diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 5585fddf..c5a95c95 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -317,10 +317,6 @@ criteria = "safe-to-deploy" version = "0.6.12" criteria = "safe-to-deploy" -[[exemptions.bytemuck]] -version = "1.19.0" -criteria = "safe-to-deploy" - [[exemptions.bytes]] version = "1.7.1" criteria = "safe-to-deploy" @@ -405,6 +401,10 @@ criteria = "safe-to-deploy" version = "4.6.7" criteria = "safe-to-deploy" +[[exemptions.concurrent-queue]] +version = "2.5.0" +criteria = "safe-to-deploy" + [[exemptions.config]] version = "0.13.4" criteria = "safe-to-deploy" @@ -654,7 +654,7 @@ version = "2.0.14" criteria = "safe-to-deploy" [[exemptions.event-listener]] -version = "2.5.3" +version = "5.3.1" criteria = "safe-to-deploy" [[exemptions.eyre]] @@ -786,7 +786,7 @@ version = "1.0.1" criteria = "safe-to-deploy" [[exemptions.hashlink]] -version = "0.8.4" +version = "0.7.0" criteria = "safe-to-deploy" [[exemptions.hermit-abi]] @@ -934,7 +934,7 @@ version = "0.0.1" criteria = "safe-to-deploy" [[exemptions.libsqlite3-sys]] -version = "0.25.2" +version = "0.30.1" criteria = "safe-to-deploy" [[exemptions.linux-raw-sys]] @@ -1129,6 +1129,10 @@ criteria = "safe-to-deploy" version = "3.6.12" criteria = "safe-to-deploy" +[[exemptions.parking]] +version = "2.2.1" +criteria = "safe-to-deploy" + [[exemptions.parking_lot]] version = "0.12.2" criteria = "safe-to-deploy" @@ -1385,14 +1389,6 @@ criteria = "safe-to-deploy" version = "0.9.6" criteria = "safe-to-deploy" -[[exemptions.ruint]] -version = "1.12.3" -criteria = "safe-to-deploy" - -[[exemptions.ruint-macro]] -version = "1.2.1" -criteria = "safe-to-deploy" - [[exemptions.rust-ini]] version = "0.18.0" criteria = "safe-to-deploy" @@ -1590,31 +1586,31 @@ version = "0.2.6" criteria = "safe-to-deploy" [[exemptions.sqlx]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-core]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-macros]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-macros-core]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-mysql]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-postgres]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.sqlx-sqlite]] -version = "0.7.4" +version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.stable_deref_trait]] @@ -1839,7 +1835,7 @@ criteria = "safe-to-deploy" [[exemptions.unicode-segmentation]] version = "1.12.0" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.unicode-width]] version = "0.1.14" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index d18bbeba..105e38ae 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1381,6 +1381,40 @@ Additional review comments can be found at https://crrev.com/c/4723145/31 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.16.3" +notes = """ +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.3 -> 1.17.1" +notes = "Unsafe review comments can be found in https://crrev.com/c/5813463" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.17.1 -> 1.18.0" +notes = "No code changes - just altering feature flag arrangements" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.18.0 -> 1.19.0" +notes = "No code changes - just comment changes and adding the track_caller attribute." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.byteorder]] who = "danakj " criteria = "safe-to-deploy" @@ -2378,28 +2412,29 @@ version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.hex]] -who = "Simon Friedberger " +[[audits.mozilla.audits.hashlink]] +who = "Mike Hommey " criteria = "safe-to-deploy" -version = "0.4.3" +delta = "0.7.0 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.idna]] -who = "Valentin Gosu " +[[audits.mozilla.audits.hashlink]] +who = "Mark Hammond " criteria = "safe-to-deploy" -delta = "0.4.0 -> 0.5.0" +delta = "0.8.1 -> 0.9.1" +notes = "New CursorMut struct and other relatively straight-forward changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.libsqlite3-sys]] -who = "Ben Dean-Kawamura " +[[audits.mozilla.audits.hex]] +who = "Simon Friedberger " criteria = "safe-to-deploy" -delta = "0.25.2 -> 0.26.0" +version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.libsqlite3-sys]] -who = "Mark Hammond " +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "0.26.0 -> 0.27.0" +delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.linked-hash-map]]