From 37f41f4b065fba938b83fc614af4add9c6b68aeb Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 19 Jul 2024 03:24:32 +0000 Subject: [PATCH] cargo update --- Cargo.lock | 254 +++++++++++++++++++------------------- supply-chain/audits.toml | 174 ++++++++++++++++++++++++++ supply-chain/config.toml | 5 +- supply-chain/imports.lock | 217 +++++++++++++++++++++++++------- 4 files changed, 476 insertions(+), 174 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9d9bc2d03..b90d3b754 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -303,9 +303,9 @@ dependencies = [ [[package]] name = "async-trait" -version = "0.1.80" +version = "0.1.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" +checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", @@ -510,9 +510,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "bitvec" @@ -620,9 +620,9 @@ checksum = "64fa3c856b712db6612c019f14756e64e4bcea13337a6b33b696333a9eaa2d06" [[package]] name = "bytemuck" -version = "1.16.0" +version = "1.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78834c15cb5d5efe3452d58b1e8ba890dd62d21907f867f383358198e56ebca5" +checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" [[package]] name = "byteorder" @@ -708,7 +708,7 @@ dependencies = [ "iana-time-zone", "num-traits", "serde", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -751,18 +751,18 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.14" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33e92c5c1a78c62968ec57dbc2440366a2d6e5a23faf829970ff1585dc6b18e2" +checksum = "1e578d6ec4194633722ccf9544794b71b1385c3c027efe0c55db226fc880865c" dependencies = [ "clap_builder", ] [[package]] name = "clap_builder" -version = "4.4.14" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4323769dc8a61e2c39ad7dc26f6f2800524691a44d74fe3d1071a5c24db6370" +checksum = "4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7" dependencies = [ "anstream", "anstyle", @@ -943,9 +943,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.19" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] name = "crunchy" @@ -1019,12 +1019,12 @@ dependencies = [ [[package]] name = "darling" -version = "0.20.9" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83b2eb4d90d12bdda5ed17de686c2acb4c57914f8f921b8da7e112b5a36f3fe1" +checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" dependencies = [ - "darling_core 0.20.9", - "darling_macro 0.20.9", + "darling_core 0.20.10", + "darling_macro 0.20.10", ] [[package]] @@ -1043,9 +1043,9 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.20.9" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "622687fe0bac72a04e5599029151f5796111b90f1baaa9b544d807a5e31cd120" +checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" dependencies = [ "fnv", "ident_case", @@ -1068,11 +1068,11 @@ dependencies = [ [[package]] name = "darling_macro" -version = "0.20.9" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178" +checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" dependencies = [ - "darling_core 0.20.9", + "darling_core 0.20.10", "quote", "syn 2.0.63", ] @@ -1319,9 +1319,9 @@ dependencies = [ [[package]] name = "either" -version = "1.11.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "elliptic-curve" @@ -1525,9 +1525,9 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" dependencies = [ "futures-channel", "futures-core", @@ -1556,9 +1556,9 @@ checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-executor" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" dependencies = [ "futures-core", "futures-task", @@ -1567,15 +1567,15 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", @@ -1596,9 +1596,9 @@ checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-util" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-channel", "futures-core", @@ -1859,9 +1859,9 @@ dependencies = [ [[package]] name = "http-body" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http 1.1.0", @@ -1910,9 +1910,9 @@ dependencies = [ [[package]] name = "hyper" -version = "1.3.1" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" +checksum = "50dfd22e0e76d0f662d429a5f80fcaf3855009297eab6a0a9f8543834744ba05" dependencies = [ "bytes", "futures-channel", @@ -1944,9 +1944,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b875924a60b96e5d7b9ae7b066540b1dd1cbd90d1828f54c92e02a283351c56" +checksum = "3ab92f4f49ee4fb4f997c784b7a2e0fa70050211e0b6a287f898c3c9785ca956" dependencies = [ "bytes", "futures-channel", @@ -2147,11 +2147,11 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.5.2", + "spin 0.9.8", ] [[package]] @@ -2172,7 +2172,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "libc", ] @@ -2253,15 +2253,15 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memmap2" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45fd3a57831bf88bc63f8cebc0cf956116276e97fef3966103e96416209f7c92" +checksum = "fe751422e4a8caa417e13c3ea66452215d7d63e19e604f4980461212f3ae1322" dependencies = [ "libc", ] @@ -2310,9 +2310,9 @@ dependencies = [ [[package]] name = "minreq" -version = "2.11.2" +version = "2.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fdef521c74c2884a4f3570bcdb6d2a77b3c533feb6b27ac2ae72673cc221c64" +checksum = "763d142cdff44aaadd9268bebddb156ef6c65a0e13486bb81673cf2d8739f9b0" dependencies = [ "log", "once_cell", @@ -2460,18 +2460,18 @@ dependencies = [ [[package]] name = "num_enum" -version = "0.7.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70bf6736f74634d299d00086f02986875b3c2d924781a6a2cb6c201e73da0ceb" +checksum = "02339744ee7253741199f897151b38e72257d13802d4ee837285cc2990a90845" dependencies = [ "num_enum_derive", ] [[package]] name = "num_enum_derive" -version = "0.7.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ea360eafe1022f7cc56cd7b869ed57330fb2453d0c7831d99b74c65d2f5597" +checksum = "681030a937600a36906c185595136d26abfebb4aa9c65701cefcaf8578bb982b" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -2496,9 +2496,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "oorandom" -version = "11.1.3" +version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" [[package]] name = "opaque-debug" @@ -2613,9 +2613,9 @@ checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" [[package]] name = "parking_lot" -version = "0.12.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e4af0ca4f6caed20e900d564c242b8e5d4903fdacf31d3daf527b66fe6f42fb" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -2631,7 +2631,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -2926,9 +2926,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.85" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -2941,13 +2941,13 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.5.0", + "bitflags 2.6.0", "lazy_static", "num-traits", "rand 0.8.5", "rand_chacha 0.3.1", "rand_xorshift", - "regex-syntax 0.8.3", + "regex-syntax 0.8.4", "rusty-fork", "tempfile", "unarray", @@ -3185,7 +3185,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", ] [[package]] @@ -3207,8 +3207,8 @@ checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.6", - "regex-syntax 0.8.3", + "regex-automata 0.4.7", + "regex-syntax 0.8.4", ] [[package]] @@ -3222,13 +3222,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.3", + "regex-syntax 0.8.4", ] [[package]] @@ -3239,9 +3239,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "retain_mut" @@ -3340,7 +3340,7 @@ version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "549b9d036d571d42e6e85d1c1425e2ac83491075078ca9a15be021c56b1641f2" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "fallible-iterator", "fallible-streaming-iterator", "hashlink", @@ -3381,7 +3381,7 @@ version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -3581,15 +3581,15 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.202" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] @@ -3606,9 +3606,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.202" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", @@ -3626,9 +3626,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.117" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa", "ryu", @@ -3668,7 +3668,7 @@ version = "3.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "65569b702f41443e8bc8bbb1c5779bd0450bbe723b56198980e80ec45780bce2" dependencies = [ - "darling 0.20.9", + "darling 0.20.10", "proc-macro2", "quote", "syn 2.0.63", @@ -3734,7 +3734,7 @@ version = "0.3.1" source = "git+https://github.com/zcash/incrementalmerkletree?rev=337f59179eda51261e9ddfc6b18e8fb84ea277c9#337f59179eda51261e9ddfc6b18e8fb84ea277c9" dependencies = [ "assert_matches", - "bitflags 2.5.0", + "bitflags 2.6.0", "either", "incrementalmerkletree", "proptest", @@ -3944,9 +3944,9 @@ dependencies = [ [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "symbolic-common" @@ -4025,18 +4025,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.60" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.60" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", @@ -4105,9 +4105,9 @@ dependencies = [ [[package]] name = "tinyvec" -version = "1.6.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" dependencies = [ "tinyvec_macros", ] @@ -4227,9 +4227,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f738b6a169a29bca4e39656db89c44a08e09c5b700b896ee9e7459f0652e81dd" +checksum = "38659f4a91aba8598d27821589f5db7dddd94601e7a01b1e485a50e5484c7401" dependencies = [ "async-stream", "async-trait", @@ -4257,9 +4257,9 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "690943cc223adcdd67bb597a2e573ead1b88e999ba37528fe8e6356bf44b29b6" +checksum = "568392c5a2bd0020723e3f387891176aabafe36fd9fcd074ad309dfa0c8eb964" dependencies = [ "prettyplease", "proc-macro2", @@ -4319,7 +4319,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8eb03a8c8ec5236564c2409bbbf7f6b37d2453abbe8847092468a37f195ec678" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "bytes", "caret", "derive_more", @@ -4729,7 +4729,7 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33bff5a547d7caa33339c1c702bbfd6c13d957c8dd65095457fb547ba399ccd8" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "derive_builder_fork_arti", "derive_more", "futures", @@ -4763,7 +4763,7 @@ checksum = "467c8e98df87280219a3a12287ab5b82bd1b00d0a7b88d44ab002ba6383ffe31" dependencies = [ "amplify", "base64ct", - "bitflags 2.5.0", + "bitflags 2.6.0", "cipher", "derive_builder_fork_arti", "derive_more", @@ -5117,9 +5117,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "utf8parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" @@ -5375,7 +5375,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -5393,7 +5393,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -5413,18 +5413,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -5435,9 +5435,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -5447,9 +5447,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -5459,15 +5459,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -5477,9 +5477,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -5489,9 +5489,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -5501,9 +5501,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -5513,9 +5513,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 8a3f7af68..e5f5f4a56 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -17,6 +17,12 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.1.78 -> 0.1.80" +[[audits.async-trait]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.80 -> 0.1.81" +notes = "Changes to generated code look fine." + [[audits.autocfg]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -56,6 +62,36 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-run" delta = "0.2.1 -> 0.2.2" +[[audits.clap]] +who = "Jack Grigg " +criteria = "safe-to-run" +delta = "4.4.14 -> 4.4.18" + +[[audits.clap_builder]] +who = "Jack Grigg " +criteria = "safe-to-run" +delta = "4.5.0 -> 4.4.18" + +[[audits.darling]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.20.9 -> 0.20.10" + +[[audits.darling_core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.20.9 -> 0.20.10" + +[[audits.darling_macro]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.20.9 -> 0.20.10" + +[[audits.either]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.11.0 -> 1.13.0" + [[audits.errno]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -75,6 +111,27 @@ https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8 I have no way to check whether these constants are an improvement or not. """ +[[audits.futures]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +notes = "Only sub-crate updates and corresponding changes to tests." + +[[audits.futures-executor]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" + +[[audits.futures-io]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" + +[[audits.futures-macro]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" + [[audits.futures-macro]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -110,6 +167,11 @@ criteria = "safe-to-deploy" delta = "0.14.2 -> 0.14.5" notes = "I did not thoroughly check the safety argument for fold_impl, but it at least seems to be well documented." +[[audits.http-body]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.0 -> 1.0.1" + [[audits.http-body-util]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -122,6 +184,11 @@ criteria = "safe-to-deploy" delta = "0.4.1 -> 0.5.1" notes = "New uses of pin_project! look fine." +[[audits.hyper-util]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.5 -> 0.1.6" + [[audits.inferno]] who = "Daira-Emma Hopwood " criteria = "safe-to-run" @@ -142,22 +209,57 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-run" delta = "0.4.11 -> 0.4.12" +[[audits.memchr]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.7.2 -> 2.7.4" + +[[audits.memmap2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" + [[audits.minreq]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "2.11.0 -> 2.11.2" +[[audits.minreq]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.11.2 -> 2.12.0" + [[audits.num-bigint]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.4.4 -> 0.4.5" notes = "New uses of unsafe look reasonable." +[[audits.num_enum]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.7.2" + +[[audits.num_enum_derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.7.2" + +[[audits.oorandom]] +who = "Jack Grigg " +criteria = "safe-to-run" +delta = "11.1.3 -> 11.1.4" + [[audits.parking_lot]] who = "Daira-Emma Hopwood " criteria = "safe-to-run" delta = "0.12.1 -> 0.12.2" +[[audits.parking_lot]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.12.2 -> 0.12.3" + [[audits.parking_lot_core]] who = "Daira-Emma Hopwood " criteria = "safe-to-run" @@ -203,6 +305,12 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.12.1 -> 0.12.3" +[[audits.prost-derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.12.3 -> 0.12.6" +notes = "Changes to proc macro code are to fix lints after bumping MSRV." + [[audits.prost-types]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -214,6 +322,16 @@ criteria = "safe-to-run" delta = "0.4.1 -> 0.5.1" notes = "Uses of unsafe look plausible." +[[audits.regex-automata]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.6 -> 0.4.7" + +[[audits.regex-syntax]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.3 -> 0.8.4" + [[audits.rustc-demangle]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -280,6 +398,15 @@ who = "Jack Grigg " criteria = ["safe-to-deploy", "crypto-reviewed"] delta = "0.26.0 -> 0.27.0" +[[audits.semver]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.22 -> 1.0.23" +notes = """ +`build.rs` change is to enable checking for expected `#[cfg]` names if compiling +with Rust 1.80 or later. +""" + [[audits.serde]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -295,6 +422,11 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-run" delta = "1.0.116 -> 1.0.117" +[[audits.serde_json]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.117 -> 1.0.120" + [[audits.smallvec]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -326,11 +458,31 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "1.0.58 -> 1.0.60" +[[audits.thiserror]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.60 -> 1.0.61" + +[[audits.thiserror]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.61 -> 1.0.63" + [[audits.thiserror-impl]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "1.0.58 -> 1.0.60" +[[audits.thiserror-impl]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.60 -> 1.0.61" + +[[audits.thiserror-impl]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.61 -> 1.0.63" + [[audits.tokio-stream]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -346,6 +498,12 @@ who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.11.0" +[[audits.tonic]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.12.0 -> 0.12.1" +notes = "Changes to generics bounds look fine" + [[audits.tonic-build]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -356,6 +514,16 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" +[[audits.tonic-build]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.12.0 -> 0.12.1" + +[[audits.utf8parse]] +who = "Jack Grigg " +criteria = "safe-to-run" +delta = "0.2.1 -> 0.2.2" + [[audits.walkdir]] who = "Daira-Emma Hopwood " criteria = "safe-to-run" @@ -534,6 +702,12 @@ user-id = 64539 # Kenny Kerr (kennykerr) start = "2021-10-27" end = "2025-04-22" +[[trusted.zcash]] +criteria = "safe-to-deploy" +user-id = 6289 # str4d +start = "2024-07-15" +end = "2025-07-19" + [[trusted.zcash_address]] criteria = "safe-to-deploy" user-id = 1244 # ebfull diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 9311656c0..5b922af88 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -31,6 +31,9 @@ audit-as-crates-io = true [policy.f4jumble] audit-as-crates-io = true +[policy.zcash] +audit-as-crates-io = true + [policy.zcash_address] audit-as-crates-io = true @@ -585,7 +588,7 @@ version = "1.1.1" criteria = "safe-to-deploy" [[exemptions.hyper]] -version = "1.3.1" +version = "1.4.1" criteria = "safe-to-deploy" [[exemptions.hyper-timeout]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index c5a1a15fa..6f1a40638 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -94,8 +94,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -108,8 +108,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -122,8 +122,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -136,15 +136,15 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnullvm]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -157,8 +157,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -171,8 +171,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -185,8 +185,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -199,12 +199,18 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.zcash]] +version = "0.1.0" +when = "2024-07-15" +user-id = 6289 +user-login = "str4d" + [[publisher.zcash_address]] version = "0.3.2" when = "2024-03-06" @@ -575,6 +581,16 @@ criteria = "safe-to-deploy" version = "1.1.4" notes = "uses unsafe to implement thread local storage of objects" +[[audits.bytecode-alliance.audits.tinyvec]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.6.0" +notes = """ +This crate, while it implements collections, does so without `std::*` APIs and +without `unsafe`. Skimming the crate everything looks reasonable and what one +would expect from idiomatic safe collections in Rust. +""" + [[audits.bytecode-alliance.audits.tokio-rustls]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -842,6 +858,13 @@ criteria = "safe-to-deploy" delta = "2.4.2 -> 2.5.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.0" +notes = "The changes from the previous version are negligible and thus it retains the same properties." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -855,6 +878,16 @@ criteria = "safe-to-deploy" delta = "1.14.3 -> 1.15.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.16.1" +notes = """ +The delta only adds `f16` and `f128` support (with some other minor changes) +and has no impact on the audit criteria. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.cast]] who = "George Burgess IV " criteria = "safe-to-run" @@ -901,6 +934,12 @@ criteria = "safe-to-run" delta = "4.4.8 -> 4.4.14" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.clap_builder]] +who = "Lukasz Anforowicz " +criteria = "safe-to-run" +delta = "4.4.14 -> 4.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.clap_lex]] who = "danakj@chromium.org" criteria = "safe-to-run" @@ -1004,6 +1043,27 @@ Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are two places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5347418. + +This crate has been added to Chromium in https://crrev.com/c/3321895. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +notes = "Unsafe review notes: https://crrev.com/c/5650836" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nix]] who = "David Koloski " criteria = "safe-to-run" @@ -1105,6 +1165,18 @@ delta = "1.0.84 -> 1.0.85" notes = "Test-only changes." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.85 -> 1.0.86" +notes = """ +Comment-only changes in `build.rs`. +Reordering of `Cargo.toml` entries. +Just bumping up the version number in `lib.rs`. +Config-related changes in `test_size.rs`. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.quote]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1195,6 +1267,25 @@ criteria = "safe-to-deploy" delta = "1.0.197 -> 1.0.198" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.198 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1208,6 +1299,19 @@ criteria = "safe-to-deploy" delta = "1.0.197 -> 1.0.201" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.sha1]] who = "David Koloski " criteria = "safe-to-deploy" @@ -1278,24 +1382,21 @@ version = "1.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.tinyvec]] -who = "Lukasz Anforowicz " +who = "Adrian Taylor " criteria = "safe-to-deploy" -version = "1.6.0" -notes = """ -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` -and there were no hits except for some \"unsafe\" appearing in comments: +delta = "1.6.0 -> 1.6.1" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -``` -src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on -src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the -src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this -src/lib.rs://! crate* introduces no new `unsafe` code into your project. -src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code -``` +[[audits.google.audits.tinyvec]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.6.1 -> 1.7.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -This crate has been added to Chromium in -https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b -""" +[[audits.google.audits.tinyvec]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.7.0 -> 1.8.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.tinyvec_macros]] @@ -1536,6 +1637,11 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.10.8" +[[audits.isrg.audits.subtle]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.1" + [[audits.isrg.audits.thiserror]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -1689,6 +1795,13 @@ criteria = "safe-to-deploy" version = "0.3.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crossbeam-utils]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.8.19 -> 0.8.20" +notes = "Minor changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1875,13 +1988,6 @@ criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.lazy_static]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "I have read over the macros, and audited the unsafe code." -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - [[audits.mozilla.audits.litrs]] who = "Erich Gubler " criteria = "safe-to-deploy" @@ -2034,12 +2140,6 @@ criteria = "safe-to-deploy" delta = "0.6.27 -> 0.6.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.serde]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "1.0.198 -> 1.0.201" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" @@ -2446,6 +2546,31 @@ delta = "0.3.29 -> 0.3.30" notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures-util]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" +notes = """ +Only change to `unsafe` code is to add a `Fut: Send` bound to the +`unsafe impl Sync for FuturesUnordered`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-util]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" +notes = """ +- Removes `build.rs` now that it can rely on the `target_has_atomic` attribute. +- Almost all changes to `unsafe` blocks are to either move them around, or + replace them with safe method calls. +- One new `unsafe` block is added for a slice lifetime transmutation. The slice + reconstruction is obviously correct. AFAICT the lifetime transmutation is also + correct; the slice's lifetime logically comes from the `AsyncBufRead` reader + inside `FillBuf`, rather than the `Context`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.hermit-abi]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy"