From 2fa62195633f82e18cfd7e42fd7ec4c1602480be Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 21 Jun 2023 15:06:28 +0000 Subject: [PATCH] cargo update --- Cargo.lock | 338 +++++++++++++++++++++-------------- qa/supply-chain/audits.toml | 183 +++++++++++++++++++ qa/supply-chain/config.toml | 34 ++-- qa/supply-chain/imports.lock | 235 ++++++++++++++++++++---- 4 files changed, 607 insertions(+), 183 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 40a4bfab61..5e1fa396b9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -29,9 +29,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241" +checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" dependencies = [ "cfg-if", "cipher", @@ -60,15 +60,15 @@ dependencies = [ [[package]] name = "allocator-api2" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4f263788a35611fba42eb41ff811c5d0360c58b97402570312a350736e2542e" +checksum = "56fc6cf8dc8c4158eed8649f9b8b0ea1518eb62b544fe9490d66fa0b349eafe9" [[package]] name = "anyhow" -version = "1.0.70" +version = "1.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4" +checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8" [[package]] name = "arrayref" @@ -78,9 +78,9 @@ checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" [[package]] name = "arrayvec" -version = "0.7.2" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6" +checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "autocfg" @@ -254,9 +254,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.12.0" +version = "3.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" +checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" [[package]] name = "byte-slice-cast" @@ -347,15 +347,15 @@ dependencies = [ [[package]] name = "constant_time_eq" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13418e745008f7349ec7e449155f419a61b92b58a99cc3616942b926825ec76b" +checksum = "21a53c0a4d288377e7415b53dcfc3c04da5cdc2cc95c8d5ac178b58f0b861ad6" [[package]] name = "cpufeatures" -version = "0.2.6" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181" +checksum = "03e69e28e9f7f77debdedbaafa2866e1de9ba56df55a8bd7cfc724c25a09987c" dependencies = [ "libc", ] @@ -383,9 +383,9 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.14" +version = "0.9.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695" +checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" dependencies = [ "autocfg", "cfg-if", @@ -396,9 +396,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.15" +version = "0.8.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" +checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" dependencies = [ "cfg-if", ] @@ -460,14 +460,14 @@ checksum = "a26acccf6f445af85ea056362561a24ef56cdc15fcc685f03aec50b9c702cb6d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.15", + "syn 2.0.18", ] [[package]] name = "digest" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", "crypto-common", @@ -511,7 +511,7 @@ checksum = "04414300db88f70d74c5ff54e50f9e1d1737d9a5b90f53fcf2e95ca2a9ab554b" dependencies = [ "libc", "redox_users", - "windows-sys", + "windows-sys 0.45.0", ] [[package]] @@ -558,13 +558,13 @@ dependencies = [ [[package]] name = "errno" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50d6a0976c999d473fe89ad888d5a284e55366d9dc9038b1ba2aa15128c4afa0" +checksum = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a" dependencies = [ "errno-dragonfly", "libc", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -638,7 +638,7 @@ checksum = "26c4b37de5ae15812a764c958297cfc50f5c010438f60c6ce75d11b802abd404" dependencies = [ "cbc", "cipher", - "libm 0.2.6", + "libm 0.2.7", "num-bigint", "num-integer", "num-traits", @@ -695,9 +695,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" +checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if", "libc", @@ -706,9 +706,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.27.2" +version = "0.27.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4" +checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e" [[package]] name = "group" @@ -967,13 +967,13 @@ dependencies = [ [[package]] name = "io-lifetimes" -version = "1.0.9" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09270fd4fa1111bc614ed2246c7ef56239a3063d5be0d1ec3b589c505d400aeb" +checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" dependencies = [ "hermit-abi 0.3.1", "libc", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -990,9 +990,9 @@ checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" [[package]] name = "js-sys" -version = "0.3.61" +version = "0.3.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" +checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" dependencies = [ "wasm-bindgen", ] @@ -1022,9 +1022,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.141" +version = "0.2.146" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5" +checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b" [[package]] name = "libm" @@ -1034,9 +1034,9 @@ checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a" [[package]] name = "libm" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb" +checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4" [[package]] name = "librustzcash" @@ -1114,12 +1114,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "log" -version = "0.4.17" +version = "0.4.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" -dependencies = [ - "cfg-if", -] +checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" [[package]] name = "mach2" @@ -1157,9 +1154,9 @@ checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "memoffset" -version = "0.8.0" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" +checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" dependencies = [ "autocfg", ] @@ -1210,7 +1207,7 @@ checksum = "ddece26afd34c31585c74a4db0630c376df271c285d682d1e55012197830b6df" dependencies = [ "proc-macro2", "quote", - "syn 2.0.15", + "syn 2.0.18", ] [[package]] @@ -1246,14 +1243,13 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.6" +version = "0.8.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9" +checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" dependencies = [ "libc", - "log", "wasi", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1322,7 +1318,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" dependencies = [ "autocfg", - "libm 0.2.6", + "libm 0.2.7", ] [[package]] @@ -1337,18 +1333,18 @@ dependencies = [ [[package]] name = "object" -version = "0.30.3" +version = "0.30.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea86265d3d3dcb6a27fc51bd29a4bf387fae9d2986b823079d4986af253eb439" +checksum = "03b4680b86d9cfafba8fc491dc9b6df26b68cf40e9e6cd73909194759a63c385" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.17.1" +version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" [[package]] name = "opaque-debug" @@ -1412,9 +1408,9 @@ dependencies = [ [[package]] name = "parity-scale-codec" -version = "3.5.0" +version = "3.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ddb756ca205bd108aee3c62c6d3c994e1df84a59b9d6d4a5ea42ee1fd5a9a28" +checksum = "2287753623c76f953acd29d15d8100bcab84d29db78fb6f352adb3c53e83b967" dependencies = [ "arrayvec", "bitvec", @@ -1426,9 +1422,9 @@ dependencies = [ [[package]] name = "parity-scale-codec-derive" -version = "3.1.4" +version = "3.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b26a931f824dd4eca30b3e43bb4f31cd5f0d3a403c5f5ff27106b805bfde7b" +checksum = "2b6937b5e67bfba3351b87b040d48352a2fcb6ad72f81855412ce97b45c8f110" dependencies = [ "proc-macro-crate", "proc-macro2", @@ -1574,9 +1570,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.59" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b" +checksum = "dec2b086b7a862cf4de201096214fa870344cf922b2b30c167badb3af3195406" dependencies = [ "unicode-ident", ] @@ -1595,7 +1591,7 @@ dependencies = [ "rand", "rand_chacha", "rand_xorshift", - "regex-syntax", + "regex-syntax 0.6.29", "rusty-fork", "tempfile", "unarray", @@ -1625,9 +1621,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.26" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488" dependencies = [ "proc-macro2", ] @@ -1770,11 +1766,11 @@ dependencies = [ [[package]] name = "regex" -version = "1.7.3" +version = "1.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d" +checksum = "d0ab3ca65655bb1e41f2a8c8cd662eb4fb035e67c3f78da1d61dffe89d07300f" dependencies = [ - "regex-syntax", + "regex-syntax 0.7.2", ] [[package]] @@ -1783,7 +1779,7 @@ version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" dependencies = [ - "regex-syntax", + "regex-syntax 0.6.29", ] [[package]] @@ -1792,6 +1788,12 @@ version = "0.6.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" +[[package]] +name = "regex-syntax" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78" + [[package]] name = "ring" version = "0.16.20" @@ -1830,16 +1832,16 @@ checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6" [[package]] name = "rustix" -version = "0.37.7" +version = "0.37.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d" +checksum = "b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0" dependencies = [ "bitflags", "errno", "io-lifetimes", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1895,29 +1897,29 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.160" +version = "1.0.164" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c" +checksum = "9e8c8cf938e98f769bc164923b06dce91cea1751522f46f8466461af04c9027d" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.160" +version = "1.0.164" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df" +checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68" dependencies = [ "proc-macro2", "quote", - "syn 2.0.15", + "syn 2.0.18", ] [[package]] name = "serde_json" -version = "1.0.96" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1" +checksum = "bdf3bf93142acad5821c99197022e170842cdbc1c30482b98750c688c640842a" dependencies = [ "itoa", "ryu", @@ -1926,9 +1928,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" +checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" dependencies = [ "cfg-if", "cpufeatures", @@ -2003,9 +2005,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.15" +version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822" +checksum = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e" dependencies = [ "proc-macro2", "quote", @@ -2020,15 +2022,16 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tempfile" -version = "3.5.0" +version = "3.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998" +checksum = "31c0432476357e58790aaa47a8efb0c5138f137343f3b5f23bd36a27e3b0a6d6" dependencies = [ + "autocfg", "cfg-if", "fastrand", "redox_syscall 0.3.5", "rustix", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -2061,7 +2064,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.15", + "syn 2.0.18", ] [[package]] @@ -2076,9 +2079,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.20" +version = "0.3.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890" +checksum = "ea9e1b3cf1243ae005d9e74085d4d542f3125458f3a81af210d901dcd7411efd" dependencies = [ "itoa", "serde", @@ -2088,15 +2091,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" +checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" [[package]] name = "time-macros" -version = "0.2.8" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36" +checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b" dependencies = [ "time-core", ] @@ -2118,16 +2121,16 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.27.0" +version = "1.28.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0de47a4eecbe11f498978a9b29d792f0d2692d1dd003650c24c76510e3bc001" +checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2" dependencies = [ "autocfg", "libc", "mio", "pin-project-lite", "socket2", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -2178,20 +2181,20 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.23" +version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" +checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.18", ] [[package]] name = "tracing-core" -version = "0.1.30" +version = "0.1.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" +checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" dependencies = [ "once_cell", "valuable", @@ -2199,9 +2202,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.16" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70" +checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77" dependencies = [ "matchers", "nu-ansi-term", @@ -2246,9 +2249,9 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" [[package]] name = "unicode-ident" -version = "1.0.8" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" +checksum = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0" [[package]] name = "unicode-normalization" @@ -2261,9 +2264,9 @@ dependencies = [ [[package]] name = "universal-hash" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" dependencies = [ "crypto-common", "subtle", @@ -2298,11 +2301,10 @@ dependencies = [ [[package]] name = "want" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" dependencies = [ - "log", "try-lock", ] @@ -2314,9 +2316,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.84" +version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" +checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2324,24 +2326,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.84" +version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" +checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.18", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.84" +version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" +checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2349,28 +2351,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.84" +version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" +checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.18", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.84" +version = "0.2.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" +checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" [[package]] name = "web-sys" -version = "0.3.61" +version = "0.3.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97" +checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" dependencies = [ "js-sys", "wasm-bindgen", @@ -2415,7 +2417,16 @@ version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" dependencies = [ - "windows-targets", + "windows-targets 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.0", ] [[package]] @@ -2424,13 +2435,28 @@ version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-targets" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5" +dependencies = [ + "windows_aarch64_gnullvm 0.48.0", + "windows_aarch64_msvc 0.48.0", + "windows_i686_gnu 0.48.0", + "windows_i686_msvc 0.48.0", + "windows_x86_64_gnu 0.48.0", + "windows_x86_64_gnullvm 0.48.0", + "windows_x86_64_msvc 0.48.0", ] [[package]] @@ -2439,47 +2465,89 @@ version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" + [[package]] name = "windows_aarch64_msvc" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" + [[package]] name = "windows_i686_gnu" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" +[[package]] +name = "windows_i686_gnu" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" + [[package]] name = "windows_i686_msvc" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" +[[package]] +name = "windows_i686_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" + [[package]] name = "windows_x86_64_gnu" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" + [[package]] name = "windows_x86_64_gnullvm" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" + [[package]] name = "windows_x86_64_msvc" version = "0.42.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" + [[package]] name = "winnow" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699" +checksum = "ca0ace3845f0d96209f0375e6d367e3eb87eb65d27d445bdc9f1843a26f39448" dependencies = [ "memchr", ] @@ -2613,5 +2681,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.15", + "syn 2.0.18", ] diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index 043d50356a..cda030daf5 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -24,6 +24,17 @@ who = "Jack Grigg " criteria = ["safe-to-deploy", "crypto-reviewed"] delta = "0.5.1 -> 0.5.2" +[[audits.allocator-api2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.14 -> 0.2.15" +notes = """ +- Some existing `unsafe` code is moved without being altered. +- The new `SliceExt` extension trait uses `unsafe` methods `Vec::set_len` and + `core::ptr::copy_nonoverlapping` to initialize a `Vec` efficiently. The safety + requirements appear to be satisfied. +""" + [[audits.anyhow]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -190,6 +201,11 @@ criteria = ["safe-to-deploy", "crypto-reviewed"] delta = "0.2.4 -> 0.2.5" notes = "No code changes." +[[audits.constant_time_eq]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + [[audits.cpufeatures]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -219,6 +235,12 @@ criteria = "safe-to-deploy" delta = "0.9.13 -> 0.9.14" notes = "Bumps memoffset to 0.8, and marks some BPF and Sony Vita targets as not having atomics." +[[audits.crossbeam-epoch]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.14 -> 0.9.15" +notes = "Bumps memoffset to 0.9, and unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics." + [[audits.crossbeam-utils]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -228,6 +250,16 @@ notes = """ - Marks some BPF and Sony Vita targets as not having atomics. """ +[[audits.crossbeam-utils]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.15 -> 0.8.16" +notes = """ +- Fixes cache line alignment for some targets. +- Replaces `mem::replace` with `Option::take` inside `unsafe` blocks. +- Unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics. +""" + [[audits.crypto-common]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -611,6 +643,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.27.2" +[[audits.gimli]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.27.2 -> 0.27.3" + [[audits.group]] who = "Kris Nuttycombe " criteria = "safe-to-deploy" @@ -729,6 +766,11 @@ criteria = "safe-to-deploy" version = "0.1.3" notes = "Reviewed in full." +[[audits.io-lifetimes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" + [[audits.ipnet]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -760,6 +802,11 @@ notes = """ MDN documentation. """ +[[audits.js-sys]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.61 -> 0.3.64" + [[audits.jubjub]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -798,11 +845,26 @@ criteria = "safe-to-deploy" delta = "0.4.16 -> 0.4.17" notes = "I confirmed that the unsafe transmutes are fine; NonZeroU128 and NonZeroI128 are `#[repr(transparent)]` wrappers around u128 and i128 respectively." +[[audits.log]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.18 -> 0.4.19" + [[audits.maybe-rayon]] who = "Sean Bowe " criteria = "safe-to-deploy" version = "0.1.1" +[[audits.memoffset]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.0 -> 0.9.0" +notes = """ +Refactors the `offset_of` macros to optionally replace their existing `unsafe` +implementations with the unstable internal `core::mem::offset_of` macro. The +existing `unsafe` implementations are unaltered. +""" + [[audits.memuse]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -865,6 +927,11 @@ New `unsafe` usages: - Additional `syscall!(close(socket))` calls before returning errors. """ +[[audits.mio]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.6 -> 0.8.8" + [[audits.nix]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -892,6 +959,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.30.2 -> 0.30.3" +[[audits.object]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.30.3 -> 0.30.4" + [[audits.once_cell]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -950,6 +1022,11 @@ notes = """ - Fixes `max_encoded_len()` to pay attention to `#[codec(skip)]` attribute. """ +[[audits.parity-scale-codec-derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "3.1.4 -> 3.6.1" + [[audits.parking_lot]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1065,6 +1142,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.54 -> 1.0.56" +[[audits.proc-macro2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.59 -> 1.0.60" + [[audits.quanta]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1167,6 +1249,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.159 -> 1.0.160" +[[audits.serde]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.163 -> 1.0.164" + [[audits.serde_derive]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1188,11 +1275,32 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.159 -> 1.0.160" +[[audits.serde_derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.163 -> 1.0.164" + [[audits.serde_json]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.95 -> 1.0.96" +[[audits.serde_json]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.96 -> 1.0.97" + +[[audits.sha2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.10.6 -> 0.10.7" +notes = """ +The new `unsafe` assembly backend only uses aarch64 intrinsics, via their typed +Rust APIs (aside from the SHA2-specific intrinsics that are not in Rust yet). I +did not perform a cryptographic review, but the code to load from and store into +the function arguments looks correct. +""" + [[audits.signature]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" @@ -1244,6 +1352,17 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.0.13 -> 2.0.15" +[[audits.syn]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.0.15 -> 2.0.18" + +[[audits.tempfile]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "3.5.0 -> 3.6.0" +notes = "New `build.rs` file uses `autocfg` crate to conditionally enable new trait impls." + [[audits.terminfo]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1284,6 +1403,21 @@ New `unsafe` usage: - Setting and getting a `#[thread_local] static mut Option` on nightly. """ +[[audits.time]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.20 -> 0.3.22" +notes = """ +Fixes alignment (by using `#[repr(C)]`) of some `union`s that are used in +`unsafe` blocks to const convert between `UtcOffset`, and a trait type that is +either `UtcOffset` or `()`. +""" + +[[audits.time-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" + [[audits.time-macros]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1299,6 +1433,11 @@ notes = """ - Bumps MSRV to 1.63. """ +[[audits.time-macros]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.8 -> 0.2.9" + [[audits.tinyvec_macros]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1322,6 +1461,31 @@ who = "Sean Bowe " criteria = "safe-to-deploy" delta = "0.19.7 -> 0.19.8" +[[audits.tracing-attributes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.23 -> 0.1.25" + +[[audits.tracing-attributes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.25 -> 0.1.26" + +[[audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.30 -> 0.1.31" +notes = """ +The only new `unsafe` block is to intentionally leak a scoped subscriber onto +the heap when setting it as the global default dispatcher. I checked that the +global default can only be set once and is never dropped. +""" + +[[audits.tracing-subscriber]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.16 -> 0.3.17" + [[audits.try-lock]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1349,18 +1513,37 @@ criteria = "safe-to-deploy" delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." +[[audits.want]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" +notes = """ +Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked +`unsafe` (but that were being used safely). +""" + [[audits.wasm-bindgen-shared]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.83 -> 0.2.84" notes = "Bumps the schema version to add `linked_modules`." +[[audits.wasm-bindgen-shared]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.84 -> 0.2.87" + [[audits.which]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "4.3.0 -> 4.4.0" notes = "New APIs are remixes of existing code." +[[audits.winnow]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.6 -> 0.4.7" + [[audits.wyz]] who = "Jack Grigg " criteria = "safe-to-deploy" diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index 6dc9e8ca32..bec4c342ca 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -47,6 +47,10 @@ criteria = "safe-to-deploy" version = "0.2.14" criteria = "safe-to-deploy" +[[exemptions.arrayvec]] +version = "0.7.4" +criteria = "safe-to-deploy" + [[exemptions.backtrace]] version = "0.3.67" criteria = "safe-to-deploy" @@ -128,7 +132,7 @@ version = "1.0.9" criteria = "safe-to-deploy" [[exemptions.cpufeatures]] -version = "0.2.2" +version = "0.2.8" criteria = "safe-to-deploy" [[exemptions.crossbeam-channel]] @@ -287,10 +291,6 @@ criteria = "safe-to-deploy" version = "0.1.12" criteria = "safe-to-deploy" -[[exemptions.io-lifetimes]] -version = "1.0.9" -criteria = "safe-to-deploy" - [[exemptions.ipnet]] version = "2.5.0" criteria = "safe-to-deploy" @@ -308,7 +308,7 @@ version = "0.9.0" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.141" +version = "0.2.146" criteria = "safe-to-deploy" [[exemptions.libm]] @@ -408,7 +408,7 @@ version = "0.22.0" criteria = "safe-to-deploy" [[exemptions.parity-scale-codec]] -version = "3.5.0" +version = "3.6.1" criteria = "safe-to-deploy" [[exemptions.parity-scale-codec-derive]] @@ -516,7 +516,7 @@ version = "0.4.3" criteria = "safe-to-deploy" [[exemptions.regex]] -version = "1.6.0" +version = "1.8.4" criteria = "safe-to-deploy" [[exemptions.regex-automata]] @@ -527,6 +527,10 @@ criteria = "safe-to-deploy" version = "0.6.27" criteria = "safe-to-deploy" +[[exemptions.regex-syntax]] +version = "0.7.2" +criteria = "safe-to-deploy" + [[exemptions.ring]] version = "0.16.20" criteria = "safe-to-deploy" @@ -540,7 +544,7 @@ version = "2.1.0" criteria = "safe-to-deploy" [[exemptions.rustix]] -version = "0.37.7" +version = "0.37.20" criteria = "safe-to-deploy" [[exemptions.rusty-fork]] @@ -640,7 +644,7 @@ version = "0.2.7" criteria = "safe-to-deploy" [[exemptions.tokio]] -version = "1.27.0" +version = "1.28.2" criteria = "safe-to-deploy" [[exemptions.toml_edit]] @@ -692,23 +696,23 @@ version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen]] -version = "0.2.84" +version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] -version = "0.2.84" +version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro]] -version = "0.2.84" +version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro-support]] -version = "0.2.84" +version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.web-sys]] -version = "0.3.61" +version = "0.3.64" criteria = "safe-to-deploy" [[exemptions.which]] diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 206ee29948..5546486b5a 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -1,6 +1,13 @@ # cargo-vet imports lock +[[publisher.bumpalo]] +version = "3.13.0" +when = "2023-05-22" +user-id = 696 +user-login = "fitzgen" +user-name = "Nick Fitzgerald" + [[publisher.windows-sys]] version = "0.45.0" when = "2023-01-21" @@ -8,6 +15,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-sys]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows-targets]] version = "0.42.2" when = "2023-03-13" @@ -15,6 +29,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-targets]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_aarch64_gnullvm]] version = "0.42.2" when = "2023-03-13" @@ -22,6 +43,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_aarch64_gnullvm]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_aarch64_msvc]] version = "0.42.2" when = "2023-03-13" @@ -29,6 +57,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_aarch64_msvc]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_i686_gnu]] version = "0.42.2" when = "2023-03-13" @@ -36,6 +71,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_i686_gnu]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_i686_msvc]] version = "0.42.2" when = "2023-03-13" @@ -43,6 +85,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_i686_msvc]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_x86_64_gnu]] version = "0.42.2" when = "2023-03-13" @@ -50,6 +99,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_x86_64_gnu]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_x86_64_gnullvm]] version = "0.42.2" when = "2023-03-13" @@ -57,6 +113,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_x86_64_gnullvm]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows_x86_64_msvc]] version = "0.42.2" when = "2023-03-13" @@ -64,6 +127,25 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows_x86_64_msvc]] +version = "0.48.0" +when = "2023-03-31" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[audits.bytecode-alliance.wildcard-audits.bumpalo]] +who = "Nick Fitzgerald " +criteria = "safe-to-deploy" +user-id = 696 # Nick Fitzgerald (fitzgen) +start = "2019-03-16" +end = "2024-03-10" + +[[audits.bytecode-alliance.audits.anyhow]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "1.0.69 -> 1.0.71" + [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" @@ -73,15 +155,6 @@ Unsafe code, but its logic looks good to me. Necessary given what it is doing. Well tested, has quickchecks. """ -[[audits.bytecode-alliance.audits.arrayvec]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "0.7.2" -notes = """ -Well documented invariants, good assertions for those invariants in unsafe code, -and tested with MIRI to boot. LGTM. -""" - [[audits.bytecode-alliance.audits.base64]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -93,12 +166,6 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" -[[audits.bytecode-alliance.audits.bumpalo]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "3.11.1" -notes = "I am the author of this crate." - [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -127,6 +194,12 @@ criteria = "safe-to-deploy" version = "0.3.0" notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value." +[[audits.bytecode-alliance.audits.errno]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" +notes = "Just a dependency version bump and a bug fix for redox" + [[audits.bytecode-alliance.audits.errno-dragonfly]] who = "Jamey Sharp " criteria = "safe-to-deploy" @@ -163,6 +236,43 @@ criteria = "safe-to-deploy" version = "1.0.2" notes = "No unsafety, no io" +[[audits.bytecode-alliance.audits.io-lifetimes]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +version = "1.0.3" +notes = "I am the author of this crate." + +[[audits.bytecode-alliance.audits.io-lifetimes]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "1.0.3 -> 1.0.5" +notes = "The Bytecode Alliance is the author of this crate." + +[[audits.bytecode-alliance.audits.io-lifetimes]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "1.0.5 -> 1.0.10" +notes = "I am the maintainer of this crate." + +[[audits.bytecode-alliance.audits.libm]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.2 -> 0.2.4" +notes = """ +This diff primarily fixes a few issues with the `fma`-related functions, +but also contains some other minor fixes as well. Everything looks A-OK and +as expected. +""" + +[[audits.bytecode-alliance.audits.libm]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.4 -> 0.2.7" +notes = """ +This is a minor update which has some testing affordances as well as some +updated math algorithms. +""" + [[audits.bytecode-alliance.audits.matchers]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -184,6 +294,11 @@ who = "Pat Hickey " criteria = "safe-to-deploy" delta = "1.0.51 -> 1.0.57" +[[audits.bytecode-alliance.audits.quote]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "1.0.23 -> 1.0.27" + [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -227,6 +342,11 @@ criteria = "safe-to-deploy" version = "0.2.4" notes = "Implements a concurrency primitive with atomics, and is not obviously incorrect" +[[audits.bytecode-alliance.audits.unicode-ident]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "1.0.8" + [[audits.bytecode-alliance.audits.unicode-normalization]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -249,12 +369,6 @@ who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.58" -[[audits.embark-studios.audits.epaint]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -violation = "<0.20.0" -notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321" - [[audits.embark-studios.audits.tap]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -301,6 +415,11 @@ criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.isrg.audits.aes]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.3" + [[audits.isrg.audits.base64]] who = "Tim Geoghegan " criteria = "safe-to-deploy" @@ -321,6 +440,11 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.2.2" +[[audits.isrg.audits.digest]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.10.6 -> 0.10.7" + [[audits.isrg.audits.either]] who = "David Cook " criteria = "safe-to-deploy" @@ -359,6 +483,22 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.1.20" +[[audits.isrg.audits.getrandom]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.10" +notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`." + +[[audits.isrg.audits.once_cell]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.17.1 -> 1.17.2" + +[[audits.isrg.audits.once_cell]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.17.2 -> 1.18.0" + [[audits.isrg.audits.opaque-debug]] who = "David Cook " criteria = "safe-to-deploy" @@ -394,6 +534,16 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.156 -> 1.0.159" +[[audits.isrg.audits.serde]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.160 -> 1.0.162" + +[[audits.isrg.audits.serde]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.162 -> 1.0.163" + [[audits.isrg.audits.serde_derive]] who = "David Cook " criteria = "safe-to-deploy" @@ -414,6 +564,16 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.156 -> 1.0.159" +[[audits.isrg.audits.serde_derive]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.160 -> 1.0.162" + +[[audits.isrg.audits.serde_derive]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.162 -> 1.0.163" + [[audits.isrg.audits.serde_json]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -429,15 +589,15 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.104 -> 2.0.11" -[[audits.isrg.audits.unicode-ident]] +[[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" -delta = "1.0.2 -> 1.0.3" +version = "0.4.1" [[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.4.1" +delta = "0.5.0 -> 0.5.1" [[audits.isrg.audits.untrusted]] who = "David Cook " @@ -637,6 +797,13 @@ criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.log]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.4.17 -> 0.4.18" +notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.mach2]] who = "Gabriele Svelto " criteria = "safe-to-deploy" @@ -771,6 +938,13 @@ criteria = "safe-to-deploy" delta = "1.0.21 -> 1.0.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.quote]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "1.0.27 -> 1.0.28" +notes = "Enabled on wasm targets" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.rayon]] who = "Josh Stone " criteria = "safe-to-deploy" @@ -803,12 +977,6 @@ criteria = "safe-to-deploy" delta = "1.10.1 -> 1.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.regex]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.6.0 -> 1.7.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.regex-syntax]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -894,10 +1062,11 @@ delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-ident]] -who = "Mike Hommey " +who = "Jan-Erik Rediger " criteria = "safe-to-deploy" -delta = "1.0.3 -> 1.0.6" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +delta = "1.0.8 -> 1.0.9" +notes = "Dependency updates only" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey "