From 827c37b765b50172da8a35e60f80bbcad55bb3e1 Mon Sep 17 00:00:00 2001 From: Denis Drakhnia Date: Wed, 5 Jun 2024 15:57:30 +0300 Subject: [PATCH] all: update dependencies --- Cargo.lock | 174 ++++++++++++++------------- supply-chain/audits.toml | 36 ++++++ supply-chain/config.toml | 10 +- supply-chain/imports.lock | 247 +++++++++++++++++++++++--------------- 4 files changed, 286 insertions(+), 181 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dcc121f..3989e20 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -34,15 +34,15 @@ checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" [[package]] name = "arrayvec" -version = "0.7.2" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6" +checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "autocfg" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "bitflags" @@ -69,18 +69,15 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.12.0" +version = "3.15.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" +checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa" [[package]] name = "cc" -version = "1.0.83" +version = "1.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" [[package]] name = "cfg-if" @@ -128,9 +125,9 @@ checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" [[package]] name = "core-foundation-sys" -version = "0.8.4" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" [[package]] name = "crossterm" @@ -165,9 +162,9 @@ checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" [[package]] name = "fastrand" -version = "2.0.2" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "658bd65b1cf4c852a3cc96f18a8ce7b5640f6b703f905c7d74532294c2a63984" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "getopts" @@ -180,9 +177,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -220,24 +217,24 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "js-sys" -version = "0.3.64" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -278,9 +275,9 @@ checksum = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b" [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -288,49 +285,49 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", "redox_syscall", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.5", ] [[package]] name = "proc-macro2" -version = "1.0.79" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] [[package]] name = "redox_syscall" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", ] [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "scopeguard" @@ -340,18 +337,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", @@ -360,9 +357,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.115" +version = "1.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" dependencies = [ "itoa", "ryu", @@ -392,9 +389,9 @@ dependencies = [ [[package]] name = "signal-hook-registry" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" dependencies = [ "libc", ] @@ -418,18 +415,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.58" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.58" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", @@ -462,9 +459,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-width" -version = "0.1.11" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" +checksum = "68f5e5f3158ecfd4b8ff6fe086db7c8467a2dfdac97fe420f2b7c4aa97af66d6" [[package]] name = "wasi" @@ -474,9 +471,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -484,9 +481,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", @@ -499,9 +496,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -509,9 +506,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", @@ -522,9 +519,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "winapi" @@ -554,7 +551,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.4", + "windows-targets 0.52.5", ] [[package]] @@ -583,17 +580,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.4", - "windows_aarch64_msvc 0.52.4", - "windows_i686_gnu 0.52.4", - "windows_i686_msvc 0.52.4", - "windows_x86_64_gnu 0.52.4", - "windows_x86_64_gnullvm 0.52.4", - "windows_x86_64_msvc 0.52.4", + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -604,9 +602,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" @@ -616,9 +614,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" @@ -628,9 +626,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.4" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" @@ -640,9 +644,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" @@ -652,9 +656,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" @@ -664,9 +668,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" @@ -676,9 +680,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.4" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "xash3d-admin" diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index f7f452b..869f69a 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -11,6 +11,11 @@ who = "Denis Drakhnia " criteria = "safe-to-deploy" version = "0.1.1" +[[audits.arrayvec]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +delta = "0.7.2 -> 0.7.4" + [[audits.bitflags]] who = "Denis Drakhnia " criteria = "safe-to-deploy" @@ -21,6 +26,11 @@ who = "Denis Drakhnia " criteria = "safe-to-deploy" version = "1.0.0" +[[audits.cc]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +delta = "1.0.97 -> 1.0.98" + [[audits.chrono]] who = "Denis Drakhnia " criteria = "safe-to-deploy" @@ -61,6 +71,11 @@ who = "Denis Drakhnia " criteria = "safe-to-deploy" delta = "0.1.59 -> 0.1.60" +[[audits.libc]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +delta = "0.2.154 -> 0.2.155" + [[audits.mio]] who = "Denis Drakhnia " criteria = "safe-to-run" @@ -86,11 +101,26 @@ who = "Denis Drakhnia " criteria = "safe-to-deploy" version = "0.3.17" +[[audits.signal-hook-mio]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +version = "0.2.3" + +[[audits.signal-hook-registry]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +delta = "1.4.1 -> 1.4.2" + [[audits.tiny-keccak]] who = "Denis Drakhnia " criteria = "safe-to-deploy" version = "2.0.2" +[[audits.wasm-bindgen]] +who = "Denis Drakhnia " +criteria = "safe-to-deploy" +delta = "0.2.91 -> 0.2.92" + [[trusted.getopts]] criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) @@ -295,6 +325,12 @@ user-id = 64539 # Kenny Kerr (kennykerr) start = "2021-10-28" end = "2025-04-04" +[[trusted.windows_i686_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2024-04-02" +end = "2025-06-05" + [[trusted.windows_i686_msvc]] criteria = "safe-to-deploy" user-id = 64539 # Kenny Kerr (kennykerr) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index edf441e..73ef6d6 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -31,8 +31,16 @@ audit-as-crates-io = true [policy.xash3d-query] audit-as-crates-io = true +[[exemptions.crossterm_winapi]] +version = "0.9.1" +criteria = "safe-to-deploy" + +[[exemptions.mio]] +version = "0.8.10" +criteria = "safe-to-deploy" + [[exemptions.redox_syscall]] -version = "0.2.16" +version = "0.5.1" criteria = "safe-to-deploy" [[exemptions.winapi]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index bb745c6..0ffde12 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -2,8 +2,8 @@ # cargo-vet imports lock [[publisher.bumpalo]] -version = "3.12.0" -when = "2023-01-17" +version = "3.15.4" +when = "2024-03-07" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" @@ -30,22 +30,22 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.js-sys]] -version = "0.3.64" -when = "2023-06-12" +version = "0.3.69" +when = "2024-03-04" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.libc]] -version = "0.2.153" -when = "2024-01-31" +version = "0.2.154" +when = "2024-04-29" user-id = 51017 user-login = "JohnTitor" user-name = "Yuki Okushi" [[publisher.lock_api]] -version = "0.4.11" -when = "2023-10-17" +version = "0.4.12" +when = "2024-04-25" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" @@ -58,29 +58,36 @@ user-login = "cuviper" user-name = "Josh Stone" [[publisher.parking_lot]] -version = "0.12.1" -when = "2022-05-31" +version = "0.12.3" +when = "2024-05-24" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.parking_lot_core]] -version = "0.9.9" -when = "2023-10-17" +version = "0.9.10" +when = "2024-04-25" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.proc-macro2]] -version = "1.0.79" -when = "2024-03-12" +version = "1.0.85" +when = "2024-06-02" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.quote]] +version = "1.0.36" +when = "2024-04-10" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.ryu]] -version = "1.0.17" -when = "2024-02-19" +version = "1.0.18" +when = "2024-05-07" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -92,9 +99,23 @@ user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" +[[publisher.serde]] +version = "1.0.203" +when = "2024-05-25" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.serde_derive]] +version = "1.0.203" +when = "2024-05-25" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + [[publisher.serde_json]] -version = "1.0.115" -when = "2024-03-26" +version = "1.0.117" +when = "2024-05-08" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -114,15 +135,15 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror]] -version = "1.0.58" -when = "2024-03-12" +version = "1.0.61" +when = "2024-05-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror-impl]] -version = "1.0.58" -when = "2024-03-12" +version = "1.0.61" +when = "2024-05-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -135,8 +156,8 @@ user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.unicode-width]] -version = "0.1.11" -when = "2023-09-19" +version = "0.1.12" +when = "2024-04-26" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" @@ -149,36 +170,29 @@ user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-bindgen]] -version = "0.2.87" -when = "2023-06-12" +version = "0.2.91" +when = "2024-02-06" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-bindgen-backend]] -version = "0.2.87" -when = "2023-06-12" +version = "0.2.92" +when = "2024-03-04" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-bindgen-macro]] -version = "0.2.87" -when = "2023-06-12" -user-id = 1 -user-login = "alexcrichton" -user-name = "Alex Crichton" - -[[publisher.wasm-bindgen-macro-support]] -version = "0.2.87" -when = "2023-06-12" +version = "0.2.92" +when = "2024-03-04" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-bindgen-shared]] -version = "0.2.87" -when = "2023-06-12" +version = "0.2.92" +when = "2024-03-04" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" @@ -205,8 +219,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -219,8 +233,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -233,8 +247,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -247,8 +261,15 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnullvm]] +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -261,8 +282,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -275,8 +296,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -289,8 +310,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -303,8 +324,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.4" -when = "2024-02-28" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -368,6 +389,15 @@ criteria = "safe-to-deploy" version = "1.0.73" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.core-foundation-sys]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.6" +notes = """ +The changes here are all typical bindings updates: new functions, types, and +constants. I have not audited all the bindings for ABI conformance. +""" + [[audits.bytecode-alliance.audits.fastrand]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -468,46 +498,6 @@ delta = "0.2.2 -> 0.2.12" notes = "Audited at https://fxrev.dev/932979" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.quote]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.0.35" -notes = """ -Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits -(except for benign \"net\" hit in tests and \"fs\" hit in README.md) -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.serde]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.0.197" -notes = """ -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. - -There were some hits for `net`, but they were related to serialization and -not actually opening any connections or anything like that. - -There were 2 hits of `unsafe` when grepping: -* In `fn as_str` in `impl Buf` -* In `fn serialize` in `impl Serialize for net::Ipv4Addr` - -Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this -review also covered `serde_json_lenient`). - -Version 1.0.130 of the crate has been added to Chromium in -https://crrev.com/c/3265545. The CL description contains a link to a -(Google-internal, sorry) document with a mini security review. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.serde_derive]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.0.197" -notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.unicode-ident]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -529,6 +519,16 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.2.2" +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.12 -> 0.2.14" + +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.14 -> 0.2.15" + [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -644,3 +644,60 @@ who = "Sean Bowe " criteria = "safe-to-deploy" delta = "0.3.6 -> 0.3.7" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.autocfg]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.3.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.cc]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.0.94" +notes = """ +The optimization to use `buffer.set_len(buffer.capacity())` in `command_helpers::StderrForwarder::forward_available` +doesn't look panic-safe: if `stderr.read` panics and that panic is caught by a caller of `forward_available`, then +the inner buffer of `StderrForwarder` will contain uninitialized data. This looks difficult to trigger in practice, +but I have opened an issue . + +`parallel::async_executor` contains `unsafe` pinning code but it looks reasonable. Similarly for the `unsafe` +initialization code in `parallel::job_token::JobTokenServer` and file operations in `parallel::stderr`. + +This crate executes commands, and my review is likely not sufficient to detect subtle backdoors. +I did not review the use of library handles in the `com` package on Windows. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.cc]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.94 -> 1.0.97" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +notes = """ +As noted in the changelog, this version produces different output for a given seed. +The documentation did not mention stability. It is possible that some uses relying on +determinism across the update would be broken. + +The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked): +https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145 +I have no way to check whether these constants are an improvement or not. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.mio]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.10 -> 0.8.11" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wasm-bindgen-macro-support]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"