From 2fa62195633f82e18cfd7e42fd7ec4c1602480be Mon Sep 17 00:00:00 2001
From: Jack Grigg
Date: Wed, 21 Jun 2023 15:06:28 +0000
Subject: [PATCH] cargo update
---
Cargo.lock | 338 +++++++++++++++++++++--------------
qa/supply-chain/audits.toml | 183 +++++++++++++++++++
qa/supply-chain/config.toml | 34 ++--
qa/supply-chain/imports.lock | 235 ++++++++++++++++++++----
4 files changed, 607 insertions(+), 183 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 40a4bfab61..5e1fa396b9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -29,9 +29,9 @@ dependencies = [
[[package]]
name = "aes"
-version = "0.8.2"
+version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241"
+checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2"
dependencies = [
"cfg-if",
"cipher",
@@ -60,15 +60,15 @@ dependencies = [
[[package]]
name = "allocator-api2"
-version = "0.2.14"
+version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4f263788a35611fba42eb41ff811c5d0360c58b97402570312a350736e2542e"
+checksum = "56fc6cf8dc8c4158eed8649f9b8b0ea1518eb62b544fe9490d66fa0b349eafe9"
[[package]]
name = "anyhow"
-version = "1.0.70"
+version = "1.0.71"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4"
+checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
[[package]]
name = "arrayref"
@@ -78,9 +78,9 @@ checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545"
[[package]]
name = "arrayvec"
-version = "0.7.2"
+version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6"
+checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
[[package]]
name = "autocfg"
@@ -254,9 +254,9 @@ dependencies = [
[[package]]
name = "bumpalo"
-version = "3.12.0"
+version = "3.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
[[package]]
name = "byte-slice-cast"
@@ -347,15 +347,15 @@ dependencies = [
[[package]]
name = "constant_time_eq"
-version = "0.2.5"
+version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13418e745008f7349ec7e449155f419a61b92b58a99cc3616942b926825ec76b"
+checksum = "21a53c0a4d288377e7415b53dcfc3c04da5cdc2cc95c8d5ac178b58f0b861ad6"
[[package]]
name = "cpufeatures"
-version = "0.2.6"
+version = "0.2.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181"
+checksum = "03e69e28e9f7f77debdedbaafa2866e1de9ba56df55a8bd7cfc724c25a09987c"
dependencies = [
"libc",
]
@@ -383,9 +383,9 @@ dependencies = [
[[package]]
name = "crossbeam-epoch"
-version = "0.9.14"
+version = "0.9.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46bd5f3f85273295a9d14aedfb86f6aadbff6d8f5295c4a9edb08e819dcf5695"
+checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7"
dependencies = [
"autocfg",
"cfg-if",
@@ -396,9 +396,9 @@ dependencies = [
[[package]]
name = "crossbeam-utils"
-version = "0.8.15"
+version = "0.8.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b"
+checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294"
dependencies = [
"cfg-if",
]
@@ -460,14 +460,14 @@ checksum = "a26acccf6f445af85ea056362561a24ef56cdc15fcc685f03aec50b9c702cb6d"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.18",
]
[[package]]
name = "digest"
-version = "0.10.6"
+version = "0.10.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer",
"crypto-common",
@@ -511,7 +511,7 @@ checksum = "04414300db88f70d74c5ff54e50f9e1d1737d9a5b90f53fcf2e95ca2a9ab554b"
dependencies = [
"libc",
"redox_users",
- "windows-sys",
+ "windows-sys 0.45.0",
]
[[package]]
@@ -558,13 +558,13 @@ dependencies = [
[[package]]
name = "errno"
-version = "0.3.0"
+version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50d6a0976c999d473fe89ad888d5a284e55366d9dc9038b1ba2aa15128c4afa0"
+checksum = "4bcfec3a70f97c962c307b2d2c56e358cf1d00b558d74262b5f929ee8cc7e73a"
dependencies = [
"errno-dragonfly",
"libc",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -638,7 +638,7 @@ checksum = "26c4b37de5ae15812a764c958297cfc50f5c010438f60c6ce75d11b802abd404"
dependencies = [
"cbc",
"cipher",
- "libm 0.2.6",
+ "libm 0.2.7",
"num-bigint",
"num-integer",
"num-traits",
@@ -695,9 +695,9 @@ dependencies = [
[[package]]
name = "getrandom"
-version = "0.2.9"
+version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
+checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427"
dependencies = [
"cfg-if",
"libc",
@@ -706,9 +706,9 @@ dependencies = [
[[package]]
name = "gimli"
-version = "0.27.2"
+version = "0.27.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4"
+checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e"
[[package]]
name = "group"
@@ -967,13 +967,13 @@ dependencies = [
[[package]]
name = "io-lifetimes"
-version = "1.0.9"
+version = "1.0.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09270fd4fa1111bc614ed2246c7ef56239a3063d5be0d1ec3b589c505d400aeb"
+checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
dependencies = [
"hermit-abi 0.3.1",
"libc",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -990,9 +990,9 @@ checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
[[package]]
name = "js-sys"
-version = "0.3.61"
+version = "0.3.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a"
dependencies = [
"wasm-bindgen",
]
@@ -1022,9 +1022,9 @@ dependencies = [
[[package]]
name = "libc"
-version = "0.2.141"
+version = "0.2.146"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5"
+checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b"
[[package]]
name = "libm"
@@ -1034,9 +1034,9 @@ checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a"
[[package]]
name = "libm"
-version = "0.2.6"
+version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "348108ab3fba42ec82ff6e9564fc4ca0247bdccdc68dd8af9764bbc79c3c8ffb"
+checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4"
[[package]]
name = "librustzcash"
@@ -1114,12 +1114,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
[[package]]
name = "log"
-version = "0.4.17"
+version = "0.4.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
-dependencies = [
- "cfg-if",
-]
+checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
[[package]]
name = "mach2"
@@ -1157,9 +1154,9 @@ checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
[[package]]
name = "memoffset"
-version = "0.8.0"
+version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
+checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c"
dependencies = [
"autocfg",
]
@@ -1210,7 +1207,7 @@ checksum = "ddece26afd34c31585c74a4db0630c376df271c285d682d1e55012197830b6df"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.18",
]
[[package]]
@@ -1246,14 +1243,13 @@ dependencies = [
[[package]]
name = "mio"
-version = "0.8.6"
+version = "0.8.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9"
+checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2"
dependencies = [
"libc",
- "log",
"wasi",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -1322,7 +1318,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
dependencies = [
"autocfg",
- "libm 0.2.6",
+ "libm 0.2.7",
]
[[package]]
@@ -1337,18 +1333,18 @@ dependencies = [
[[package]]
name = "object"
-version = "0.30.3"
+version = "0.30.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea86265d3d3dcb6a27fc51bd29a4bf387fae9d2986b823079d4986af253eb439"
+checksum = "03b4680b86d9cfafba8fc491dc9b6df26b68cf40e9e6cd73909194759a63c385"
dependencies = [
"memchr",
]
[[package]]
name = "once_cell"
-version = "1.17.1"
+version = "1.18.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
[[package]]
name = "opaque-debug"
@@ -1412,9 +1408,9 @@ dependencies = [
[[package]]
name = "parity-scale-codec"
-version = "3.5.0"
+version = "3.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ddb756ca205bd108aee3c62c6d3c994e1df84a59b9d6d4a5ea42ee1fd5a9a28"
+checksum = "2287753623c76f953acd29d15d8100bcab84d29db78fb6f352adb3c53e83b967"
dependencies = [
"arrayvec",
"bitvec",
@@ -1426,9 +1422,9 @@ dependencies = [
[[package]]
name = "parity-scale-codec-derive"
-version = "3.1.4"
+version = "3.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86b26a931f824dd4eca30b3e43bb4f31cd5f0d3a403c5f5ff27106b805bfde7b"
+checksum = "2b6937b5e67bfba3351b87b040d48352a2fcb6ad72f81855412ce97b45c8f110"
dependencies = [
"proc-macro-crate",
"proc-macro2",
@@ -1574,9 +1570,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
-version = "1.0.59"
+version = "1.0.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b"
+checksum = "dec2b086b7a862cf4de201096214fa870344cf922b2b30c167badb3af3195406"
dependencies = [
"unicode-ident",
]
@@ -1595,7 +1591,7 @@ dependencies = [
"rand",
"rand_chacha",
"rand_xorshift",
- "regex-syntax",
+ "regex-syntax 0.6.29",
"rusty-fork",
"tempfile",
"unarray",
@@ -1625,9 +1621,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
[[package]]
name = "quote"
-version = "1.0.26"
+version = "1.0.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+checksum = "1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488"
dependencies = [
"proc-macro2",
]
@@ -1770,11 +1766,11 @@ dependencies = [
[[package]]
name = "regex"
-version = "1.7.3"
+version = "1.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d"
+checksum = "d0ab3ca65655bb1e41f2a8c8cd662eb4fb035e67c3f78da1d61dffe89d07300f"
dependencies = [
- "regex-syntax",
+ "regex-syntax 0.7.2",
]
[[package]]
@@ -1783,7 +1779,7 @@ version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
dependencies = [
- "regex-syntax",
+ "regex-syntax 0.6.29",
]
[[package]]
@@ -1792,6 +1788,12 @@ version = "0.6.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
+[[package]]
+name = "regex-syntax"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78"
+
[[package]]
name = "ring"
version = "0.16.20"
@@ -1830,16 +1832,16 @@ checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6"
[[package]]
name = "rustix"
-version = "0.37.7"
+version = "0.37.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d"
+checksum = "b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"
dependencies = [
"bitflags",
"errno",
"io-lifetimes",
"libc",
"linux-raw-sys",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -1895,29 +1897,29 @@ dependencies = [
[[package]]
name = "serde"
-version = "1.0.160"
+version = "1.0.164"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
+checksum = "9e8c8cf938e98f769bc164923b06dce91cea1751522f46f8466461af04c9027d"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
-version = "1.0.160"
+version = "1.0.164"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
+checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.18",
]
[[package]]
name = "serde_json"
-version = "1.0.96"
+version = "1.0.97"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1"
+checksum = "bdf3bf93142acad5821c99197022e170842cdbc1c30482b98750c688c640842a"
dependencies = [
"itoa",
"ryu",
@@ -1926,9 +1928,9 @@ dependencies = [
[[package]]
name = "sha2"
-version = "0.10.6"
+version = "0.10.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
+checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8"
dependencies = [
"cfg-if",
"cpufeatures",
@@ -2003,9 +2005,9 @@ dependencies = [
[[package]]
name = "syn"
-version = "2.0.15"
+version = "2.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822"
+checksum = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
dependencies = [
"proc-macro2",
"quote",
@@ -2020,15 +2022,16 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
[[package]]
name = "tempfile"
-version = "3.5.0"
+version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
+checksum = "31c0432476357e58790aaa47a8efb0c5138f137343f3b5f23bd36a27e3b0a6d6"
dependencies = [
+ "autocfg",
"cfg-if",
"fastrand",
"redox_syscall 0.3.5",
"rustix",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -2061,7 +2064,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.18",
]
[[package]]
@@ -2076,9 +2079,9 @@ dependencies = [
[[package]]
name = "time"
-version = "0.3.20"
+version = "0.3.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890"
+checksum = "ea9e1b3cf1243ae005d9e74085d4d542f3125458f3a81af210d901dcd7411efd"
dependencies = [
"itoa",
"serde",
@@ -2088,15 +2091,15 @@ dependencies = [
[[package]]
name = "time-core"
-version = "0.1.0"
+version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd"
+checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
[[package]]
name = "time-macros"
-version = "0.2.8"
+version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36"
+checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b"
dependencies = [
"time-core",
]
@@ -2118,16 +2121,16 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
-version = "1.27.0"
+version = "1.28.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0de47a4eecbe11f498978a9b29d792f0d2692d1dd003650c24c76510e3bc001"
+checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
dependencies = [
"autocfg",
"libc",
"mio",
"pin-project-lite",
"socket2",
- "windows-sys",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -2178,20 +2181,20 @@ dependencies = [
[[package]]
name = "tracing-attributes"
-version = "0.1.23"
+version = "0.1.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a"
+checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
dependencies = [
"proc-macro2",
"quote",
- "syn 1.0.109",
+ "syn 2.0.18",
]
[[package]]
name = "tracing-core"
-version = "0.1.30"
+version = "0.1.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
+checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a"
dependencies = [
"once_cell",
"valuable",
@@ -2199,9 +2202,9 @@ dependencies = [
[[package]]
name = "tracing-subscriber"
-version = "0.3.16"
+version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70"
+checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77"
dependencies = [
"matchers",
"nu-ansi-term",
@@ -2246,9 +2249,9 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94"
[[package]]
name = "unicode-ident"
-version = "1.0.8"
+version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+checksum = "b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0"
[[package]]
name = "unicode-normalization"
@@ -2261,9 +2264,9 @@ dependencies = [
[[package]]
name = "universal-hash"
-version = "0.5.0"
+version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5"
+checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
dependencies = [
"crypto-common",
"subtle",
@@ -2298,11 +2301,10 @@ dependencies = [
[[package]]
name = "want"
-version = "0.3.0"
+version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0"
+checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
dependencies = [
- "log",
"try-lock",
]
@@ -2314,9 +2316,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
-version = "0.2.84"
+version = "0.2.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
+checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342"
dependencies = [
"cfg-if",
"wasm-bindgen-macro",
@@ -2324,24 +2326,24 @@ dependencies = [
[[package]]
name = "wasm-bindgen-backend"
-version = "0.2.84"
+version = "0.2.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
+checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd"
dependencies = [
"bumpalo",
"log",
"once_cell",
"proc-macro2",
"quote",
- "syn 1.0.109",
+ "syn 2.0.18",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
-version = "0.2.84"
+version = "0.2.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
+checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
@@ -2349,28 +2351,28 @@ dependencies = [
[[package]]
name = "wasm-bindgen-macro-support"
-version = "0.2.84"
+version = "0.2.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
+checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
dependencies = [
"proc-macro2",
"quote",
- "syn 1.0.109",
+ "syn 2.0.18",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
-version = "0.2.84"
+version = "0.2.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
+checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1"
[[package]]
name = "web-sys"
-version = "0.3.61"
+version = "0.3.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b"
dependencies = [
"js-sys",
"wasm-bindgen",
@@ -2415,7 +2417,16 @@ version = "0.45.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
dependencies = [
- "windows-targets",
+ "windows-targets 0.42.2",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.0",
]
[[package]]
@@ -2424,13 +2435,28 @@ version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
+ "windows_aarch64_gnullvm 0.42.2",
+ "windows_aarch64_msvc 0.42.2",
+ "windows_i686_gnu 0.42.2",
+ "windows_i686_msvc 0.42.2",
+ "windows_x86_64_gnu 0.42.2",
+ "windows_x86_64_gnullvm 0.42.2",
+ "windows_x86_64_msvc 0.42.2",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.0",
+ "windows_aarch64_msvc 0.48.0",
+ "windows_i686_gnu 0.48.0",
+ "windows_i686_msvc 0.48.0",
+ "windows_x86_64_gnu 0.48.0",
+ "windows_x86_64_gnullvm 0.48.0",
+ "windows_x86_64_msvc 0.48.0",
]
[[package]]
@@ -2439,47 +2465,89 @@ version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc"
+
[[package]]
name = "windows_aarch64_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3"
+
[[package]]
name = "windows_i686_gnu"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241"
+
[[package]]
name = "windows_i686_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00"
+
[[package]]
name = "windows_x86_64_gnu"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1"
+
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953"
+
[[package]]
name = "windows_x86_64_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
+
[[package]]
name = "winnow"
-version = "0.4.6"
+version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61de7bac303dc551fe038e2b3cef0f571087a47571ea6e79a87692ac99b99699"
+checksum = "ca0ace3845f0d96209f0375e6d367e3eb87eb65d27d445bdc9f1843a26f39448"
dependencies = [
"memchr",
]
@@ -2613,5 +2681,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.15",
+ "syn 2.0.18",
]
diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml
index 043d50356a..cda030daf5 100644
--- a/qa/supply-chain/audits.toml
+++ b/qa/supply-chain/audits.toml
@@ -24,6 +24,17 @@ who = "Jack Grigg "
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.5.1 -> 0.5.2"
+[[audits.allocator-api2]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.2.14 -> 0.2.15"
+notes = """
+- Some existing `unsafe` code is moved without being altered.
+- The new `SliceExt` extension trait uses `unsafe` methods `Vec::set_len` and
+ `core::ptr::copy_nonoverlapping` to initialize a `Vec` efficiently. The safety
+ requirements appear to be satisfied.
+"""
+
[[audits.anyhow]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -190,6 +201,11 @@ criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.2.4 -> 0.2.5"
notes = "No code changes."
+[[audits.constant_time_eq]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.2.5 -> 0.2.6"
+
[[audits.cpufeatures]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -219,6 +235,12 @@ criteria = "safe-to-deploy"
delta = "0.9.13 -> 0.9.14"
notes = "Bumps memoffset to 0.8, and marks some BPF and Sony Vita targets as not having atomics."
+[[audits.crossbeam-epoch]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.9.14 -> 0.9.15"
+notes = "Bumps memoffset to 0.9, and unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics."
+
[[audits.crossbeam-utils]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -228,6 +250,16 @@ notes = """
- Marks some BPF and Sony Vita targets as not having atomics.
"""
+[[audits.crossbeam-utils]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.8.15 -> 0.8.16"
+notes = """
+- Fixes cache line alignment for some targets.
+- Replaces `mem::replace` with `Option::take` inside `unsafe` blocks.
+- Unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics.
+"""
+
[[audits.crypto-common]]
who = "Jack Grigg "
criteria = ["crypto-reviewed", "safe-to-deploy"]
@@ -611,6 +643,11 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "0.27.0 -> 0.27.2"
+[[audits.gimli]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.27.2 -> 0.27.3"
+
[[audits.group]]
who = "Kris Nuttycombe "
criteria = "safe-to-deploy"
@@ -729,6 +766,11 @@ criteria = "safe-to-deploy"
version = "0.1.3"
notes = "Reviewed in full."
+[[audits.io-lifetimes]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "1.0.10 -> 1.0.11"
+
[[audits.ipnet]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -760,6 +802,11 @@ notes = """
MDN documentation.
"""
+[[audits.js-sys]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.3.61 -> 0.3.64"
+
[[audits.jubjub]]
who = "Sean Bowe "
criteria = "safe-to-deploy"
@@ -798,11 +845,26 @@ criteria = "safe-to-deploy"
delta = "0.4.16 -> 0.4.17"
notes = "I confirmed that the unsafe transmutes are fine; NonZeroU128 and NonZeroI128 are `#[repr(transparent)]` wrappers around u128 and i128 respectively."
+[[audits.log]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.4.18 -> 0.4.19"
+
[[audits.maybe-rayon]]
who = "Sean Bowe "
criteria = "safe-to-deploy"
version = "0.1.1"
+[[audits.memoffset]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.8.0 -> 0.9.0"
+notes = """
+Refactors the `offset_of` macros to optionally replace their existing `unsafe`
+implementations with the unstable internal `core::mem::offset_of` macro. The
+existing `unsafe` implementations are unaltered.
+"""
+
[[audits.memuse]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -865,6 +927,11 @@ New `unsafe` usages:
- Additional `syscall!(close(socket))` calls before returning errors.
"""
+[[audits.mio]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.8.6 -> 0.8.8"
+
[[audits.nix]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -892,6 +959,11 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "0.30.2 -> 0.30.3"
+[[audits.object]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.30.3 -> 0.30.4"
+
[[audits.once_cell]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -950,6 +1022,11 @@ notes = """
- Fixes `max_encoded_len()` to pay attention to `#[codec(skip)]` attribute.
"""
+[[audits.parity-scale-codec-derive]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "3.1.4 -> 3.6.1"
+
[[audits.parking_lot]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1065,6 +1142,11 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "1.0.54 -> 1.0.56"
+[[audits.proc-macro2]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "1.0.59 -> 1.0.60"
+
[[audits.quanta]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1167,6 +1249,11 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "1.0.159 -> 1.0.160"
+[[audits.serde]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "1.0.163 -> 1.0.164"
+
[[audits.serde_derive]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1188,11 +1275,32 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "1.0.159 -> 1.0.160"
+[[audits.serde_derive]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "1.0.163 -> 1.0.164"
+
[[audits.serde_json]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "1.0.95 -> 1.0.96"
+[[audits.serde_json]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "1.0.96 -> 1.0.97"
+
+[[audits.sha2]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.10.6 -> 0.10.7"
+notes = """
+The new `unsafe` assembly backend only uses aarch64 intrinsics, via their typed
+Rust APIs (aside from the SHA2-specific intrinsics that are not in Rust yet). I
+did not perform a cryptographic review, but the code to load from and store into
+the function arguments looks correct.
+"""
+
[[audits.signature]]
who = "Daira Emma Hopwood "
criteria = "safe-to-deploy"
@@ -1244,6 +1352,17 @@ who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "2.0.13 -> 2.0.15"
+[[audits.syn]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "2.0.15 -> 2.0.18"
+
+[[audits.tempfile]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "3.5.0 -> 3.6.0"
+notes = "New `build.rs` file uses `autocfg` crate to conditionally enable new trait impls."
+
[[audits.terminfo]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1284,6 +1403,21 @@ New `unsafe` usage:
- Setting and getting a `#[thread_local] static mut Option` on nightly.
"""
+[[audits.time]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.3.20 -> 0.3.22"
+notes = """
+Fixes alignment (by using `#[repr(C)]`) of some `union`s that are used in
+`unsafe` blocks to const convert between `UtcOffset`, and a trait type that is
+either `UtcOffset` or `()`.
+"""
+
+[[audits.time-core]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.1.0 -> 0.1.1"
+
[[audits.time-macros]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1299,6 +1433,11 @@ notes = """
- Bumps MSRV to 1.63.
"""
+[[audits.time-macros]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.2.8 -> 0.2.9"
+
[[audits.tinyvec_macros]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1322,6 +1461,31 @@ who = "Sean Bowe "
criteria = "safe-to-deploy"
delta = "0.19.7 -> 0.19.8"
+[[audits.tracing-attributes]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.1.23 -> 0.1.25"
+
+[[audits.tracing-attributes]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.1.25 -> 0.1.26"
+
+[[audits.tracing-core]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.1.30 -> 0.1.31"
+notes = """
+The only new `unsafe` block is to intentionally leak a scoped subscriber onto
+the heap when setting it as the global default dispatcher. I checked that the
+global default can only be set once and is never dropped.
+"""
+
+[[audits.tracing-subscriber]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.3.16 -> 0.3.17"
+
[[audits.try-lock]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
@@ -1349,18 +1513,37 @@ criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
+[[audits.want]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.3.0 -> 0.3.1"
+notes = """
+Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked
+`unsafe` (but that were being used safely).
+"""
+
[[audits.wasm-bindgen-shared]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "0.2.83 -> 0.2.84"
notes = "Bumps the schema version to add `linked_modules`."
+[[audits.wasm-bindgen-shared]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.2.84 -> 0.2.87"
+
[[audits.which]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
delta = "4.3.0 -> 4.4.0"
notes = "New APIs are remixes of existing code."
+[[audits.winnow]]
+who = "Jack Grigg "
+criteria = "safe-to-deploy"
+delta = "0.4.6 -> 0.4.7"
+
[[audits.wyz]]
who = "Jack Grigg "
criteria = "safe-to-deploy"
diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml
index 6dc9e8ca32..bec4c342ca 100644
--- a/qa/supply-chain/config.toml
+++ b/qa/supply-chain/config.toml
@@ -47,6 +47,10 @@ criteria = "safe-to-deploy"
version = "0.2.14"
criteria = "safe-to-deploy"
+[[exemptions.arrayvec]]
+version = "0.7.4"
+criteria = "safe-to-deploy"
+
[[exemptions.backtrace]]
version = "0.3.67"
criteria = "safe-to-deploy"
@@ -128,7 +132,7 @@ version = "1.0.9"
criteria = "safe-to-deploy"
[[exemptions.cpufeatures]]
-version = "0.2.2"
+version = "0.2.8"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-channel]]
@@ -287,10 +291,6 @@ criteria = "safe-to-deploy"
version = "0.1.12"
criteria = "safe-to-deploy"
-[[exemptions.io-lifetimes]]
-version = "1.0.9"
-criteria = "safe-to-deploy"
-
[[exemptions.ipnet]]
version = "2.5.0"
criteria = "safe-to-deploy"
@@ -308,7 +308,7 @@ version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.libc]]
-version = "0.2.141"
+version = "0.2.146"
criteria = "safe-to-deploy"
[[exemptions.libm]]
@@ -408,7 +408,7 @@ version = "0.22.0"
criteria = "safe-to-deploy"
[[exemptions.parity-scale-codec]]
-version = "3.5.0"
+version = "3.6.1"
criteria = "safe-to-deploy"
[[exemptions.parity-scale-codec-derive]]
@@ -516,7 +516,7 @@ version = "0.4.3"
criteria = "safe-to-deploy"
[[exemptions.regex]]
-version = "1.6.0"
+version = "1.8.4"
criteria = "safe-to-deploy"
[[exemptions.regex-automata]]
@@ -527,6 +527,10 @@ criteria = "safe-to-deploy"
version = "0.6.27"
criteria = "safe-to-deploy"
+[[exemptions.regex-syntax]]
+version = "0.7.2"
+criteria = "safe-to-deploy"
+
[[exemptions.ring]]
version = "0.16.20"
criteria = "safe-to-deploy"
@@ -540,7 +544,7 @@ version = "2.1.0"
criteria = "safe-to-deploy"
[[exemptions.rustix]]
-version = "0.37.7"
+version = "0.37.20"
criteria = "safe-to-deploy"
[[exemptions.rusty-fork]]
@@ -640,7 +644,7 @@ version = "0.2.7"
criteria = "safe-to-deploy"
[[exemptions.tokio]]
-version = "1.27.0"
+version = "1.28.2"
criteria = "safe-to-deploy"
[[exemptions.toml_edit]]
@@ -692,23 +696,23 @@ version = "0.11.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen]]
-version = "0.2.84"
+version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-backend]]
-version = "0.2.84"
+version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro]]
-version = "0.2.84"
+version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro-support]]
-version = "0.2.84"
+version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.web-sys]]
-version = "0.3.61"
+version = "0.3.64"
criteria = "safe-to-deploy"
[[exemptions.which]]
diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock
index 206ee29948..5546486b5a 100644
--- a/qa/supply-chain/imports.lock
+++ b/qa/supply-chain/imports.lock
@@ -1,6 +1,13 @@
# cargo-vet imports lock
+[[publisher.bumpalo]]
+version = "3.13.0"
+when = "2023-05-22"
+user-id = 696
+user-login = "fitzgen"
+user-name = "Nick Fitzgerald"
+
[[publisher.windows-sys]]
version = "0.45.0"
when = "2023-01-21"
@@ -8,6 +15,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows-sys]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows-targets]]
version = "0.42.2"
when = "2023-03-13"
@@ -15,6 +29,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows-targets]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_aarch64_gnullvm]]
version = "0.42.2"
when = "2023-03-13"
@@ -22,6 +43,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_aarch64_gnullvm]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_aarch64_msvc]]
version = "0.42.2"
when = "2023-03-13"
@@ -29,6 +57,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_aarch64_msvc]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_i686_gnu]]
version = "0.42.2"
when = "2023-03-13"
@@ -36,6 +71,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_i686_gnu]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_i686_msvc]]
version = "0.42.2"
when = "2023-03-13"
@@ -43,6 +85,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_i686_msvc]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_x86_64_gnu]]
version = "0.42.2"
when = "2023-03-13"
@@ -50,6 +99,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_x86_64_gnu]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_x86_64_gnullvm]]
version = "0.42.2"
when = "2023-03-13"
@@ -57,6 +113,13 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_x86_64_gnullvm]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
[[publisher.windows_x86_64_msvc]]
version = "0.42.2"
when = "2023-03-13"
@@ -64,6 +127,25 @@ user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
+[[publisher.windows_x86_64_msvc]]
+version = "0.48.0"
+when = "2023-03-31"
+user-id = 64539
+user-login = "kennykerr"
+user-name = "Kenny Kerr"
+
+[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
+who = "Nick Fitzgerald "
+criteria = "safe-to-deploy"
+user-id = 696 # Nick Fitzgerald (fitzgen)
+start = "2019-03-16"
+end = "2024-03-10"
+
+[[audits.bytecode-alliance.audits.anyhow]]
+who = "Pat Hickey "
+criteria = "safe-to-deploy"
+delta = "1.0.69 -> 1.0.71"
+
[[audits.bytecode-alliance.audits.arrayref]]
who = "Nick Fitzgerald "
criteria = "safe-to-deploy"
@@ -73,15 +155,6 @@ Unsafe code, but its logic looks good to me. Necessary given what it is
doing. Well tested, has quickchecks.
"""
-[[audits.bytecode-alliance.audits.arrayvec]]
-who = "Nick Fitzgerald "
-criteria = "safe-to-deploy"
-version = "0.7.2"
-notes = """
-Well documented invariants, good assertions for those invariants in unsafe code,
-and tested with MIRI to boot. LGTM.
-"""
-
[[audits.bytecode-alliance.audits.base64]]
who = "Pat Hickey "
criteria = "safe-to-deploy"
@@ -93,12 +166,6 @@ who = "Benjamin Bouvier "
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.2"
-[[audits.bytecode-alliance.audits.bumpalo]]
-who = "Nick Fitzgerald "
-criteria = "safe-to-deploy"
-version = "3.11.1"
-notes = "I am the author of this crate."
-
[[audits.bytecode-alliance.audits.cfg-if]]
who = "Alex Crichton "
criteria = "safe-to-deploy"
@@ -127,6 +194,12 @@ criteria = "safe-to-deploy"
version = "0.3.0"
notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
+[[audits.bytecode-alliance.audits.errno]]
+who = "Dan Gohman "
+criteria = "safe-to-deploy"
+delta = "0.3.0 -> 0.3.1"
+notes = "Just a dependency version bump and a bug fix for redox"
+
[[audits.bytecode-alliance.audits.errno-dragonfly]]
who = "Jamey Sharp "
criteria = "safe-to-deploy"
@@ -163,6 +236,43 @@ criteria = "safe-to-deploy"
version = "1.0.2"
notes = "No unsafety, no io"
+[[audits.bytecode-alliance.audits.io-lifetimes]]
+who = "Dan Gohman "
+criteria = "safe-to-deploy"
+version = "1.0.3"
+notes = "I am the author of this crate."
+
+[[audits.bytecode-alliance.audits.io-lifetimes]]
+who = "Pat Hickey "
+criteria = "safe-to-deploy"
+delta = "1.0.3 -> 1.0.5"
+notes = "The Bytecode Alliance is the author of this crate."
+
+[[audits.bytecode-alliance.audits.io-lifetimes]]
+who = "Dan Gohman "
+criteria = "safe-to-deploy"
+delta = "1.0.5 -> 1.0.10"
+notes = "I am the maintainer of this crate."
+
+[[audits.bytecode-alliance.audits.libm]]
+who = "Alex Crichton "
+criteria = "safe-to-deploy"
+delta = "0.2.2 -> 0.2.4"
+notes = """
+This diff primarily fixes a few issues with the `fma`-related functions,
+but also contains some other minor fixes as well. Everything looks A-OK and
+as expected.
+"""
+
+[[audits.bytecode-alliance.audits.libm]]
+who = "Alex Crichton "
+criteria = "safe-to-deploy"
+delta = "0.2.4 -> 0.2.7"
+notes = """
+This is a minor update which has some testing affordances as well as some
+updated math algorithms.
+"""
+
[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey "
criteria = "safe-to-deploy"
@@ -184,6 +294,11 @@ who = "Pat Hickey "
criteria = "safe-to-deploy"
delta = "1.0.51 -> 1.0.57"
+[[audits.bytecode-alliance.audits.quote]]
+who = "Pat Hickey "
+criteria = "safe-to-deploy"
+delta = "1.0.23 -> 1.0.27"
+
[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton "
criteria = "safe-to-deploy"
@@ -227,6 +342,11 @@ criteria = "safe-to-deploy"
version = "0.2.4"
notes = "Implements a concurrency primitive with atomics, and is not obviously incorrect"
+[[audits.bytecode-alliance.audits.unicode-ident]]
+who = "Pat Hickey "
+criteria = "safe-to-deploy"
+version = "1.0.8"
+
[[audits.bytecode-alliance.audits.unicode-normalization]]
who = "Alex Crichton "
criteria = "safe-to-deploy"
@@ -249,12 +369,6 @@ who = "Johan Andersson "
criteria = "safe-to-deploy"
version = "1.0.58"
-[[audits.embark-studios.audits.epaint]]
-who = "Johan Andersson "
-criteria = "safe-to-deploy"
-violation = "<0.20.0"
-notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321"
-
[[audits.embark-studios.audits.tap]]
who = "Johan Andersson "
criteria = "safe-to-deploy"
@@ -301,6 +415,11 @@ criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
+[[audits.isrg.audits.aes]]
+who = "Brandon Pitman "
+criteria = "safe-to-deploy"
+delta = "0.8.2 -> 0.8.3"
+
[[audits.isrg.audits.base64]]
who = "Tim Geoghegan "
criteria = "safe-to-deploy"
@@ -321,6 +440,11 @@ who = "David Cook "
criteria = "safe-to-deploy"
version = "0.2.2"
+[[audits.isrg.audits.digest]]
+who = "David Cook "
+criteria = "safe-to-deploy"
+delta = "0.10.6 -> 0.10.7"
+
[[audits.isrg.audits.either]]
who = "David Cook "
criteria = "safe-to-deploy"
@@ -359,6 +483,22 @@ who = "David Cook "
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.1.20"
+[[audits.isrg.audits.getrandom]]
+who = "Tim Geoghegan "
+criteria = "safe-to-deploy"
+delta = "0.2.9 -> 0.2.10"
+notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
+
+[[audits.isrg.audits.once_cell]]
+who = "Brandon Pitman "
+criteria = "safe-to-deploy"
+delta = "1.17.1 -> 1.17.2"
+
+[[audits.isrg.audits.once_cell]]
+who = "David Cook "
+criteria = "safe-to-deploy"
+delta = "1.17.2 -> 1.18.0"
+
[[audits.isrg.audits.opaque-debug]]
who = "David Cook "
criteria = "safe-to-deploy"
@@ -394,6 +534,16 @@ who = "Brandon Pitman "
criteria = "safe-to-deploy"
delta = "1.0.156 -> 1.0.159"
+[[audits.isrg.audits.serde]]
+who = "Brandon Pitman "
+criteria = "safe-to-deploy"
+delta = "1.0.160 -> 1.0.162"
+
+[[audits.isrg.audits.serde]]
+who = "David Cook "
+criteria = "safe-to-deploy"
+delta = "1.0.162 -> 1.0.163"
+
[[audits.isrg.audits.serde_derive]]
who = "David Cook "
criteria = "safe-to-deploy"
@@ -414,6 +564,16 @@ who = "Brandon Pitman "
criteria = "safe-to-deploy"
delta = "1.0.156 -> 1.0.159"
+[[audits.isrg.audits.serde_derive]]
+who = "Brandon Pitman "
+criteria = "safe-to-deploy"
+delta = "1.0.160 -> 1.0.162"
+
+[[audits.isrg.audits.serde_derive]]
+who = "David Cook "
+criteria = "safe-to-deploy"
+delta = "1.0.162 -> 1.0.163"
+
[[audits.isrg.audits.serde_json]]
who = "Brandon Pitman "
criteria = "safe-to-deploy"
@@ -429,15 +589,15 @@ who = "Brandon Pitman "
criteria = "safe-to-deploy"
delta = "1.0.104 -> 2.0.11"
-[[audits.isrg.audits.unicode-ident]]
+[[audits.isrg.audits.universal-hash]]
who = "David Cook "
criteria = "safe-to-deploy"
-delta = "1.0.2 -> 1.0.3"
+version = "0.4.1"
[[audits.isrg.audits.universal-hash]]
who = "David Cook "
criteria = "safe-to-deploy"
-version = "0.4.1"
+delta = "0.5.0 -> 0.5.1"
[[audits.isrg.audits.untrusted]]
who = "David Cook "
@@ -637,6 +797,13 @@ criteria = "safe-to-deploy"
version = "0.4.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+[[audits.mozilla.audits.log]]
+who = "Jan-Erik Rediger "
+criteria = "safe-to-deploy"
+delta = "0.4.17 -> 0.4.18"
+notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed."
+aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
+
[[audits.mozilla.audits.mach2]]
who = "Gabriele Svelto "
criteria = "safe-to-deploy"
@@ -771,6 +938,13 @@ criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+[[audits.mozilla.audits.quote]]
+who = "Jan-Erik Rediger "
+criteria = "safe-to-deploy"
+delta = "1.0.27 -> 1.0.28"
+notes = "Enabled on wasm targets"
+aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
+
[[audits.mozilla.audits.rayon]]
who = "Josh Stone "
criteria = "safe-to-deploy"
@@ -803,12 +977,6 @@ criteria = "safe-to-deploy"
delta = "1.10.1 -> 1.10.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
-[[audits.mozilla.audits.regex]]
-who = "Mike Hommey "
-criteria = "safe-to-deploy"
-delta = "1.6.0 -> 1.7.0"
-aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
-
[[audits.mozilla.audits.regex-syntax]]
who = "Mike Hommey "
criteria = "safe-to-deploy"
@@ -894,10 +1062,11 @@ delta = "1.15.0 -> 1.16.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-ident]]
-who = "Mike Hommey "
+who = "Jan-Erik Rediger "
criteria = "safe-to-deploy"
-delta = "1.0.3 -> 1.0.6"
-aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+delta = "1.0.8 -> 1.0.9"
+notes = "Dependency updates only"
+aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey "