zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

build(deps): bump the prod group across 1 directory with 24 updates (#8899) 

* build(deps): bump the prod group across 1 directory with 24 updates

Bumps the prod group with 24 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.13` | `4.5.18` |
| [indexmap](https://github.com/indexmap-rs/indexmap) | `2.3.0` | `2.5.0` |
| [serde](https://github.com/serde-rs/serde) | `1.0.204` | `1.0.210` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.39.2` | `1.40.0` |
| [tokio-stream](https://github.com/tokio-rs/tokio) | `0.1.15` | `0.1.16` |
| [tower](https://github.com/tower-rs/tower) | `0.4.13` | `0.5.0` |
| [thiserror](https://github.com/dtolnay/thiserror) | `1.0.63` | `1.0.64` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.6` | `0.1.9` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.7.1` | `1.7.2` |
| [regex](https://github.com/rust-lang/regex) | `1.10.6` | `1.11.0` |
| [insta](https://github.com/mitsuhiko/insta) | `1.39.0` | `1.40.0` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.122` | `1.0.128` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.11.0` | `3.13.0` |
| [prost](https://github.com/tokio-rs/prost) | `0.13.1` | `0.13.3` |
| [tonic](https://github.com/hyperium/tonic) | `0.12.1` | `0.12.3` |
| [tonic-build](https://github.com/hyperium/tonic) | `0.12.1` | `0.12.3` |
| [primitive-types](https://github.com/paritytech/parity-common) | `0.12.2` | `0.13.1` |
| [uint](https://github.com/paritytech/parity-common) | `0.9.5` | `0.10.0` |
| [tokio-util](https://github.com/tokio-rs/tokio) | `0.7.11` | `0.7.12` |
| [rlimit](https://github.com/Nugine/rlimit) | `0.10.1` | `0.10.2` |
| [tonic-reflection](https://github.com/hyperium/tonic) | `0.12.1` | `0.12.3` |
| [owo-colors](https://github.com/jam1garner/owo-colors) | `4.0.0` | `4.1.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.72` | `2.0.79` |
| [quote](https://github.com/dtolnay/quote) | `1.0.36` | `1.0.37` |



Updates `clap` from 4.5.13 to 4.5.18
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.13...clap_complete-v4.5.18)

Updates `indexmap` from 2.3.0 to 2.5.0
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md)
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.3.0...2.5.0)

Updates `serde` from 1.0.204 to 1.0.210
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.204...v1.0.210)

Updates `tokio` from 1.39.2 to 1.40.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.39.2...tokio-1.40.0)

Updates `tokio-stream` from 0.1.15 to 0.1.16
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-stream-0.1.15...tokio-stream-0.1.16)

Updates `tower` from 0.4.13 to 0.5.0
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.4.13...tower-0.5.0)

Updates `thiserror` from 1.0.63 to 1.0.64
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.63...1.0.64)

Updates `hyper-util` from 0.1.6 to 0.1.9
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.6...v0.1.9)

Updates `bytes` from 1.7.1 to 1.7.2
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.7.1...v1.7.2)

Updates `regex` from 1.10.6 to 1.11.0
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.6...1.11.0)

Updates `insta` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/mitsuhiko/insta/releases)
- [Changelog](https://github.com/mitsuhiko/insta/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/insta/compare/1.39.0...1.40.0)

Updates `serde_json` from 1.0.122 to 1.0.128
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.122...1.0.128)

Updates `tempfile` from 3.11.0 to 3.13.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.11.0...v3.13.0)

Updates `prost` from 0.13.1 to 0.13.3
- [Release notes](https://github.com/tokio-rs/prost/releases)
- [Changelog](https://github.com/tokio-rs/prost/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/prost/compare/v0.13.1...v0.13.3)

Updates `tonic` from 0.12.1 to 0.12.3
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/tonic/compare/v0.12.1...v0.12.3)

Updates `tonic-build` from 0.12.1 to 0.12.3
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/tonic/compare/v0.12.1...v0.12.3)

Updates `primitive-types` from 0.12.2 to 0.13.1
- [Commits](https://github.com/paritytech/parity-common/commits/primitive-types-v0.13.1)

Updates `uint` from 0.9.5 to 0.10.0
- [Commits](https://github.com/paritytech/parity-common/compare/uint-v0.9.5...uint-v0.10.0)

Updates `tokio-util` from 0.7.11 to 0.7.12
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.11...tokio-util-0.7.12)

Updates `rlimit` from 0.10.1 to 0.10.2
- [Changelog](https://github.com/Nugine/rlimit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Nugine/rlimit/compare/v0.10.1...v0.10.2)

Updates `tonic-reflection` from 0.12.1 to 0.12.3
- [Release notes](https://github.com/hyperium/tonic/releases)
- [Changelog](https://github.com/hyperium/tonic/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/tonic/compare/v0.12.1...v0.12.3)

Updates `owo-colors` from 4.0.0 to 4.1.0
- [Commits](https://github.com/jam1garner/owo-colors/compare/v4.0.0...v4.1.0)

Updates `syn` from 2.0.72 to 2.0.79
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.72...2.0.79)

Updates `quote` from 1.0.36 to 1.0.37
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.36...1.0.37)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: indexmap
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: tokio-stream
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: insta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: prost
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic-build
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: primitive-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: uint
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: tokio-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: rlimit
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tonic-reflection
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: owo-colors
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: quote
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
...

Signed-off-by: dependabot[bot] <support@github.com>

* downgrade `primitive-types` and `tower`

* fix docs and deprecated stuff

* cargo vet updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
This commit is contained in:
dependabot[bot] 2024-10-07 20:11:13 +00:00 committed by GitHub
parent abfb9ce29c
commit 841047aa37
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
25 changed files with 1049 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

349
Cargo.lock
View File

File diff suppressed because it is too large Load Diff

384
supply-chain/audits.toml
View File

@ -1,6 +1,11 @@
# cargo-vet audits file
[[audits.anstyle]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.7 -> 1.0.8"
[[audits.axum]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -11,6 +16,21 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.4 -> 0.4.3"
[[audits.bip32]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.5.2"
[[audits.bridgetree]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.0"
[[audits.bytemuck]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.16.3 -> 1.16.1"
[[audits.bytes]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -21,6 +41,11 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.1"
[[audits.cfg_aliases]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.1"
[[audits.clap_derive]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -66,6 +91,18 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.0"
[[audits.equihash]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.f4jumble]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.git2]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -81,11 +118,26 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.3.1 -> 1.4.1"
[[audits.hyper-util]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.6 -> 0.1.9"
[[audits.incrementalmerkletree]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.0"
[[audits.indexmap]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.2.6 -> 2.3.0"
[[audits.indexmap]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.5.0"
[[audits.inferno]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -96,11 +148,26 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.11.20 -> 0.11.21"
[[audits.insta]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.39.0 -> 1.40.0"
[[audits.libc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.155 -> 0.2.159"
[[audits.libgit2-sys]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.16.2+1.7.2 -> 0.17.0+1.8.1"
[[audits.libyml]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
version = "0.0.5"
[[audits.log]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -131,6 +198,21 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.11 -> 1.0.1"
[[audits.nix]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
version = "0.15.0"
[[audits.orchard]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.9.0"
[[audits.owo-colors]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "4.0.0 -> 4.1.0"
[[audits.proptest-derive]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -141,6 +223,11 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.6 -> 0.13.1"
[[audits.prost]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.13.1 -> 0.13.3"
[[audits.prost-build]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -151,6 +238,11 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.6 -> 0.13.1"
[[audits.prost-derive]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.13.1 -> 0.13.3"
[[audits.prost-types]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -161,6 +253,36 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.10.5 -> 1.10.6"
[[audits.regex]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.10.6 -> 1.11.0"
[[audits.regex-automata]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.7 -> 0.4.8"
[[audits.regex-syntax]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.5"
[[audits.rlimit]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
[[audits.rustix]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.38.34 -> 0.38.37"
[[audits.sapling-crypto]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
[[audits.serde_spanned]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -186,21 +308,46 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "3.8.3 -> 3.9.0"
[[audits.serde_yml]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
version = "0.0.12"
[[audits.shardtree]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.4.0"
[[audits.tempfile]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "3.10.1 -> 3.11.0"
[[audits.tempfile]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "3.11.0 -> 3.13.0"
[[audits.thiserror]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.61 -> 1.0.62"
[[audits.thiserror]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.63 -> 1.0.64"
[[audits.thiserror-impl]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.63 -> 1.0.62"
[[audits.thiserror-impl]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.63 -> 1.0.64"
[[audits.tokio]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -216,6 +363,16 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.4.0"
[[audits.tokio-stream]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.15 -> 0.1.16"
[[audits.tokio-util]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.7.11 -> 0.7.12"
[[audits.toml]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -261,6 +418,16 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.11.0 -> 0.12.0"
[[audits.tonic]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.12.3"
[[audits.tonic-build]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.12.3"
[[audits.tonic-reflection]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
@ -271,16 +438,233 @@ who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"
[[audits.tonic-reflection]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.12.3"
[[audits.tower-batch-control]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.41-beta.14 -> 0.2.41-beta.15"
[[audits.tower-fallback]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.41-beta.14 -> 0.2.41-beta.15"
[[audits.tower-layer]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.2 -> 0.3.3"
[[audits.tower-service]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.2 -> 0.3.3"
[[audits.uint]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.5 -> 0.10.0"
[[audits.vergen]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "8.3.1 -> 8.3.2"
[[audits.version_check]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.4 -> 0.9.5"
[[audits.windows-sys]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.0 -> 0.59.0"
[[audits.windows-targets]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_aarch64_gnullvm]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_aarch64_msvc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_i686_gnu]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_i686_gnullvm]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_i686_msvc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_x86_64_gnu]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_x86_64_gnullvm]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.windows_x86_64_msvc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.52.5 -> 0.52.6"
[[audits.winnow]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.6.13 -> 0.6.18"
[[audits.zcash_address]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.0"
[[audits.zcash_address]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zcash_client_backend]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.13.0"
[[audits.zcash_client_backend]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.13.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zcash_encoding]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.1 -> 0.2.1@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zcash_keys]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zcash_primitives]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.16.0 -> 0.17.0"
[[audits.zcash_primitives]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.17.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zcash_proofs]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.16.0 -> 0.17.0"
[[audits.zcash_protocol]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.2.0"
[[audits.zcash_protocol]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.3.0"
[[audits.zcash_protocol]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[audits.zebra-chain]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-consensus]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-grpc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.0-alpha.5 -> 0.1.0-alpha.6"
[[audits.zebra-network]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-node-services]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-rpc]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-script]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-state]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-test]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebra-utils]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-beta.38 -> 1.0.0-beta.39"
[[audits.zebrad]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.9.0"
[[audits.zip321]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.zip321]]
who = "Alfredo Garcia <oxarbitrage@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4"
importable = false
[[trusted.clap]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)

96
supply-chain/config.toml
View File

@ -1,3 +1,4 @@
# cargo-vet config file
[cargo-vet]
@ -15,12 +16,36 @@ url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/
[imports.zcashd]
url = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[policy.equihash]
audit-as-crates-io = true
[policy.f4jumble]
audit-as-crates-io = true
[policy.tower-batch-control]
audit-as-crates-io = true
[policy.tower-fallback]
audit-as-crates-io = true
[policy.zcash_address]
audit-as-crates-io = true
[policy.zcash_client_backend]
audit-as-crates-io = true
[policy.zcash_encoding]
audit-as-crates-io = true
[policy.zcash_keys]
audit-as-crates-io = true
[policy.zcash_primitives]
audit-as-crates-io = true
[policy.zcash_protocol]
audit-as-crates-io = true
[policy.zebra-chain]
audit-as-crates-io = true
@ -57,6 +82,9 @@ audit-as-crates-io = true
[policy.zebrad]
audit-as-crates-io = true
[policy.zip321]
audit-as-crates-io = true
[[exemptions.abscissa_core]]
version = "0.7.0"
criteria = "safe-to-deploy"
@ -69,10 +97,6 @@ criteria = "safe-to-deploy"
version = "0.21.0"
criteria = "safe-to-deploy"
[[exemptions.adler]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.aead]]
version = "0.5.2"
criteria = "safe-to-deploy"
@ -89,10 +113,6 @@ criteria = "safe-to-deploy"
version = "1.1.3"
criteria = "safe-to-deploy"
[[exemptions.allocator-api2]]
version = "0.2.18"
criteria = "safe-to-deploy"
[[exemptions.android-tzdata]]
version = "0.1.1"
criteria = "safe-to-deploy"
@ -197,14 +217,6 @@ criteria = "safe-to-deploy"
version = "1.3.3"
criteria = "safe-to-deploy"
[[exemptions.bip0039]]
version = "0.10.1"
criteria = "safe-to-deploy"
[[exemptions.bitflags]]
version = "1.3.2"
criteria = "safe-to-deploy"
[[exemptions.bitflags-serde-legacy]]
version = "0.1.1"
criteria = "safe-to-deploy"
@ -249,10 +261,6 @@ criteria = "safe-to-deploy"
version = "1.2.2"
criteria = "safe-to-deploy"
[[exemptions.byteorder]]
version = "1.5.0"
criteria = "safe-to-deploy"
[[exemptions.bytes]]
version = "1.6.0"
criteria = "safe-to-deploy"
@ -369,10 +377,6 @@ criteria = "safe-to-deploy"
version = "0.2.12"
criteria = "safe-to-deploy"
[[exemptions.crc32fast]]
version = "1.4.2"
criteria = "safe-to-deploy"
[[exemptions.criterion]]
version = "0.5.1"
criteria = "safe-to-run"
@ -513,10 +517,6 @@ criteria = "safe-to-deploy"
version = "0.4.2"
criteria = "safe-to-deploy"
[[exemptions.flate2]]
version = "1.0.30"
criteria = "safe-to-deploy"
[[exemptions.flume]]
version = "0.10.14"
criteria = "safe-to-deploy"
@ -621,10 +621,6 @@ criteria = "safe-to-deploy"
version = "7.5.4"
criteria = "safe-to-deploy"
[[exemptions.hdwallet]]
version = "0.4.1"
criteria = "safe-to-deploy"
[[exemptions.heck]]
version = "0.3.3"
criteria = "safe-to-deploy"
@ -905,10 +901,6 @@ criteria = "safe-to-deploy"
version = "0.2.1"
criteria = "safe-to-deploy"
[[exemptions.miniz_oxide]]
version = "0.7.4"
criteria = "safe-to-deploy"
[[exemptions.mio]]
version = "0.8.11"
criteria = "safe-to-deploy"
@ -1033,18 +1025,10 @@ criteria = "safe-to-deploy"
version = "0.9.10"
criteria = "safe-to-deploy"
[[exemptions.password-hash]]
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.pasta_curves]]
version = "0.5.1"
criteria = "safe-to-deploy"
[[exemptions.pbkdf2]]
version = "0.10.1"
criteria = "safe-to-deploy"
[[exemptions.percent-encoding]]
version = "2.3.1"
criteria = "safe-to-deploy"
@ -1265,10 +1249,6 @@ criteria = "safe-to-deploy"
version = "0.8.37"
criteria = "safe-to-deploy"
[[exemptions.ring]]
version = "0.16.20"
criteria = "safe-to-deploy"
[[exemptions.ring]]
version = "0.17.8"
criteria = "safe-to-deploy"
@ -1461,10 +1441,6 @@ criteria = "safe-to-deploy"
version = "0.1.1"
criteria = "safe-to-deploy"
[[exemptions.spin]]
version = "0.5.2"
criteria = "safe-to-deploy"
[[exemptions.spin]]
version = "0.9.8"
criteria = "safe-to-deploy"
@ -1481,10 +1457,6 @@ criteria = "safe-to-deploy"
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.strsim]]
version = "0.11.1"
criteria = "safe-to-deploy"
[[exemptions.structopt]]
version = "0.3.26"
criteria = "safe-to-deploy"
@ -1633,10 +1605,6 @@ criteria = "safe-to-deploy"
version = "0.1.27"
criteria = "safe-to-deploy"
[[exemptions.tracing-core]]
version = "0.1.32"
criteria = "safe-to-deploy"
[[exemptions.tracing-error]]
version = "0.2.0"
criteria = "safe-to-deploy"
@ -1713,14 +1681,6 @@ criteria = "safe-to-deploy"
version = "0.5.1"
criteria = "safe-to-deploy"
[[exemptions.unsafe-libyaml]]
version = "0.2.11"
criteria = "safe-to-deploy"
[[exemptions.untrusted]]
version = "0.7.1"
criteria = "safe-to-deploy"
[[exemptions.untrusted]]
version = "0.9.0"
criteria = "safe-to-deploy"

393
supply-chain/imports.lock
View File

@ -1,6 +1,10 @@
# cargo-vet imports lock
[[unpublished.zebra-scan]]
version = "0.1.0-alpha.8"
audited_as = "0.1.0-alpha.7"
[[publisher.cexpr]]
version = "0.6.0"
when = "2021-10-11"
@ -9,22 +13,22 @@ user-login = "emilio"
user-name = "Emilio Cobos Álvarez"
[[publisher.clap]]
version = "4.5.13"
when = "2024-07-31"
version = "4.5.18"
when = "2024-09-20"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"
[[publisher.clap_builder]]
version = "4.5.13"
when = "2024-07-31"
version = "4.5.18"
when = "2024-09-20"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"
[[publisher.clap_derive]]
version = "4.5.13"
when = "2024-07-31"
version = "4.5.18"
when = "2024-09-20"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"
@ -44,8 +48,8 @@ user-login = "hsivonen"
user-name = "Henri Sivonen"
[[publisher.serde_json]]
version = "1.0.122"
when = "2024-08-01"
version = "1.0.128"
when = "2024-09-04"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
@ -58,15 +62,15 @@ user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.syn]]
version = "2.0.72"
when = "2024-07-21"
version = "2.0.79"
when = "2024-09-27"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.tokio]]
version = "1.39.2"
when = "2024-07-27"
version = "1.40.0"
when = "2024-08-30"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"
@ -85,6 +89,19 @@ user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[audits.google.audits.adler]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits (except in comments and in the `README.md` file).
Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.async-stream]]
who = "Tyler Mandry <tmandry@google.com>"
criteria = "safe-to-deploy"
@ -146,6 +163,22 @@ version = "0.13.1"
notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.3.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review
The crate exposes a function marked as `unsafe`, but doesn't use any
`unsafe` blocks (except for tests of the single `unsafe` function). I
think this justifies marking this crate as `ub-risk-1`.
Additional review comments can be found at https://crrev.com/c/4723145/31
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@ -179,30 +212,21 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p
[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.14.3"
notes = "Additional review notes may be found in https://crrev.com/c/5362675."
version = "1.16.3"
notes = """
Review notes from the original audit (of 1.14.3) may be found in
https://crrev.com/c/5362675. Note that this audit has initially missed UB risk
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
Because of this, the original audit has been edited to certify version `1.16.3`
instead (see also https://crrev.com/c/5771867).
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.14.3 -> 1.15.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
[[audits.google.audits.byteorder]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.15.0 -> 1.16.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.16.0 -> 1.16.1"
notes = """
The delta only adds `f16` and `f128` support (with some other minor changes)
and has no impact on the audit criteria.
"""
version = "1.5.0"
notes = "Unsafe review in https://crrev.com/c/5838022"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.cast]]
@ -217,6 +241,18 @@ criteria = "safe-to-deploy"
version = "1.0.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crc32fast]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.4.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review
Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -233,6 +269,41 @@ that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.30"
notes = '''
WARNING: This certification is a result of a **partial** audit. The
`any_zlib` code has **not** been audited. Ability to track partial
audits is tracked in https://github.com/mozilla/cargo-vet/issues/380
Chromium does use the `any_zlib` feature(s). Accidentally depending on
this feature in the future is prevented using the `ban_features` feature
of `gnrt` - see:
https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review
I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`:
* The code under `src/ffi/...` will not be used because the `mod c`
declaration in `src/ffi/mod.rs` depends on the `any_zlib` config
* 7 uses of `unsafe` in `src/mem.rs` also all depend on the
`any_zlib` config:
- 2 in `fn set_dictionary` (under `impl Compress`)
- 2 in `fn set_level` (under `impl Compress`)
- 3 in `fn set_dictionary` (under `impl Decompress`)
All hits of `'\bfs\b'` are in comments, or example code, or test code
(but not in product code).
There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.futures]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -311,6 +382,22 @@ delta = "1.4.0 -> 1.5.0"
notes = "Unsafe review notes: https://crrev.com/c/5650836"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.miniz_oxide]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.7.4"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits, except for some mentions of "unsafe" in the `README.md`
and in a comment in `src/deflate/core.rs`. The comment discusses whether a
function should be treated as unsafe, but there is no actual `unsafe` code, so
the crate meets the `ub-risk-0` criteria.
Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.nom]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
@ -432,6 +519,16 @@ criteria = "safe-to-deploy"
delta = "1.0.35 -> 1.0.36"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.36 -> 1.0.37"
notes = """
The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
`primitive!` macro and 2) adds `impl ToTokens` for `CStr` and `CString`.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@ -541,6 +638,32 @@ criteria = "safe-to-deploy"
delta = "1.0.203 -> 1.0.204"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.204 -> 1.0.207"
notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.207 -> 1.0.209"
notes = """
The delta carries fairly small changes in `src/private/de.rs` and
`src/private/ser.rs` (see https://crrev.com/c/5812194/2..5). AFAICT the
delta has no impact on the `unsafe`, `from_utf8_unchecked`-related parts
of the crate (in `src/de/format.rs` and `src/ser/impls.rs`).
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.209 -> 1.0.210"
notes = "Almost no new code - just feature rearrangement"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@ -573,6 +696,32 @@ criteria = "safe-to-deploy"
delta = "1.0.203 -> 1.0.204"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.204 -> 1.0.207"
notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits'
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.207 -> 1.0.209"
notes = '''
There are no code changes in this delta - see https://crrev.com/c/5812194/2..5
I've neverthless also grepped for `-i cipher`, `-i crypto`, `\bfs\b`,
`\bnet\b`, and `\bunsafe\b`. There were no hits.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.209 -> 1.0.210"
notes = "Almost no new code - just feature rearrangement"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.static_assertions]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@ -746,6 +895,12 @@ end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.allocator-api2]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.2.18"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
@ -834,6 +989,13 @@ version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.cfg_aliases]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.2.1"
notes = "Very minor changes."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.core-foundation]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
@ -871,6 +1033,12 @@ criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@ -943,6 +1111,47 @@ delta = "0.4.18 -> 0.4.20"
notes = "Only cfg attribute and internal macro changes and module refactorings"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.15.0 -> 0.25.0"
notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.25.0 -> 0.25.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.25.1 -> 0.26.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.26.2 -> 0.27.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.27.1 -> 0.28.0"
notes = """
Many new features and bugfixes. Obviously there's a lot of unsafe code calling
libc, but the usage looks correct.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nix]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.28.0 -> 0.29.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.num-conv]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
@ -970,6 +1179,12 @@ version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.strsim]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@ -1017,6 +1232,17 @@ criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.18"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.tracing-core]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.30"
notes = """
Most unsafe code is in implementing non-std sync primitives. Unsafe impls are
logically correct and justified in comments, and unsafe code is sound and
justified in comments.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.zerocopy]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
@ -1043,6 +1269,22 @@ criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.3.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.bip32]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
version = "0.5.1"
notes = """
- Crate has no unsafe code, and sets `#![forbid(unsafe_code)]`.
- Crate has no powerful imports. Only filesystem acces is via `include_str!`, and is safe.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.bytes]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.7.1 -> 1.7.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.fastrand]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1050,26 +1292,11 @@ delta = "2.0.0 -> 2.0.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.fastrand]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.0.2"
delta = "2.1.0 -> 2.1.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.fastrand]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
notes = """
As noted in the changelog, this version produces different output for a given seed.
The documentation did not mention stability. It is possible that some uses relying on
determinism across the update would be broken.
The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked):
https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145
I have no way to check whether these constants are an improvement or not.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.futures]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1190,6 +1417,12 @@ be set correctly by `cargo`.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.secp256k1]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.26.0 -> 0.27.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.signature]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1268,6 +1501,34 @@ criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.tracing-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.30 -> 0.1.31"
notes = """
The only new `unsafe` block is to intentionally leak a scoped subscriber onto
the heap when setting it as the global default dispatcher. I checked that the
global default can only be set once and is never dropped.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.tracing-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.31 -> 0.1.32"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.visibility]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = """
- Crate has no unsafe code, and sets `#![forbid(unsafe_code)]`.
- Crate has no powerful imports, and exclusively provides a proc macro
that safely malleates a visibility modifier.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.wagyu-zcash-parameters]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1316,6 +1577,40 @@ criteria = "safe-to-deploy"
version = "0.2.92"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.zcash_address]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.3.2 -> 0.4.0"
notes = "This release contains no unsafe code and consists soley of added convenience methods."
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.zcash_encoding]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "This release adds minor convenience methods and involves no unsafe code."
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.zcash_keys]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.3.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.zcash_primitives]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.15.1 -> 0.16.0"
notes = "The primary change here is the switch from the `hdwallet` dependency to using `bip32`."
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.zcash_proofs]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.15.0 -> 0.16.0"
notes = "This release involves only updates of previously-vetted dependencies."
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.zerocopy]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"

6
tower-batch-control/Cargo.toml
View File

@ -26,8 +26,8 @@ futures = "0.3.30"
futures-core = "0.3.28"
pin-project = "1.1.5"
rayon = "1.10.0"
tokio = { version = "1.39.2", features = ["time", "sync", "tracing", "macros"] }
tokio-util = "0.7.11"
tokio = { version = "1.40.0", features = ["time", "sync", "tracing", "macros"] }
tokio-util = "0.7.12"
tower = { version = "0.4.13", features = ["util", "buffer"] }
tracing = "0.1.39"
tracing-futures = "0.2.5"
@ -41,7 +41,7 @@ tinyvec = { version = "1.8.0", features = ["rustc_1_55"] }
ed25519-zebra = "4.0.3"
rand = "0.8.5"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
tokio-test = "0.4.4"
tower-fallback = { path = "../tower-fallback/", version = "0.2.41-beta.15" }
tower-test = "0.4.0"

2
tower-fallback/Cargo.toml
View File

@ -22,6 +22,6 @@ futures-core = "0.3.28"
tracing = "0.1.39"
[dev-dependencies]
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" }

14
zebra-chain/Cargo.toml
View File

@ -81,7 +81,7 @@ group = "0.13.0"
incrementalmerkletree.workspace = true
jubjub = "0.10.0"
lazy_static = "1.4.0"
tempfile = "3.11.0"
tempfile = "3.13.0"
dirs = "5.0.1"
num-integer = "0.1.46"
primitive-types = "0.12.2"
@ -90,7 +90,7 @@ ripemd = "0.1.3"
# Matches version used by hdwallet
secp256k1 = { version = "0.26.0", features = ["serde"] }
sha2 = { version = "0.10.7", features = ["compress"] }
uint = "0.9.5"
uint = "0.10.0"
x25519-dalek = { version = "2.0.1", features = ["serde"] }
# ECC deps
@ -110,12 +110,12 @@ humantime = "2.1.0"
# Error Handling & Formatting
static_assertions = "1.1.0"
thiserror = "1.0.63"
thiserror = "1.0.64"
tracing = "0.1.39"
# Serialization
hex = { version = "0.4.3", features = ["serde"] }
serde = { version = "1.0.204", features = ["serde_derive", "rc"] }
serde = { version = "1.0.210", features = ["serde_derive", "rc"] }
serde_with = "3.9.0"
serde-big-array = "0.5.1"
@ -130,10 +130,10 @@ redjubjub = "0.7.0"
reddsa = "0.5.1"
# Production feature json-conversion
serde_json = { version = "1.0.122", optional = true }
serde_json = { version = "1.0.128", optional = true }
# Production feature async-error and testing feature proptest-impl
tokio = { version = "1.39.2", optional = true }
tokio = { version = "1.40.0", optional = true }
# Experimental feature shielded-scan
zcash_client_backend = { workspace = true, optional = true }
@ -166,7 +166,7 @@ proptest-derive = "0.5.0"
rand = "0.8.5"
rand_chacha = "0.3.1"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" }

5
zebra-chain/src/work/difficulty.rs
View File

@ -457,10 +457,7 @@ impl ExpandedDifficulty {
/// Zebra displays difficulties in big-endian byte-order,
/// following the u256 convention set by Bitcoin and zcashd.
pub fn bytes_in_display_order(&self) -> [u8; 32] {
let mut reversed_bytes = [0; 32];
self.0.to_big_endian(&mut reversed_bytes);
reversed_bytes
self.0.to_big_endian()
}
/// Convert bytes in big-endian byte-order into an [`ExpandedDifficulty`].

1
zebra-chain/src/work/u256.rs
View File

@ -4,6 +4,7 @@
#![allow(clippy::all)]
#![allow(clippy::range_plus_one)]
#![allow(clippy::fallible_impl_from)]
#![allow(missing_docs)]
use uint::construct_uint;

8
zebra-consensus/Cargo.toml
View File

@ -46,13 +46,13 @@ rayon = "1.10.0"
chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] }
lazy_static = "1.4.0"
once_cell = "1.18.0"
serde = { version = "1.0.204", features = ["serde_derive"] }
serde = { version = "1.0.210", features = ["serde_derive"] }
futures = "0.3.30"
futures-util = "0.3.28"
metrics = "0.23.0"
thiserror = "1.0.63"
tokio = { version = "1.39.2", features = ["time", "sync", "tracing", "rt-multi-thread"] }
thiserror = "1.0.64"
tokio = { version = "1.40.0", features = ["time", "sync", "tracing", "rt-multi-thread"] }
tower = { version = "0.4.13", features = ["timeout", "util", "buffer"] }
tracing = "0.1.39"
tracing-futures = "0.2.5"
@ -90,7 +90,7 @@ proptest = "1.4.0"
proptest-derive = "0.5.0"
spandoc = "0.2.2"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
tracing-error = "0.2.0"
tracing-subscriber = "0.3.18"

16
zebra-grpc/Cargo.toml
View File

@ -17,12 +17,12 @@ categories = ["cryptography::cryptocurrencies"]
[dependencies]
futures-util = "0.3.28"
tonic = "0.12.1"
tonic-reflection = "0.12.1"
prost = "0.13.1"
serde = { version = "1.0.204", features = ["serde_derive"] }
tokio = { version = "1.39.2", features = ["macros", "rt-multi-thread"] }
tokio-stream = "0.1.15"
tonic = "0.12.3"
tonic-reflection = "0.12.3"
prost = "0.13.3"
serde = { version = "1.0.210", features = ["serde_derive"] }
tokio = { version = "1.40.0", features = ["macros", "rt-multi-thread"] }
tokio-stream = "0.1.16"
tower = { version = "0.4.13", features = ["util", "buffer", "timeout"] }
color-eyre = "0.6.3"
@ -32,10 +32,10 @@ zebra-node-services = { path = "../zebra-node-services", version = "1.0.0-beta.3
zebra-chain = { path = "../zebra-chain" , version = "1.0.0-beta.39" }
[build-dependencies]
tonic-build = "0.12.1"
tonic-build = "0.12.3"
[dev-dependencies]
insta = { version = "1.39.0", features = ["redactions", "json", "ron"] }
insta = { version = "1.40.0", features = ["redactions", "json", "ron"] }
zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] }
zebra-state = { path = "../zebra-state" }

2
zebra-grpc/build.rs
View File

@ -10,7 +10,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
.protoc_arg("--experimental_allow_proto3_optional")
.type_attribute(".", "#[derive(serde::Deserialize, serde::Serialize)]")
.file_descriptor_set_path(out_dir.join("scanner_descriptor.bin"))
.compile(&["proto/scanner.proto"], &[""])?;
.compile_protos(&["proto/scanner.proto"], &[""])?;
Ok(())
}

2
zebra-grpc/src/server.rs
View File

@ -459,7 +459,7 @@ where
let service = ScannerRPC { scan_service };
let reflection_service = tonic_reflection::server::Builder::configure()
.register_encoded_file_descriptor_set(crate::scanner::FILE_DESCRIPTOR_SET)
.build()
.build_v1()
.unwrap();
let tcp_listener = tokio::net::TcpListener::bind(listen_addr).await?;

20
zebra-network/Cargo.toml
View File

@ -42,12 +42,12 @@ proptest-impl = ["proptest", "proptest-derive", "zebra-chain/proptest-impl"]
[dependencies]
bitflags = "2.5.0"
byteorder = "1.5.0"
bytes = "1.7.1"
bytes = "1.7.2"
chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] }
dirs = "5.0.1"
hex = "0.4.3"
humantime-serde = "1.1.1"
indexmap = { version = "2.3.0", features = ["serde"] }
indexmap = { version = "2.5.0", features = ["serde"] }
itertools = "0.13.0"
lazy_static = "1.4.0"
num-integer = "0.1.46"
@ -55,15 +55,15 @@ ordered-map = "0.4.2"
pin-project = "1.1.5"
rand = "0.8.5"
rayon = "1.10.0"
regex = "1.10.6"
serde = { version = "1.0.204", features = ["serde_derive"] }
tempfile = "3.11.0"
thiserror = "1.0.63"
regex = "1.11.0"
serde = { version = "1.0.210", features = ["serde_derive"] }
tempfile = "3.13.0"
thiserror = "1.0.64"
futures = "0.3.30"
tokio = { version = "1.39.2", features = ["fs", "io-util", "net", "time", "tracing", "macros", "rt-multi-thread"] }
tokio-stream = { version = "0.1.15", features = ["sync", "time"] }
tokio-util = { version = "0.7.11", features = ["codec"] }
tokio = { version = "1.40.0", features = ["fs", "io-util", "net", "time", "tracing", "macros", "rt-multi-thread"] }
tokio-stream = { version = "0.1.16", features = ["sync", "time"] }
tokio-util = { version = "0.7.12", features = ["codec"] }
tower = { version = "0.4.13", features = ["retry", "discover", "load", "load-shed", "timeout", "util", "buffer"] }
metrics = "0.23.0"
@ -90,7 +90,7 @@ proptest = "1.4.0"
proptest-derive = "0.5.0"
static_assertions = "1.1.0"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
toml = "0.8.19"
zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] }

10
zebra-node-services/Cargo.toml
View File

@ -46,14 +46,14 @@ color-eyre = { version = "0.6.3", optional = true }
jsonrpc-core = { version = "18.0.0", optional = true }
# Security: avoid default dependency on openssl
reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"], optional = true }
serde = { version = "1.0.204", optional = true }
serde_json = { version = "1.0.122", optional = true }
tokio = { version = "1.39.2", features = ["time", "sync"] }
serde = { version = "1.0.210", optional = true }
serde_json = { version = "1.0.128", optional = true }
tokio = { version = "1.40.0", features = ["time", "sync"] }
[dev-dependencies]
color-eyre = "0.6.3"
jsonrpc-core = "18.0.0"
reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"] }
serde = "1.0.204"
serde_json = "1.0.122"
serde = "1.0.210"
serde_json = "1.0.128"

24
zebra-rpc/Cargo.toml
View File

@ -65,10 +65,10 @@ jsonrpc-derive = "18.0.0"
jsonrpc-http-server = "18.0.0"
# zebra-rpc needs the preserve_order feature in serde_json, which is a dependency of jsonrpc-core
serde_json = { version = "1.0.122", features = ["preserve_order"] }
indexmap = { version = "2.3.0", features = ["serde"] }
serde_json = { version = "1.0.128", features = ["preserve_order"] }
indexmap = { version = "2.5.0", features = ["serde"] }
tokio = { version = "1.39.2", features = [
tokio = { version = "1.40.0", features = [
"time",
"rt-multi-thread",
"macros",
@ -77,15 +77,15 @@ tokio = { version = "1.39.2", features = [
tower = "0.4.13"
# indexer-rpcs dependencies
tonic = { version = "0.12.1", optional = true }
tonic-reflection = { version = "0.12.1", optional = true }
prost = { version = "0.13.1", optional = true }
tokio-stream = { version = "0.1.15", optional = true }
tonic = { version = "0.12.3", optional = true }
tonic-reflection = { version = "0.12.3", optional = true }
prost = { version = "0.13.3", optional = true }
tokio-stream = { version = "0.1.16", optional = true }
tracing = "0.1.39"
hex = { version = "0.4.3", features = ["serde"] }
serde = { version = "1.0.204", features = ["serde_derive"] }
serde = { version = "1.0.210", features = ["serde_derive"] }
# For the `stop` RPC method.
nix = { version = "0.29.0", features = ["signal"] }
@ -112,15 +112,15 @@ zebra-script = { path = "../zebra-script", version = "1.0.0-beta.39" }
zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39" }
[build-dependencies]
tonic-build = { version = "0.12.1", optional = true }
tonic-build = { version = "0.12.3", optional = true }
[dev-dependencies]
insta = { version = "1.39.0", features = ["redactions", "json", "ron"] }
insta = { version = "1.40.0", features = ["redactions", "json", "ron"] }
proptest = "1.4.0"
thiserror = "1.0.63"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
thiserror = "1.0.64"
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = [
"proptest-impl",

2
zebra-rpc/build.rs
View File

@ -8,7 +8,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
tonic_build::configure()
.type_attribute(".", "#[derive(serde::Deserialize, serde::Serialize)]")
.file_descriptor_set_path(out_dir.unwrap().join("indexer_descriptor.bin"))
.compile(&["proto/indexer.proto"], &[""])?;
.compile_protos(&["proto/indexer.proto"], &[""])?;
}
Ok(())

2
zebra-rpc/src/indexer/server.rs
View File

@ -54,7 +54,7 @@ where
let reflection_service = tonic_reflection::server::Builder::configure()
.register_encoded_file_descriptor_set(crate::indexer::FILE_DESCRIPTOR_SET)
.build()
.build_v1()
.unwrap();
tracing::info!("Trying to open indexer RPC endpoint at {}...", listen_addr,);

16
zebra-scan/Cargo.toml
View File

@ -61,11 +61,11 @@ results-reader = [
[dependencies]
color-eyre = "0.6.3"
indexmap = { version = "2.3.0", features = ["serde"] }
indexmap = { version = "2.5.0", features = ["serde"] }
itertools = "0.13.0"
semver = "1.0.23"
serde = { version = "1.0.204", features = ["serde_derive"] }
tokio = { version = "1.39.2", features = ["time"] }
serde = { version = "1.0.210", features = ["serde_derive"] }
tokio = { version = "1.40.0", features = ["time"] }
tower = "0.4.13"
tracing = "0.1.39"
futures = "0.3.30"
@ -103,7 +103,7 @@ zebra-test = { path = "../zebra-test", version = "1.0.0-beta.39", optional = tru
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
structopt = "0.3.26"
lazy_static = "1.4.0"
serde_json = "1.0.122"
serde_json = "1.0.128"
jsonrpc = { version = "0.18.0", optional = true }
hex = { version = "0.4.3", optional = true }
@ -111,8 +111,8 @@ hex = { version = "0.4.3", optional = true }
zebrad = { path = "../zebrad", version = "1.8.1" }
[dev-dependencies]
insta = { version = "1.39.0", features = ["ron", "redactions"] }
tokio = { version = "1.39.2", features = ["test-util"] }
insta = { version = "1.40.0", features = ["ron", "redactions"] }
tokio = { version = "1.40.0", features = ["test-util"] }
proptest = "1.4.0"
proptest-derive = "0.5.0"
@ -121,10 +121,10 @@ ff = "0.13.0"
group = "0.13.0"
jubjub = "0.10.0"
rand = "0.8.5"
tempfile = "3.11.0"
tempfile = "3.13.0"
zcash_note_encryption = "0.4.0"
toml = "0.8.19"
tonic = "0.12.1"
tonic = "0.12.3"
zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39", features = ["proptest-impl"] }
zebra-test = { path = "../zebra-test", version = "1.0.0-beta.39" }

2
zebra-script/Cargo.toml
View File

@ -18,7 +18,7 @@ categories = ["api-bindings", "cryptography::cryptocurrencies"]
zcash_script = "0.2.0"
zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39" }
thiserror = "1.0.63"
thiserror = "1.0.64"
[dev-dependencies]
hex = "0.4.3"

20
zebra-state/Cargo.toml
View File

@ -54,28 +54,28 @@ hex = "0.4.3"
hex-literal = "0.4.1"
humantime-serde = "1.1.1"
human_bytes = { version = "0.4.3", default-features = false }
indexmap = "2.3.0"
indexmap = "2.5.0"
itertools = "0.13.0"
lazy_static = "1.4.0"
metrics = "0.23.0"
mset = "0.1.1"
regex = "1.10.6"
rlimit = "0.10.1"
regex = "1.11.0"
rlimit = "0.10.2"
rocksdb = { version = "0.22.0", default-features = false, features = ["lz4"] }
semver = "1.0.23"
serde = { version = "1.0.204", features = ["serde_derive"] }
tempfile = "3.11.0"
thiserror = "1.0.63"
serde = { version = "1.0.210", features = ["serde_derive"] }
tempfile = "3.13.0"
thiserror = "1.0.64"
rayon = "1.10.0"
tokio = { version = "1.39.2", features = ["rt-multi-thread", "sync", "tracing"] }
tokio = { version = "1.40.0", features = ["rt-multi-thread", "sync", "tracing"] }
tower = { version = "0.4.13", features = ["buffer", "util"] }
tracing = "0.1.39"
# elasticsearch specific dependencies.
# Security: avoid default dependency on openssl
elasticsearch = { version = "8.5.0-alpha.1", default-features = false, features = ["rustls-tls"], optional = true }
serde_json = { version = "1.0.122", package = "serde_json", optional = true }
serde_json = { version = "1.0.128", package = "serde_json", optional = true }
zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = ["async-error"] }
@ -97,7 +97,7 @@ once_cell = "1.18.0"
spandoc = "0.2.2"
hex = { version = "0.4.3", features = ["serde"] }
insta = { version = "1.39.0", features = ["ron", "redactions"] }
insta = { version = "1.40.0", features = ["ron", "redactions"] }
proptest = "1.4.0"
proptest-derive = "0.5.0"
@ -106,7 +106,7 @@ rand = "0.8.5"
halo2 = { package = "halo2_proofs", version = "0.3.0" }
jubjub = "0.10.0"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = ["proptest-impl"] }
zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" }

14
zebra-test/Cargo.toml
View File

@ -16,16 +16,16 @@ categories = ["command-line-utilities", "cryptography::cryptocurrencies"]
[dependencies]
hex = "0.4.3"
indexmap = "2.3.0"
indexmap = "2.5.0"
lazy_static = "1.4.0"
insta = "1.39.0"
insta = "1.40.0"
itertools = "0.13.0"
proptest = "1.4.0"
once_cell = "1.18.0"
rand = "0.8.5"
regex = "1.10.6"
regex = "1.11.0"
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
tower = { version = "0.4.13", features = ["util"] }
futures = "0.3.30"
@ -35,13 +35,13 @@ color-eyre = "0.6.3"
tinyvec = { version = "1.8.0", features = ["rustc_1_55"] }
humantime = "2.1.0"
owo-colors = "4.0.0"
owo-colors = "4.1.0"
spandoc = "0.2.2"
thiserror = "1.0.63"
thiserror = "1.0.64"
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
tracing-error = "0.2.0"
tracing = "0.1.39"
[dev-dependencies]
tempfile = "3.11.0"
tempfile = "3.13.0"

16
zebra-utils/Cargo.toml
View File

@ -89,10 +89,10 @@ tinyvec = { version = "1.8.0", features = ["rustc_1_55"] }
structopt = "0.3.26"
hex = "0.4.3"
serde_json = "1.0.122"
serde_json = "1.0.128"
tracing-error = "0.2.0"
tracing-subscriber = "0.3.18"
thiserror = "1.0.63"
thiserror = "1.0.64"
zebra-node-services = { path = "../zebra-node-services", version = "1.0.0-beta.39" }
zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39" }
@ -104,12 +104,12 @@ zebra-rpc = { path = "../zebra-rpc", version = "1.0.0-beta.39", optional = true
itertools = { version = "0.13.0", optional = true }
# These crates are needed for the search-issue-refs binary
regex = { version = "1.10.6", optional = true }
regex = { version = "1.11.0", optional = true }
# Avoid default openssl dependency to reduce the dependency tree and security alerts.
reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"], optional = true }
# These crates are needed for the zebra-checkpoints and search-issue-refs binaries
tokio = { version = "1.39.2", features = ["full"], optional = true }
tokio = { version = "1.40.0", features = ["full"], optional = true }
jsonrpc = { version = "0.18.0", optional = true }
@ -119,9 +119,9 @@ zcash_protocol.workspace = true
# For the openapi generator
rand = "0.8.5"
syn = { version = "2.0.72", features = ["full"], optional = true }
quote = { version = "1.0.36", optional = true }
syn = { version = "2.0.79", features = ["full"], optional = true }
quote = { version = "1.0.37", optional = true }
serde_yml = { version = "0.0.12", optional = true }
serde = { version = "1.0.204", features = ["serde_derive"], optional = true }
indexmap = "2.3.0"
serde = { version = "1.0.210", features = ["serde_derive"], optional = true }
indexmap = "2.5.0"

34
zebrad/Cargo.toml
View File

@ -168,19 +168,19 @@ zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39" }
zebra-utils = { path = "../zebra-utils", version = "1.0.0-beta.39", optional = true }
abscissa_core = "0.7.0"
clap = { version = "4.5.13", features = ["cargo"] }
clap = { version = "4.5.18", features = ["cargo"] }
chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] }
humantime-serde = "1.1.1"
indexmap = "2.3.0"
indexmap = "2.5.0"
lazy_static = "1.4.0"
semver = "1.0.23"
serde = { version = "1.0.204", features = ["serde_derive"] }
serde = { version = "1.0.210", features = ["serde_derive"] }
toml = "0.8.19"
futures = "0.3.30"
rayon = "1.10.0"
tokio = { version = "1.39.2", features = ["time", "rt-multi-thread", "macros", "tracing", "signal"] }
tokio-stream = { version = "0.1.15", features = ["time"] }
tokio = { version = "1.40.0", features = ["time", "rt-multi-thread", "macros", "tracing", "signal"] }
tokio-stream = { version = "0.1.16", features = ["time"] }
tower = { version = "0.4.13", features = ["hedge", "limit"] }
pin-project = "1.1.5"
@ -189,7 +189,7 @@ color-eyre = { version = "0.6.3", default-features = false, features = ["issue-u
# Enable a feature that makes tinyvec compile much faster.
tinyvec = { version = "1.8.0", features = ["rustc_1_55"] }
thiserror = "1.0.63"
thiserror = "1.0.64"
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
tracing-appender = "0.2.3"
@ -221,8 +221,8 @@ tracing-journald = { version = "0.3.0", optional = true }
# prod feature filter-reload
hyper = { version = "1.3.1", features = ["http1", "http2", "server"], optional = true }
http-body-util = { version = "0.1.2", optional = true }
hyper-util = { version = "0.1.6", optional = true }
bytes = { version = "1.7.1", optional = true }
hyper-util = { version = "0.1.9", optional = true }
bytes = { version = "1.7.2", optional = true }
# prod feature prometheus
metrics-exporter-prometheus = { version = "0.15.3", default-features = false, features = ["http-listener"], optional = true }
@ -248,7 +248,7 @@ console-subscriber = { version = "0.4.0", optional = true }
vergen = { version = "8.3.2", default-features = false, features = ["cargo", "git", "git2", "rustc"] }
# test feature lightwalletd-grpc-tests
tonic-build = { version = "0.12.1", optional = true }
tonic-build = { version = "0.12.3", optional = true }
[dev-dependencies]
abscissa_core = { version = "0.7.0", features = ["testing"] }
@ -256,22 +256,22 @@ hex = "0.4.3"
hex-literal = "0.4.1"
jsonrpc-core = "18.0.0"
once_cell = "1.18.0"
regex = "1.10.6"
insta = { version = "1.39.0", features = ["json"] }
regex = "1.11.0"
insta = { version = "1.40.0", features = ["json"] }
# zebra-rpc needs the preserve_order feature, it also makes test results more stable
serde_json = { version = "1.0.122", features = ["preserve_order"] }
tempfile = "3.11.0"
serde_json = { version = "1.0.128", features = ["preserve_order"] }
tempfile = "3.13.0"
hyper = { version = "1.3.1", features = ["http1", "http2", "server"]}
tracing-test = { version = "0.2.4", features = ["no-env-filter"] }
tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] }
tokio-stream = "0.1.15"
tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] }
tokio-stream = "0.1.16"
# test feature lightwalletd-grpc-tests
prost = "0.13.1"
tonic = "0.12.1"
prost = "0.13.3"
tonic = "0.12.3"
proptest = "1.4.0"
proptest-derive = "0.5.0"

2
zebrad/build.rs
View File

@ -47,7 +47,7 @@ fn main() {
// so we can derive `Eq` as well as the default generated `PartialEq` derive.
// This fixes `clippy::derive_partial_eq_without_eq` warnings.
.message_attribute(".", "#[derive(Eq)]")
.compile(
.compile_protos(
&["tests/common/lightwalletd/proto/service.proto"],
&["tests/common/lightwalletd/proto"],
)