diff --git a/Cargo.lock b/Cargo.lock index 5df4b0c..60a2282 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -578,7 +578,6 @@ dependencies = [ "fastrand", "getopts", "log", - "once_cell", "serde", "signal-hook", "thiserror", diff --git a/master/Cargo.toml b/master/Cargo.toml index 5bec148..b824734 100644 --- a/master/Cargo.toml +++ b/master/Cargo.toml @@ -35,5 +35,3 @@ version = "<0.4.27" optional = true default-features = false features = ["clock"] -[target.wasm32-unknown-emscripten.dependencies] -once_cell = { version = "<1.18", optional = true } diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 98b6b11..acb2fb2 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -1,16 +1,71 @@ # cargo-vet audits file +[[audits.android-tzdata]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.1" + +[[audits.bitflags]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "1.3.2" + +[[audits.const-random]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.18" + +[[audits.const-random-macro]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.16" + +[[audits.constant_time_eq]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.5" + [[audits.fastrand]] who = "Denis Drakhnia " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.0.2" +[[audits.getrandom]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.2.2" + [[audits.iana-time-zone]] who = "Denis Drakhnia " criteria = "safe-to-deploy" delta = "0.1.59 -> 0.1.60" +[[audits.numtoa]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.0" + +[[audits.once_cell]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "1.12.0" + +[[audits.redox_termios]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.1.3" + +[[audits.signal-hook]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.3.17" + +[[audits.tiny-keccak]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "2.0.2" + [[trusted.getopts]] criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 807c4c2..3845adc 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -35,14 +35,6 @@ audit-as-crates-io = true version = "0.4.8" criteria = "safe-to-deploy" -[[exemptions.android-tzdata]] -version = "0.1.1" -criteria = "safe-to-deploy" - -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.blake2b_simd]] version = "0.5.11" criteria = "safe-to-deploy" @@ -51,50 +43,14 @@ criteria = "safe-to-deploy" version = "0.4.26" criteria = "safe-to-deploy" -[[exemptions.const-random]] -version = "0.1.17" -criteria = "safe-to-deploy" - -[[exemptions.const-random-macro]] -version = "0.1.16" -criteria = "safe-to-deploy" - -[[exemptions.constant_time_eq]] -version = "0.1.5" -criteria = "safe-to-deploy" - -[[exemptions.getrandom]] -version = "0.2.10" -criteria = "safe-to-deploy" - -[[exemptions.numtoa]] -version = "0.1.0" -criteria = "safe-to-deploy" - -[[exemptions.once_cell]] -version = "1.17.2" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.2.16" criteria = "safe-to-deploy" -[[exemptions.redox_termios]] -version = "0.1.2" -criteria = "safe-to-deploy" - -[[exemptions.signal-hook]] -version = "0.3.17" -criteria = "safe-to-deploy" - [[exemptions.termion]] version = "2.0.1" criteria = "safe-to-deploy" -[[exemptions.tiny-keccak]] -version = "2.0.2" -criteria = "safe-to-deploy" - [[exemptions.winapi]] version = "0.3.9" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 959c769..59d0148 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -363,6 +363,13 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.getrandom]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.2.2 -> 0.2.12" +notes = "Audited at https://fxrev.dev/932979" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.quote]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -424,15 +431,10 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.2.2" -[[audits.isrg.audits.getrandom]] +[[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "0.2.10 -> 0.2.11" - -[[audits.isrg.audits.getrandom]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "0.2.11 -> 0.2.12" +delta = "1.17.1 -> 1.17.2" [[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " @@ -503,6 +505,24 @@ delta = "0.4.17 -> 0.4.18" notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.once_cell]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.12.0 -> 1.13.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.once_cell]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.13.1 -> 1.16.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.once_cell]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.17.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.toml]] who = "Bobby Holley " criteria = "safe-to-deploy"