa540906919ad737832fe0b1c165da3a34d6548c849d6" +checksum = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224" dependencies = [ "unicode-ident", ] @@ -1490,9 +1481,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.23" +version = "1.0.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b" +checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" dependencies = [ "proc-macro2", ] @@ -1541,18 +1532,18 @@ dependencies = [ [[package]] name = "raw-cpuid" -version = "10.6.1" +version = "10.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c307f7aacdbab3f0adee67d52739a1d71112cc068d6fab169ddeb18e48877fad" +checksum = "6c297679cb867470fa8c9f67dbba74a78d78e3e98d7cf2b08d6d71540f797332" dependencies = [ "bitflags", ] [[package]] name = "rayon" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db3a213adf02b3bcfd2d3846bb41cb22857d131789e01df434fb7e7bc0759b7" +checksum = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a69841207dd0a47f03b" dependencies = [ "either", "rayon-core", @@ -1560,9 +1551,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.10.2" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "356a0625f1954f730c0201cdab48611198dc6ce21f4acff55089b5a78e6e835b" +checksum = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d" dependencies = [ "crossbeam-channel", "crossbeam-deque", @@ -1685,9 +1676,9 @@ checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6" [[package]] name = "ryu" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde" +checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" [[package]] name = "scopeguard" @@ -1724,18 +1715,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.152" +version = "1.0.156" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb" +checksum = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.152" +version = "1.0.156" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e" +checksum = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d" dependencies = [ "proc-macro2", "quote", @@ -1744,9 +1735,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.93" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cad406b69c91885b5107daf2c29572f6c8cdb3c66826821e286c533490c0bc76" +checksum = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea" dependencies = [ "itoa", "ryu", @@ -1795,9 +1786,9 @@ checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" [[package]] name = "socket2" -version = "0.4.7" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" +checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" dependencies = [ "libc", "winapi", @@ -1823,9 +1814,9 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.107" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ "proc-macro2", "quote", @@ -1865,18 +1856,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.38" +version = "1.0.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0" +checksum = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.38" +version = "1.0.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f" +checksum = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e" dependencies = [ "proc-macro2", "quote", @@ -1895,9 +1886,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.19" +version = "0.3.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53250a3b3fed8ff8fd988587d8925d26a83ac3845d9e03b220b37f34c2b8d6c2" +checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890" dependencies = [ "itoa", "serde", @@ -1913,9 +1904,9 @@ checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" [[package]] name = "time-macros" -version = "0.2.7" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a460aeb8de6dcb0f381e1ee05f1cd56fcf5a5f6eb8187ff3d8f0b11078d38b7c" +checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36" dependencies = [ "time-core", ] @@ -1937,33 +1928,33 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.25.0" +version = "1.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e00990ebabbe4c14c08aca901caed183ecd5c09562a12c824bb53d3c3fd3af" +checksum = "03201d01c3c27a29c8a5cee5b55a93ddae1ccf6f08f65365c2c918f8c1b76f64" dependencies = [ "autocfg", "libc", "mio", "pin-project-lite", "socket2", - "windows-sys 0.42.0", + "windows-sys", ] [[package]] name = "toml_datetime" -version = "0.5.1" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4553f467ac8e3d374bc9a177a26801e5d0f9b211aa1673fb137a403afd1c9cf5" +checksum = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622" [[package]] name = "toml_edit" -version = "0.18.1" +version = "0.19.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56c59d8dd7d0dcbc6428bf7aa2f0e823e26e43b3c9aca15bbc9475d23e5fa12b" +checksum = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274" dependencies = [ "indexmap", - "nom8", "toml_datetime", + "winnow", ] [[package]] @@ -2059,9 +2050,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.6" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc" +checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" [[package]] name = "unicode-normalization" @@ -2225,21 +2216,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows-sys" -version = "0.42.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" -dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", -] - [[package]] name = "windows-sys" version = "0.45.0" @@ -2251,9 +2227,9 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e2522491fbfcd58cc84d47aeb2958948c4b8982e9a2d8a2a35bbaed431390e7" +checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", @@ -2266,45 +2242,54 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c9864e83243fdec7fc9c5444389dcbbfd258f745e7853198f365e3c4968a608" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" [[package]] name = "windows_aarch64_msvc" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c8b1b673ffc16c47a9ff48570a9d85e25d265735c503681332589af6253c6c7" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" [[package]] name = "windows_i686_gnu" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3887528ad530ba7bdbb1faa8275ec7a1155a45ffa57c37993960277145d640" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" [[package]] name = "windows_i686_msvc" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf4d1122317eddd6ff351aa852118a2418ad4214e6613a50e0191f7004372605" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" [[package]] name = "windows_x86_64_gnu" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1040f221285e17ebccbc2591ffdc2d44ee1f9186324dd3e84e99ac68d699c45" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" [[package]] name = "windows_x86_64_gnullvm" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "628bfdf232daa22b0d64fdb62b09fcc36bb01f05a3939e20ab73aaf9470d0463" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" [[package]] name = "windows_x86_64_msvc" -version = "0.42.1" +version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "447660ad36a13288b1db4d4248e857b510e8c3a225c822ba4fb748c0aafecffd" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + +[[package]] +name = "winnow" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966" +dependencies = [ + "memchr", +] [[package]] name = "wyz" @@ -2356,7 +2341,7 @@ checksum = "2be9c12532389fd03786b7068fb7936c17fade23b48f584707bdc5f79f3ec867" dependencies = [ "chacha20", "chacha20poly1305", - "cipher 0.4.3", + "cipher 0.4.4", "rand_core 0.6.4", "subtle", ] diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index de86b186c..7dbd48eba 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -54,6 +54,12 @@ criteria = "safe-to-deploy" delta = "1.0.0 -> 1.0.1" notes = "Switches to `constant_time_eq 0.2.4`, which bumps its MSRV to 1.59." +[[audits.block-buffer]] +who = "Jack Grigg " +criteria = ["crypto-reviewed", "safe-to-deploy"] +delta = "0.10.3 -> 0.10.4" +notes = "Adds panics to prevent a block size of zero from causing unsoundness." + [[audits.bls12_381]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -109,6 +115,12 @@ criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.3" notes = "Significant rework of (mainly RustCrypto-internal) APIs." +[[audits.cipher]] +who = "Jack Grigg " +criteria = ["safe-to-deploy", "crypto-reviewed"] +delta = "0.4.3 -> 0.4.4" +notes = "Adds panics to prevent a block size of zero from causing unsoundness." + [[audits.clearscreen]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -125,12 +137,45 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.11 -> 2.0.0" +[[audits.constant_time_eq]] +who = "Jack Grigg " +criteria = ["safe-to-deploy", "crypto-reviewed"] +delta = "0.2.4 -> 0.2.5" +notes = "No code changes." + [[audits.cpufeatures]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.5" notes = "Unsafe changes just introduce `#[inline(never)]` wrappers." +[[audits.crossbeam-channel]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.5.6 -> 0.5.7" +notes = "Fixes wrapping overflows for large timeouts." + +[[audits.crossbeam-deque]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.3" +notes = "No new code." + +[[audits.crossbeam-epoch]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.13 -> 0.9.14" +notes = "Bumps memoffset to 0.8, and marks some BPF and Sony Vita targets as not having atomics." + +[[audits.crossbeam-utils]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.14 -> 0.8.15" +notes = """ +- Fixes a wrapping overflow for large timeouts. +- Marks some BPF and Sony Vita targets as not having atomics. +""" + [[audits.crypto-common]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -304,17 +349,32 @@ criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" notes = "Atomics usage in `Stream::size_hint` impls looks fine." +[[audits.futures-channel]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.27" + [[audits.futures-core]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" notes = "Adds optional dependency on `portable-atomic 1` that can be enabled to replace `core::sync::atomic`." +[[audits.futures-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.27" + [[audits.futures-task]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" +[[audits.futures-task]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.27" + [[audits.futures-util]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -368,6 +428,11 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.1.0 -> 0.2.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.http]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.8 -> 0.2.9" + [[audits.hyper]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -377,6 +442,12 @@ Fixes a bug where memory was reserved based on an adversary-controllable size, b corresponding data was received. """ +[[audits.incrementalmerkletree]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" +notes = "Fixes bug in calculating altitudes from tree positions on 32-bit platforms." + [[audits.indexmap]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -400,6 +471,11 @@ criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.3" notes = "Update makes no changes to code." +[[audits.itoa]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.5 -> 1.0.6" + [[audits.js-sys]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -641,6 +717,12 @@ criteria = "safe-to-deploy" delta = "1.2.1 -> 1.3.0" notes = "Migrates from `toml` to `toml_edit`." +[[audits.proc-macro-crate]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.3.0 -> 1.3.1" +notes = "Bumps MSRV to 1.60." + [[audits.proc-macro2]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -651,21 +733,45 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.49 -> 1.0.51" +[[audits.proc-macro2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.51 -> 1.0.52" + [[audits.quanta]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.9.3 -> 0.10.1" +[[audits.quote]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.23 -> 1.0.26" + [[audits.raw-cpuid]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "10.6.0 -> 10.6.1" +[[audits.raw-cpuid]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "10.6.1 -> 10.7.0" +notes = """ +Appears to be a move-only change in display code to expose an internal API. +I did not verify that the change was move-only, but there is no unsafe code affected. +""" + [[audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.7.1" +[[audits.ryu]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.12 -> 1.0.13" + [[audits.serde]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -677,6 +783,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.145" +[[audits.serde]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.155 -> 1.0.156" + [[audits.serde_derive]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -688,6 +799,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.145" +[[audits.serde_derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.155 -> 1.0.156" + [[audits.sketches-ddsketch]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -704,6 +820,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.102 -> 1.0.107" +[[audits.syn]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.107 -> 1.0.109" +notes = "Fixes string literal parsing to only skip specified whitespace characters." + [[audits.terminfo]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -749,6 +871,16 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.6" +[[audits.time-macros]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.7 -> 0.2.8" +notes = """ +- Only new `unsafe` code takes a `NonZeroU16` at proc-macro evaluation time and hard-codes + its contents into a `NonZeroU16::new_unchecked` constructor, which is safe. +- Bumps MSRV to 1.63. +""" + [[audits.tinyvec_macros]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -761,6 +893,12 @@ criteria = "safe-to-deploy" version = "0.5.1" notes = "Crate has `#![forbid(unsafe_code)]`, no `unwrap / expect / panic`, no ambient capabilities." +[[audits.toml_datetime]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.5.1 -> 0.6.1" +notes = "Fixes a bug in parsing negative minutes in datetime string offsets." + [[audits.try-lock]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -777,6 +915,11 @@ who = "Daira Hopwood " criteria = "safe-to-deploy" version = "1.0.2" +[[audits.unicode-ident]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.6 -> 1.0.8" + [[audits.universal-hash]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -795,6 +938,11 @@ criteria = "safe-to-deploy" delta = "4.3.0 -> 4.4.0" notes = "New APIs are remixes of existing code." +[[audits.windows-targets]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" + [[audits.windows_aarch64_gnullvm]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -804,6 +952,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_aarch64_gnullvm]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_aarch64_msvc]] who = "Jack Grigg " criteria = "safe-to-run" @@ -824,6 +978,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_aarch64_msvc]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_i686_gnu]] who = "Jack Grigg " criteria = "safe-to-run" @@ -844,6 +1004,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_i686_gnu]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_i686_msvc]] who = "Jack Grigg " criteria = "safe-to-run" @@ -864,6 +1030,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_i686_msvc]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_x86_64_gnu]] who = "Jack Grigg " criteria = "safe-to-run" @@ -884,6 +1056,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_x86_64_gnu]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_x86_64_gnullvm]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -893,6 +1071,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_x86_64_gnullvm]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.windows_x86_64_msvc]] who = "Jack Grigg " criteria = "safe-to-run" @@ -913,6 +1097,12 @@ This is a Windows API bindings library maintained by Microsoft themselves. Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0. """ +[[audits.windows_x86_64_msvc]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.42.1 -> 0.42.2" +notes = "This is an opaque Windows API bindings library maintained by Microsoft." + [[audits.wyz]] who = "Jack Grigg " criteria = "safe-to-deploy" diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index ee86cf420..569f404b9 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -216,7 +216,7 @@ version = "0.3.21" criteria = "safe-to-deploy" [[exemptions.futures-util]] -version = "0.3.21" +version = "0.3.27" criteria = "safe-to-deploy" [[exemptions.generic-array]] @@ -272,7 +272,7 @@ version = "1.0.2" criteria = "safe-to-deploy" [[exemptions.hyper]] -version = "0.14.23" +version = "0.14.25" criteria = "safe-to-deploy" [[exemptions.impl-codec]] @@ -308,7 +308,7 @@ version = "0.9.0" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.126" +version = "0.2.140" criteria = "safe-to-deploy" [[exemptions.libm]] @@ -375,10 +375,6 @@ criteria = "safe-to-deploy" version = "5.1.2" criteria = "safe-to-deploy" -[[exemptions.nom8]] -version = "0.2.0" -criteria = "safe-to-deploy" - [[exemptions.nonempty]] version = "0.7.0" criteria = "safe-to-deploy" @@ -600,7 +596,7 @@ version = "1.10.0" criteria = "safe-to-deploy" [[exemptions.socket2]] -version = "0.4.7" +version = "0.4.9" criteria = "safe-to-deploy" [[exemptions.spin]] @@ -640,7 +636,7 @@ version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.time]] -version = "0.3.19" +version = "0.3.20" criteria = "safe-to-deploy" [[exemptions.time-core]] @@ -652,11 +648,11 @@ version = "0.2.7" criteria = "safe-to-deploy" [[exemptions.tokio]] -version = "1.25.0" +version = "1.26.0" criteria = "safe-to-deploy" [[exemptions.toml_edit]] -version = "0.18.1" +version = "0.19.7" criteria = "safe-to-deploy" [[exemptions.tower-service]] @@ -751,6 +747,10 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" +[[exemptions.winnow]] +version = "0.3.6" +criteria = "safe-to-deploy" + [[exemptions.wyz]] version = "0.5.0" criteria = "safe-to-deploy" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 87e999605..57b0bdb1a 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -52,6 +52,12 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.3" +[[audits.bytecode-alliance.audits.memoffset]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.8.0" +notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes." + [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -180,16 +186,60 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.3.0" -[[audits.isrg.audits.serde_json]] -who = "Tim Geoghegan " +[[audits.isrg.audits.rayon]] +who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.91 -> 1.0.92" -notes = "The only changes are to doccomments, a dev-dependency and the project's CI workflow, so there should be no risk to dependents." +delta = "1.6.1 -> 1.7.0" + +[[audits.isrg.audits.rayon-core]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.10.2 -> 1.11.0" + +[[audits.isrg.audits.serde]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.152 -> 1.0.153" + +[[audits.isrg.audits.serde]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.153 -> 1.0.154" + +[[audits.isrg.audits.serde]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.154 -> 1.0.155" + +[[audits.isrg.audits.serde_derive]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.152 -> 1.0.153" + +[[audits.isrg.audits.serde_derive]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.153 -> 1.0.154" + +[[audits.isrg.audits.serde_derive]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.154 -> 1.0.155" [[audits.isrg.audits.serde_json]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.92 -> 1.0.93" +delta = "1.0.93 -> 1.0.94" + +[[audits.isrg.audits.thiserror]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.38 -> 1.0.39" + +[[audits.isrg.audits.thiserror-impl]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.38 -> 1.0.39" [[audits.isrg.audits.unicode-ident]] who = "David Cook " @@ -346,18 +396,6 @@ criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.21 -> 0.3.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.getrandom]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -402,24 +440,6 @@ version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" -[[audits.mozilla.audits.libc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.126 -> 0.2.132" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.libc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.132 -> 0.2.138" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.libc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.138 -> 0.2.139" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -645,6 +665,12 @@ criteria = "safe-to-deploy" delta = "1.0.85 -> 1.0.91" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.serde_json]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.0.91 -> 1.0.93" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy"