From 67ee02b47e602d10882f9d0d087663b5157165d7 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:22:54 +0000 Subject: [PATCH 1/4] Update changelogs for partial French translations --- age/CHANGELOG.md | 2 ++ rage/CHANGELOG.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 072dc72c..39c0d4bc 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- Partial French translation! ## [0.10.0] - 2024-02-04 ### Added diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index 95e71ac0..e49f64f9 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- Partial French translation! ## [0.10.0] - 2024-02-04 ### Added From b9de00a29adea47941363bbee7ce4362227a664e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:23:42 +0000 Subject: [PATCH 2/4] cargo vet prune --- supply-chain/config.toml | 52 --------- supply-chain/imports.lock | 232 ++++++++++++++++++++++++++++++++------ 2 files changed, 198 insertions(+), 86 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 2f7ebea2..a050c23a 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -133,10 +133,6 @@ criteria = "safe-to-deploy" version = "0.1.11+1.0.8" criteria = "safe-to-deploy" -[[exemptions.cast]] -version = "0.3.0" -criteria = "safe-to-run" - [[exemptions.cbc]] version = "0.1.2" criteria = "safe-to-deploy" @@ -213,10 +209,6 @@ criteria = "safe-to-run" version = "0.3.2" criteria = "safe-to-deploy" -[[exemptions.cpp_demangle]] -version = "0.4.3" -criteria = "safe-to-run" - [[exemptions.cpufeatures]] version = "0.2.2" criteria = "safe-to-deploy" @@ -305,18 +297,6 @@ criteria = "safe-to-deploy" version = "0.13.0" criteria = "safe-to-deploy" -[[exemptions.futures]] -version = "0.3.30" -criteria = "safe-to-deploy" - -[[exemptions.futures-executor]] -version = "0.3.30" -criteria = "safe-to-deploy" - -[[exemptions.futures-io]] -version = "0.3.30" -criteria = "safe-to-deploy" - [[exemptions.futures-macro]] version = "0.3.30" criteria = "safe-to-deploy" @@ -349,10 +329,6 @@ criteria = "safe-to-deploy" version = "0.28.1" criteria = "safe-to-run" -[[exemptions.half]] -version = "2.2.1" -criteria = "safe-to-run" - [[exemptions.hashbrown]] version = "0.14.3" criteria = "safe-to-deploy" @@ -441,10 +417,6 @@ criteria = "safe-to-deploy" version = "2.6.3" criteria = "safe-to-deploy" -[[exemptions.memmap2]] -version = "0.9.4" -criteria = "safe-to-run" - [[exemptions.minimal-lexical]] version = "0.2.1" criteria = "safe-to-deploy" @@ -453,10 +425,6 @@ criteria = "safe-to-deploy" version = "0.26.1" criteria = "safe-to-deploy" -[[exemptions.nom]] -version = "7.1.1" -criteria = "safe-to-deploy" - [[exemptions.num-bigint-dig]] version = "0.8.4" criteria = "safe-to-deploy" @@ -481,10 +449,6 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" -[[exemptions.object]] -version = "0.32.2" -criteria = "safe-to-run" - [[exemptions.once_cell]] version = "1.15.0" criteria = "safe-to-deploy" @@ -537,10 +501,6 @@ criteria = "safe-to-deploy" version = "0.10.2" criteria = "safe-to-deploy" -[[exemptions.pkg-config]] -version = "0.3.29" -criteria = "safe-to-deploy" - [[exemptions.plotters]] version = "0.3.5" criteria = "safe-to-run" @@ -733,10 +693,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" -[[exemptions.strsim]] -version = "0.10.0" -criteria = "safe-to-deploy" - [[exemptions.symbolic-common]] version = "12.8.0" criteria = "safe-to-run" @@ -781,10 +737,6 @@ criteria = "safe-to-deploy" version = "0.1.44" criteria = "safe-to-deploy" -[[exemptions.tinytemplate]] -version = "1.2.1" -criteria = "safe-to-run" - [[exemptions.tokio]] version = "1.35.0" criteria = "safe-to-run" @@ -833,10 +785,6 @@ criteria = "safe-to-deploy" version = "1.7.0" criteria = "safe-to-run" -[[exemptions.wait-timeout]] -version = "0.2.0" -criteria = "safe-to-run" - [[exemptions.walkdir]] version = "2.4.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b2b5b05e..14069cb1 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -353,6 +353,17 @@ criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." +[[audits.bytecode-alliance.audits.futures-executor]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods." + +[[audits.bytecode-alliance.audits.futures-io]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -406,6 +417,12 @@ its own longevity should be relatively hardened against some of the more common compression-related issues. """ +[[audits.bytecode-alliance.audits.object]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.30.3 -> 0.31.1" +notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." + [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -421,6 +438,21 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.25" +notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." + +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.29" +notes = """ +No `unsafe` additions or anything outside of the purview of the crate in this +change. +""" + [[audits.bytecode-alliance.audits.proc-macro2]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -515,6 +547,18 @@ criteria = "safe-to-run" version = "0.3.67" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.cast]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.3.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.cpp_demangle]] +who = "Hidenori Kobayashi " +criteria = "safe-to-run" +version = "0.4.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.crossbeam-deque]] who = "George Burgess IV " criteria = "safe-to-run" @@ -549,6 +593,16 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.futures]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.3.28" +notes = """ +`futures` has no logic other than tests - it simply `pub use`s things from +other crates. +""" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -579,6 +633,12 @@ criteria = "safe-to-run" delta = "1.0.6 -> 1.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.memmap2]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "0.8.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.nix]] who = "David Koloski " criteria = "safe-to-run" @@ -599,12 +659,34 @@ Issues: """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.nom]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "7.1.3" +notes = """ +Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.normalize-line-endings]] who = "Max Lee " criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.object]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.30.3" +notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review." +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.object]] +who = "George Burgess IV " +criteria = "safe-to-run" +delta = "0.31.1 -> 0.32.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" @@ -642,12 +724,35 @@ criteria = "safe-to-run" version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.strsim]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "0.10.0" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.version_check]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.wait-timeout]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.zerocopy]] who = "ChromeOS" criteria = "safe-to-run" @@ -1202,6 +1307,18 @@ criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.futures-executor]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.futures-io]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1238,6 +1355,17 @@ criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.half]] +who = "John M. Schanck " +criteria = "safe-to-deploy" +version = "1.8.2" +notes = """ +This crate contains unsafe code for bitwise casts to/from binary16 floating-point +format. I've reviewed these and found no issues. There are no uses of ambient +capabilities. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1300,16 +1428,16 @@ it's not exploitable. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.nix]] -who = "Gabriele Svelto " +[[audits.mozilla.audits.memmap2]] +who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.26.2 -> 0.27.1" +delta = "0.8.0 -> 0.9.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.nom]] -who = "Mike Hommey " +[[audits.mozilla.audits.nix]] +who = "Gabriele Svelto " criteria = "safe-to-deploy" -delta = "7.1.1 -> 7.1.3" +delta = "0.26.2 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-integer]] @@ -1351,6 +1479,12 @@ criteria = "safe-to-deploy" delta = "2.3.0 -> 2.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.pkg-config]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.25 -> 0.3.26" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.ppv-lite86]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1810,6 +1944,24 @@ criteria = "safe-to-deploy" delta = "4.1.0 -> 4.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.curve25519-dalek]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "4.1.1 -> 4.1.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.curve25519-dalek]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "4.1.2 -> 4.1.3" +notes = """ +- New unsafe is adding `core::ptr::read_volatile` calls for black box + optimization barriers. +- `build.rs` changes are to use `CARGO_CFG_TARGET_POINTER_WIDTH` instead of + `TARGET` and the `platforms` crate for deciding on the target pointer width. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.curve25519-dalek-derive]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1828,6 +1980,13 @@ criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +notes = "Only sub-crate updates and corresponding changes to tests." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures-channel]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1854,6 +2013,18 @@ delta = "0.3.29 -> 0.3.30" notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures-executor]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-io]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures-task]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1898,6 +2069,16 @@ criteria = "safe-to-deploy" delta = "0.14.6 -> 0.14.7" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.half]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "1.8.2 -> 2.2.1" +notes = """ +All new uses of unsafe are either just accessing bit representations, or plausibly reasonable uses of intrinsics. I have not checked safety +requirements on the latter. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.indexmap]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1983,6 +2164,12 @@ code (but adapted to `u16` and `u8` reads, instead of `u32`). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.memmap2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.nix]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2004,39 +2191,16 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.pin-project-lite]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.2.9 -> 0.2.13" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Daira Emma Hopwood " -criteria = "safe-to-deploy" -version = "3.0.2" -notes = """ -This crate uses `#![forbid(unsafe_code)]` and its build script is safe. It only \"provides programmatic access to -information about valid Rust platforms, sourced from the Rust compiler\"; it does not attempt any detection that -would require unsafety. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "3.0.2 -> 3.1.2" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Jack Grigg " +[[audits.zcash.audits.object]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "3.1.2 -> 3.2.0" +delta = "0.32.1 -> 0.32.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.platforms]] +[[audits.zcash.audits.pin-project-lite]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "3.2.0 -> 3.3.0" +delta = "0.2.9 -> 0.2.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.proc-macro2]] From b22b60ff7fcfb1ef380186ae5e58477ba47b3ec3 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:41:15 +0000 Subject: [PATCH 3/4] cargo update --- Cargo.lock | 609 +++++++------- supply-chain/config.toml | 192 +++-- supply-chain/imports.lock | 1655 ++++++++++++++++++------------------- 3 files changed, 1245 insertions(+), 1211 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1732283b..7e519cf0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -29,9 +29,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -131,22 +131,22 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.7" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "getrandom", "once_cell", "version_check", - "zerocopy 0.7.32", + "zerocopy 0.7.35", ] [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -223,9 +223,9 @@ dependencies = [ [[package]] name = "arc-swap" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "arrayvec" @@ -235,15 +235,15 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line", "cc", @@ -256,9 +256,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -306,9 +306,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block" @@ -352,9 +352,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.14.1" +version = "1.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed2490600f404f2b94c167e31d3ed1d5f3c225a0f3b80230053b3e0b7b962bd9" +checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" [[package]] name = "byteorder" @@ -400,9 +400,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" dependencies = [ "jobserver", "libc", @@ -440,16 +440,16 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.33" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f13690e35a5e4ace198e7beea2895d29f3a9cc55015fcebe6336bd2010af9eb" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", "js-sys", "num-traits", "wasm-bindgen", - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -531,7 +531,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -552,9 +552,9 @@ dependencies = [ [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" [[package]] name = "console" @@ -591,9 +591,12 @@ dependencies = [ [[package]] name = "cookie-factory" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b" +checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2" +dependencies = [ + "futures", +] [[package]] name = "core-foundation-sys" @@ -612,18 +615,18 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] [[package]] name = "crc32fast" -version = "1.3.2" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" dependencies = [ "cfg-if", ] @@ -675,34 +678,28 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.17" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.18" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" -dependencies = [ - "cfg-if", -] +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] name = "crunchy" @@ -763,7 +760,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -790,9 +787,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "zeroize", @@ -812,13 +809,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -829,9 +826,9 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "either" -version = "1.9.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "encode_unicode" @@ -860,9 +857,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -870,15 +867,15 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" @@ -888,7 +885,7 @@ checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "windows-sys 0.52.0", ] @@ -915,9 +912,9 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.28" +version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" dependencies = [ "crc32fast", "miniz_oxide", @@ -925,9 +922,9 @@ dependencies = [ [[package]] name = "fluent" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61f69378194459db76abd2ce3952b790db103ceb003008d3d50d97c41ff847a7" +checksum = "bb74634707bebd0ce645a981148e8fb8c7bccd4c33c652aeffd28bf2f96d555a" dependencies = [ "fluent-bundle", "unic-langid", @@ -935,9 +932,9 @@ dependencies = [ [[package]] name = "fluent-bundle" -version = "0.15.2" +version = "0.15.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e242c601dec9711505f6d5bbff5bedd4b61b2469f2e8bb8e57ee7c9747a87ffd" +checksum = "7fe0a21ee80050c678013f82edf4b705fe2f26f1f9877593d13198612503f493" dependencies = [ "fluent-langneg", "fluent-syntax", @@ -960,9 +957,9 @@ dependencies = [ [[package]] name = "fluent-syntax" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0abed97648395c902868fee9026de96483933faa54ea3b40d652f7dfe61ca78" +checksum = "2a530c4694a6a8d528794ee9bbd8ba0122e779629ac908d15ad5a7ae7763a33d" dependencies = [ "thiserror", ] @@ -1056,7 +1053,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -1118,9 +1115,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -1129,9 +1126,9 @@ dependencies = [ [[package]] name = "ghash" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" dependencies = [ "opaque-debug", "polyval", @@ -1139,9 +1136,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "glob" @@ -1160,9 +1157,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heck" @@ -1172,9 +1169,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.4" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hex" @@ -1278,7 +1275,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.46", + "syn 2.0.72", "unic-langid", ] @@ -1292,14 +1289,14 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "iana-time-zone" -version = "0.1.59" +version = "0.1.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539" +checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -1320,9 +1317,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", "hashbrown", @@ -1358,9 +1355,9 @@ dependencies = [ [[package]] name = "intl-memoizer" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c310433e4a310918d6ed9243542a6b83ec1183df95dff8f23f87bb88a264a66f" +checksum = "fe22e020fce238ae18a6d5d8c502ee76a52a6e880d99477657e6acc30ec57bda" dependencies = [ "type-map", "unic-langid", @@ -1383,12 +1380,12 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "is-terminal" -version = "0.4.10" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ "hermit-abi", - "rustix", + "libc", "windows-sys 0.52.0", ] @@ -1403,42 +1400,42 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "jobserver" -version = "0.1.26" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" dependencies = [ "libc", ] [[package]] name = "js-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ "spin", ] [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libm" @@ -1448,9 +1445,9 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "locale_config" @@ -1467,9 +1464,9 @@ dependencies = [ [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -1477,9 +1474,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "malloc_buf" @@ -1492,9 +1489,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memmap2" @@ -1513,9 +1510,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] @@ -1537,7 +1534,7 @@ version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "cfg-if", "libc", ] @@ -1587,19 +1584,18 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -1608,9 +1604,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -1657,9 +1653,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.2" +version = "0.36.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" dependencies = [ "memchr", ] @@ -1672,21 +1668,21 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "oorandom" -version = "11.1.3" +version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "os_pipe" -version = "1.1.5" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57119c3b893986491ec9aa85056780d3a0f3cf4da7cc09dd3650dbd6c6738fb9" +checksum = "29d73ba8daf8fac13b0501d1abeddcfe21ba7401ada61a819144b6c2a4f32209" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1704,9 +1700,9 @@ dependencies = [ [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -1714,15 +1710,15 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.5.3", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -1766,29 +1762,29 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pin-project" -version = "1.1.4" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0302c4a0442c456bd56f841aee5c3bfd17967563f6fadc9ceb9f9c23cf3807e0" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.4" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266c042b60c9c76b8d53061e52b2e0d1116abc57cefc8c5cd671619a56ac3690" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1833,15 +1829,15 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45" +checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" dependencies = [ "num-traits", "plotters-backend", @@ -1852,15 +1848,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609" +checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" [[package]] name = "plotters-svg" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab" +checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" dependencies = [ "plotters-backend", ] @@ -1878,9 +1874,9 @@ dependencies = [ [[package]] name = "polyval" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" dependencies = [ "cfg-if", "cpufeatures", @@ -1942,22 +1938,22 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "proptest" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" +checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.1", + "bitflags 2.6.0", "lazy_static", "num-traits", "rand", @@ -1986,9 +1982,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -2062,9 +2058,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.8.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" dependencies = [ "either", "rayon-core", @@ -2072,9 +2068,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -2089,11 +2085,20 @@ dependencies = [ "bitflags 1.3.2", ] +[[package]] +name = "redox_syscall" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +dependencies = [ + "bitflags 2.6.0", +] + [[package]] name = "regex" -version = "1.10.2" +version = "1.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -2103,9 +2108,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -2114,15 +2119,15 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.37" +version = "0.8.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8" +checksum = "ade4539f42266ded9e755c605bdddf546242b2c961b03b06a7375260788a0523" dependencies = [ "bytemuck", ] @@ -2176,9 +2181,9 @@ dependencies = [ [[package]] name = "rust-embed" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f" +checksum = "fb78f46d0066053d16d4ca7b898e9343bc3530f71c61d5ad84cd404ada068745" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -2187,22 +2192,22 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16" +checksum = "b91ac2a3c6c0520a3fb3dd89321177c3c692937c4eb21893378219da10c44fc8" dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.46", + "syn 2.0.72", "walkdir", ] [[package]] name = "rust-embed-utils" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665" +checksum = "86f69089032567ffff4eada41c573fc43ff466c7db7c5688b2e7969584345581" dependencies = [ "sha2", "walkdir", @@ -2210,9 +2215,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -2231,11 +2236,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -2256,9 +2261,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.16" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "salsa20" @@ -2310,46 +2315,46 @@ version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e14e4d63b804dc0c7ec4a1e52bcb63f02c7ac94476755aa579edac21e01f915d" dependencies = [ - "self_cell 1.0.3", + "self_cell 1.0.4", ] [[package]] name = "self_cell" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba" +checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" [[package]] name = "semver" -version = "1.0.21" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "serde_json" -version = "1.0.110" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa", "ryu", @@ -2405,9 +2410,9 @@ dependencies = [ [[package]] name = "similar" -version = "2.4.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32fea41aca09ee824cc9724996433064c89f7777e60762749a4170a14abbfa21" +checksum = "1de1d4f81173b03af4c0cbed3c898f6bff5b870e4a7f5d6f4057d62a7a4b686e" [[package]] name = "slab" @@ -2420,9 +2425,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.13.1" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "snapbox" @@ -2457,9 +2462,9 @@ dependencies = [ [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" @@ -2491,15 +2496,15 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "symbolic-common" -version = "12.8.0" +version = "12.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cccfffbc6bb3bb2d3a26cd2077f4d055f6808d266f9d4d158797a4c60510dfe" +checksum = "16629323a4ec5268ad23a575110a724ad4544aae623451de600c747bf87b36cf" dependencies = [ "debugid", "memmap2", @@ -2509,9 +2514,9 @@ dependencies = [ [[package]] name = "symbolic-demangle" -version = "12.8.0" +version = "12.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a99812da4020a67e76c4eb41f08c87364c14170495ff780f30dd519c221a68" +checksum = "48c043a45f08f41187414592b3ceb53fb0687da57209cc77401767fb69d5b596" dependencies = [ "cpp_demangle", "rustc-demangle", @@ -2530,9 +2535,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -2541,9 +2546,9 @@ dependencies = [ [[package]] name = "tar" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" +checksum = "cb797dad5fb5b76fcf519e702f4a589483b5ef06567f160c392832c1f5e44909" dependencies = [ "filetime", "libc", @@ -2552,13 +2557,12 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.9.0" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "redox_syscall", "rustix", "windows-sys 0.52.0", ] @@ -2590,7 +2594,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2601,28 +2605,28 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "test-case-core", ] [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2671,9 +2675,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.35.1" +version = "1.38.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +checksum = "eb2caba9f80616f438e09748d5acda951967e1ea58508ef53d9c6402485a46df" dependencies = [ "backtrace", "num_cpus", @@ -2683,13 +2687,13 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2753,9 +2757,9 @@ dependencies = [ [[package]] name = "type-map" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6d3364c5e96cb2ad1603037ab253ddd34d7fb72a58bdddf4b7350760fc69a46" +checksum = "deb68604048ff8fa93347f02441e4487594adc20bb8a084f9e564d2b827a0a9f" dependencies = [ "rustc-hash", ] @@ -2774,18 +2778,18 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" [[package]] name = "unic-langid" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "238722e6d794ed130f91f4ea33e01fcff4f188d92337a21297892521c72df516" +checksum = "23dd9d1e72a73b25e07123a80776aae3e7b0ec461ef94f9151eed6ec88005a44" dependencies = [ "unic-langid-impl", ] [[package]] name = "unic-langid-impl" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd55a2063fdea4ef1f8633243a7b0524cbeef1905ae04c31a1c9b9775c55bc6" +checksum = "0a5422c1f65949306c99240b81de9f3f15929f5a8bfe05bb44b034cc8bf593e5" dependencies = [ "serde", "tinystr", @@ -2809,21 +2813,21 @@ dependencies = [ [[package]] name = "utf8parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.7.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a" +checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wait-timeout" @@ -2836,9 +2840,9 @@ dependencies = [ [[package]] name = "walkdir" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", @@ -2852,9 +2856,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2862,24 +2866,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2887,28 +2891,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "web-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2944,11 +2948,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -2963,7 +2967,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -2990,7 +2994,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -3025,17 +3029,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -3052,9 +3057,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -3070,9 +3075,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -3088,9 +3093,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -3106,9 +3117,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -3124,9 +3135,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -3142,9 +3153,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -3160,15 +3171,15 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.5.37" +version = "0.5.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7cad8365489051ae9f054164e459304af2e7e9bb407c958076c8bf4aef52da5" +checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" dependencies = [ "memchr", ] @@ -3181,9 +3192,9 @@ checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4" [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", @@ -3214,11 +3225,11 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ - "zerocopy-derive 0.7.32", + "zerocopy-derive 0.7.35", ] [[package]] @@ -3229,25 +3240,25 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -3260,7 +3271,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -3304,9 +3315,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.9+zstd.1.5.5" +version = "2.0.12+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e16efa8a874a0481a574084d34cc26fdb3b99627480f785888deb6386506656" +checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" dependencies = [ "cc", "pkg-config", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index a050c23a..01dc2953 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -86,9 +86,13 @@ version = "1.0.2" criteria = "safe-to-deploy" [[exemptions.arc-swap]] -version = "1.6.0" +version = "1.7.1" criteria = "safe-to-deploy" +[[exemptions.backtrace]] +version = "0.3.73" +criteria = "safe-to-run" + [[exemptions.base64ct]] version = "1.6.0" criteria = "safe-to-deploy" @@ -117,10 +121,6 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.bytemuck]] -version = "1.14.1" -criteria = "safe-to-run" - [[exemptions.byteorder]] version = "1.4.3" criteria = "safe-to-deploy" @@ -146,7 +146,7 @@ version = "0.10.1" criteria = "safe-to-deploy" [[exemptions.chrono]] -version = "0.4.33" +version = "0.4.38" criteria = "safe-to-deploy" [[exemptions.ciborium]] @@ -189,6 +189,10 @@ criteria = "safe-to-deploy" version = "0.2.12" criteria = "safe-to-deploy" +[[exemptions.colorchoice]] +version = "1.0.2" +criteria = "safe-to-deploy" + [[exemptions.console]] version = "0.15.8" criteria = "safe-to-deploy" @@ -206,7 +210,7 @@ version = "0.2.4" criteria = "safe-to-run" [[exemptions.cookie-factory]] -version = "0.3.2" +version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.cpufeatures]] @@ -261,6 +265,10 @@ criteria = "safe-to-deploy" version = "0.9.0" criteria = "safe-to-deploy" +[[exemptions.displaydoc]] +version = "0.2.5" +criteria = "safe-to-deploy" + [[exemptions.dunce]] version = "1.0.4" criteria = "safe-to-run" @@ -289,6 +297,18 @@ criteria = "safe-to-run" version = "1.0.28" criteria = "safe-to-deploy" +[[exemptions.fluent]] +version = "0.16.1" +criteria = "safe-to-deploy" + +[[exemptions.fluent-bundle]] +version = "0.15.3" +criteria = "safe-to-deploy" + +[[exemptions.fluent-syntax]] +version = "0.11.1" +criteria = "safe-to-deploy" + [[exemptions.fuse_mt]] version = "0.6.1" criteria = "safe-to-deploy" @@ -325,16 +345,16 @@ criteria = "safe-to-deploy" version = "0.2.10" criteria = "safe-to-deploy" -[[exemptions.gimli]] -version = "0.28.1" -criteria = "safe-to-run" +[[exemptions.ghash]] +version = "0.5.1" +criteria = "safe-to-deploy" [[exemptions.hashbrown]] -version = "0.14.3" +version = "0.14.2" criteria = "safe-to-deploy" [[exemptions.hermit-abi]] -version = "0.3.4" +version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.hkdf]] @@ -369,24 +389,32 @@ criteria = "safe-to-deploy" version = "0.8.3" criteria = "safe-to-deploy" +[[exemptions.iana-time-zone]] +version = "0.1.60" +criteria = "safe-to-deploy" + [[exemptions.indexmap]] -version = "2.0.0" +version = "2.2.6" criteria = "safe-to-deploy" [[exemptions.inferno]] -version = "0.11.19" +version = "0.11.17" criteria = "safe-to-run" +[[exemptions.intl-memoizer]] +version = "0.5.2" +criteria = "safe-to-deploy" + [[exemptions.io_tee]] version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.is-terminal]] -version = "0.4.10" +version = "0.4.12" criteria = "safe-to-deploy" [[exemptions.jobserver]] -version = "0.1.26" +version = "0.1.24" criteria = "safe-to-deploy" [[exemptions.js-sys]] @@ -394,7 +422,7 @@ version = "0.3.60" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.153" +version = "0.2.155" criteria = "safe-to-deploy" [[exemptions.libm]] @@ -402,7 +430,7 @@ version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.linux-raw-sys]] -version = "0.4.13" +version = "0.4.14" criteria = "safe-to-deploy" [[exemptions.locale_config]] @@ -410,7 +438,11 @@ version = "0.3.0" criteria = "safe-to-deploy" [[exemptions.lock_api]] -version = "0.4.11" +version = "0.4.12" +criteria = "safe-to-deploy" + +[[exemptions.log]] +version = "0.4.22" criteria = "safe-to-deploy" [[exemptions.memchr]] @@ -421,6 +453,10 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" +[[exemptions.miniz_oxide]] +version = "0.7.4" +criteria = "safe-to-deploy" + [[exemptions.nix]] version = "0.26.1" criteria = "safe-to-deploy" @@ -449,12 +485,16 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" +[[exemptions.object]] +version = "0.36.2" +criteria = "safe-to-run" + [[exemptions.once_cell]] version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.os_pipe]] -version = "1.1.5" +version = "1.2.0" criteria = "safe-to-run" [[exemptions.page_size]] @@ -462,11 +502,11 @@ version = "0.5.0" criteria = "safe-to-deploy" [[exemptions.parking_lot]] -version = "0.12.1" +version = "0.12.2" criteria = "safe-to-deploy" [[exemptions.parking_lot_core]] -version = "0.9.9" +version = "0.9.10" criteria = "safe-to-deploy" [[exemptions.password-hash]] @@ -482,11 +522,11 @@ version = "0.12.2" criteria = "safe-to-deploy" [[exemptions.pin-project]] -version = "1.1.4" +version = "1.1.5" criteria = "safe-to-deploy" [[exemptions.pin-project-internal]] -version = "1.1.4" +version = "1.1.3" criteria = "safe-to-deploy" [[exemptions.pinentry]] @@ -502,15 +542,15 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.plotters]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.plotters-backend]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.plotters-svg]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.poly1305]] @@ -518,7 +558,7 @@ version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.polyval]] -version = "0.6.1" +version = "0.6.2" criteria = "safe-to-deploy" [[exemptions.pprof]] @@ -534,7 +574,7 @@ version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.proptest]] -version = "1.2.0" +version = "1.5.0" criteria = "safe-to-run" [[exemptions.quick-error]] @@ -553,6 +593,10 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" +[[exemptions.redox_syscall]] +version = "0.5.3" +criteria = "safe-to-deploy" + [[exemptions.regex]] version = "1.9.5" criteria = "safe-to-deploy" @@ -566,7 +610,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.37" +version = "0.8.45" criteria = "safe-to-run" [[exemptions.roff]] @@ -586,19 +630,19 @@ version = "0.0.2" criteria = "safe-to-deploy" [[exemptions.rust-embed]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rust-embed-impl]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rust-embed-utils]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rustix]] -version = "0.38.31" +version = "0.38.34" criteria = "safe-to-deploy" [[exemptions.rusty-fork]] @@ -634,19 +678,7 @@ version = "0.10.3" criteria = "safe-to-deploy" [[exemptions.self_cell]] -version = "1.0.3" -criteria = "safe-to-deploy" - -[[exemptions.semver]] -version = "1.0.21" -criteria = "safe-to-deploy" - -[[exemptions.serde]] -version = "1.0.136" -criteria = "safe-to-deploy" - -[[exemptions.serde_derive]] -version = "1.0.136" +version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.serde_spanned]] @@ -662,7 +694,7 @@ version = "0.10.8" criteria = "safe-to-deploy" [[exemptions.similar]] -version = "2.4.0" +version = "2.6.0" criteria = "safe-to-run" [[exemptions.slab]] @@ -670,7 +702,7 @@ version = "0.4.9" criteria = "safe-to-deploy" [[exemptions.smallvec]] -version = "1.13.1" +version = "1.11.1" criteria = "safe-to-deploy" [[exemptions.snapbox]] @@ -682,7 +714,7 @@ version = "0.3.4" criteria = "safe-to-run" [[exemptions.spin]] -version = "0.5.2" +version = "0.9.8" criteria = "safe-to-deploy" [[exemptions.spki]] @@ -694,19 +726,23 @@ version = "0.1.0" criteria = "safe-to-run" [[exemptions.symbolic-common]] -version = "12.8.0" +version = "12.10.0" criteria = "safe-to-run" [[exemptions.symbolic-demangle]] -version = "12.8.0" +version = "12.10.0" criteria = "safe-to-run" [[exemptions.syn]] version = "1.0.102" criteria = "safe-to-deploy" +[[exemptions.syn]] +version = "2.0.72" +criteria = "safe-to-deploy" + [[exemptions.tar]] -version = "0.4.40" +version = "0.4.41" criteria = "safe-to-deploy" [[exemptions.tempfile]] @@ -738,11 +774,11 @@ version = "0.1.44" criteria = "safe-to-deploy" [[exemptions.tokio]] -version = "1.35.0" +version = "1.38.1" criteria = "safe-to-run" [[exemptions.tokio-macros]] -version = "2.2.0" +version = "2.3.0" criteria = "safe-to-run" [[exemptions.toml]] @@ -762,7 +798,7 @@ version = "0.14.16" criteria = "safe-to-run" [[exemptions.type-map]] -version = "0.4.0" +version = "0.5.0" criteria = "safe-to-deploy" [[exemptions.typenum]] @@ -773,20 +809,20 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-run" -[[exemptions.unic-langid]] -version = "0.9.4" -criteria = "safe-to-deploy" - -[[exemptions.unic-langid-impl]] -version = "0.9.4" +[[exemptions.utf8parse]] +version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.uuid]] -version = "1.7.0" +version = "1.10.0" criteria = "safe-to-run" +[[exemptions.version_check]] +version = "0.9.5" +criteria = "safe-to-deploy" + [[exemptions.walkdir]] -version = "2.4.0" +version = "2.5.0" criteria = "safe-to-deploy" [[exemptions.wasi]] @@ -794,7 +830,7 @@ version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen]] -version = "0.2.89" +version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] @@ -805,10 +841,6 @@ criteria = "safe-to-deploy" version = "0.2.87" criteria = "safe-to-deploy" -[[exemptions.wasm-bindgen-macro-support]] -version = "0.2.87" -criteria = "safe-to-deploy" - [[exemptions.web-sys]] version = "0.3.66" criteria = "safe-to-deploy" @@ -826,7 +858,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.6" +version = "0.1.8" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -837,8 +869,12 @@ criteria = "safe-to-deploy" version = "0.52.0" criteria = "safe-to-deploy" +[[exemptions.windows_i686_gnullvm]] +version = "0.52.6" +criteria = "safe-to-deploy" + [[exemptions.winnow]] -version = "0.5.37" +version = "0.5.40" criteria = "safe-to-deploy" [[exemptions.wsl]] @@ -846,7 +882,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.x25519-dalek]] -version = "2.0.0" +version = "2.0.1" criteria = "safe-to-deploy" [[exemptions.xattr]] @@ -857,12 +893,20 @@ criteria = "safe-to-deploy" version = "0.6.6" criteria = "safe-to-deploy" +[[exemptions.zerocopy]] +version = "0.7.35" +criteria = "safe-to-run" + [[exemptions.zerocopy-derive]] version = "0.6.6" criteria = "safe-to-deploy" +[[exemptions.zerocopy-derive]] +version = "0.7.35" +criteria = "safe-to-run" + [[exemptions.zeroize]] -version = "1.7.0" +version = "1.8.1" criteria = "safe-to-deploy" [[exemptions.zeroize_derive]] @@ -882,5 +926,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.9+zstd.1.5.5" +version = "2.0.12+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 14069cb1..e84f19ad 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -51,8 +51,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -72,8 +72,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -93,8 +93,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -114,8 +114,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -135,8 +135,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -156,8 +156,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -177,8 +177,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -198,8 +198,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -223,6 +223,11 @@ criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "This version bump updated some dependencies and optimized some internals. All looks good." +[[audits.bytecode-alliance.audits.addr2line]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.21.0 -> 0.22.0" + [[audits.bytecode-alliance.audits.adler]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -241,25 +246,6 @@ criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." -[[audits.bytecode-alliance.audits.bitflags]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" -notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. -""" - -[[audits.bytecode-alliance.audits.bitflags]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" -notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. -""" - [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" @@ -271,6 +257,11 @@ criteria = "safe-to-deploy" version = "1.0.73" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.cc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.1.6" + [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -364,26 +355,36 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" +[[audits.bytecode-alliance.audits.gimli]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.27.3 -> 0.28.0" +notes = """ +Still looks like a good DWARF-parsing crate, nothing major was added or deleted +and no `unsafe` code to review here. +""" + +[[audits.bytecode-alliance.audits.gimli]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.28.0 -> 0.29.0" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.4.0" notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." -[[audits.bytecode-alliance.audits.iana-time-zone]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.1.59" -notes = """ -I also manually ran windows-bindgen and confirmed that the output matches -the bindings checked into the repo. -""" - [[audits.bytecode-alliance.audits.iana-time-zone-haiku]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.1.2" +[[audits.bytecode-alliance.audits.jobserver]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.1.25 -> 0.1.32" + [[audits.bytecode-alliance.audits.libm]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -403,25 +404,11 @@ This is a minor update which has some testing affordances as well as some updated math algorithms. """ -[[audits.bytecode-alliance.audits.miniz_oxide]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.7.1" -notes = """ -This crate is a Rust implementation of zlib compression/decompression and has -been used by default by the Rust standard library for quite some time. It's also -a default dependency of the popular `backtrace` crate for decompressing debug -information. This crate forbids unsafe code and does not otherwise access system -resources. It's originally a port of the `miniz.c` library as well, and given -its own longevity should be relatively hardened against some of the more common -compression-related issues. -""" - -[[audits.bytecode-alliance.audits.object]] -who = "Alex Crichton " +[[audits.bytecode-alliance.audits.num-traits]] +who = "Andrew Brown " criteria = "safe-to-deploy" -delta = "0.30.3 -> 0.31.1" -notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." +version = "0.2.19" +notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " @@ -453,30 +440,22 @@ No `unsafe` additions or anything outside of the purview of the crate in this change. """ -[[audits.bytecode-alliance.audits.proc-macro2]] -who = "Pat Hickey " +[[audits.bytecode-alliance.audits.rustc-demangle]] +who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.57" +version = "0.1.21" +notes = "I am the author of this crate." -[[audits.bytecode-alliance.audits.proc-macro2]] +[[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "1.0.59 -> 1.0.63" -notes = """ -This is a routine update for new nightly features and new syntax popping up on -nightly, nothing out of the ordinary. -""" +delta = "0.1.21 -> 0.1.24" -[[audits.bytecode-alliance.audits.quote]] +[[audits.bytecode-alliance.audits.semver]] who = "Pat Hickey " criteria = "safe-to-deploy" -delta = "1.0.23 -> 1.0.27" - -[[audits.bytecode-alliance.audits.rustc-demangle]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.1.21" -notes = "I am the author of this crate." +version = "1.0.17" +notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct" [[audits.bytecode-alliance.audits.tempfile]] who = "Pat Hickey " @@ -494,12 +473,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.8" -[[audits.embark-studios.audits.colorchoice]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "1.0.0" -notes = "No unsafe usage or ambient capabilities" - [[audits.embark-studios.audits.thiserror]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -518,12 +491,6 @@ criteria = "safe-to-deploy" delta = "0.6.1 -> 0.6.2" notes = "No notable changes" -[[audits.embark-studios.audits.utf8parse]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.2.1" -notes = "Single unsafe usage that looks sound, no ambient capabilities" - [[audits.fermyon.audits.oorandom]] who = "Radu Matei " criteria = "safe-to-run" @@ -535,17 +502,103 @@ criteria = "safe-to-run" version = "0.19.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.aes]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.4" +notes = "Audited at https://fxrev.dev/987054" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.arrayvec]] who = "Nicholas Bishop " criteria = "safe-to-run" version = "0.7.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.backtrace]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.3.67" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for reasonable, client-controlled usage of +`std::fs` in `AutoCfg::with_dir`. + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 1.2.0" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and nothing changed from the baseline audit of 1.1.0. Skimmed through the +1.1.0 => 1.2.0 delta and everything seemed okay. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.0" +notes = "The changes from the previous version are negligible and thus it retains the same properties." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.14.3" +notes = "Additional review notes may be found in https://crrev.com/c/5362675." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.14.3 -> 1.15.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.15.0 -> 1.16.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.16.1" +notes = """ +The delta only adds `f16` and `f128` support (with some other minor changes) +and has no impact on the audit criteria. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.cast]] who = "George Burgess IV " @@ -603,6 +656,12 @@ other crates. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.gimli]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.27.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -616,22 +675,54 @@ version = "0.10.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.itoa]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "1.0.5" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. -[[audits.google.audits.itoa]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "1.0.5 -> 1.0.6" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.itoa]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "1.0.6 -> 1.0.9" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +notes = """ +Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: + +* Bumping up the version +* A touch up of comments +* And my own PR to make `unsafe` blocks more granular: + https://github.com/dtolnay/itoa/pull/42 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are two places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5347418. + +This crate has been added to Chromium in https://crrev.com/c/3321895. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +notes = "Unsafe review notes: https://crrev.com/c/5650836" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.memmap2]] who = "Ying Hsu " @@ -674,17 +765,10 @@ criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.object]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.30.3" -notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review." -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.object]] +[[audits.google.audits.num-iter]] who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.31.1 -> 0.32.1" +criteria = "safe-to-deploy" +version = "0.1.43" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] @@ -694,108 +778,258 @@ version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.13" +notes = "Audited at https://fxrev.dev/946396" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.serde_json]] -who = "Harshad Phule " -criteria = "safe-to-run" -version = "1.0.96" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.78" +notes = """ +Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for a benign \"fs\" hit in a doc comment) -[[audits.google.audits.shlex]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "1.1.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "Daniel Verkamp " -criteria = "safe-to-run" -delta = "1.1.0 -> 1.3.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.78 -> 1.0.79" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.stable_deref_trait]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "1.2.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.79 -> 1.0.80" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.strsim]] +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.80 -> 1.0.81" +notes = "Comment changes only" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.81 -> 1.0.82" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.82 -> 1.0.83" +notes = "Substantive change is replacing String with Box, saving memory." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.0.84" +notes = "Only doc comment changes in `src/lib.rs`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] who = "danakj@chromium.org" criteria = "safe-to-deploy" -version = "0.10.0" -notes = """ -Reviewed in https://crrev.com/c/5171063 +delta = "1.0.84 -> 1.0.85" +notes = "Test-only changes." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -Previously reviewed during security review and the audit is grandparented in. +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.85 -> 1.0.86" +notes = """ +Comment-only changes in `build.rs`. +Reordering of `Cargo.toml` entries. +Just bumping up the version number in `lib.rs`. +Config-related changes in `test_size.rs`. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.tinytemplate]] -who = "Ying Hsu " -criteria = "safe-to-run" -version = "1.2.1" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.35" +notes = """ +Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for benign \"net\" hit in tests and \"fs\" hit in README.md) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.version_check]] -who = "George Burgess IV " +[[audits.google.audits.quote]] +who = "Adrian Taylor " criteria = "safe-to-deploy" -version = "0.9.4" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.35 -> 1.0.36" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.wait-timeout]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.2.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. -[[audits.google.audits.zerocopy]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.7.0-alpha.1" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +There were some hits for `net`, but they were related to serialization and +not actually opening any connections or anything like that. -[[audits.google.audits.zerocopy]] -who = "Daniel Verkamp " -criteria = "safe-to-run" -delta = "0.7.0-alpha.1 -> 0.7.8" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +There were 2 hits of `unsafe` when grepping: +* In `fn as_str` in `impl Buf` +* In `fn serialize` in `impl Serialize for net::Ipv4Addr` -[[audits.google.audits.zerocopy]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.7.8 -> 0.7.32" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this +review also covered `serde_json_lenient`). -[[audits.google.audits.zerocopy-derive]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.3.2" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +Version 1.0.130 of the crate has been added to Chromium in +https://crrev.com/c/3265545. The CL description contains a link to a +(Google-internal, sorry) document with a mini security review. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.zerocopy-derive]] -who = "Daniel Verkamp " -criteria = "safe-to-run" -delta = "0.3.2 -> 0.7.8" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.198" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.zerocopy-derive]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.7.8 -> 0.7.32" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.198 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.isrg.audits.aes]] -who = "Brandon Pitman " +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " criteria = "safe-to-deploy" -delta = "0.8.2 -> 0.8.3" +delta = "1.0.201 -> 1.0.202" +notes = "Trivial changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.isrg.audits.base64]] -who = "Tim Geoghegan " +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.201 -> 1.0.202" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_json]] +who = "danakj@chromium.org" +criteria = "safe-to-run" +version = "1.0.108" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_json]] +who = "danakj " +criteria = "safe-to-run" +delta = "1.0.116 -> 1.0.117" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_json]] +who = "Adrian Taylor " +criteria = "safe-to-run" +delta = "1.0.117 -> 1.0.120" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.shlex]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "1.1.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.shlex]] +who = "Daniel Verkamp " +criteria = "safe-to-run" +delta = "1.1.0 -> 1.3.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.stable_deref_trait]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "1.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.strsim]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "0.10.0" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.wait-timeout]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.isrg.audits.base64]] +who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" @@ -893,6 +1127,27 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.7" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.7 -> 0.2.8" + +[[audits.isrg.audits.fiat-crypto]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.8 -> 0.2.9" +notes = "No changes to Rust code between 0.2.8 and 0.2.9" + [[audits.isrg.audits.getrandom]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -903,25 +1158,35 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.11 -> 0.2.12" -[[audits.isrg.audits.ghash]] +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.12 -> 0.2.14" + +[[audits.isrg.audits.getrandom]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.5.0" +delta = "0.2.14 -> 0.2.15" [[audits.isrg.audits.hmac]] who = "David Cook " criteria = "safe-to-deploy" version = "0.12.1" -[[audits.isrg.audits.num-traits]] +[[audits.isrg.audits.num-integer]] who = "David Cook " criteria = "safe-to-deploy" -delta = "0.2.15 -> 0.2.16" +delta = "0.1.45 -> 0.1.46" -[[audits.isrg.audits.num-traits]] -who = "Ameer Ghani " +[[audits.isrg.audits.num-iter]] +who = "David Cook " criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.17" +delta = "0.1.43 -> 0.1.44" + +[[audits.isrg.audits.num-iter]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.44 -> 0.1.45" [[audits.isrg.audits.once_cell]] who = "David Cook " @@ -973,80 +1238,30 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" -[[audits.isrg.audits.rayon-core]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.10.2 -> 1.11.0" - -[[audits.isrg.audits.rayon-core]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.11.0 -> 1.12.0" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" - -[[audits.isrg.audits.serde]] -who = "Brandon Pitman " +[[audits.isrg.audits.rayon]] +who = "Ameer Ghani " criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" +delta = "1.8.0 -> 1.8.1" -[[audits.isrg.audits.serde]] +[[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" +delta = "1.8.1 -> 1.9.0" -[[audits.isrg.audits.serde_derive]] +[[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" +delta = "1.9.0 -> 1.10.0" -[[audits.isrg.audits.serde_derive]] -who = "Brandon Pitman " +[[audits.isrg.audits.rayon-core]] +who = "Ameer Ghani " criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" +version = "1.12.1" -[[audits.isrg.audits.serde_derive]] +[[audits.isrg.audits.subtle]] who = "David Cook " criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" - -[[audits.isrg.audits.syn]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.104 -> 2.0.11" +delta = "2.5.0 -> 2.6.1" [[audits.isrg.audits.thiserror]] who = "Brandon Pitman " @@ -1083,6 +1298,12 @@ renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.ahash]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.8.7 -> 0.8.11" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -1102,13 +1323,6 @@ criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.autocfg]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" @@ -1129,38 +1343,6 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.bitflags]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 2.0.2" -notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Teodor Tanasoaia " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "2.3.3 -> 2.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "2.4.0 -> 2.4.1" -notes = "Only allowing new clippy lints" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1186,6 +1368,13 @@ delta = "0.2.7 -> 0.2.8" notes = "This release contains a single fix for an issue that affected Firefox" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crc32fast]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 1.4.2" +notes = "Minor, safe changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1198,6 +1387,19 @@ criteria = "safe-to-deploy" delta = "0.8.11 -> 0.8.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crossbeam-utils]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.8.14 -> 0.8.19" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.crossbeam-utils]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.8.19 -> 0.8.20" +notes = "Minor changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1217,23 +1419,6 @@ criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.displaydoc]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "0.2.3" -notes = """ -This crate is convenient macros to implement core::fmt::Display trait. -Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access. -It meets the criteria for safe-to-deploy. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.displaydoc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.3 -> 0.2.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1264,16 +1449,11 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.fluent]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.16.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fluent-bundle]] -who = "Zibi Braniecki " +[[audits.mozilla.audits.flate2]] +who = "Alex Franchuk " criteria = "safe-to-deploy" -version = "0.15.2" +delta = "1.0.28 -> 1.0.30" +notes = "Some new unsafe code, however it has been verified and there are unit tests as well." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fluent-langneg]] @@ -1282,12 +1462,6 @@ criteria = "safe-to-deploy" version = "0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.fluent-syntax]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.11.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1378,12 +1552,6 @@ criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.intl-memoizer]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.5.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.intl_pluralrules]] who = "Zibi Braniecki " criteria = "safe-to-deploy" @@ -1396,26 +1564,12 @@ criteria = "safe-to-deploy" delta = "7.0.1 -> 7.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.lazy_static]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "I have read over the macros, and audited the unsafe code." -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.log]] +[[audits.mozilla.audits.jobserver]] who = "Mike Hommey " criteria = "safe-to-deploy" -version = "0.4.17" +delta = "0.1.24 -> 0.1.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.log]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "0.4.17 -> 0.4.18" -notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.malloc_buf]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1447,20 +1601,6 @@ version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num-iter]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.1.43" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.num-traits]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.2.15" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1491,146 +1631,23 @@ criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.39" -notes = """ -`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided -`proc_macro` crate, or as a fallback implementation of the crate, depending on -where it is used. - -If using this crate on older versions of rustc (1.56 and earlier), it will -temporarily replace the panic handler while initializing in order to detect if -it is running within a `proc_macro`, which could lead to surprising behaviour. -This should not be an issue for more recent compiler versions, which support -`proc_macro::is_available()`. - -The `proc-macro2` crate's fallback behaviour is not identical to the complex -behaviour of the rustc compiler (e.g. it does not perform unicode normalization -for identifiers), however it behaves well enough for its intended use-case -(tests and scripts processing rust code). - -`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to -allow bypassing checks in the fallback implementation when constructing -`Literal` using `from_str_unchecked`. This was intended to only be used by the -`quote!` macro, however it has been removed -(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), -and is likely completely unused. Even when used, this API shouldn't be able to -cause unsoundness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] +[[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "1.0.39 -> 1.0.43" +delta = "0.6.3 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " +[[audits.mozilla.audits.rayon]] +who = "Josh Stone " criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.49" +version = "1.5.3" +notes = "All code written or reviewed by Josh Stone or Niko Matsakis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] +[[audits.mozilla.audits.rayon]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "1.0.49 -> 1.0.51" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.57 -> 1.0.59" -notes = "Enabled on Wasm" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.63 -> 1.0.66" -notes = "Removed special support for some really old Rust versions" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.18" -notes = """ -`quote` is a utility crate used by proc-macros to generate TokenStreams -conveniently from source code. The bulk of the logic is some complex -interlocking `macro_rules!` macros which are used to parse and build the -`TokenStream` within the proc-macro. - -This crate contains no unsafe code, and the internal logic, while difficult to -read, is generally straightforward. I have audited the the quote macros, ident -formatter, and runtime logic. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.18 -> 1.0.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.21 -> 1.0.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.27 -> 1.0.28" -notes = "Enabled on wasm targets" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.31" -notes = "Minimal changes and removal of the build.rs" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.rand_core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.6.3 -> 0.6.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.5.3" -notes = "All code written or reviewed by Josh Stone or Niko Matsakis." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.5.3 -> 1.6.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.9.3" -notes = "All code written or reviewed by Josh Stone or Niko Matsakis." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.9.3 -> 1.10.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.10.1 -> 1.10.2" +delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rustc-hash]] @@ -1640,56 +1657,6 @@ version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and some new trait implementations" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and dependency updates" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" @@ -1697,17 +1664,16 @@ version = "2.5.0" notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.syn]] -who = "Jan-Erik Rediger " +[[audits.mozilla.audits.tempfile]] +who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "2.0.18 -> 2.0.26" -notes = "Dependency update & internal refactorings" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +delta = "3.6.0 -> 3.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.tempfile]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "3.6.0 -> 3.8.0" +delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time]] @@ -1765,6 +1731,42 @@ criteria = "safe-to-deploy" delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.unic-langid]] +who = "Zibi Braniecki " +criteria = "safe-to-deploy" +version = "0.9.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.9.0 -> 0.9.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid]] +who = "Eemeli Aro " +criteria = "safe-to-deploy" +delta = "0.9.1 -> 0.9.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Zibi Braniecki " +criteria = "safe-to-deploy" +version = "0.9.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.9.0 -> 0.9.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Eemeli Aro " +criteria = "safe-to-deploy" +delta = "0.9.1 -> 0.9.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.unicode-ident]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" @@ -1791,24 +1793,18 @@ criteria = "safe-to-deploy" delta = "1.1.1 -> 1.1.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.backtrace]] -who = "Jack Grigg " +[[audits.zcash.audits.aho-corasick]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.3.67 -> 0.3.69" -notes = """ -Changes to `unsafe` blocks: -- New call to `GetCurrentProcessId` on Windows, to help generate a process-unique name to - use inside an existing `CreateMutexA` call. -- Uses `libc::mmap64` on Linux instead of `libc::mmap`. -- Alters `Stash` to allow caching more than one `Mmap`; the existing `unsafe` safety - condition continues to be applicable. - -There are also several more places where DWARF data is mmapped from a filesystem path and -then loaded. These appear to all derive from existing paths that themselves were already -being mmapped and loaded. -""" +delta = "1.1.2 -> 1.1.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.autocfg]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.3.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.base64]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1821,6 +1817,12 @@ criteria = "safe-to-deploy" delta = "0.21.4 -> 0.21.5" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.base64]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.21.5 -> 0.21.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.block-buffer]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1870,12 +1872,25 @@ the same as the existing Linux code for AArch64. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.cpufeatures]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.crossbeam-deque]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.3 -> 0.8.4" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.crossbeam-deque]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.5" +notes = "Changes to `unsafe` code look okay." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.crossbeam-epoch]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1893,49 +1908,10 @@ Changes to `unsafe` code are to replace manual pointer logic with equivalent """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.14 -> 0.8.15" -notes = """ -- Fixes a wrapping overflow for large timeouts. -- Marks some BPF and Sony Vita targets as not having atomics. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.15 -> 0.8.16" -notes = """ -- Fixes cache line alignment for some targets. -- Replaces `mem::replace` with `Option::take` inside `unsafe` blocks. -- Unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.16 -> 0.8.17" -notes = """ -- Build script change removes some now-unused config flags, and checks for thread - sanitization to enable this on `crossbeam`. -- Changes to `unsafe` blocks are to move them, or to introduce a couple of new - blocks identical to equivalent earlier blocks (now that MSRV is new enough to - access newer `Atomic*` methods). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " +[[audits.zcash.audits.crossbeam-epoch]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.8.17 -> 0.8.18" -notes = """ -Changes to `unsafe` code are to construct and drop `MaybeUninit` directly -via its methods (one of which is now usable with the new MSRV) instead of via -casting. -""" +delta = "0.9.17 -> 0.9.18" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.curve25519-dalek]] @@ -1968,18 +1944,64 @@ criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.der]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.7.8 -> 0.7.9" +notes = "The change to ignore RUSTSEC-2023-0071 is correct for this crate." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.either]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.8.1 -> 1.9.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.either]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 1.11.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.either]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.11.0 -> 1.13.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.errno]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.8 -> 0.3.9" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.0.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +notes = """ +As noted in the changelog, this version produces different output for a given seed. +The documentation did not mention stability. It is possible that some uses relying on +determinism across the update would be broken. + +The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked): +https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145 +I have no way to check whether these constants are an improvement or not. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2079,13 +2101,25 @@ requirements on the latter. """ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.indexmap]] -who = "Jack Grigg " +[[audits.zcash.audits.hashbrown]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.14.2 -> 0.14.5" +notes = "I did not thoroughly check the safety argument for fold_impl, but it at least seems to be well documented." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.hermit-abi]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.0" -notes = "- Replaces an `unsafe` block with a safe alternative." +delta = "0.3.3 -> 0.3.9" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.inferno]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "0.11.17 -> 0.11.19" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.inout]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -2093,12 +2127,6 @@ version = "0.1.3" notes = "Reviewed in full." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.itoa]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.9 -> 1.0.10" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.js-sys]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2128,23 +2156,17 @@ notes = """ """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.libm]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.2.7 -> 0.2.8" -notes = "Forces some intermediate values to not have too much precision on the x87 FPU." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.log]] -who = "Jack Grigg " +[[audits.zcash.audits.js-sys]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.4.18 -> 0.4.19" +delta = "0.3.66 -> 0.3.69" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.log]] +[[audits.zcash.audits.libm]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "0.4.19 -> 0.4.20" +delta = "0.2.7 -> 0.2.8" +notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.memchr]] @@ -2164,6 +2186,18 @@ code (but adapted to `u16` and `u8` reads, instead of `u32`). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.memchr]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.7.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.memchr]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.7.2 -> 2.7.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.memmap2]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2191,85 +2225,64 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.object]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "0.32.1 -> 0.32.2" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.pin-project-lite]] +[[audits.zcash.audits.oorandom]] who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.2.9 -> 0.2.13" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +criteria = "safe-to-run" +delta = "11.1.3 -> 11.1.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " +[[audits.zcash.audits.opaque-debug]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.66 -> 1.0.67" +delta = "0.3.0 -> 0.3.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.proc-macro2]] +[[audits.zcash.audits.parking_lot]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.67 -> 1.0.70" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "0.12.2 -> 0.12.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " +[[audits.zcash.audits.pin-project-internal]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.70 -> 1.0.71" -notes = """ -New `unsafe` blocks are all inside `unsafe fn`s, and are added to make the -safety contracts in the code clearer (instead of using the `unsafe fn`'s -implicit `unsafe` block). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.1.3 -> 1.1.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " +[[audits.zcash.audits.pin-project-lite]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.71 -> 1.0.74" -notes = """ -Build script changes are to replace `RUSTFLAGS` string parsing with a probe file -that is compiled with whatever `RUSTC` is set to (but the build script already -relies on the `RUSTC` environment variable for inspecting the compiler version). -""" +delta = "0.2.13 -> 0.2.14" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.proptest]] -who = "Jack Grigg " +[[audits.zcash.audits.pkg-config]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -notes = """ -Adds support for generating arbitrary `PathBuf`s, but as this crate is intended -for fuzzing in test environments this is within its expected scope (and the new -API would be used intentionally by downstream tests). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "0.3.29 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.quote]] -who = "Jack Grigg " +[[audits.zcash.audits.rand_xorshift]] +who = "Sean Bowe " criteria = "safe-to-deploy" -delta = "1.0.31 -> 1.0.33" +version = "0.3.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.quote]] +[[audits.zcash.audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.33 -> 1.0.35" +delta = "1.9.5 -> 1.10.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.rand_xorshift]] -who = "Sean Bowe " +[[audits.zcash.audits.regex]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -version = "0.3.0" +delta = "1.10.2 -> 1.10.4" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.9.5 -> 1.10.2" +delta = "1.10.4 -> 1.10.5" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.regex-automata]] @@ -2282,6 +2295,18 @@ any `unsafe` functions. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.regex-automata]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.3 -> 0.4.6" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.regex-automata]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.6 -> 0.4.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.regex-syntax]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2294,17 +2319,17 @@ criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.rustc-demangle]] -who = "Sean Bowe " +[[audits.zcash.audits.regex-syntax]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.1.21 -> 0.1.22" +delta = "0.8.2 -> 0.8.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.rustc-demangle]] +[[audits.zcash.audits.regex-syntax]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "0.1.22 -> 0.1.23" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "0.8.3 -> 0.8.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.rustc_version]] who = "Jack Grigg " @@ -2327,115 +2352,62 @@ criteria = "safe-to-deploy" delta = "1.0.15 -> 1.0.16" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.136 -> 1.0.143" -notes = "Bumps serde-derive and adds some constructors." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.155 -> 1.0.156" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.159 -> 1.0.160" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.179 -> 1.0.188" -notes = "Mostly a bunch of cleanups after bumping MSRV." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.188 -> 1.0.193" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.193 -> 1.0.194" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.136 -> 1.0.143" -notes = "Bumps syn, inverts some build flags." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.155 -> 1.0.156" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " +[[audits.zcash.audits.ryu]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.159 -> 1.0.160" +delta = "1.0.16 -> 1.0.17" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.179 -> 1.0.188" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.ryu]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "1.0.17 -> 1.0.18" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.serde_derive]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.188 -> 1.0.193" +delta = "1.0.17 -> 1.0.18" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde_derive]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.193 -> 1.0.194" +delta = "1.0.18 -> 1.0.19" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde_json]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.96 -> 1.0.97" +delta = "1.0.19 -> 1.0.20" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.97 -> 1.0.99" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " +[[audits.zcash.audits.semver]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.99 -> 1.0.106" +delta = "1.0.20 -> 1.0.22" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde_json]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.106 -> 1.0.107" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.22 -> 1.0.23" +notes = """ +`build.rs` change is to enable checking for expected `#[cfg]` names if compiling +with Rust 1.80 or later. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.serde_json]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.107 -> 1.0.108" +delta = "1.0.108 -> 1.0.110" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.serde_json]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.108 -> 1.0.110" +delta = "1.0.110 -> 1.0.116" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.signature]] @@ -2454,11 +2426,11 @@ criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] -who = "Sean Bowe " +[[audits.zcash.audits.smallvec]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.102 -> 1.0.104" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.11.1 -> 1.13.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.syn]] who = "Jack Grigg " @@ -2473,124 +2445,113 @@ delta = "1.0.107 -> 1.0.109" notes = "Fixes string literal parsing to only skip specified whitespace characters." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.11 -> 2.0.13" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.13 -> 2.0.15" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " +[[audits.zcash.audits.tempfile]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "2.0.15 -> 2.0.18" +delta = "3.9.0 -> 3.10.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] +[[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.0.26 -> 2.0.33" +delta = "1.0.43 -> 1.0.48" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] +[[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.0.33 -> 2.0.37" +delta = "1.0.48 -> 1.0.51" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] +[[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.0.37 -> 2.0.41" +delta = "1.0.51 -> 1.0.52" +notes = "Reruns the build script if the `RUSTC_BOOTSTRAP` env variable changes." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] +[[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.0.41 -> 2.0.43" +delta = "1.0.52 -> 1.0.56" notes = """ -New `unsafe` blocks are all inside `unsafe fn`s, and are added to make the -safety contracts in the code clearer (instead of using the `unsafe fn`'s -implicit `unsafe` block). +Build script changes are to refactor the existing probe into a separate file +(which removes a filesystem write), and adjust how it gets rerun in response to +changes in the build environment. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] -who = "Jack Grigg " +[[audits.zcash.audits.thiserror]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "2.0.43 -> 2.0.46" +delta = "1.0.56 -> 1.0.58" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tempfile]] -who = "Jack Grigg " +[[audits.zcash.audits.thiserror]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "3.8.0 -> 3.8.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.58 -> 1.0.60" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.tempfile]] +[[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "3.8.1 -> 3.9.0" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.60 -> 1.0.61" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" +delta = "1.0.61 -> 1.0.63" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror-impl]] +who = "Jack Grigg " +criteria = "safe-to-deploy" delta = "1.0.43 -> 1.0.48" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.thiserror]] +[[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.48 -> 1.0.51" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.thiserror]] +[[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.51 -> 1.0.52" -notes = "Reruns the build script if the `RUSTC_BOOTSTRAP` env variable changes." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.thiserror]] +[[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.52 -> 1.0.56" -notes = """ -Build script changes are to refactor the existing probe into a separate file -(which removes a filesystem write), and adjust how it gets rerun in response to -changes in the build environment. -""" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.thiserror-impl]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.48" +delta = "1.0.56 -> 1.0.58" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.thiserror-impl]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.48 -> 1.0.51" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.58 -> 1.0.60" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.52" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.60 -> 1.0.61" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.52 -> 1.0.56" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.61 -> 1.0.63" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.time-core]] who = "Jack Grigg " @@ -2598,12 +2559,6 @@ criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tokio]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.35.0 -> 1.35.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.toml_datetime]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2643,16 +2598,28 @@ delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-macro]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-macro]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-macro-support]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.2.87 -> 0.2.89" +version = "0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.wasm-bindgen-shared]] @@ -2674,6 +2641,18 @@ criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-shared]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.66 -> 0.3.69" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.which]] who = "Jack Grigg " criteria = "safe-to-deploy" From 6d8d1515fc0d607dbda67db8b7b96b35568d0de0 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:53:59 +0000 Subject: [PATCH 4/4] `i18n-embed-fl 0.8` --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- supply-chain/config.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7e519cf0..a984dd09 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1260,9 +1260,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2" +checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" dependencies = [ "dashmap", "find-crate", diff --git a/Cargo.toml b/Cargo.toml index dafdd9be..86cb8891 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,7 +55,7 @@ zeroize = "1" # Localization i18n-embed = { version = "0.14", features = ["fluent-system"] } -i18n-embed-fl = "0.7" +i18n-embed-fl = "0.8" lazy_static = "1" rust-embed = "8" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 01dc2953..a04aab55 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -382,7 +382,7 @@ version = "0.14.1" criteria = "safe-to-deploy" [[exemptions.i18n-embed-fl]] -version = "0.7.0" +version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.i18n-embed-impl]]