diff --git a/Cargo.lock b/Cargo.lock index 22f5d5050..72541a4a7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -12,7 +12,7 @@ dependencies = [ "arc-swap", "backtrace", "canonical-path", - "clap 4.5.13", + "clap 4.5.18", "color-eyre", "fs-err", "once_cell", @@ -152,9 +152,9 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.7" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" +checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1" [[package]] name = "anstyle-parse" @@ -240,7 +240,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -251,7 +251,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -424,7 +424,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.72", + "syn 2.0.79", "which", ] @@ -592,9 +592,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.7.1" +version = "1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" +checksum = "428d9aa8fbc0670b7b8d6030a7fadd0f86151cae55e4dbbece15f3780a3dfaf3" [[package]] name = "bzip2-sys" @@ -732,7 +732,7 @@ dependencies = [ "iana-time-zone", "num-traits", "serde", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -801,9 +801,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3" dependencies = [ "clap_builder", "clap_derive", @@ -811,9 +811,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b" dependencies = [ "anstream", "anstyle", @@ -823,14 +823,14 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" +checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab" dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -980,7 +980,7 @@ dependencies = [ "anes", "cast", "ciborium", - "clap 4.5.13", + "clap 4.5.18", "criterion-plot", "is-terminal", "itertools 0.10.5", @@ -1082,7 +1082,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -1130,7 +1130,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.11.1", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -1152,7 +1152,7 @@ checksum = "733cabb43482b1a1b53eee8583c2b9e8684d592215ea83efd305dd31bc2f0178" dependencies = [ "darling_core 0.20.9", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -1374,9 +1374,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" +checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6" [[package]] name = "ff" @@ -1536,7 +1536,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -1637,8 +1637,8 @@ dependencies = [ "aho-corasick", "bstr", "log", - "regex-automata 0.4.7", - "regex-syntax 0.8.4", + "regex-automata 0.4.8", + "regex-syntax 0.8.5", ] [[package]] @@ -1665,10 +1665,10 @@ dependencies = [ "futures-sink", "futures-util", "http 0.2.12", - "indexmap 2.3.0", + "indexmap 2.5.0", "slab", "tokio", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "tracing", ] @@ -1684,10 +1684,10 @@ dependencies = [ "futures-core", "futures-sink", "http 1.1.0", - "indexmap 2.3.0", + "indexmap 2.5.0", "slab", "tokio", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "tracing", ] @@ -1716,7 +1716,7 @@ dependencies = [ "pasta_curves", "rand 0.8.5", "subtle", - "uint", + "uint 0.9.5", ] [[package]] @@ -2019,9 +2019,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.6" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ab92f4f49ee4fb4f997c784b7a2e0fa70050211e0b6a287f898c3c9785ca956" +checksum = "41296eb09f183ac68eec06e03cdbea2e759633d4067b2f6552fc2e009bcad08b" dependencies = [ "bytes", "futures-channel", @@ -2032,7 +2032,6 @@ dependencies = [ "pin-project-lite", "socket2", "tokio", - "tower", "tower-service", "tracing", ] @@ -2124,9 +2123,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.3.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0" +checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5" dependencies = [ "equivalent", "hashbrown 0.14.5", @@ -2174,9 +2173,9 @@ dependencies = [ [[package]] name = "insta" -version = "1.39.0" +version = "1.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "810ae6042d48e2c9e9215043563a58a80b877bc863228a74cf10c49d4620a6f5" +checksum = "6593a41c7a73841868772495db7dc1e8ecab43bb5c0b6da2059246c4b506ab60" dependencies = [ "console", "lazy_static", @@ -2383,9 +2382,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.155" +version = "0.2.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" [[package]] name = "libgit2-sys" @@ -2406,7 +2405,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" dependencies = [ "cfg-if 1.0.0", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -2566,7 +2565,7 @@ dependencies = [ "http-body-util", "hyper 1.4.1", "hyper-util", - "indexmap 2.3.0", + "indexmap 2.5.0", "ipnet", "metrics", "metrics-util", @@ -2863,9 +2862,9 @@ checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f" [[package]] name = "owo-colors" -version = "4.0.0" +version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "caff54706df99d2a78a5a4e3455ff45448d81ef1bb63c22cd14052ca0e993a3f" +checksum = "fb37767f6569cd834a413442455e0f066d0d522de8630436e2a1761d9726ba56" [[package]] name = "pairing" @@ -2947,7 +2946,7 @@ dependencies = [ "libc", "redox_syscall 0.5.2", "smallvec", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -3002,7 +3001,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -3023,7 +3022,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", - "indexmap 2.3.0", + "indexmap 2.5.0", ] [[package]] @@ -3043,7 +3042,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -3138,7 +3137,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -3149,7 +3148,7 @@ checksum = "0b34d9fd68ae0b74a41b21c03c2f62847aa0ffea044eee893b4c140b37e244e2" dependencies = [ "fixed-hash", "impl-codec", - "uint", + "uint 0.9.5", ] [[package]] @@ -3217,7 +3216,7 @@ dependencies = [ "rand 0.8.5", "rand_chacha 0.3.1", "rand_xorshift", - "regex-syntax 0.8.4", + "regex-syntax 0.8.5", "rusty-fork", "tempfile", "unarray", @@ -3231,14 +3230,14 @@ checksum = "6ff7ff745a347b87471d859a377a9a404361e7efc2a971d73424a6d183c0fc77" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] name = "prost" -version = "0.13.1" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e13db3d3fde688c61e2446b4d843bc27a7e8af269a69440c0308021dc92333cc" +checksum = "7b0487d90e047de87f984913713b85c601c05609aad5b0df4b4573fbf69aa13f" dependencies = [ "bytes", "prost-derive", @@ -3261,21 +3260,21 @@ dependencies = [ "prost", "prost-types", "regex", - "syn 2.0.72", + "syn 2.0.79", "tempfile", ] [[package]] name = "prost-derive" -version = "0.13.1" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18bec9b0adc4eba778b33684b7ba3e7137789434769ee3ce3930463ef904cfca" +checksum = "e9552f850d5f0964a4e4d0bf306459ac29323ddfbae05e35a7c0d35cb0803cc5" dependencies = [ "anyhow", "itertools 0.13.0", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -3342,9 +3341,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -3526,14 +3525,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.6" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" +checksum = "38200e5ee88914975b69f657f0801b6f6dccafd44fd9326302a4aaeecfacb1d8" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.7", - "regex-syntax 0.8.4", + "regex-automata 0.4.8", + "regex-syntax 0.8.5", ] [[package]] @@ -3547,13 +3546,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" +checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.4", + "regex-syntax 0.8.5", ] [[package]] @@ -3564,9 +3563,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "reqwest" @@ -3601,7 +3600,7 @@ dependencies = [ "system-configuration", "tokio", "tokio-rustls", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "tower-service", "url", "wasm-bindgen", @@ -3646,9 +3645,9 @@ dependencies = [ [[package]] name = "rlimit" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3560f70f30a0f16d11d01ed078a07740fe6b489667abc7c7b029155d9f21c3d8" +checksum = "7043b63bd0cd1aaa628e476b80e6d4023a3b50eb32789f2728908107bd0c793a" dependencies = [ "libc", ] @@ -3712,9 +3711,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags 2.6.0", "errno", @@ -3985,9 +3984,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.204" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] @@ -4003,22 +4002,22 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] name = "serde_json" -version = "1.0.122" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ - "indexmap 2.3.0", + "indexmap 2.5.0", "itoa", "memchr", "ryu", @@ -4066,7 +4065,7 @@ dependencies = [ "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.3.0", + "indexmap 2.5.0", "serde", "serde_derive", "serde_json", @@ -4095,7 +4094,7 @@ dependencies = [ "darling 0.20.9", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -4104,7 +4103,7 @@ version = "0.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59e2dd588bf1597a252c3b920e0143eb99b0f76e4e082f4c92ce34fbc9e71ddd" dependencies = [ - "indexmap 2.3.0", + "indexmap 2.5.0", "itoa", "libyml", "memchr", @@ -4320,9 +4319,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" dependencies = [ "proc-macro2", "quote", @@ -4382,15 +4381,15 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tempfile" -version = "3.11.0" +version = "3.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8fcd239983515c23a32fb82099f97d0b11b8c72f654ed659363a95c3dad7a53" +checksum = "f0f2c9fc62d0beef6951ccffd757e241266a2c833136efbe35af6cd2567dca5b" dependencies = [ "cfg-if 1.0.0", "fastrand", "once_cell", "rustix", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -4413,22 +4412,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" +checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" +checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -4515,9 +4514,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.39.2" +version = "1.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1" +checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998" dependencies = [ "backtrace", "bytes", @@ -4540,7 +4539,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -4555,14 +4554,14 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.15" +version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "267ac89e0bec6e691e5813911606935d77c476ff49024f98abcea3e7b15e37af" +checksum = "4f4e6ce100d0eb49a2734f8c0812bcd324cf357d21810932c5df6b96ef2b86f1" dependencies = [ "futures-core", "pin-project-lite", "tokio", - "tokio-util 0.7.11", + "tokio-util 0.7.12", ] [[package]] @@ -4594,9 +4593,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.11" +version = "0.7.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" +checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a" dependencies = [ "bytes", "futures-core", @@ -4641,7 +4640,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1" dependencies = [ - "indexmap 2.3.0", + "indexmap 2.5.0", "toml_datetime", "winnow 0.5.40", ] @@ -4652,7 +4651,7 @@ version = "0.22.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "583c44c02ad26b0c3f3066fe629275e50627026c51ac2e595cca4c230ce1ce1d" dependencies = [ - "indexmap 2.3.0", + "indexmap 2.5.0", "serde", "serde_spanned", "toml_datetime", @@ -4661,9 +4660,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38659f4a91aba8598d27821589f5db7dddd94601e7a01b1e485a50e5484c7401" +checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52" dependencies = [ "async-stream", "async-trait", @@ -4691,22 +4690,23 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "568392c5a2bd0020723e3f387891176aabafe36fd9fcd074ad309dfa0c8eb964" +checksum = "9557ce109ea773b399c9b9e5dca39294110b74f1f342cb347a80d1fce8c26a11" dependencies = [ "prettyplease", "proc-macro2", "prost-build", + "prost-types", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] name = "tonic-reflection" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b742c83ad673e9ab5b4ce0981f7b9e8932be9d60e8682cbf9120494764dbc173" +checksum = "878d81f52e7fcfd80026b7fdb6a9b578b3c3653ba987f87f0dce4b64043cba27" dependencies = [ "prost", "prost-types", @@ -4730,7 +4730,7 @@ dependencies = [ "rand 0.8.5", "slab", "tokio", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "tower-layer", "tower-service", "tracing", @@ -4750,7 +4750,7 @@ dependencies = [ "tinyvec", "tokio", "tokio-test", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "tower", "tower-fallback", "tower-test", @@ -4773,15 +4773,15 @@ dependencies = [ [[package]] name = "tower-layer" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" [[package]] name = "tower-service" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" [[package]] name = "tower-test" @@ -4829,7 +4829,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -4942,7 +4942,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568" dependencies = [ "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -4975,6 +4975,18 @@ dependencies = [ "static_assertions", ] +[[package]] +name = "uint" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "909988d098b2f738727b161a106cfc7cab00c539c2687a8836f8e565976fb53e" +dependencies = [ + "byteorder", + "crunchy", + "hex", + "static_assertions", +] + [[package]] name = "uname" version = "0.1.1" @@ -5144,7 +5156,7 @@ checksum = "d674d135b4a8c1d7e813e2f8d1c9a58308aee4a680323066025e53132218bd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -5264,7 +5276,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", "wasm-bindgen-shared", ] @@ -5298,7 +5310,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -5375,7 +5387,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" dependencies = [ "windows-core", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -5384,7 +5396,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -5402,7 +5414,16 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", ] [[package]] @@ -5422,18 +5443,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -5444,9 +5465,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -5456,9 +5477,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -5468,15 +5489,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -5486,9 +5507,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -5498,9 +5519,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -5510,9 +5531,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -5522,9 +5543,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" @@ -6026,7 +6047,7 @@ dependencies = [ "tinyvec", "tokio", "tracing", - "uint", + "uint 0.10.0", "x25519-dalek", "zcash_address 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "zcash_client_backend 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -6119,7 +6140,7 @@ dependencies = [ "hex", "howudoin", "humantime-serde", - "indexmap 2.3.0", + "indexmap 2.5.0", "itertools 0.13.0", "lazy_static", "metrics", @@ -6137,7 +6158,7 @@ dependencies = [ "thiserror", "tokio", "tokio-stream", - "tokio-util 0.7.11", + "tokio-util 0.7.12", "toml 0.8.19", "tower", "tracing", @@ -6167,7 +6188,7 @@ dependencies = [ "chrono", "futures", "hex", - "indexmap 2.3.0", + "indexmap 2.5.0", "insta", "jsonrpc-core", "jsonrpc-derive", @@ -6208,7 +6229,7 @@ dependencies = [ "futures", "group", "hex", - "indexmap 2.3.0", + "indexmap 2.5.0", "insta", "itertools 0.13.0", "jsonrpc", @@ -6271,7 +6292,7 @@ dependencies = [ "howudoin", "human_bytes", "humantime-serde", - "indexmap 2.3.0", + "indexmap 2.5.0", "insta", "itertools 0.13.0", "jubjub", @@ -6308,12 +6329,12 @@ dependencies = [ "futures", "hex", "humantime", - "indexmap 2.3.0", + "indexmap 2.5.0", "insta", "itertools 0.13.0", "lazy_static", "once_cell", - "owo-colors 4.0.0", + "owo-colors 4.1.0", "proptest", "rand 0.8.5", "regex", @@ -6334,7 +6355,7 @@ version = "1.0.0-beta.39" dependencies = [ "color-eyre", "hex", - "indexmap 2.3.0", + "indexmap 2.5.0", "itertools 0.13.0", "jsonrpc", "quote", @@ -6345,7 +6366,7 @@ dependencies = [ "serde_json", "serde_yml", "structopt", - "syn 2.0.72", + "syn 2.0.79", "thiserror", "tinyvec", "tokio", @@ -6367,7 +6388,7 @@ dependencies = [ "atty", "bytes", "chrono", - "clap 4.5.13", + "clap 4.5.18", "color-eyre", "console-subscriber", "dirs", @@ -6379,7 +6400,7 @@ dependencies = [ "humantime-serde", "hyper 1.4.1", "hyper-util", - "indexmap 2.3.0", + "indexmap 2.5.0", "indicatif", "inferno", "insta", @@ -6448,7 +6469,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] @@ -6468,7 +6489,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.79", ] [[package]] diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index fd2e76233..963d1771c 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -1,6 +1,11 @@ # cargo-vet audits file +[[audits.anstyle]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.7 -> 1.0.8" + [[audits.axum]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -11,6 +16,21 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.3.4 -> 0.4.3" +[[audits.bip32]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.5.1 -> 0.5.2" + +[[audits.bridgetree]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.5.0" + +[[audits.bytemuck]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.16.3 -> 1.16.1" + [[audits.bytes]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -21,6 +41,11 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "1.6.1 -> 1.7.1" +[[audits.cfg_aliases]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +version = "0.1.1" + [[audits.clap_derive]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -66,6 +91,18 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" +[[audits.equihash]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.2.0 -> 0.2.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.f4jumble]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + [[audits.git2]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -81,11 +118,26 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "1.3.1 -> 1.4.1" +[[audits.hyper-util]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.6 -> 0.1.9" + +[[audits.incrementalmerkletree]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.5.1 -> 0.6.0" + [[audits.indexmap]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "2.2.6 -> 2.3.0" +[[audits.indexmap]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "2.3.0 -> 2.5.0" + [[audits.inferno]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -96,11 +148,26 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.11.20 -> 0.11.21" +[[audits.insta]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.39.0 -> 1.40.0" + +[[audits.libc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.2.155 -> 0.2.159" + [[audits.libgit2-sys]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.16.2+1.7.2 -> 0.17.0+1.8.1" +[[audits.libyml]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +version = "0.0.5" + [[audits.log]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -131,6 +198,21 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.8.11 -> 1.0.1" +[[audits.nix]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +version = "0.15.0" + +[[audits.orchard]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.8.0 -> 0.9.0" + +[[audits.owo-colors]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "4.0.0 -> 4.1.0" + [[audits.proptest-derive]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -141,6 +223,11 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.12.6 -> 0.13.1" +[[audits.prost]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.13.3" + [[audits.prost-build]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -151,6 +238,11 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.12.6 -> 0.13.1" +[[audits.prost-derive]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.13.3" + [[audits.prost-types]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -161,6 +253,36 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "1.10.5 -> 1.10.6" +[[audits.regex]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.10.6 -> 1.11.0" + +[[audits.regex-automata]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.4.7 -> 0.4.8" + +[[audits.regex-syntax]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.5" + +[[audits.rlimit]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.10.1 -> 0.10.2" + +[[audits.rustix]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.38.34 -> 0.38.37" + +[[audits.sapling-crypto]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.3 -> 0.2.0" + [[audits.serde_spanned]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -186,21 +308,46 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "3.8.3 -> 3.9.0" +[[audits.serde_yml]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +version = "0.0.12" + +[[audits.shardtree]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.3.1 -> 0.4.0" + [[audits.tempfile]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "3.10.1 -> 3.11.0" +[[audits.tempfile]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "3.11.0 -> 3.13.0" + [[audits.thiserror]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "1.0.61 -> 1.0.62" +[[audits.thiserror]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.63 -> 1.0.64" + [[audits.thiserror-impl]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "1.0.63 -> 1.0.62" +[[audits.thiserror-impl]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.63 -> 1.0.64" + [[audits.tokio]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -216,6 +363,16 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "2.3.0 -> 2.4.0" +[[audits.tokio-stream]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.15 -> 0.1.16" + +[[audits.tokio-util]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.7.11 -> 0.7.12" + [[audits.toml]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -261,6 +418,16 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" +[[audits.tonic]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.12.3" + +[[audits.tonic-build]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.12.3" + [[audits.tonic-reflection]] who = "Alfredo Garcia " criteria = "safe-to-deploy" @@ -271,16 +438,233 @@ who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.12.1" +[[audits.tonic-reflection]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.12.3" + +[[audits.tower-batch-control]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.2.41-beta.14 -> 0.2.41-beta.15" + +[[audits.tower-fallback]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.2.41-beta.14 -> 0.2.41-beta.15" + +[[audits.tower-layer]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.3.2 -> 0.3.3" + +[[audits.tower-service]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.3.2 -> 0.3.3" + +[[audits.uint]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.9.5 -> 0.10.0" + [[audits.vergen]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "8.3.1 -> 8.3.2" +[[audits.version_check]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.9.5" + +[[audits.windows-sys]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.0 -> 0.59.0" + +[[audits.windows-targets]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_aarch64_gnullvm]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_aarch64_msvc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_i686_gnu]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_i686_gnullvm]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_i686_msvc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_x86_64_gnu]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_x86_64_gnullvm]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + +[[audits.windows_x86_64_msvc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.52.5 -> 0.52.6" + [[audits.winnow]] who = "Alfredo Garcia " criteria = "safe-to-deploy" delta = "0.6.13 -> 0.6.18" +[[audits.zcash_address]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.5.0" + +[[audits.zcash_address]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.5.0 -> 0.5.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zcash_client_backend]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.13.0" + +[[audits.zcash_client_backend]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.13.0 -> 0.13.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zcash_encoding]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.2.1 -> 0.2.1@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zcash_keys]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zcash_primitives]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.16.0 -> 0.17.0" + +[[audits.zcash_primitives]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.17.0 -> 0.17.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zcash_proofs]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.16.0 -> 0.17.0" + +[[audits.zcash_protocol]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.2.0" + +[[audits.zcash_protocol]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.3.0" + +[[audits.zcash_protocol]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + +[[audits.zebra-chain]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-consensus]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-grpc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.0-alpha.5 -> 0.1.0-alpha.6" + +[[audits.zebra-network]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-node-services]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-rpc]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-script]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-state]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-test]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebra-utils]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.0.0-beta.38 -> 1.0.0-beta.39" + +[[audits.zebrad]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "1.8.0 -> 1.9.0" + +[[audits.zip321]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +version = "0.1.0" + +[[audits.zip321]] +who = "Alfredo Garcia " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.0@git:a1047adf0b6f324dad415db34762dc26f8367ce4" +importable = false + [[trusted.clap]] criteria = "safe-to-deploy" user-id = 6743 # Ed Page (epage) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 21bfeebdd..7a20193f9 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -1,3 +1,4 @@ + # cargo-vet config file [cargo-vet] @@ -15,12 +16,36 @@ url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/ [imports.zcashd] url = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[policy.equihash] +audit-as-crates-io = true + +[policy.f4jumble] +audit-as-crates-io = true + [policy.tower-batch-control] audit-as-crates-io = true [policy.tower-fallback] audit-as-crates-io = true +[policy.zcash_address] +audit-as-crates-io = true + +[policy.zcash_client_backend] +audit-as-crates-io = true + +[policy.zcash_encoding] +audit-as-crates-io = true + +[policy.zcash_keys] +audit-as-crates-io = true + +[policy.zcash_primitives] +audit-as-crates-io = true + +[policy.zcash_protocol] +audit-as-crates-io = true + [policy.zebra-chain] audit-as-crates-io = true @@ -57,6 +82,9 @@ audit-as-crates-io = true [policy.zebrad] audit-as-crates-io = true +[policy.zip321] +audit-as-crates-io = true + [[exemptions.abscissa_core]] version = "0.7.0" criteria = "safe-to-deploy" @@ -69,10 +97,6 @@ criteria = "safe-to-deploy" version = "0.21.0" criteria = "safe-to-deploy" -[[exemptions.adler]] -version = "1.0.2" -criteria = "safe-to-deploy" - [[exemptions.aead]] version = "0.5.2" criteria = "safe-to-deploy" @@ -89,10 +113,6 @@ criteria = "safe-to-deploy" version = "1.1.3" criteria = "safe-to-deploy" -[[exemptions.allocator-api2]] -version = "0.2.18" -criteria = "safe-to-deploy" - [[exemptions.android-tzdata]] version = "0.1.1" criteria = "safe-to-deploy" @@ -197,14 +217,6 @@ criteria = "safe-to-deploy" version = "1.3.3" criteria = "safe-to-deploy" -[[exemptions.bip0039]] -version = "0.10.1" -criteria = "safe-to-deploy" - -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.bitflags-serde-legacy]] version = "0.1.1" criteria = "safe-to-deploy" @@ -249,10 +261,6 @@ criteria = "safe-to-deploy" version = "1.2.2" criteria = "safe-to-deploy" -[[exemptions.byteorder]] -version = "1.5.0" -criteria = "safe-to-deploy" - [[exemptions.bytes]] version = "1.6.0" criteria = "safe-to-deploy" @@ -369,10 +377,6 @@ criteria = "safe-to-deploy" version = "0.2.12" criteria = "safe-to-deploy" -[[exemptions.crc32fast]] -version = "1.4.2" -criteria = "safe-to-deploy" - [[exemptions.criterion]] version = "0.5.1" criteria = "safe-to-run" @@ -513,10 +517,6 @@ criteria = "safe-to-deploy" version = "0.4.2" criteria = "safe-to-deploy" -[[exemptions.flate2]] -version = "1.0.30" -criteria = "safe-to-deploy" - [[exemptions.flume]] version = "0.10.14" criteria = "safe-to-deploy" @@ -621,10 +621,6 @@ criteria = "safe-to-deploy" version = "7.5.4" criteria = "safe-to-deploy" -[[exemptions.hdwallet]] -version = "0.4.1" -criteria = "safe-to-deploy" - [[exemptions.heck]] version = "0.3.3" criteria = "safe-to-deploy" @@ -905,10 +901,6 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" -[[exemptions.miniz_oxide]] -version = "0.7.4" -criteria = "safe-to-deploy" - [[exemptions.mio]] version = "0.8.11" criteria = "safe-to-deploy" @@ -1033,18 +1025,10 @@ criteria = "safe-to-deploy" version = "0.9.10" criteria = "safe-to-deploy" -[[exemptions.password-hash]] -version = "0.3.2" -criteria = "safe-to-deploy" - [[exemptions.pasta_curves]] version = "0.5.1" criteria = "safe-to-deploy" -[[exemptions.pbkdf2]] -version = "0.10.1" -criteria = "safe-to-deploy" - [[exemptions.percent-encoding]] version = "2.3.1" criteria = "safe-to-deploy" @@ -1265,10 +1249,6 @@ criteria = "safe-to-deploy" version = "0.8.37" criteria = "safe-to-deploy" -[[exemptions.ring]] -version = "0.16.20" -criteria = "safe-to-deploy" - [[exemptions.ring]] version = "0.17.8" criteria = "safe-to-deploy" @@ -1461,10 +1441,6 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" -[[exemptions.spin]] -version = "0.5.2" -criteria = "safe-to-deploy" - [[exemptions.spin]] version = "0.9.8" criteria = "safe-to-deploy" @@ -1481,10 +1457,6 @@ criteria = "safe-to-deploy" version = "0.8.0" criteria = "safe-to-deploy" -[[exemptions.strsim]] -version = "0.11.1" -criteria = "safe-to-deploy" - [[exemptions.structopt]] version = "0.3.26" criteria = "safe-to-deploy" @@ -1633,10 +1605,6 @@ criteria = "safe-to-deploy" version = "0.1.27" criteria = "safe-to-deploy" -[[exemptions.tracing-core]] -version = "0.1.32" -criteria = "safe-to-deploy" - [[exemptions.tracing-error]] version = "0.2.0" criteria = "safe-to-deploy" @@ -1713,14 +1681,6 @@ criteria = "safe-to-deploy" version = "0.5.1" criteria = "safe-to-deploy" -[[exemptions.unsafe-libyaml]] -version = "0.2.11" -criteria = "safe-to-deploy" - -[[exemptions.untrusted]] -version = "0.7.1" -criteria = "safe-to-deploy" - [[exemptions.untrusted]] version = "0.9.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b9dd505d6..b855130e4 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1,6 +1,10 @@ # cargo-vet imports lock +[[unpublished.zebra-scan]] +version = "0.1.0-alpha.8" +audited_as = "0.1.0-alpha.7" + [[publisher.cexpr]] version = "0.6.0" when = "2021-10-11" @@ -9,22 +13,22 @@ user-login = "emilio" user-name = "Emilio Cobos Álvarez" [[publisher.clap]] -version = "4.5.13" -when = "2024-07-31" +version = "4.5.18" +when = "2024-09-20" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_builder]] -version = "4.5.13" -when = "2024-07-31" +version = "4.5.18" +when = "2024-09-20" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_derive]] -version = "4.5.13" -when = "2024-07-31" +version = "4.5.18" +when = "2024-09-20" user-id = 6743 user-login = "epage" user-name = "Ed Page" @@ -44,8 +48,8 @@ user-login = "hsivonen" user-name = "Henri Sivonen" [[publisher.serde_json]] -version = "1.0.122" -when = "2024-08-01" +version = "1.0.128" +when = "2024-09-04" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -58,15 +62,15 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.syn]] -version = "2.0.72" -when = "2024-07-21" +version = "2.0.79" +when = "2024-09-27" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.tokio]] -version = "1.39.2" -when = "2024-07-27" +version = "1.40.0" +when = "2024-08-30" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" @@ -85,6 +89,19 @@ user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" +[[audits.google.audits.adler]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.2" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` +and there were no hits (except in comments and in the `README.md` file). + +Note that some additional, internal notes about an older version of this crate +can be found at go/image-crate-chromium-security-review. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.async-stream]] who = "Tyler Mandry " criteria = "safe-to-deploy" @@ -146,6 +163,22 @@ version = "0.13.1" notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.3.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +The crate exposes a function marked as `unsafe`, but doesn't use any +`unsafe` blocks (except for tests of the single `unsafe` function). I +think this justifies marking this crate as `ub-risk-1`. + +Additional review comments can be found at https://crrev.com/c/4723145/31 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.bitflags]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -179,30 +212,21 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p [[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -version = "1.14.3" -notes = "Additional review notes may be found in https://crrev.com/c/5362675." +version = "1.16.3" +notes = """ +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). +""" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bytemuck]] -who = "Adrian Taylor " -criteria = "safe-to-deploy" -delta = "1.14.3 -> 1.15.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] +[[audits.google.audits.byteorder]] who = "danakj " criteria = "safe-to-deploy" -delta = "1.15.0 -> 1.16.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.16.1" -notes = """ -The delta only adds `f16` and `f128` support (with some other minor changes) -and has no impact on the audit criteria. -""" +version = "1.5.0" +notes = "Unsafe review in https://crrev.com/c/5838022" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.cast]] @@ -217,6 +241,18 @@ criteria = "safe-to-deploy" version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.crc32fast]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.equivalent]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -233,6 +269,41 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.30" +notes = ''' +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. Ability to track partial +audits is tracked in https://github.com/mozilla/cargo-vet/issues/380 +Chromium does use the `any_zlib` feature(s). Accidentally depending on +this feature in the future is prevented using the `ban_features` feature +of `gnrt` - see: +https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml + +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`: + +* The code under `src/ffi/...` will not be used because the `mod c` + declaration in `src/ffi/mod.rs` depends on the `any_zlib` config +* 7 uses of `unsafe` in `src/mem.rs` also all depend on the + `any_zlib` config: + - 2 in `fn set_dictionary` (under `impl Compress`) + - 2 in `fn set_level` (under `impl Compress`) + - 3 in `fn set_dictionary` (under `impl Decompress`) + +All hits of `'\bfs\b'` are in comments, or example code, or test code +(but not in product code). + +There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.futures]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -311,6 +382,22 @@ delta = "1.4.0 -> 1.5.0" notes = "Unsafe review notes: https://crrev.com/c/5650836" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.miniz_oxide]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.7.4" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` +and there were no hits, except for some mentions of "unsafe" in the `README.md` +and in a comment in `src/deflate/core.rs`. The comment discusses whether a +function should be treated as unsafe, but there is no actual `unsafe` code, so +the crate meets the `ub-risk-0` criteria. + +Note that some additional, internal notes about an older version of this crate +can be found at go/image-crate-chromium-security-review. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nom]] who = "danakj@chromium.org" criteria = "safe-to-deploy" @@ -432,6 +519,16 @@ criteria = "safe-to-deploy" delta = "1.0.35 -> 1.0.36" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.36 -> 1.0.37" +notes = """ +The delta just 1) inlines/expands `impl ToTokens` that used to be handled via +`primitive!` macro and 2) adds `impl ToTokens` for `CStr` and `CString`. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.rustversion]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -541,6 +638,32 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.207 -> 1.0.209" +notes = """ +The delta carries fairly small changes in `src/private/de.rs` and +`src/private/ser.rs` (see https://crrev.com/c/5812194/2..5). AFAICT the +delta has no impact on the `unsafe`, `from_utf8_unchecked`-related parts +of the crate (in `src/de/format.rs` and `src/ser/impls.rs`). +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.209 -> 1.0.210" +notes = "Almost no new code - just feature rearrangement" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -573,6 +696,32 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.207 -> 1.0.209" +notes = ''' +There are no code changes in this delta - see https://crrev.com/c/5812194/2..5 + +I've neverthless also grepped for `-i cipher`, `-i crypto`, `\bfs\b`, +`\bnet\b`, and `\bunsafe\b`. There were no hits. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.209 -> 1.0.210" +notes = "Almost no new code - just feature rearrangement" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.static_assertions]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -746,6 +895,12 @@ end = "2024-05-03" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.allocator-api2]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -834,6 +989,13 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.cfg_aliases]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.2.1" +notes = "Very minor changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.core-foundation]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" @@ -871,6 +1033,12 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.fastrand]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -943,6 +1111,47 @@ delta = "0.4.18 -> 0.4.20" notes = "Only cfg attribute and internal macro changes and module refactorings" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.nix]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +delta = "0.15.0 -> 0.25.0" +notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.25.0 -> 0.25.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.25.1 -> 0.26.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +delta = "0.26.2 -> 0.27.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.27.1 -> 0.28.0" +notes = """ +Many new features and bugfixes. Obviously there's a lot of unsafe code calling +libc, but the usage looks correct. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.28.0 -> 0.29.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.num-conv]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -970,6 +1179,12 @@ version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.strsim]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +delta = "0.10.0 -> 0.11.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" @@ -1017,6 +1232,17 @@ criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tracing-core]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.1.30" +notes = """ +Most unsafe code is in implementing non-std sync primitives. Unsafe impls are +logically correct and justified in comments, and unsafe code is sound and +justified in comments. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.zerocopy]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -1043,6 +1269,22 @@ criteria = "safe-to-deploy" delta = "1.2.0 -> 1.3.0" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" +[[audits.zcash.audits.bip32]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +version = "0.5.1" +notes = """ +- Crate has no unsafe code, and sets `#![forbid(unsafe_code)]`. +- Crate has no powerful imports. Only filesystem acces is via `include_str!`, and is safe. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.bytes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.7.1 -> 1.7.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.fastrand]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1050,26 +1292,11 @@ delta = "2.0.0 -> 2.0.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.fastrand]] -who = "Daira-Emma Hopwood " +who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.0.1 -> 2.0.2" +delta = "2.1.0 -> 2.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.fastrand]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -notes = """ -As noted in the changelog, this version produces different output for a given seed. -The documentation did not mention stability. It is possible that some uses relying on -determinism across the update would be broken. - -The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked): -https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145 -I have no way to check whether these constants are an improvement or not. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" - [[audits.zcash.audits.futures]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1190,6 +1417,12 @@ be set correctly by `cargo`. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.secp256k1]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.26.0 -> 0.27.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.signature]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" @@ -1268,6 +1501,34 @@ criteria = "safe-to-deploy" delta = "0.12.0 -> 0.12.1" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.30 -> 0.1.31" +notes = """ +The only new `unsafe` block is to intentionally leak a scoped subscriber onto +the heap when setting it as the global default dispatcher. I checked that the +global default can only be set once and is never dropped. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.31 -> 0.1.32" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.visibility]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +version = "0.1.1" +notes = """ +- Crate has no unsafe code, and sets `#![forbid(unsafe_code)]`. +- Crate has no powerful imports, and exclusively provides a proc macro + that safely malleates a visibility modifier. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.wagyu-zcash-parameters]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1316,6 +1577,40 @@ criteria = "safe-to-deploy" version = "0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.zcash_address]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.3.2 -> 0.4.0" +notes = "This release contains no unsafe code and consists soley of added convenience methods." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.zcash_encoding]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.2.0 -> 0.2.1" +notes = "This release adds minor convenience methods and involves no unsafe code." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.zcash_keys]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.2.0 -> 0.3.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.zcash_primitives]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.15.1 -> 0.16.0" +notes = "The primary change here is the switch from the `hdwallet` dependency to using `bip32`." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.zcash_proofs]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.15.0 -> 0.16.0" +notes = "This release involves only updates of previously-vetted dependencies." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.zerocopy]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" diff --git a/tower-batch-control/Cargo.toml b/tower-batch-control/Cargo.toml index bbb5e7a4e..09b959fb5 100644 --- a/tower-batch-control/Cargo.toml +++ b/tower-batch-control/Cargo.toml @@ -26,8 +26,8 @@ futures = "0.3.30" futures-core = "0.3.28" pin-project = "1.1.5" rayon = "1.10.0" -tokio = { version = "1.39.2", features = ["time", "sync", "tracing", "macros"] } -tokio-util = "0.7.11" +tokio = { version = "1.40.0", features = ["time", "sync", "tracing", "macros"] } +tokio-util = "0.7.12" tower = { version = "0.4.13", features = ["util", "buffer"] } tracing = "0.1.39" tracing-futures = "0.2.5" @@ -41,7 +41,7 @@ tinyvec = { version = "1.8.0", features = ["rustc_1_55"] } ed25519-zebra = "4.0.3" rand = "0.8.5" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } tokio-test = "0.4.4" tower-fallback = { path = "../tower-fallback/", version = "0.2.41-beta.15" } tower-test = "0.4.0" diff --git a/tower-fallback/Cargo.toml b/tower-fallback/Cargo.toml index 071753b82..4ddf8a840 100644 --- a/tower-fallback/Cargo.toml +++ b/tower-fallback/Cargo.toml @@ -22,6 +22,6 @@ futures-core = "0.3.28" tracing = "0.1.39" [dev-dependencies] -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" } diff --git a/zebra-chain/Cargo.toml b/zebra-chain/Cargo.toml index a6ec5c1f3..3e9b99891 100644 --- a/zebra-chain/Cargo.toml +++ b/zebra-chain/Cargo.toml @@ -81,7 +81,7 @@ group = "0.13.0" incrementalmerkletree.workspace = true jubjub = "0.10.0" lazy_static = "1.4.0" -tempfile = "3.11.0" +tempfile = "3.13.0" dirs = "5.0.1" num-integer = "0.1.46" primitive-types = "0.12.2" @@ -90,7 +90,7 @@ ripemd = "0.1.3" # Matches version used by hdwallet secp256k1 = { version = "0.26.0", features = ["serde"] } sha2 = { version = "0.10.7", features = ["compress"] } -uint = "0.9.5" +uint = "0.10.0" x25519-dalek = { version = "2.0.1", features = ["serde"] } # ECC deps @@ -110,12 +110,12 @@ humantime = "2.1.0" # Error Handling & Formatting static_assertions = "1.1.0" -thiserror = "1.0.63" +thiserror = "1.0.64" tracing = "0.1.39" # Serialization hex = { version = "0.4.3", features = ["serde"] } -serde = { version = "1.0.204", features = ["serde_derive", "rc"] } +serde = { version = "1.0.210", features = ["serde_derive", "rc"] } serde_with = "3.9.0" serde-big-array = "0.5.1" @@ -130,10 +130,10 @@ redjubjub = "0.7.0" reddsa = "0.5.1" # Production feature json-conversion -serde_json = { version = "1.0.122", optional = true } +serde_json = { version = "1.0.128", optional = true } # Production feature async-error and testing feature proptest-impl -tokio = { version = "1.39.2", optional = true } +tokio = { version = "1.40.0", optional = true } # Experimental feature shielded-scan zcash_client_backend = { workspace = true, optional = true } @@ -166,7 +166,7 @@ proptest-derive = "0.5.0" rand = "0.8.5" rand_chacha = "0.3.1" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" } diff --git a/zebra-chain/src/work/difficulty.rs b/zebra-chain/src/work/difficulty.rs index 8388cd7fb..20fc63845 100644 --- a/zebra-chain/src/work/difficulty.rs +++ b/zebra-chain/src/work/difficulty.rs @@ -457,10 +457,7 @@ impl ExpandedDifficulty { /// Zebra displays difficulties in big-endian byte-order, /// following the u256 convention set by Bitcoin and zcashd. pub fn bytes_in_display_order(&self) -> [u8; 32] { - let mut reversed_bytes = [0; 32]; - self.0.to_big_endian(&mut reversed_bytes); - - reversed_bytes + self.0.to_big_endian() } /// Convert bytes in big-endian byte-order into an [`ExpandedDifficulty`]. diff --git a/zebra-chain/src/work/u256.rs b/zebra-chain/src/work/u256.rs index 1897f9ecd..b9b85dbb2 100644 --- a/zebra-chain/src/work/u256.rs +++ b/zebra-chain/src/work/u256.rs @@ -4,6 +4,7 @@ #![allow(clippy::all)] #![allow(clippy::range_plus_one)] #![allow(clippy::fallible_impl_from)] +#![allow(missing_docs)] use uint::construct_uint; diff --git a/zebra-consensus/Cargo.toml b/zebra-consensus/Cargo.toml index f49041d0b..3914087e9 100644 --- a/zebra-consensus/Cargo.toml +++ b/zebra-consensus/Cargo.toml @@ -46,13 +46,13 @@ rayon = "1.10.0" chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] } lazy_static = "1.4.0" once_cell = "1.18.0" -serde = { version = "1.0.204", features = ["serde_derive"] } +serde = { version = "1.0.210", features = ["serde_derive"] } futures = "0.3.30" futures-util = "0.3.28" metrics = "0.23.0" -thiserror = "1.0.63" -tokio = { version = "1.39.2", features = ["time", "sync", "tracing", "rt-multi-thread"] } +thiserror = "1.0.64" +tokio = { version = "1.40.0", features = ["time", "sync", "tracing", "rt-multi-thread"] } tower = { version = "0.4.13", features = ["timeout", "util", "buffer"] } tracing = "0.1.39" tracing-futures = "0.2.5" @@ -90,7 +90,7 @@ proptest = "1.4.0" proptest-derive = "0.5.0" spandoc = "0.2.2" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } tracing-error = "0.2.0" tracing-subscriber = "0.3.18" diff --git a/zebra-grpc/Cargo.toml b/zebra-grpc/Cargo.toml index 32e671862..9cdaadafa 100644 --- a/zebra-grpc/Cargo.toml +++ b/zebra-grpc/Cargo.toml @@ -17,12 +17,12 @@ categories = ["cryptography::cryptocurrencies"] [dependencies] futures-util = "0.3.28" -tonic = "0.12.1" -tonic-reflection = "0.12.1" -prost = "0.13.1" -serde = { version = "1.0.204", features = ["serde_derive"] } -tokio = { version = "1.39.2", features = ["macros", "rt-multi-thread"] } -tokio-stream = "0.1.15" +tonic = "0.12.3" +tonic-reflection = "0.12.3" +prost = "0.13.3" +serde = { version = "1.0.210", features = ["serde_derive"] } +tokio = { version = "1.40.0", features = ["macros", "rt-multi-thread"] } +tokio-stream = "0.1.16" tower = { version = "0.4.13", features = ["util", "buffer", "timeout"] } color-eyre = "0.6.3" @@ -32,10 +32,10 @@ zebra-node-services = { path = "../zebra-node-services", version = "1.0.0-beta.3 zebra-chain = { path = "../zebra-chain" , version = "1.0.0-beta.39" } [build-dependencies] -tonic-build = "0.12.1" +tonic-build = "0.12.3" [dev-dependencies] -insta = { version = "1.39.0", features = ["redactions", "json", "ron"] } +insta = { version = "1.40.0", features = ["redactions", "json", "ron"] } zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] } zebra-state = { path = "../zebra-state" } diff --git a/zebra-grpc/build.rs b/zebra-grpc/build.rs index 316690632..f118f5983 100644 --- a/zebra-grpc/build.rs +++ b/zebra-grpc/build.rs @@ -10,7 +10,7 @@ fn main() -> Result<(), Box> { .protoc_arg("--experimental_allow_proto3_optional") .type_attribute(".", "#[derive(serde::Deserialize, serde::Serialize)]") .file_descriptor_set_path(out_dir.join("scanner_descriptor.bin")) - .compile(&["proto/scanner.proto"], &[""])?; + .compile_protos(&["proto/scanner.proto"], &[""])?; Ok(()) } diff --git a/zebra-grpc/src/server.rs b/zebra-grpc/src/server.rs index d20d99440..f10421c4a 100644 --- a/zebra-grpc/src/server.rs +++ b/zebra-grpc/src/server.rs @@ -459,7 +459,7 @@ where let service = ScannerRPC { scan_service }; let reflection_service = tonic_reflection::server::Builder::configure() .register_encoded_file_descriptor_set(crate::scanner::FILE_DESCRIPTOR_SET) - .build() + .build_v1() .unwrap(); let tcp_listener = tokio::net::TcpListener::bind(listen_addr).await?; diff --git a/zebra-network/Cargo.toml b/zebra-network/Cargo.toml index c207910af..39cd209c4 100644 --- a/zebra-network/Cargo.toml +++ b/zebra-network/Cargo.toml @@ -42,12 +42,12 @@ proptest-impl = ["proptest", "proptest-derive", "zebra-chain/proptest-impl"] [dependencies] bitflags = "2.5.0" byteorder = "1.5.0" -bytes = "1.7.1" +bytes = "1.7.2" chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] } dirs = "5.0.1" hex = "0.4.3" humantime-serde = "1.1.1" -indexmap = { version = "2.3.0", features = ["serde"] } +indexmap = { version = "2.5.0", features = ["serde"] } itertools = "0.13.0" lazy_static = "1.4.0" num-integer = "0.1.46" @@ -55,15 +55,15 @@ ordered-map = "0.4.2" pin-project = "1.1.5" rand = "0.8.5" rayon = "1.10.0" -regex = "1.10.6" -serde = { version = "1.0.204", features = ["serde_derive"] } -tempfile = "3.11.0" -thiserror = "1.0.63" +regex = "1.11.0" +serde = { version = "1.0.210", features = ["serde_derive"] } +tempfile = "3.13.0" +thiserror = "1.0.64" futures = "0.3.30" -tokio = { version = "1.39.2", features = ["fs", "io-util", "net", "time", "tracing", "macros", "rt-multi-thread"] } -tokio-stream = { version = "0.1.15", features = ["sync", "time"] } -tokio-util = { version = "0.7.11", features = ["codec"] } +tokio = { version = "1.40.0", features = ["fs", "io-util", "net", "time", "tracing", "macros", "rt-multi-thread"] } +tokio-stream = { version = "0.1.16", features = ["sync", "time"] } +tokio-util = { version = "0.7.12", features = ["codec"] } tower = { version = "0.4.13", features = ["retry", "discover", "load", "load-shed", "timeout", "util", "buffer"] } metrics = "0.23.0" @@ -90,7 +90,7 @@ proptest = "1.4.0" proptest-derive = "0.5.0" static_assertions = "1.1.0" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } toml = "0.8.19" zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] } diff --git a/zebra-node-services/Cargo.toml b/zebra-node-services/Cargo.toml index 8d0992dcf..e0da107d0 100644 --- a/zebra-node-services/Cargo.toml +++ b/zebra-node-services/Cargo.toml @@ -46,14 +46,14 @@ color-eyre = { version = "0.6.3", optional = true } jsonrpc-core = { version = "18.0.0", optional = true } # Security: avoid default dependency on openssl reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"], optional = true } -serde = { version = "1.0.204", optional = true } -serde_json = { version = "1.0.122", optional = true } -tokio = { version = "1.39.2", features = ["time", "sync"] } +serde = { version = "1.0.210", optional = true } +serde_json = { version = "1.0.128", optional = true } +tokio = { version = "1.40.0", features = ["time", "sync"] } [dev-dependencies] color-eyre = "0.6.3" jsonrpc-core = "18.0.0" reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"] } -serde = "1.0.204" -serde_json = "1.0.122" +serde = "1.0.210" +serde_json = "1.0.128" diff --git a/zebra-rpc/Cargo.toml b/zebra-rpc/Cargo.toml index babae9123..909d9a468 100644 --- a/zebra-rpc/Cargo.toml +++ b/zebra-rpc/Cargo.toml @@ -65,10 +65,10 @@ jsonrpc-derive = "18.0.0" jsonrpc-http-server = "18.0.0" # zebra-rpc needs the preserve_order feature in serde_json, which is a dependency of jsonrpc-core -serde_json = { version = "1.0.122", features = ["preserve_order"] } -indexmap = { version = "2.3.0", features = ["serde"] } +serde_json = { version = "1.0.128", features = ["preserve_order"] } +indexmap = { version = "2.5.0", features = ["serde"] } -tokio = { version = "1.39.2", features = [ +tokio = { version = "1.40.0", features = [ "time", "rt-multi-thread", "macros", @@ -77,15 +77,15 @@ tokio = { version = "1.39.2", features = [ tower = "0.4.13" # indexer-rpcs dependencies -tonic = { version = "0.12.1", optional = true } -tonic-reflection = { version = "0.12.1", optional = true } -prost = { version = "0.13.1", optional = true } -tokio-stream = { version = "0.1.15", optional = true } +tonic = { version = "0.12.3", optional = true } +tonic-reflection = { version = "0.12.3", optional = true } +prost = { version = "0.13.3", optional = true } +tokio-stream = { version = "0.1.16", optional = true } tracing = "0.1.39" hex = { version = "0.4.3", features = ["serde"] } -serde = { version = "1.0.204", features = ["serde_derive"] } +serde = { version = "1.0.210", features = ["serde_derive"] } # For the `stop` RPC method. nix = { version = "0.29.0", features = ["signal"] } @@ -112,15 +112,15 @@ zebra-script = { path = "../zebra-script", version = "1.0.0-beta.39" } zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39" } [build-dependencies] -tonic-build = { version = "0.12.1", optional = true } +tonic-build = { version = "0.12.3", optional = true } [dev-dependencies] -insta = { version = "1.39.0", features = ["redactions", "json", "ron"] } +insta = { version = "1.40.0", features = ["redactions", "json", "ron"] } proptest = "1.4.0" -thiserror = "1.0.63" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +thiserror = "1.0.64" +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = [ "proptest-impl", diff --git a/zebra-rpc/build.rs b/zebra-rpc/build.rs index 75db7fd2a..bbb84746f 100644 --- a/zebra-rpc/build.rs +++ b/zebra-rpc/build.rs @@ -8,7 +8,7 @@ fn main() -> Result<(), Box> { tonic_build::configure() .type_attribute(".", "#[derive(serde::Deserialize, serde::Serialize)]") .file_descriptor_set_path(out_dir.unwrap().join("indexer_descriptor.bin")) - .compile(&["proto/indexer.proto"], &[""])?; + .compile_protos(&["proto/indexer.proto"], &[""])?; } Ok(()) diff --git a/zebra-rpc/src/indexer/server.rs b/zebra-rpc/src/indexer/server.rs index fcd3a3ac6..43e82f33c 100644 --- a/zebra-rpc/src/indexer/server.rs +++ b/zebra-rpc/src/indexer/server.rs @@ -54,7 +54,7 @@ where let reflection_service = tonic_reflection::server::Builder::configure() .register_encoded_file_descriptor_set(crate::indexer::FILE_DESCRIPTOR_SET) - .build() + .build_v1() .unwrap(); tracing::info!("Trying to open indexer RPC endpoint at {}...", listen_addr,); diff --git a/zebra-scan/Cargo.toml b/zebra-scan/Cargo.toml index 8ef7cae25..6a5bd10e2 100644 --- a/zebra-scan/Cargo.toml +++ b/zebra-scan/Cargo.toml @@ -61,11 +61,11 @@ results-reader = [ [dependencies] color-eyre = "0.6.3" -indexmap = { version = "2.3.0", features = ["serde"] } +indexmap = { version = "2.5.0", features = ["serde"] } itertools = "0.13.0" semver = "1.0.23" -serde = { version = "1.0.204", features = ["serde_derive"] } -tokio = { version = "1.39.2", features = ["time"] } +serde = { version = "1.0.210", features = ["serde_derive"] } +tokio = { version = "1.40.0", features = ["time"] } tower = "0.4.13" tracing = "0.1.39" futures = "0.3.30" @@ -103,7 +103,7 @@ zebra-test = { path = "../zebra-test", version = "1.0.0-beta.39", optional = tru tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } structopt = "0.3.26" lazy_static = "1.4.0" -serde_json = "1.0.122" +serde_json = "1.0.128" jsonrpc = { version = "0.18.0", optional = true } hex = { version = "0.4.3", optional = true } @@ -111,8 +111,8 @@ hex = { version = "0.4.3", optional = true } zebrad = { path = "../zebrad", version = "1.8.1" } [dev-dependencies] -insta = { version = "1.39.0", features = ["ron", "redactions"] } -tokio = { version = "1.39.2", features = ["test-util"] } +insta = { version = "1.40.0", features = ["ron", "redactions"] } +tokio = { version = "1.40.0", features = ["test-util"] } proptest = "1.4.0" proptest-derive = "0.5.0" @@ -121,10 +121,10 @@ ff = "0.13.0" group = "0.13.0" jubjub = "0.10.0" rand = "0.8.5" -tempfile = "3.11.0" +tempfile = "3.13.0" zcash_note_encryption = "0.4.0" toml = "0.8.19" -tonic = "0.12.1" +tonic = "0.12.3" zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39", features = ["proptest-impl"] } zebra-test = { path = "../zebra-test", version = "1.0.0-beta.39" } diff --git a/zebra-script/Cargo.toml b/zebra-script/Cargo.toml index c2f8c4ee5..095e0ed29 100644 --- a/zebra-script/Cargo.toml +++ b/zebra-script/Cargo.toml @@ -18,7 +18,7 @@ categories = ["api-bindings", "cryptography::cryptocurrencies"] zcash_script = "0.2.0" zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39" } -thiserror = "1.0.63" +thiserror = "1.0.64" [dev-dependencies] hex = "0.4.3" diff --git a/zebra-state/Cargo.toml b/zebra-state/Cargo.toml index db14f448c..f1776424b 100644 --- a/zebra-state/Cargo.toml +++ b/zebra-state/Cargo.toml @@ -54,28 +54,28 @@ hex = "0.4.3" hex-literal = "0.4.1" humantime-serde = "1.1.1" human_bytes = { version = "0.4.3", default-features = false } -indexmap = "2.3.0" +indexmap = "2.5.0" itertools = "0.13.0" lazy_static = "1.4.0" metrics = "0.23.0" mset = "0.1.1" -regex = "1.10.6" -rlimit = "0.10.1" +regex = "1.11.0" +rlimit = "0.10.2" rocksdb = { version = "0.22.0", default-features = false, features = ["lz4"] } semver = "1.0.23" -serde = { version = "1.0.204", features = ["serde_derive"] } -tempfile = "3.11.0" -thiserror = "1.0.63" +serde = { version = "1.0.210", features = ["serde_derive"] } +tempfile = "3.13.0" +thiserror = "1.0.64" rayon = "1.10.0" -tokio = { version = "1.39.2", features = ["rt-multi-thread", "sync", "tracing"] } +tokio = { version = "1.40.0", features = ["rt-multi-thread", "sync", "tracing"] } tower = { version = "0.4.13", features = ["buffer", "util"] } tracing = "0.1.39" # elasticsearch specific dependencies. # Security: avoid default dependency on openssl elasticsearch = { version = "8.5.0-alpha.1", default-features = false, features = ["rustls-tls"], optional = true } -serde_json = { version = "1.0.122", package = "serde_json", optional = true } +serde_json = { version = "1.0.128", package = "serde_json", optional = true } zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = ["async-error"] } @@ -97,7 +97,7 @@ once_cell = "1.18.0" spandoc = "0.2.2" hex = { version = "0.4.3", features = ["serde"] } -insta = { version = "1.39.0", features = ["ron", "redactions"] } +insta = { version = "1.40.0", features = ["ron", "redactions"] } proptest = "1.4.0" proptest-derive = "0.5.0" @@ -106,7 +106,7 @@ rand = "0.8.5" halo2 = { package = "halo2_proofs", version = "0.3.0" } jubjub = "0.10.0" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39", features = ["proptest-impl"] } zebra-test = { path = "../zebra-test/", version = "1.0.0-beta.39" } diff --git a/zebra-test/Cargo.toml b/zebra-test/Cargo.toml index cbbf5ac6b..66c2f1682 100644 --- a/zebra-test/Cargo.toml +++ b/zebra-test/Cargo.toml @@ -16,16 +16,16 @@ categories = ["command-line-utilities", "cryptography::cryptocurrencies"] [dependencies] hex = "0.4.3" -indexmap = "2.3.0" +indexmap = "2.5.0" lazy_static = "1.4.0" -insta = "1.39.0" +insta = "1.40.0" itertools = "0.13.0" proptest = "1.4.0" once_cell = "1.18.0" rand = "0.8.5" -regex = "1.10.6" +regex = "1.11.0" -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } tower = { version = "0.4.13", features = ["util"] } futures = "0.3.30" @@ -35,13 +35,13 @@ color-eyre = "0.6.3" tinyvec = { version = "1.8.0", features = ["rustc_1_55"] } humantime = "2.1.0" -owo-colors = "4.0.0" +owo-colors = "4.1.0" spandoc = "0.2.2" -thiserror = "1.0.63" +thiserror = "1.0.64" tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } tracing-error = "0.2.0" tracing = "0.1.39" [dev-dependencies] -tempfile = "3.11.0" +tempfile = "3.13.0" diff --git a/zebra-utils/Cargo.toml b/zebra-utils/Cargo.toml index 2c1ce7499..66c884d3c 100644 --- a/zebra-utils/Cargo.toml +++ b/zebra-utils/Cargo.toml @@ -89,10 +89,10 @@ tinyvec = { version = "1.8.0", features = ["rustc_1_55"] } structopt = "0.3.26" hex = "0.4.3" -serde_json = "1.0.122" +serde_json = "1.0.128" tracing-error = "0.2.0" tracing-subscriber = "0.3.18" -thiserror = "1.0.63" +thiserror = "1.0.64" zebra-node-services = { path = "../zebra-node-services", version = "1.0.0-beta.39" } zebra-chain = { path = "../zebra-chain", version = "1.0.0-beta.39" } @@ -104,12 +104,12 @@ zebra-rpc = { path = "../zebra-rpc", version = "1.0.0-beta.39", optional = true itertools = { version = "0.13.0", optional = true } # These crates are needed for the search-issue-refs binary -regex = { version = "1.10.6", optional = true } +regex = { version = "1.11.0", optional = true } # Avoid default openssl dependency to reduce the dependency tree and security alerts. reqwest = { version = "0.11.26", default-features = false, features = ["rustls-tls"], optional = true } # These crates are needed for the zebra-checkpoints and search-issue-refs binaries -tokio = { version = "1.39.2", features = ["full"], optional = true } +tokio = { version = "1.40.0", features = ["full"], optional = true } jsonrpc = { version = "0.18.0", optional = true } @@ -119,9 +119,9 @@ zcash_protocol.workspace = true # For the openapi generator rand = "0.8.5" -syn = { version = "2.0.72", features = ["full"], optional = true } -quote = { version = "1.0.36", optional = true } +syn = { version = "2.0.79", features = ["full"], optional = true } +quote = { version = "1.0.37", optional = true } serde_yml = { version = "0.0.12", optional = true } -serde = { version = "1.0.204", features = ["serde_derive"], optional = true } -indexmap = "2.3.0" +serde = { version = "1.0.210", features = ["serde_derive"], optional = true } +indexmap = "2.5.0" diff --git a/zebrad/Cargo.toml b/zebrad/Cargo.toml index 6b4f2cfec..8d42e2421 100644 --- a/zebrad/Cargo.toml +++ b/zebrad/Cargo.toml @@ -168,19 +168,19 @@ zebra-state = { path = "../zebra-state", version = "1.0.0-beta.39" } zebra-utils = { path = "../zebra-utils", version = "1.0.0-beta.39", optional = true } abscissa_core = "0.7.0" -clap = { version = "4.5.13", features = ["cargo"] } +clap = { version = "4.5.18", features = ["cargo"] } chrono = { version = "0.4.38", default-features = false, features = ["clock", "std"] } humantime-serde = "1.1.1" -indexmap = "2.3.0" +indexmap = "2.5.0" lazy_static = "1.4.0" semver = "1.0.23" -serde = { version = "1.0.204", features = ["serde_derive"] } +serde = { version = "1.0.210", features = ["serde_derive"] } toml = "0.8.19" futures = "0.3.30" rayon = "1.10.0" -tokio = { version = "1.39.2", features = ["time", "rt-multi-thread", "macros", "tracing", "signal"] } -tokio-stream = { version = "0.1.15", features = ["time"] } +tokio = { version = "1.40.0", features = ["time", "rt-multi-thread", "macros", "tracing", "signal"] } +tokio-stream = { version = "0.1.16", features = ["time"] } tower = { version = "0.4.13", features = ["hedge", "limit"] } pin-project = "1.1.5" @@ -189,7 +189,7 @@ color-eyre = { version = "0.6.3", default-features = false, features = ["issue-u # Enable a feature that makes tinyvec compile much faster. tinyvec = { version = "1.8.0", features = ["rustc_1_55"] } -thiserror = "1.0.63" +thiserror = "1.0.64" tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } tracing-appender = "0.2.3" @@ -221,8 +221,8 @@ tracing-journald = { version = "0.3.0", optional = true } # prod feature filter-reload hyper = { version = "1.3.1", features = ["http1", "http2", "server"], optional = true } http-body-util = { version = "0.1.2", optional = true } -hyper-util = { version = "0.1.6", optional = true } -bytes = { version = "1.7.1", optional = true } +hyper-util = { version = "0.1.9", optional = true } +bytes = { version = "1.7.2", optional = true } # prod feature prometheus metrics-exporter-prometheus = { version = "0.15.3", default-features = false, features = ["http-listener"], optional = true } @@ -248,7 +248,7 @@ console-subscriber = { version = "0.4.0", optional = true } vergen = { version = "8.3.2", default-features = false, features = ["cargo", "git", "git2", "rustc"] } # test feature lightwalletd-grpc-tests -tonic-build = { version = "0.12.1", optional = true } +tonic-build = { version = "0.12.3", optional = true } [dev-dependencies] abscissa_core = { version = "0.7.0", features = ["testing"] } @@ -256,22 +256,22 @@ hex = "0.4.3" hex-literal = "0.4.1" jsonrpc-core = "18.0.0" once_cell = "1.18.0" -regex = "1.10.6" -insta = { version = "1.39.0", features = ["json"] } +regex = "1.11.0" +insta = { version = "1.40.0", features = ["json"] } # zebra-rpc needs the preserve_order feature, it also makes test results more stable -serde_json = { version = "1.0.122", features = ["preserve_order"] } -tempfile = "3.11.0" +serde_json = { version = "1.0.128", features = ["preserve_order"] } +tempfile = "3.13.0" hyper = { version = "1.3.1", features = ["http1", "http2", "server"]} tracing-test = { version = "0.2.4", features = ["no-env-filter"] } -tokio = { version = "1.39.2", features = ["full", "tracing", "test-util"] } -tokio-stream = "0.1.15" +tokio = { version = "1.40.0", features = ["full", "tracing", "test-util"] } +tokio-stream = "0.1.16" # test feature lightwalletd-grpc-tests -prost = "0.13.1" -tonic = "0.12.1" +prost = "0.13.3" +tonic = "0.12.3" proptest = "1.4.0" proptest-derive = "0.5.0" diff --git a/zebrad/build.rs b/zebrad/build.rs index b16a5dda3..efac0a697 100644 --- a/zebrad/build.rs +++ b/zebrad/build.rs @@ -47,7 +47,7 @@ fn main() { // so we can derive `Eq` as well as the default generated `PartialEq` derive. // This fixes `clippy::derive_partial_eq_without_eq` warnings. .message_attribute(".", "#[derive(Eq)]") - .compile( + .compile_protos( &["tests/common/lightwalletd/proto/service.proto"], &["tests/common/lightwalletd/proto"], )