diff --git a/src/app.rs b/src/app.rs index 2ef9323b..d4b5c298 100644 --- a/src/app.rs +++ b/src/app.rs @@ -6,6 +6,7 @@ use chrono::{Duration, Utc}; use ruint::Uint; use semaphore::poseidon_tree::LazyPoseidonTree; use semaphore::protocol::verify_proof; +use sqlx::{Postgres, Transaction}; use tracing::{info, instrument, warn}; use crate::config::Config; @@ -373,14 +374,25 @@ impl App { Ok(()) } + pub async fn delete_identity(&self, commitment: &Hash) -> Result<(), ServerError> { + let mut tx = self.database.begin().await?; + self.delete_identity_tx(&mut tx, commitment).await?; + tx.commit().await?; + Ok(()) + } + /// Queues a deletion from the merkle tree. /// /// # Errors /// /// Will return `Err` if identity is already queued, not in the tree, or the /// queue malfunctions. - #[instrument(level = "debug", skip(self))] - pub async fn delete_identity(&self, commitment: &Hash) -> Result<(), ServerError> { + #[instrument(level = "debug", skip(self, tx))] + pub async fn delete_identity_tx( + &self, + tx: &mut Transaction<'_, Postgres>, + commitment: &Hash, + ) -> Result<(), ServerError> { // Ensure that deletion provers exist if !self.identity_manager.has_deletion_provers().await { warn!( @@ -390,13 +402,12 @@ impl App { return Err(ServerError::NoProversOnIdDeletion); } - if !self.database.identity_exists(*commitment).await? { + if !tx.identity_exists(*commitment).await? { return Err(ServerError::IdentityCommitmentNotFound); } // Get the leaf index for the id commitment - let leaf_index = self - .database + let leaf_index = tx .get_identity_leaf_index(commitment) .await? .ok_or(ServerError::IdentityCommitmentNotFound)? @@ -408,25 +419,19 @@ impl App { } // Check if the id is already queued for deletion - if self - .database - .identity_is_queued_for_deletion(commitment) - .await? - { + if tx.identity_is_queued_for_deletion(commitment).await? { return Err(ServerError::IdentityQueuedForDeletion); } // Check if there are any deletions, if not, set the latest deletion timestamp // to now to ensure that the new deletion is processed by the next deletion // interval - if self.database.get_deletions().await?.is_empty() { - self.database.update_latest_deletion(Utc::now()).await?; + if tx.get_deletions().await?.is_empty() { + tx.update_latest_deletion(Utc::now()).await?; } // If the id has not been deleted, insert into the deletions table - self.database - .insert_new_deletion(leaf_index, commitment) - .await?; + tx.insert_new_deletion(leaf_index, commitment).await?; Ok(()) } @@ -469,17 +474,21 @@ impl App { return Err(ServerError::UnreducedCommitment); } - if self.database.identity_exists(*new_commitment).await? { + let mut tx = self.database.begin().await?; + + if tx.identity_exists(*new_commitment).await? { return Err(ServerError::DuplicateCommitment); } // Delete the existing id and insert the commitments into the recovery table - self.delete_identity(existing_commitment).await?; + self.delete_identity_tx(&mut tx, existing_commitment) + .await?; - self.database - .insert_new_recovery(existing_commitment, new_commitment) + tx.insert_new_recovery(existing_commitment, new_commitment) .await?; + tx.commit().await?; + Ok(()) } diff --git a/src/database/mod.rs b/src/database/mod.rs index 77361ee3..c198a69e 100644 --- a/src/database/mod.rs +++ b/src/database/mod.rs @@ -59,6 +59,13 @@ impl Database { // Create a connection pool let pool = PoolOptions::::new() .max_connections(config.max_connections) + .after_connect(|conn, _| { + Box::pin(async move { + conn.execute("SET DEFAULT_TRANSACTION_ISOLATION TO 'SERIALIZABLE'") + .await?; + Ok(()) + }) + }) .connect(config.database.expose()) .await .context("error connecting to database")?; diff --git a/src/server/error.rs b/src/server/error.rs index e7b1533e..ed27c8db 100644 --- a/src/server/error.rs +++ b/src/server/error.rs @@ -63,6 +63,8 @@ pub enum Error { NoProversOnIdInsert, #[error("Identity Manager had no provers on point of identity deletion.")] NoProversOnIdDeletion, + #[error(transparent)] + Sqlx(#[from] sqlx::Error), #[error("The tree is uninitialized. Try again in a few moments.")] TreeStateUninitialized, #[error(transparent)] diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 45b9b2c6..7c2d8718 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -47,8 +47,16 @@ criteria = "safe-to-deploy" version = "0.7.6" criteria = "safe-to-deploy" +[[exemptions.ahash]] +version = "0.7.7" +criteria = "safe-to-deploy" + [[exemptions.aho-corasick]] -version = "1.0.2" +version = "1.1.1" +criteria = "safe-to-deploy" + +[[exemptions.allocator-api2]] +version = "0.2.14" criteria = "safe-to-deploy" [[exemptions.alloy-rlp]] @@ -135,16 +143,12 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" -[[exemptions.ascii-canvas]] -version = "3.0.0" -criteria = "safe-to-deploy" - -[[exemptions.async-stream]] -version = "0.3.3" +[[exemptions.arrayvec]] +version = "0.7.4" criteria = "safe-to-deploy" -[[exemptions.async-stream-impl]] -version = "0.3.3" +[[exemptions.ascii-canvas]] +version = "3.0.0" criteria = "safe-to-deploy" [[exemptions.async_io_stream]] @@ -155,88 +159,88 @@ criteria = "safe-to-deploy" version = "2.0.0" criteria = "safe-to-deploy" +[[exemptions.atomic-write-file]] +version = "0.1.2" +criteria = "safe-to-deploy" + [[exemptions.auto_impl]] -version = "1.1.0" +version = "1.1.2" criteria = "safe-to-deploy" [[exemptions.aws-config]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-credential-types]] -version = "1.0.3" -criteria = "safe-to-deploy" - -[[exemptions.aws-http]] -version = "0.60.0" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-runtime]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-sdk-cognitoidentityprovider]] -version = "1.4.0" +version = "1.14.0" criteria = "safe-to-deploy" [[exemptions.aws-sdk-sso]] -version = "1.4.0" +version = "1.12.0" criteria = "safe-to-deploy" [[exemptions.aws-sdk-ssooidc]] -version = "1.4.0" +version = "1.12.0" criteria = "safe-to-deploy" [[exemptions.aws-sdk-sts]] -version = "1.4.0" +version = "1.12.0" criteria = "safe-to-deploy" [[exemptions.aws-sigv4]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-async]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-client]] -version = "0.60.0" +version = "0.60.3" criteria = "safe-to-deploy" [[exemptions.aws-smithy-http]] -version = "0.60.0" +version = "0.60.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-json]] -version = "0.60.0" +version = "0.60.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-query]] -version = "0.60.0" +version = "0.60.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-runtime]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-runtime-api]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-types]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.aws-smithy-xml]] -version = "0.60.0" +version = "0.60.4" criteria = "safe-to-deploy" [[exemptions.aws-types]] -version = "1.0.3" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.axum]] -version = "0.6.19" +version = "0.6.20" criteria = "safe-to-deploy" [[exemptions.axum-core]] @@ -244,7 +248,11 @@ version = "0.3.4" criteria = "safe-to-deploy" [[exemptions.axum-server]] -version = "0.4.4" +version = "0.4.7" +criteria = "safe-to-deploy" + +[[exemptions.backtrace]] +version = "0.3.67" criteria = "safe-to-deploy" [[exemptions.base16ct]] @@ -255,12 +263,16 @@ criteria = "safe-to-deploy" version = "0.13.1" criteria = "safe-to-deploy" +[[exemptions.base64]] +version = "0.21.7" +criteria = "safe-to-deploy" + [[exemptions.base64-simd]] version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.base64ct]] -version = "1.5.3" +version = "1.6.0" criteria = "safe-to-deploy" [[exemptions.bech32]] @@ -275,6 +287,10 @@ criteria = "safe-to-deploy" version = "1.3.2" criteria = "safe-to-deploy" +[[exemptions.bitflags]] +version = "2.4.2" +criteria = "safe-to-deploy" + [[exemptions.bitvec]] version = "1.0.1" criteria = "safe-to-deploy" @@ -289,18 +305,18 @@ criteria = "safe-to-deploy" [[exemptions.bstr]] version = "0.2.17" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.byte-slice-cast]] version = "1.2.2" criteria = "safe-to-deploy" [[exemptions.bytecheck]] -version = "0.6.9" +version = "0.6.12" criteria = "safe-to-deploy" [[exemptions.bytecheck_derive]] -version = "0.6.9" +version = "0.6.12" criteria = "safe-to-deploy" [[exemptions.byteorder]] @@ -316,7 +332,11 @@ version = "0.1.4" criteria = "safe-to-deploy" [[exemptions.camino]] -version = "1.1.1" +version = "1.1.6" +criteria = "safe-to-deploy" + +[[exemptions.cargo-platform]] +version = "0.1.6" criteria = "safe-to-deploy" [[exemptions.cast]] @@ -324,7 +344,7 @@ version = "0.3.0" criteria = "safe-to-deploy" [[exemptions.chrono]] -version = "0.4.26" +version = "0.4.33" criteria = "safe-to-deploy" [[exemptions.cipher]] @@ -336,11 +356,11 @@ version = "2.34.0" criteria = "safe-to-deploy" [[exemptions.clap]] -version = "4.3.14" +version = "4.4.18" criteria = "safe-to-deploy" [[exemptions.clap_derive]] -version = "4.3.12" +version = "4.4.7" criteria = "safe-to-deploy" [[exemptions.cli-batteries]] @@ -376,7 +396,7 @@ version = "0.1.6" criteria = "safe-to-deploy" [[exemptions.color-spantrace]] -version = "0.2.0" +version = "0.2.1" criteria = "safe-to-deploy" [[exemptions.combine]] @@ -392,27 +412,31 @@ version = "0.15.8" criteria = "safe-to-run" [[exemptions.const-hex]] -version = "1.9.0" +version = "1.11.0" criteria = "safe-to-deploy" [[exemptions.const-oid]] -version = "0.9.2" +version = "0.9.6" criteria = "safe-to-deploy" [[exemptions.constant_time_eq]] version = "0.1.5" criteria = "safe-to-deploy" +[[exemptions.core-foundation]] +version = "0.9.4" +criteria = "safe-to-deploy" + [[exemptions.cpufeatures]] -version = "0.2.5" +version = "0.2.12" criteria = "safe-to-deploy" [[exemptions.crc]] -version = "3.0.0" +version = "3.0.1" criteria = "safe-to-deploy" [[exemptions.crc-catalog]] -version = "2.1.0" +version = "2.4.0" criteria = "safe-to-deploy" [[exemptions.crc32fast]] @@ -432,11 +456,15 @@ version = "0.5.6" criteria = "safe-to-deploy" [[exemptions.crossbeam-deque]] -version = "0.8.2" +version = "0.8.5" criteria = "safe-to-deploy" [[exemptions.crossbeam-epoch]] -version = "0.9.13" +version = "0.9.18" +criteria = "safe-to-deploy" + +[[exemptions.crossbeam-queue]] +version = "0.3.11" criteria = "safe-to-deploy" [[exemptions.crossbeam-utils]] @@ -444,7 +472,7 @@ version = "0.8.14" criteria = "safe-to-deploy" [[exemptions.crypto-bigint]] -version = "0.5.1" +version = "0.5.5" criteria = "safe-to-deploy" [[exemptions.crypto-mac]] @@ -452,11 +480,11 @@ version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.csv]] -version = "1.1.6" +version = "1.3.0" criteria = "safe-to-deploy" [[exemptions.csv-core]] -version = "0.1.10" +version = "0.1.11" criteria = "safe-to-deploy" [[exemptions.ctr]] @@ -464,27 +492,31 @@ version = "0.9.2" criteria = "safe-to-deploy" [[exemptions.darling]] -version = "0.14.2" +version = "0.20.5" criteria = "safe-to-deploy" [[exemptions.darling_core]] -version = "0.14.2" +version = "0.20.5" criteria = "safe-to-deploy" [[exemptions.darling_macro]] -version = "0.14.2" +version = "0.20.5" criteria = "safe-to-deploy" [[exemptions.dashmap]] -version = "5.4.0" +version = "5.5.3" criteria = "safe-to-deploy" [[exemptions.data-encoding]] -version = "2.4.0" +version = "2.5.0" criteria = "safe-to-deploy" [[exemptions.der]] -version = "0.7.3" +version = "0.7.8" +criteria = "safe-to-deploy" + +[[exemptions.deranged]] +version = "0.3.10" criteria = "safe-to-deploy" [[exemptions.derivative]] @@ -520,23 +552,23 @@ version = "0.3.0" criteria = "safe-to-deploy" [[exemptions.dotenvy]] -version = "0.15.6" +version = "0.15.7" criteria = "safe-to-deploy" [[exemptions.dunce]] -version = "1.0.3" +version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.ecdsa]] -version = "0.16.1" +version = "0.16.9" criteria = "safe-to-deploy" [[exemptions.elliptic-curve]] -version = "0.13.5" +version = "0.13.8" criteria = "safe-to-deploy" [[exemptions.ena]] -version = "0.14.0" +version = "0.14.2" criteria = "safe-to-deploy" [[exemptions.encode_unicode]] @@ -548,7 +580,7 @@ version = "0.9.1" criteria = "safe-to-deploy" [[exemptions.enum-as-inner]] -version = "0.5.1" +version = "0.6.0" criteria = "safe-to-deploy" [[exemptions.enum-iterator]] @@ -560,17 +592,13 @@ version = "0.7.0" criteria = "safe-to-deploy" [[exemptions.enumset]] -version = "1.0.12" +version = "1.1.3" criteria = "safe-to-deploy" [[exemptions.enumset_derive]] version = "0.6.1" criteria = "safe-to-deploy" -[[exemptions.errno]] -version = "0.2.8" -criteria = "safe-to-deploy" - [[exemptions.etcetera]] version = "0.8.0" criteria = "safe-to-deploy" @@ -588,31 +616,31 @@ version = "0.13.0" criteria = "safe-to-deploy" [[exemptions.ethereum-types]] -version = "0.14.0" +version = "0.14.1" criteria = "safe-to-deploy" [[exemptions.ethers]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-addressbook]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-contract]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-contract-abigen]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-contract-derive]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-core]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-core]] @@ -620,23 +648,23 @@ version = "2.0.13@git:4d267f763a19e42a09e92741e1489c123f852f53" criteria = "safe-to-deploy" [[exemptions.ethers-etherscan]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-middleware]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-providers]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-signers]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.ethers-solc]] -version = "2.0.10" +version = "2.0.13" criteria = "safe-to-deploy" [[exemptions.event-listener]] @@ -644,7 +672,7 @@ version = "2.5.3" criteria = "safe-to-deploy" [[exemptions.eyre]] -version = "0.6.8" +version = "0.6.12" criteria = "safe-to-deploy" [[exemptions.fallible-iterator]] @@ -659,6 +687,10 @@ criteria = "safe-to-deploy" version = "0.12.1" criteria = "safe-to-deploy" +[[exemptions.finl_unicode]] +version = "1.2.0" +criteria = "safe-to-deploy" + [[exemptions.fixed-hash]] version = "0.8.0" criteria = "safe-to-deploy" @@ -668,7 +700,7 @@ version = "0.4.2" criteria = "safe-to-deploy" [[exemptions.flate2]] -version = "1.0.25" +version = "1.0.28" criteria = "safe-to-deploy" [[exemptions.flume]] @@ -684,19 +716,31 @@ version = "2.0.0" criteria = "safe-to-deploy" [[exemptions.futures]] -version = "0.3.26" +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-executor]] +version = "0.3.30" criteria = "safe-to-deploy" [[exemptions.futures-intrusive]] version = "0.5.0" criteria = "safe-to-deploy" +[[exemptions.futures-io]] +version = "0.3.30" +criteria = "safe-to-deploy" + [[exemptions.futures-locks]] version = "0.7.1" criteria = "safe-to-deploy" [[exemptions.futures-macro]] -version = "0.3.28" +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-sink]] +version = "0.3.30" criteria = "safe-to-deploy" [[exemptions.futures-task]] @@ -723,6 +767,10 @@ criteria = "safe-to-deploy" version = "0.26.2" criteria = "safe-to-deploy" +[[exemptions.gimli]] +version = "0.28.1" +criteria = "safe-to-deploy" + [[exemptions.gloo-timers]] version = "0.2.6" criteria = "safe-to-deploy" @@ -736,7 +784,7 @@ version = "1.0.1" criteria = "safe-to-deploy" [[exemptions.hashlink]] -version = "0.8.1" +version = "0.8.4" criteria = "safe-to-deploy" [[exemptions.hermit-abi]] @@ -744,7 +792,7 @@ version = "0.1.19" criteria = "safe-to-deploy" [[exemptions.hermit-abi]] -version = "0.3.1" +version = "0.3.5" criteria = "safe-to-deploy" [[exemptions.hex-literal]] @@ -756,15 +804,11 @@ version = "0.4.1" criteria = "safe-to-deploy" [[exemptions.hkdf]] -version = "0.12.3" +version = "0.12.4" criteria = "safe-to-deploy" [[exemptions.home]] -version = "0.5.5" -criteria = "safe-to-deploy" - -[[exemptions.http-body]] -version = "0.4.5" +version = "0.5.9" criteria = "safe-to-deploy" [[exemptions.humantime]] @@ -776,7 +820,7 @@ version = "1.1.1" criteria = "safe-to-deploy" [[exemptions.hyper-rustls]] -version = "0.24.1" +version = "0.24.2" criteria = "safe-to-deploy" [[exemptions.hyper-timeout]] @@ -784,11 +828,7 @@ version = "0.4.1" criteria = "safe-to-deploy" [[exemptions.iana-time-zone]] -version = "0.1.53" -criteria = "safe-to-deploy" - -[[exemptions.iana-time-zone-haiku]] -version = "0.1.1" +version = "0.1.60" criteria = "safe-to-deploy" [[exemptions.impl-codec]] @@ -819,16 +859,12 @@ criteria = "safe-to-deploy" version = "0.1.12" criteria = "safe-to-deploy" -[[exemptions.io-lifetimes]] -version = "0.7.5" -criteria = "safe-to-deploy" - -[[exemptions.io-lifetimes]] -version = "1.0.2" +[[exemptions.ipnet]] +version = "2.5.0" criteria = "safe-to-deploy" -[[exemptions.ipnet]] -version = "2.5.1" +[[exemptions.is-terminal]] +version = "0.4.10" criteria = "safe-to-deploy" [[exemptions.itertools]] @@ -839,8 +875,12 @@ criteria = "safe-to-deploy" version = "0.11.0" criteria = "safe-to-deploy" +[[exemptions.jobserver]] +version = "0.1.27" +criteria = "safe-to-deploy" + [[exemptions.js-sys]] -version = "0.3.60" +version = "0.3.68" criteria = "safe-to-deploy" [[exemptions.json5]] @@ -848,7 +888,11 @@ version = "0.4.1" criteria = "safe-to-deploy" [[exemptions.k256]] -version = "0.13.1" +version = "0.13.3" +criteria = "safe-to-deploy" + +[[exemptions.keccak]] +version = "0.1.5" criteria = "safe-to-deploy" [[exemptions.lalrpop]] @@ -868,7 +912,11 @@ version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.libmimalloc-sys]] -version = "0.1.28" +version = "0.1.35" +criteria = "safe-to-deploy" + +[[exemptions.libredox]] +version = "0.0.1" criteria = "safe-to-deploy" [[exemptions.libsqlite3-sys]] @@ -880,19 +928,15 @@ version = "0.5.6" criteria = "safe-to-deploy" [[exemptions.linux-raw-sys]] -version = "0.0.46" -criteria = "safe-to-deploy" - -[[exemptions.linux-raw-sys]] -version = "0.3.1" +version = "0.1.4" criteria = "safe-to-deploy" [[exemptions.linux-raw-sys]] -version = "0.4.7" +version = "0.4.13" criteria = "safe-to-deploy" [[exemptions.lock_api]] -version = "0.4.9" +version = "0.4.11" criteria = "safe-to-deploy" [[exemptions.loupe]] @@ -911,20 +955,28 @@ criteria = "safe-to-deploy" version = "0.3.2" criteria = "safe-to-deploy" +[[exemptions.mach2]] +version = "0.4.2" +criteria = "safe-to-deploy" + [[exemptions.maplit]] version = "1.0.2" criteria = "safe-to-run" [[exemptions.matchit]] -version = "0.7.0" +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.md-5]] +version = "0.10.6" criteria = "safe-to-deploy" [[exemptions.memchr]] -version = "2.5.0" +version = "2.6.3" criteria = "safe-to-deploy" [[exemptions.memmap2]] -version = "0.5.8" +version = "0.5.10" criteria = "safe-to-deploy" [[exemptions.memoffset]] @@ -932,7 +984,7 @@ version = "0.6.5" criteria = "safe-to-deploy" [[exemptions.mimalloc]] -version = "0.1.32" +version = "0.1.39" criteria = "safe-to-deploy" [[exemptions.minimal-lexical]] @@ -940,15 +992,11 @@ version = "0.2.1" criteria = "safe-to-deploy" [[exemptions.miniz_oxide]] -version = "0.5.4" -criteria = "safe-to-deploy" - -[[exemptions.miniz_oxide]] -version = "0.6.2" +version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.mio]] -version = "0.8.8" +version = "0.8.10" criteria = "safe-to-deploy" [[exemptions.mmap-rs]] @@ -959,6 +1007,10 @@ criteria = "safe-to-deploy" version = "0.2.2" criteria = "safe-to-deploy" +[[exemptions.nix]] +version = "0.15.0" +criteria = "safe-to-deploy" + [[exemptions.nix]] version = "0.26.4" criteria = "safe-to-deploy" @@ -967,16 +1019,36 @@ criteria = "safe-to-deploy" version = "7.1.1" criteria = "safe-to-deploy" +[[exemptions.num]] +version = "0.4.1" +criteria = "safe-to-deploy" + [[exemptions.num-bigint-dig]] version = "0.8.4" criteria = "safe-to-deploy" +[[exemptions.num-complex]] +version = "0.4.5" +criteria = "safe-to-deploy" + +[[exemptions.num-conv]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.num_enum]] +version = "0.7.2" +criteria = "safe-to-deploy" + +[[exemptions.num_enum_derive]] +version = "0.7.2" +criteria = "safe-to-deploy" + [[exemptions.object]] version = "0.28.4" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.29.0" +version = "0.32.2" criteria = "safe-to-deploy" [[exemptions.once_cell]] @@ -996,11 +1068,11 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.openssl]] -version = "0.10.55" +version = "0.10.63" criteria = "safe-to-deploy" [[exemptions.openssl-sys]] -version = "0.9.90" +version = "0.9.99" criteria = "safe-to-deploy" [[exemptions.opentelemetry]] @@ -1056,11 +1128,11 @@ version = "3.5.0" criteria = "safe-to-deploy" [[exemptions.parity-scale-codec]] -version = "3.2.1" +version = "3.6.1" criteria = "safe-to-deploy" [[exemptions.parity-scale-codec-derive]] -version = "3.1.3" +version = "3.6.5" criteria = "safe-to-deploy" [[exemptions.parking_lot]] @@ -1068,7 +1140,7 @@ version = "0.11.2" criteria = "safe-to-deploy" [[exemptions.parking_lot_core]] -version = "0.9.4" +version = "0.9.9" criteria = "safe-to-deploy" [[exemptions.password-hash]] @@ -1100,23 +1172,23 @@ version = "0.7.0" criteria = "safe-to-deploy" [[exemptions.pest]] -version = "2.7.6" +version = "2.7.7" criteria = "safe-to-deploy" [[exemptions.pest_derive]] -version = "2.7.6" +version = "2.7.7" criteria = "safe-to-deploy" [[exemptions.pest_generator]] -version = "2.7.6" +version = "2.7.7" criteria = "safe-to-deploy" [[exemptions.pest_meta]] -version = "2.7.6" +version = "2.7.7" criteria = "safe-to-deploy" [[exemptions.petgraph]] -version = "0.6.2" +version = "0.6.4" criteria = "safe-to-deploy" [[exemptions.pharos]] @@ -1140,11 +1212,11 @@ version = "0.10.0" criteria = "safe-to-deploy" [[exemptions.pin-project]] -version = "1.1.2" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.pin-project-internal]] -version = "1.1.2" +version = "1.1.4" criteria = "safe-to-deploy" [[exemptions.pkcs1]] @@ -1156,15 +1228,19 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.plotters]] -version = "0.3.4" +version = "0.3.5" criteria = "safe-to-deploy" [[exemptions.plotters-backend]] -version = "0.3.4" +version = "0.3.5" criteria = "safe-to-deploy" [[exemptions.plotters-svg]] -version = "0.3.3" +version = "0.3.5" +criteria = "safe-to-deploy" + +[[exemptions.powerfmt]] +version = "0.2.0" criteria = "safe-to-deploy" [[exemptions.ppv-lite86]] @@ -1172,19 +1248,31 @@ version = "0.2.17" criteria = "safe-to-deploy" [[exemptions.primitive-types]] -version = "0.12.1" +version = "0.12.2" criteria = "safe-to-deploy" [[exemptions.proc-macro-crate]] version = "1.2.1" criteria = "safe-to-deploy" +[[exemptions.proc-macro-crate]] +version = "2.0.0" +criteria = "safe-to-deploy" + +[[exemptions.proc-macro-crate]] +version = "3.1.0" +criteria = "safe-to-deploy" + [[exemptions.proc-macro-error]] version = "1.0.4" criteria = "safe-to-deploy" +[[exemptions.proc-macro2]] +version = "1.0.78" +criteria = "safe-to-deploy" + [[exemptions.procfs]] -version = "0.14.1" +version = "0.14.2" criteria = "safe-to-deploy" [[exemptions.prometheus]] @@ -1224,7 +1312,7 @@ version = "0.8.5" criteria = "safe-to-deploy" [[exemptions.redox_syscall]] -version = "0.2.16" +version = "0.4.1" criteria = "safe-to-deploy" [[exemptions.redox_users]] @@ -1236,7 +1324,7 @@ version = "0.0.34" criteria = "safe-to-deploy" [[exemptions.regex]] -version = "1.9.1" +version = "1.10.3" criteria = "safe-to-deploy" [[exemptions.regex-automata]] @@ -1244,19 +1332,19 @@ version = "0.1.10" criteria = "safe-to-deploy" [[exemptions.regex-automata]] -version = "0.3.3" +version = "0.4.5" criteria = "safe-to-deploy" -[[exemptions.regex-syntax]] -version = "0.6.28" +[[exemptions.regex-lite]] +version = "0.1.5" criteria = "safe-to-deploy" [[exemptions.regex-syntax]] -version = "0.7.2" +version = "0.6.28" criteria = "safe-to-deploy" [[exemptions.regex-syntax]] -version = "0.7.4" +version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.region]] @@ -1264,7 +1352,7 @@ version = "3.0.0" criteria = "safe-to-deploy" [[exemptions.rend]] -version = "0.3.6" +version = "0.4.2" criteria = "safe-to-deploy" [[exemptions.rfc6979]] @@ -1276,7 +1364,7 @@ version = "0.16.20" criteria = "safe-to-deploy" [[exemptions.ring]] -version = "0.17.5" +version = "0.17.7" criteria = "safe-to-deploy" [[exemptions.ripemd]] @@ -1284,11 +1372,11 @@ version = "0.1.3" criteria = "safe-to-deploy" [[exemptions.rkyv]] -version = "0.7.39" +version = "0.7.44" criteria = "safe-to-deploy" [[exemptions.rkyv_derive]] -version = "0.7.39" +version = "0.7.44" criteria = "safe-to-deploy" [[exemptions.rlp]] @@ -1300,7 +1388,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.rmp]] -version = "0.8.11" +version = "0.8.12" criteria = "safe-to-deploy" [[exemptions.ron]] @@ -1308,7 +1396,7 @@ version = "0.7.0" criteria = "safe-to-deploy" [[exemptions.rsa]] -version = "0.9.1" +version = "0.9.6" criteria = "safe-to-deploy" [[exemptions.ruint]] @@ -1332,19 +1420,15 @@ version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.rustix]] -version = "0.35.13" +version = "0.36.17" criteria = "safe-to-deploy" [[exemptions.rustix]] -version = "0.37.3" -criteria = "safe-to-deploy" - -[[exemptions.rustix]] -version = "0.38.13" +version = "0.38.31" criteria = "safe-to-deploy" [[exemptions.rustls]] -version = "0.21.8" +version = "0.21.10" criteria = "safe-to-deploy" [[exemptions.rustls-native-certs]] @@ -1352,7 +1436,7 @@ version = "0.6.3" criteria = "safe-to-deploy" [[exemptions.rustls-pemfile]] -version = "1.0.1" +version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.rustls-webpki]] @@ -1368,35 +1452,39 @@ version = "1.0.6" criteria = "safe-to-deploy" [[exemptions.scale-info]] -version = "2.3.0" +version = "2.10.0" criteria = "safe-to-deploy" [[exemptions.scale-info-derive]] -version = "2.3.0" +version = "2.10.0" criteria = "safe-to-deploy" [[exemptions.schannel]] -version = "0.1.20" +version = "0.1.23" criteria = "safe-to-deploy" [[exemptions.scrypt]] version = "0.10.0" criteria = "safe-to-deploy" +[[exemptions.sct]] +version = "0.7.1" +criteria = "safe-to-deploy" + [[exemptions.seahash]] version = "4.1.0" criteria = "safe-to-deploy" [[exemptions.sec1]] -version = "0.7.1" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.security-framework]] -version = "2.7.0" +version = "2.9.2" criteria = "safe-to-deploy" [[exemptions.security-framework-sys]] -version = "2.6.1" +version = "2.9.1" criteria = "safe-to-deploy" [[exemptions.semver]] @@ -1404,7 +1492,7 @@ version = "0.11.0" criteria = "safe-to-deploy" [[exemptions.semver]] -version = "1.0.14" +version = "1.0.21" criteria = "safe-to-deploy" [[exemptions.semver-parser]] @@ -1416,23 +1504,23 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.send_wrapper]] -version = "0.5.0" +version = "0.6.0" criteria = "safe-to-deploy" [[exemptions.serde_urlencoded]] version = "0.7.1" criteria = "safe-to-deploy" -[[exemptions.sha2]] -version = "0.10.8" +[[exemptions.sha1]] +version = "0.10.6" criteria = "safe-to-deploy" -[[exemptions.signal-hook-registry]] -version = "1.4.0" +[[exemptions.sha2]] +version = "0.10.8" criteria = "safe-to-deploy" -[[exemptions.signature]] -version = "2.0.0" +[[exemptions.simdutf8]] +version = "0.1.4" criteria = "safe-to-deploy" [[exemptions.similar]] @@ -1451,12 +1539,12 @@ criteria = "safe-to-deploy" version = "0.3.10" criteria = "safe-to-deploy" -[[exemptions.smallvec]] -version = "1.10.0" +[[exemptions.slab]] +version = "0.4.9" criteria = "safe-to-deploy" -[[exemptions.socket2]] -version = "0.4.9" +[[exemptions.smallvec]] +version = "1.13.1" criteria = "safe-to-deploy" [[exemptions.socket2]] @@ -1464,7 +1552,7 @@ version = "0.5.5" criteria = "safe-to-deploy" [[exemptions.solang-parser]] -version = "0.3.2" +version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.spin]] @@ -1476,39 +1564,39 @@ version = "0.9.8" criteria = "safe-to-deploy" [[exemptions.spki]] -version = "0.7.1" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlformat]] -version = "0.2.0" +version = "0.2.3" criteria = "safe-to-deploy" [[exemptions.sqlx]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-core]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-macros]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-macros-core]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-mysql]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-postgres]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.sqlx-sqlite]] -version = "0.7.2" +version = "0.7.3" criteria = "safe-to-deploy" [[exemptions.stable_deref_trait]] @@ -1520,7 +1608,11 @@ version = "1.1.0" criteria = "safe-to-deploy" [[exemptions.string_cache]] -version = "0.8.4" +version = "0.8.7" +criteria = "safe-to-deploy" + +[[exemptions.stringprep]] +version = "0.1.4" criteria = "safe-to-deploy" [[exemptions.strsim]] @@ -1532,23 +1624,19 @@ version = "0.25.0" criteria = "safe-to-deploy" [[exemptions.strum_macros]] -version = "0.25.2" -criteria = "safe-to-deploy" - -[[exemptions.subtle]] -version = "2.4.1" +version = "0.25.3" criteria = "safe-to-deploy" [[exemptions.svm-rs]] -version = "0.3.2" +version = "0.3.5" criteria = "safe-to-deploy" [[exemptions.sync_wrapper]] -version = "0.1.1" +version = "0.1.2" criteria = "safe-to-deploy" [[exemptions.sysctl]] -version = "0.5.4" +version = "0.5.5" criteria = "safe-to-deploy" [[exemptions.system-configuration]] @@ -1560,35 +1648,31 @@ version = "0.5.0" criteria = "safe-to-deploy" [[exemptions.target-lexicon]] -version = "0.12.5" +version = "0.12.13" criteria = "safe-to-deploy" [[exemptions.tempfile]] -version = "3.8.0" +version = "3.10.0" criteria = "safe-to-deploy" [[exemptions.term]] version = "0.7.0" criteria = "safe-to-deploy" -[[exemptions.termcolor]] -version = "1.1.3" -criteria = "safe-to-deploy" - [[exemptions.terminal_size]] -version = "0.2.2" +version = "0.3.0" criteria = "safe-to-deploy" [[exemptions.test-case]] -version = "3.2.1" +version = "3.3.1" criteria = "safe-to-deploy" [[exemptions.test-case-core]] -version = "3.2.1" +version = "3.3.1" criteria = "safe-to-deploy" [[exemptions.test-case-macros]] -version = "3.2.1" +version = "3.3.1" criteria = "safe-to-deploy" [[exemptions.textwrap]] @@ -1596,7 +1680,11 @@ version = "0.11.0" criteria = "safe-to-deploy" [[exemptions.time]] -version = "0.1.44" +version = "0.3.34" +criteria = "safe-to-deploy" + +[[exemptions.time-macros]] +version = "0.2.17" criteria = "safe-to-deploy" [[exemptions.tiny-keccak]] @@ -1612,7 +1700,7 @@ version = "1.2.0" criteria = "safe-to-deploy" [[exemptions.tokio-macros]] -version = "2.1.0" +version = "2.2.0" criteria = "safe-to-deploy" [[exemptions.tokio-rustls]] @@ -1623,8 +1711,8 @@ criteria = "safe-to-deploy" version = "0.20.1" criteria = "safe-to-deploy" -[[exemptions.toml]] -version = "0.5.9" +[[exemptions.tokio-util]] +version = "0.7.10" criteria = "safe-to-deploy" [[exemptions.tonic]] @@ -1644,7 +1732,7 @@ version = "0.3.2" criteria = "safe-to-deploy" [[exemptions.tracing]] -version = "0.1.37" +version = "0.1.40" criteria = "safe-to-deploy" [[exemptions.tracing-attributes]] @@ -1671,6 +1759,14 @@ criteria = "safe-to-deploy" version = "0.2.5" criteria = "safe-to-deploy" +[[exemptions.tracing-log]] +version = "0.1.4" +criteria = "safe-to-deploy" + +[[exemptions.tracing-log]] +version = "0.2.0" +criteria = "safe-to-deploy" + [[exemptions.tracing-opentelemetry]] version = "0.19.0" criteria = "safe-to-deploy" @@ -1700,7 +1796,7 @@ version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.ucd-trie]] -version = "0.1.5" +version = "0.1.6" criteria = "safe-to-deploy" [[exemptions.uint]] @@ -1711,6 +1807,10 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-deploy" +[[exemptions.unicase]] +version = "2.7.0" +criteria = "safe-to-deploy" + [[exemptions.unicode_categories]] version = "0.1.1" criteria = "safe-to-deploy" @@ -1720,7 +1820,7 @@ version = "0.9.0" criteria = "safe-to-deploy" [[exemptions.urlencoding]] -version = "2.1.2" +version = "2.1.3" criteria = "safe-to-deploy" [[exemptions.users]] @@ -1736,7 +1836,7 @@ version = "0.8.2" criteria = "safe-to-deploy" [[exemptions.uuid]] -version = "1.6.1" +version = "1.7.0" criteria = "safe-to-deploy" [[exemptions.vsimd]] @@ -1744,11 +1844,7 @@ version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.walkdir]] -version = "2.3.2" -criteria = "safe-to-deploy" - -[[exemptions.wasi]] -version = "0.10.0+wasi-snapshot-preview1" +version = "2.4.0" criteria = "safe-to-deploy" [[exemptions.wasi]] @@ -1756,23 +1852,27 @@ version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen]] -version = "0.2.83" +version = "0.2.91" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] -version = "0.2.83" +version = "0.2.91" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-futures]] -version = "0.4.33" +version = "0.4.41" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro]] -version = "0.2.83" +version = "0.2.91" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro-support]] -version = "0.2.83" +version = "0.2.91" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen-shared]] +version = "0.2.91" criteria = "safe-to-deploy" [[exemptions.wasmer]] @@ -1828,7 +1928,11 @@ version = "0.83.0" criteria = "safe-to-deploy" [[exemptions.web-sys]] -version = "0.3.60" +version = "0.3.68" +criteria = "safe-to-deploy" + +[[exemptions.webpki-roots]] +version = "0.25.4" criteria = "safe-to-deploy" [[exemptions.which]] @@ -1836,7 +1940,7 @@ version = "4.3.0" criteria = "safe-to-deploy" [[exemptions.whoami]] -version = "1.2.3" +version = "1.4.1" criteria = "safe-to-deploy" [[exemptions.widestring]] @@ -1852,7 +1956,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.5" +version = "0.1.6" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -1863,12 +1967,16 @@ criteria = "safe-to-deploy" version = "0.44.0" criteria = "safe-to-deploy" +[[exemptions.windows-core]] +version = "0.52.0" +criteria = "safe-to-deploy" + [[exemptions.winreg]] version = "0.50.0" criteria = "safe-to-deploy" [[exemptions.ws_stream_wasm]] -version = "0.7.3" +version = "0.7.4" criteria = "safe-to-deploy" [[exemptions.wyz]] @@ -1892,7 +2000,7 @@ version = "0.7.31" criteria = "safe-to-deploy" [[exemptions.zeroize]] -version = "1.6.0" +version = "1.7.0" criteria = "safe-to-deploy" [[exemptions.zeroize_derive]] @@ -1900,7 +2008,7 @@ version = "1.3.2" criteria = "safe-to-deploy" [[exemptions.zip]] -version = "0.6.3" +version = "0.6.6" criteria = "safe-to-deploy" [[exemptions.zstd]] @@ -1912,5 +2020,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.3+zstd.1.5.2" +version = "2.0.9+zstd.1.5.5" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 731459f3..eabadcb4 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -2,54 +2,61 @@ # cargo-vet imports lock [[publisher.anstream]] -version = "0.3.2" -when = "2023-05-01" +version = "0.6.11" +when = "2024-01-18" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle]] -version = "1.0.0" -when = "2023-04-13" +version = "1.0.6" +when = "2024-02-05" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-parse]] -version = "0.2.0" -when = "2023-04-13" +version = "0.2.3" +when = "2023-12-04" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-query]] -version = "1.0.0" -when = "2023-04-13" +version = "1.0.2" +when = "2023-12-08" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-wincon]] -version = "1.0.1" -when = "2023-04-24" +version = "3.0.2" +when = "2023-12-04" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anyhow]] -version = "1.0.72" -when = "2023-07-15" +version = "1.0.79" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.async-trait]] -version = "0.1.74" -when = "2023-10-15" +version = "0.1.77" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" +[[publisher.bumpalo]] +version = "3.14.0" +when = "2023-09-14" +user-id = 696 +user-login = "fitzgen" +user-name = "Nick Fitzgerald" + [[publisher.bzip2]] version = "0.4.4" when = "2023-01-05" @@ -65,36 +72,29 @@ user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.clap_builder]] -version = "4.3.14" -when = "2023-07-17" +version = "4.4.18" +when = "2024-01-16" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_lex]] -version = "0.5.0" -when = "2023-05-19" +version = "0.6.0" +when = "2023-10-24" user-id = 6743 user-login = "epage" user-name = "Ed Page" -[[publisher.core-foundation]] -version = "0.9.3" -when = "2022-02-07" +[[publisher.core-foundation-sys]] +version = "0.8.4" +when = "2023-04-03" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" -[[publisher.core-foundation-sys]] -version = "0.8.3" -when = "2021-10-12" -user-id = 2396 -user-login = "jdm" -user-name = "Josh Matthews" - [[publisher.corosensei]] -version = "0.1.3" -when = "2022-07-02" +version = "0.1.4" +when = "2023-08-23" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" @@ -135,33 +135,12 @@ when = "2022-04-11" user-id = 73222 user-login = "wasmtime-publish" -[[publisher.cxx]] -version = "1.0.82" -when = "2022-11-18" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxx-build]] -version = "1.0.82" -when = "2022-11-18" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxxbridge-flags]] -version = "1.0.82" -when = "2022-11-18" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxxbridge-macro]] -version = "1.0.82" -when = "2022-11-18" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" +[[publisher.encoding_rs]] +version = "0.8.33" +when = "2023-08-23" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" [[publisher.equivalent]] version = "1.0.1" @@ -171,8 +150,8 @@ user-login = "cuviper" user-name = "Josh Stone" [[publisher.h2]] -version = "0.3.21" -when = "2023-08-21" +version = "0.3.24" +when = "2024-01-17" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -185,15 +164,29 @@ user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.hashbrown]] -version = "0.14.2" -when = "2023-10-19" +version = "0.14.3" +when = "2023-11-26" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.http]] -version = "0.2.9" -when = "2023-02-17" +version = "0.2.11" +when = "2023-11-13" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.http]] +version = "1.0.0" +when = "2023-11-15" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.http-body]] +version = "0.4.6" +when = "2023-12-08" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -206,8 +199,8 @@ user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.hyper]] -version = "0.14.27" -when = "2023-06-26" +version = "0.14.28" +when = "2023-12-18" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -220,57 +213,36 @@ user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.indexmap]] -version = "1.9.2" -when = "2022-11-17" +version = "1.9.3" +when = "2023-03-24" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.indexmap]] -version = "2.1.0" -when = "2023-10-31" +version = "2.2.2" +when = "2024-01-31" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.itoa]] -version = "0.4.8" -when = "2021-08-22" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.itoa]] -version = "1.0.9" -when = "2023-07-15" +version = "1.0.10" +when = "2023-12-09" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" -[[publisher.jobserver]] -version = "0.1.25" -when = "2022-09-23" -user-id = 1 -user-login = "alexcrichton" -user-name = "Alex Crichton" - [[publisher.libc]] -version = "0.2.150" -when = "2023-11-05" +version = "0.2.153" +when = "2024-01-31" user-id = 51017 user-login = "JohnTitor" user-name = "Yuki Okushi" -[[publisher.link-cplusplus]] -version = "1.0.7" -when = "2022-08-22" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - [[publisher.mime]] -version = "0.3.16" -when = "2020-01-07" +version = "0.3.17" +when = "2023-03-20" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -283,134 +255,127 @@ user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.paste]] -version = "1.0.9" -when = "2022-08-31" +version = "1.0.14" +when = "2023-07-15" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.prettyplease]] -version = "0.2.15" -when = "2023-09-07" +version = "0.2.16" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.reqwest]] -version = "0.11.22" -when = "2023-10-03" +version = "0.11.24" +when = "2024-01-31" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.ryu]] -version = "1.0.11" -when = "2022-08-03" +version = "1.0.16" +when = "2023-12-09" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.scopeguard]] -version = "1.1.0" -when = "2020-02-16" +version = "1.2.0" +when = "2023-07-17" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" -[[publisher.scratch]] -version = "1.0.2" -when = "2022-08-03" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - [[publisher.serde]] -version = "1.0.171" -when = "2023-07-10" +version = "1.0.196" +when = "2024-01-26" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_bytes]] -version = "0.11.7" -when = "2022-08-03" +version = "0.11.14" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_derive]] -version = "1.0.171" -when = "2023-07-10" +version = "1.0.196" +when = "2024-01-26" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_json]] -version = "1.0.103" -when = "2023-07-15" +version = "1.0.113" +when = "2024-01-29" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_path_to_error]] -version = "0.1.9" -when = "2022-12-17" +version = "0.1.15" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_spanned]] -version = "0.6.4" -when = "2023-10-23" +version = "0.6.5" +when = "2023-12-19" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.syn]] -version = "1.0.107" -when = "2022-12-18" +version = "1.0.109" +when = "2023-02-24" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.syn]] -version = "2.0.32" -when = "2023-09-10" +version = "2.0.48" +when = "2024-01-04" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror]] -version = "1.0.39" -when = "2023-03-05" +version = "1.0.56" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror-impl]] -version = "1.0.39" -when = "2023-03-05" +version = "1.0.56" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.tokio]] -version = "1.33.0" -when = "2023-10-09" +version = "1.36.0" +when = "2024-02-02" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.toml]] -version = "0.7.8" -when = "2023-09-09" +version = "0.5.11" +when = "2023-01-20" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml]] -version = "0.8.8" -when = "2023-11-06" +version = "0.8.10" +when = "2024-02-05" user-id = 6743 user-login = "epage" user-name = "Ed Page" @@ -430,22 +395,36 @@ user-login = "epage" user-name = "Ed Page" [[publisher.toml_edit]] -version = "0.21.0" -when = "2023-11-06" +version = "0.20.7" +when = "2023-10-27" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_edit]] +version = "0.21.1" +when = "2024-01-31" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_edit]] +version = "0.22.4" +when = "2024-02-06" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.try-lock]] -version = "0.2.3" -when = "2020-07-10" +version = "0.2.5" +when = "2023-12-07" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.unicode-ident]] -version = "1.0.5" -when = "2022-10-08" +version = "1.0.12" +when = "2023-09-13" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -458,36 +437,43 @@ user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-segmentation]] -version = "1.10.0" -when = "2022-09-13" +version = "1.11.0" +when = "2024-02-07" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-width]] -version = "0.1.10" -when = "2022-09-13" +version = "0.1.11" +when = "2023-09-19" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" -[[publisher.windows-sys]] -version = "0.33.0" -when = "2022-02-24" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" +[[publisher.wasm-encoder]] +version = "0.41.0" +when = "2024-01-29" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" -[[publisher.windows-sys]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" +[[publisher.wast]] +version = "70.0.2" +when = "2024-01-29" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + +[[publisher.wat]] +version = "1.0.85" +when = "2024-01-29" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" [[publisher.windows-sys]] -version = "0.42.0" -when = "2022-09-27" +version = "0.33.0" +when = "2022-02-24" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -521,8 +507,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -542,8 +528,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -562,13 +548,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_aarch64_msvc]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_aarch64_msvc]] version = "0.42.2" when = "2023-03-13" @@ -577,8 +556,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -597,13 +576,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_i686_gnu]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_i686_gnu]] version = "0.42.2" when = "2023-03-13" @@ -612,8 +584,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -632,13 +604,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_i686_msvc]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_i686_msvc]] version = "0.42.2" when = "2023-03-13" @@ -647,8 +612,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -667,13 +632,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_x86_64_gnu]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_x86_64_gnu]] version = "0.42.2" when = "2023-03-13" @@ -682,8 +640,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -703,8 +661,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -723,13 +681,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_x86_64_msvc]] -version = "0.36.1" -when = "2022-04-27" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_x86_64_msvc]] version = "0.42.2" when = "2023-03-13" @@ -738,8 +689,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.48.0" -when = "2023-03-31" +version = "0.48.5" +when = "2023-08-18" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -752,12 +703,19 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.winnow]] -version = "0.5.19" -when = "2023-11-03" +version = "0.5.39" +when = "2024-02-06" user-id = 6743 user-login = "epage" user-name = "Ed Page" +[[audits.bytecodealliance.wildcard-audits.bumpalo]] +who = "Nick Fitzgerald " +criteria = "safe-to-deploy" +user-id = 696 # Nick Fitzgerald (fitzgen) +start = "2019-03-16" +end = "2024-03-10" + [[audits.bytecodealliance.wildcard-audits.cranelift-bforest]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -806,74 +764,94 @@ start = "2021-10-29" end = "2024-06-26" notes = "The Bytecode Alliance is the author of this crate." -[[audits.bytecodealliance.audits.adler]] +[[audits.bytecodealliance.wildcard-audits.wasm-encoder]] who = "Alex Crichton " criteria = "safe-to-deploy" -version = "1.0.2" -notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm." - -[[audits.bytecodealliance.audits.ahash]] -who = "Chris Fallin " -criteria = "safe-to-deploy" -delta = "0.7.6 -> 0.8.2" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2020-12-11" +end = "2024-04-14" +notes = """ +This is a Bytecode Alliance authored crate maintained in the `wasm-tools` +repository of which I'm one of the primary maintainers and publishers for. +I am employed by a member of the Bytecode Alliance and plan to continue doing +so and will actively maintain this crate over time. +""" -[[audits.bytecodealliance.audits.ahash]] +[[audits.bytecodealliance.wildcard-audits.wast]] who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "0.8.2 -> 0.8.7" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-10-16" +end = "2024-04-14" notes = """ -Shuffling of features in this update and while there are updates to `unsafe` -code it's no different than before and the usage remains the same. +This is a Bytecode Alliance authored crate maintained in the `wasm-tools` +repository of which I'm one of the primary maintainers and publishers for. +I am employed by a member of the Bytecode Alliance and plan to continue doing +so and will actively maintain this crate over time. """ -[[audits.bytecodealliance.audits.arrayvec]] -who = "Nick Fitzgerald " +[[audits.bytecodealliance.wildcard-audits.wat]] +who = "Alex Crichton " criteria = "safe-to-deploy" -version = "0.7.2" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-10-18" +end = "2024-04-14" notes = """ -Well documented invariants, good assertions for those invariants in unsafe code, -and tested with MIRI to boot. LGTM. +This is a Bytecode Alliance authored crate maintained in the `wasm-tools` +repository of which I'm one of the primary maintainers and publishers for. +I am employed by a member of the Bytecode Alliance and plan to continue doing +so and will actively maintain this crate over time. """ -[[audits.bytecodealliance.audits.atty]] +[[audits.bytecodealliance.audits.addr2line]] who = "Alex Crichton " criteria = "safe-to-deploy" -version = "0.2.14" +delta = "0.17.0 -> 0.19.0" notes = """ -Contains only unsafe code for what this crate's purpose is and only accesses -the environment's terminal information when asked. Does its stated purpose and -no more. +This is a minor update for addr2line which looks to mainly update its +dependencies and refactor existing code to expose more functionality and such. """ -[[audits.bytecodealliance.audits.backtrace]] +[[audits.bytecodealliance.audits.addr2line]] who = "Alex Crichton " criteria = "safe-to-deploy" -version = "0.3.66" -notes = "I am the author of this crate." +delta = "0.19.0 -> 0.20.0" +notes = "This version brings support for split-dwarf which while it uses the filesystem is always done at the behest of the caller, so everything is as expected for this update." -[[audits.bytecodealliance.audits.base64]] -who = "Pat Hickey " +[[audits.bytecodealliance.audits.addr2line]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.20.0 -> 0.21.0" +notes = "This version bump updated some dependencies and optimized some internals. All looks good." + +[[audits.bytecodealliance.audits.adler]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.0.2" +notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm." + +[[audits.bytecodealliance.audits.ahash]] +who = "Chris Fallin " criteria = "safe-to-deploy" -version = "0.21.0" -notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." +delta = "0.7.6 -> 0.8.2" -[[audits.bytecodealliance.audits.bitflags]] -who = "Jamey Sharp " +[[audits.bytecodealliance.audits.ahash]] +who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" +delta = "0.8.2 -> 0.8.7" notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. +Shuffling of features in this update and while there are updates to `unsafe` +code it's no different than before and the usage remains the same. """ -[[audits.bytecodealliance.audits.bitflags]] +[[audits.bytecodealliance.audits.atty]] who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" +version = "0.2.14" notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. +Contains only unsafe code for what this crate's purpose is and only accesses +the environment's terminal information when asked. Does its stated purpose and +no more. """ [[audits.bytecodealliance.audits.block-buffer]] @@ -881,24 +859,18 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" -[[audits.bytecodealliance.audits.bumpalo]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "3.11.1" -notes = "I am the author of this crate." - -[[audits.bytecodealliance.audits.cargo-platform]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.1.2" -notes = "no build, no ambient capabilities, no unsafe" - [[audits.bytecodealliance.audits.cargo_metadata]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.15.3" notes = "no build, no unsafe, inputs to cargo command are reasonably sanitized" +[[audits.bytecodealliance.audits.cargo_metadata]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.17.0 -> 0.18.1" +notes = "No major changes, no unsafe code here." + [[audits.bytecodealliance.audits.cc]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -911,11 +883,14 @@ criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." -[[audits.bytecodealliance.audits.codespan-reporting]] -who = "Jamey Sharp " +[[audits.bytecodealliance.audits.core-foundation-sys]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.11.1" -notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O." +delta = "0.8.4 -> 0.8.6" +notes = """ +The changes here are all typical bindings updates: new functions, types, and +constants. I have not audited all the bindings for ABI conformance. +""" [[audits.bytecodealliance.audits.crypto-common]] who = "Benjamin Bouvier " @@ -939,11 +914,14 @@ criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" notes = "Just a dependency version bump and a bug fix for redox" -[[audits.bytecodealliance.audits.errno-dragonfly]] -who = "Jamey Sharp " +[[audits.bytecodealliance.audits.fastrand]] +who = "Alex Crichton " criteria = "safe-to-deploy" -version = "0.1.2" -notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is." +delta = "2.0.0 -> 2.0.1" +notes = """ +This update had a few doc updates but no otherwise-substantial source code +updates. +""" [[audits.bytecodealliance.audits.foreign-types]] who = "Pat Hickey " @@ -968,33 +946,16 @@ criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." -[[audits.bytecodealliance.audits.futures-executor]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" -notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods." - -[[audits.bytecodealliance.audits.futures-io]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" - -[[audits.bytecodealliance.audits.futures-sink]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" - [[audits.bytecodealliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.4.0" notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." -[[audits.bytecodealliance.audits.httpdate]] -who = "Pat Hickey " +[[audits.bytecodealliance.audits.iana-time-zone-haiku]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "1.0.2" -notes = "No unsafety, no io" +version = "0.1.2" [[audits.bytecodealliance.audits.idna]] who = "Alex Crichton " @@ -1007,13 +968,31 @@ crate is broadly used throughout the ecosystem and does not contain anything suspicious. """ -[[audits.bytecodealliance.audits.is-terminal]] +[[audits.bytecodealliance.audits.io-lifetimes]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +version = "1.0.3" +notes = "I am the author of this crate." + +[[audits.bytecodealliance.audits.io-lifetimes]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "1.0.3 -> 1.0.5" +notes = "The Bytecode Alliance is the author of this crate." + +[[audits.bytecodealliance.audits.io-lifetimes]] who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.4.7" +delta = "1.0.5 -> 1.0.10" +notes = "I am the maintainer of this crate." + +[[audits.bytecodealliance.audits.itertools]] +who = "Nick Fitzgerald " +criteria = "safe-to-deploy" +delta = "0.10.5 -> 0.12.1" notes = """ -The is-terminal implementation code is now sync'd up with the prototype -implementation in the Rust standard library. +Minimal `unsafe` usage. Few blocks that existed looked reasonable. Does what it +says on the tin: lots of iterators. """ [[audits.bytecodealliance.audits.leb128]] @@ -1096,18 +1075,13 @@ criteria = "safe-to-deploy" version = "0.3.25" notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." -[[audits.bytecodealliance.audits.proc-macro2]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.57" - -[[audits.bytecodealliance.audits.proc-macro2]] +[[audits.bytecodealliance.audits.pkg-config]] who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "1.0.59 -> 1.0.63" +delta = "0.3.26 -> 0.3.29" notes = """ -This is a routine update for new nightly features and new syntax popping up on -nightly, nothing out of the ordinary. +No `unsafe` additions or anything outside of the purview of the crate in this +change. """ [[audits.bytecodealliance.audits.quote]] @@ -1121,23 +1095,16 @@ criteria = "safe-to-deploy" version = "0.1.21" notes = "I am the author of this crate." -[[audits.bytecodealliance.audits.sct]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.7.0" -notes = "no unsafe, no build, no ambient capabilities" - [[audits.bytecodealliance.audits.sharded-slab]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.4" notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe." -[[audits.bytecodealliance.audits.slab]] +[[audits.bytecodealliance.audits.signal-hook-registry]] who = "Pat Hickey " criteria = "safe-to-deploy" -version = "0.4.6" -notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods." +version = "1.4.1" [[audits.bytecodealliance.audits.thread_local]] who = "Pat Hickey " @@ -1171,35 +1138,11 @@ criteria = "safe-to-deploy" version = "0.3.1" notes = "unsafety is used for smuggling std::task::Context as a raw pointer. Lifetime and type safety appears to be taken care of correctly." -[[audits.bytecodealliance.audits.tokio-util]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.7.4" -notes = "Alex Crichton audited the safety of src/sync/reusable_box.rs, I audited the remainder of the crate." - -[[audits.bytecodealliance.audits.tracing-log]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.1.3" -notes = """ -This is a standard adapter between the `log` ecosystem and the `tracing` -ecosystem. There's one `unsafe` block in this crate and it's well-scoped. -""" - [[audits.bytecodealliance.audits.tracing-subscriber]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.17" -[[audits.bytecodealliance.audits.unicase]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "2.6.0" -notes = """ -This crate contains no `unsafe` code and no unnecessary use of the standard -library. -""" - [[audits.bytecodealliance.audits.unicode-bidi]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -1220,34 +1163,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.0" -[[audits.bytecodealliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.20.0" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "50.0.0" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.52" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.audits.webpki-roots]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.22.4 -> 0.23.0" - -[[audits.bytecodealliance.audits.webpki-roots]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.23.0 -> 0.25.2" - [[audits.embark.audits.cargo_metadata]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -1290,46 +1205,6 @@ criteria = "safe-to-deploy" version = "8.3.0" notes = "No unsafe usage or ambient capabilities" -[[audits.embark.audits.num_enum]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.5.11" -notes = "No unsafe usage or ambient capabilities" - -[[audits.embark.audits.num_enum]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.5.11 -> 0.6.1" -notes = "Minor changes" - -[[audits.embark.audits.num_enum]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.6.1 -> 0.7.0" - -[[audits.embark.audits.num_enum_derive]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.5.11" -notes = "Proc macro that generates some unsafe code for conversion but looks sound, no ambient capabilities" - -[[audits.embark.audits.num_enum_derive]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.5.11 -> 0.6.1" -notes = "Minor changes" - -[[audits.embark.audits.num_enum_derive]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.6.1 -> 0.7.0" - -[[audits.embark.audits.stringprep]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.1.2" -notes = "No unsafe usage or ambient capabilities. Old crate from released and unchanged from 2017" - [[audits.embark.audits.tap]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -1348,12 +1223,6 @@ criteria = "safe-to-deploy" version = "0.1.0" notes = "No unsafe usage or ambient capabilities, sane build script" -[[audits.embark.audits.webpki-roots]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.22.4" -notes = "Inspected it to confirm that it only contains data definitions and no runtime code" - [[audits.embark.audits.yaml-rust]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -1373,6 +1242,34 @@ invariants. """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.async-stream]] +who = "Tyler Mandry " +criteria = "safe-to-deploy" +version = "0.3.4" +notes = "Reviewed on https://fxrev.dev/761470" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.3.4 -> 0.3.5" +notes = "Reviewed on https://fxrev.dev/906795" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream-impl]] +who = "Tyler Mandry " +criteria = "safe-to-deploy" +version = "0.3.4" +notes = "Reviewed on https://fxrev.dev/761470" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream-impl]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.3.4 -> 0.3.5" +notes = "Reviewed on https://fxrev.dev/906795" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.fastrand]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1389,12 +1286,17 @@ criteria = "safe-to-deploy" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.md-5]] -who = "David Koloski " +[[audits.google.audits.httpdate]] +who = "George Burgess IV " criteria = "safe-to-deploy" -version = "0.10.5" -notes = "Reviewed on https://fxrev.dev/712372." -aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +version = "1.0.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.openssl-macros]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] who = "David Koloski " @@ -1409,13 +1311,6 @@ criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.sha1]] -who = "David Koloski " -criteria = "safe-to-deploy" -version = "0.10.5" -notes = "Reviewed on https://fxrev.dev/712371." -aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.take_mut]] who = "David Koloski " criteria = "safe-to-deploy" @@ -1430,6 +1325,13 @@ version = "0.1.11" notes = "Reviewed on https://fxrev.dev/804724" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.tokio-stream]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.1.11 -> 0.1.14" +notes = "Reviewed on https://fxrev.dev/907732." +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.unicode-xid]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1442,6 +1344,11 @@ criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.isrg.audits.aes]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.3" + [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy" @@ -1468,20 +1375,25 @@ criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.10" notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`." -[[audits.isrg.audits.hmac]] +[[audits.isrg.audits.getrandom]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.10 -> 0.2.11" + +[[audits.isrg.audits.getrandom]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.12.1" +delta = "0.2.11 -> 0.2.12" -[[audits.isrg.audits.keccak]] +[[audits.isrg.audits.hmac]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.1.2" +version = "0.12.1" -[[audits.isrg.audits.keccak]] -who = "Brandon Pitman " +[[audits.isrg.audits.num-bigint]] +who = "David Cook " criteria = "safe-to-deploy" -delta = "0.1.2 -> 0.1.3" +delta = "0.4.3 -> 0.4.4" [[audits.isrg.audits.num-traits]] who = "David Cook " @@ -1503,6 +1415,11 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.17.2 -> 1.18.0" +[[audits.isrg.audits.once_cell]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.18.0 -> 1.19.0" + [[audits.isrg.audits.opaque-debug]] who = "David Cook " criteria = "safe-to-deploy" @@ -1523,44 +1440,58 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.6.1 -> 1.7.0" +[[audits.isrg.audits.rayon]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.7.0 -> 1.8.0" + +[[audits.isrg.audits.rayon]] +who = "Ameer Ghani " +criteria = "safe-to-deploy" +delta = "1.8.0 -> 1.8.1" + [[audits.isrg.audits.rayon-core]] -who = "Brandon Pitman " +who = "Ameer Ghani " criteria = "safe-to-deploy" -delta = "1.10.2 -> 1.11.0" +version = "1.12.1" [[audits.isrg.audits.sha3]] who = "David Cook " criteria = "safe-to-deploy" version = "0.10.6" -[[audits.isrg.audits.untrusted]] -who = "David Cook " +[[audits.isrg.audits.sha3]] +who = "Brandon Pitman " criteria = "safe-to-deploy" -version = "0.7.1" +delta = "0.10.6 -> 0.10.7" + +[[audits.isrg.audits.sha3]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.10.7 -> 0.10.8" -[[audits.isrg.audits.wasm-bindgen-shared]] +[[audits.isrg.audits.untrusted]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.2.83" +version = "0.7.1" -[[audits.mozilla.wildcard-audits.core-foundation]] +[[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 # Jeff Muizelaar (jrmuizel) -start = "2019-03-29" +start = "2020-10-14" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.wildcard-audits.core-foundation-sys]] -who = "Bobby Holley " +[[audits.mozilla.wildcard-audits.encoding_rs]] +who = "Henri Sivonen " criteria = "safe-to-deploy" -user-id = 2396 # Josh Matthews (jdm) -start = "2019-11-12" -end = "2023-05-04" -renew = false -notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2019-02-26" +end = "2024-08-28" +notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.unicode-normalization]] @@ -1636,25 +1567,6 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.bitflags]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 2.0.2" -notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Teodor Tanasoaia " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1673,11 +1585,24 @@ criteria = "safe-to-deploy" delta = "1.0.78 -> 1.0.83" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" -[[audits.mozilla.audits.crossbeam-queue]] -who = "Matthew Gregan " +[[audits.mozilla.audits.crossbeam-channel]] +who = "Jan-Erik Rediger " criteria = "safe-to-deploy" -version = "0.3.8" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +delta = "0.5.7 -> 0.5.8" +notes = "Reviewed the fix, previous versions indeed had were able to trigger a race condition" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.crossbeam-channel]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.5.8 -> 0.5.11" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.crossbeam-utils]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.8.14 -> 0.8.19" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " @@ -1703,63 +1628,56 @@ criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.encoding_rs]] -who = "Henri Sivonen " -criteria = "safe-to-deploy" -version = "0.8.31" -notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fnv]] -who = "Bobby Holley " +[[audits.mozilla.audits.either]] +who = "Mike Hommey " criteria = "safe-to-deploy" -version = "1.0.7" -notes = "Simple hasher implementation with no unsafe code." +delta = "1.8.0 -> 1.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.form_urlencoded]] -who = "Valentin Gosu " +[[audits.mozilla.audits.enumset_derive]] +who = "Mike Hommey " criteria = "safe-to-deploy" -version = "1.2.0" +delta = "0.6.1 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-channel]] +[[audits.mozilla.audits.errno]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" +delta = "0.3.1 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-core]] +[[audits.mozilla.audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" +delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-executor]] -who = "Mike Hommey " +[[audits.mozilla.audits.fnv]] +who = "Bobby Holley " criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" +version = "1.0.7" +notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-executor]] -who = "Mike Hommey " +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "0.3.25 -> 0.3.26" +version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-executor]] -who = "Bobby Holley " +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.23" +delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-io]] +[[audits.mozilla.audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-sink]] +[[audits.mozilla.audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" @@ -1808,6 +1726,12 @@ criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" @@ -1821,17 +1745,31 @@ criteria = "safe-to-deploy" delta = "0.25.2 -> 0.26.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.libsqlite3-sys]] +who = "Mark Hammond " +criteria = "safe-to-deploy" +delta = "0.26.0 -> 0.27.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.mach2]] -who = "Gabriele Svelto " +[[audits.mozilla.audits.log]] +who = "Jan-Erik Rediger " criteria = "safe-to-deploy" -version = "0.4.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +delta = "0.4.17 -> 0.4.18" +notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +delta = "0.4.18 -> 0.4.20" +notes = "Only cfg attribute and internal macro changes and module refactorings" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.memoffset]] who = "Gabriele Svelto " @@ -1846,24 +1784,41 @@ version = "1.0.4" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num]] -who = "Josh Stone " +[[audits.mozilla.audits.nix]] +who = "Gabriele Svelto " criteria = "safe-to-deploy" -version = "0.4.0" -notes = "All code written or reviewed by Josh Stone." +delta = "0.15.0 -> 0.25.0" +notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num-bigint]] -who = "Josh Stone " +[[audits.mozilla.audits.nix]] +who = "Mike Hommey " criteria = "safe-to-deploy" -version = "0.4.3" -notes = "All code written or reviewed by Josh Stone." +delta = "0.25.0 -> 0.25.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.25.1 -> 0.26.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nix]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +delta = "0.26.2 -> 0.27.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.nom]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "7.1.1 -> 7.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num-complex]] +[[audits.mozilla.audits.num-bigint]] who = "Josh Stone " criteria = "safe-to-deploy" -version = "0.4.2" +version = "0.4.3" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" @@ -1901,6 +1856,12 @@ criteria = "safe-to-deploy" delta = "2.2.0 -> 2.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.percent-encoding]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.3.0 -> 2.3.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.phf]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1938,72 +1899,10 @@ version = "0.1.1" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] +[[audits.mozilla.audits.quote]] who = "Nika Layzell " criteria = "safe-to-deploy" -version = "1.0.39" -notes = """ -`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided -`proc_macro` crate, or as a fallback implementation of the crate, depending on -where it is used. - -If using this crate on older versions of rustc (1.56 and earlier), it will -temporarily replace the panic handler while initializing in order to detect if -it is running within a `proc_macro`, which could lead to surprising behaviour. -This should not be an issue for more recent compiler versions, which support -`proc_macro::is_available()`. - -The `proc-macro2` crate's fallback behaviour is not identical to the complex -behaviour of the rustc compiler (e.g. it does not perform unicode normalization -for identifiers), however it behaves well enough for its intended use-case -(tests and scripts processing rust code). - -`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to -allow bypassing checks in the fallback implementation when constructing -`Literal` using `from_str_unchecked`. This was intended to only be used by the -`quote!` macro, however it has been removed -(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), -and is likely completely unused. Even when used, this API shouldn't be able to -cause unsoundness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.39 -> 1.0.43" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.49" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.49 -> 1.0.51" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.57 -> 1.0.59" -notes = "Enabled on Wasm" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.63 -> 1.0.66" -notes = "Removed special support for some really old Rust versions" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.18" +version = "1.0.18" notes = """ `quote` is a utility crate used by proc-macros to generate TokenStreams conveniently from source code. The bulk of the logic is some complex @@ -2061,31 +1960,6 @@ criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.rayon-core]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.9.3" -notes = "All code written or reviewed by Josh Stone or Niko Matsakis." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.9.3 -> 1.10.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.10.1 -> 1.10.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.redox_syscall]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.3.5" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.ron]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2111,6 +1985,13 @@ a security vulnerability. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.rustversion]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "1.0.9 -> 1.0.14" +notes = "Doc updates, minimal CI changes and a fix to build-script reruns" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.serde_cbor]] who = "R. Martinho Fernandes " criteria = "safe-to-deploy" @@ -2123,51 +2004,48 @@ criteria = "safe-to-deploy" delta = "0.11.1 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.slab]] -who = "Mike Hommey " +[[audits.mozilla.audits.subtle]] +who = "Simon Friedberger " criteria = "safe-to-deploy" -delta = "0.4.6 -> 0.4.7" +version = "2.5.0" +notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.synstructure]] -who = "Nika Layzell " +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " criteria = "safe-to-deploy" -version = "0.12.6" -notes = """ -I am the primary author of the `synstructure` crate, and its current -maintainer. The one use of `unsafe` is unnecessary, but documented and -harmless. It will be removed in the next version. -""" +version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.time]] -who = "Mike Hommey " +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " criteria = "safe-to-deploy" -delta = "0.1.44 -> 0.1.45" +delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.time]] -who = "Kershaw Chang " +[[audits.mozilla.audits.typenum]] +who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.1.45 -> 0.3.17" +delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.time-core]] -who = "Kershaw Chang " +[[audits.mozilla.audits.unicode-bidi]] +who = "Makoto Kato " criteria = "safe-to-deploy" -version = "0.1.0" +delta = "0.3.8 -> 0.3.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.time-macros]] -who = "Kershaw Chang " +[[audits.mozilla.audits.unicode-bidi]] +who = "Jonathan Kew " criteria = "safe-to-deploy" -version = "0.2.6" +delta = "0.3.13 -> 0.3.14" +notes = "I am the author of the bulk of the upstream changes in this version, and also checked the remaining post-0.3.13 changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-bidi]] -who = "Makoto Kato " +who = "Jonathan Kew " criteria = "safe-to-deploy" -delta = "0.3.8 -> 0.3.13" +delta = "0.3.14 -> 0.3.15" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.url]] @@ -2182,16 +2060,89 @@ criteria = "safe-to-deploy" delta = "2.4.0 -> 2.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.4.1 -> 2.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.zcash.audits.aho-corasick]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.1.1 -> 1.1.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.allocator-api2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.14 -> 0.2.15" +notes = """ +- Some existing `unsafe` code is moved without being altered. +- The new `SliceExt` extension trait uses `unsafe` methods `Vec::set_len` and + `core::ptr::copy_nonoverlapping` to initialize a `Vec` efficiently. The safety + requirements appear to be satisfied. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.allocator-api2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.15 -> 0.2.16" +notes = "Change to `unsafe` block is to fix the `Drop` impl of `Box` to drop its value." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.backtrace]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.67 -> 0.3.69" +notes = """ +Changes to `unsafe` blocks: +- New call to `GetCurrentProcessId` on Windows, to help generate a process-unique name to + use inside an existing `CreateMutexA` call. +- Uses `libc::mmap64` on Linux instead of `libc::mmap`. +- Alters `Stash` to allow caching more than one `Mmap`; the existing `unsafe` safety + condition continues to be applicable. + +There are also several more places where DWARF data is mmapped from a filesystem path and +then loaded. These appear to all derive from existing paths that themselves were already +being mmapped and loaded. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.bech32]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.9.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.bitflags]] +[[audits.zcash.audits.block-buffer]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.10.3 -> 0.10.4" +notes = "Adds panics to prevent a block size of zero from causing unsoundness." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.byteorder]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.4.3 -> 1.5.0" +notes = """ +- Adds two assertions to check the safety of `slice::from_raw_parts_mut` calls. +- Replaces a bunch of `unsafe` blocks containing `copy_nonoverlapping` calls + with safe `<&mut [u8]>::copy_from_slice` calls. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.bytes]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "2.3.3 -> 2.4.0" +delta = "1.4.0 -> 1.5.0" +notes = """ +- Introduces new `unsafe` blocks inside new `UninitSlice` constructors, but these replace + existing equivalent `unsafe` blocks that were directly constructing `UninitSlice`. +- Adds `unsafe impl BufMut for &mut [core::mem::MaybeUninit]`, which is implemented + almost identically to the existing `unsafe impl BufMut for &mut [u8]`. +""" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.cipher]] @@ -2201,10 +2152,40 @@ delta = "0.3.0 -> 0.4.3" notes = "Significant rework of (mainly RustCrypto-internal) APIs." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.fastrand]] +[[audits.zcash.audits.cipher]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.9.0 -> 2.0.0" +delta = "0.4.3 -> 0.4.4" +notes = "Adds panics to prevent a block size of zero from causing unsoundness." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.crossbeam-channel]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.5.6 -> 0.5.7" +notes = "Fixes wrapping overflows for large timeouts." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.deranged]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.10 -> 0.3.11" +notes = """ +Two new `unsafe` blocks to construct ranges via `T::new_unchecked`. The safety +comments correctly document why the checks are unnecessary. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.either]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.8.1 -> 1.9.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.errno]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.ff]] @@ -2213,6 +2194,70 @@ criteria = "safe-to-deploy" delta = "0.12.1 -> 0.13.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures-channel]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-channel]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" +notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" +notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-task]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-task]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" +notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-util]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.29" +notes = """ +Only change to `unsafe` code is to add a `Fut: Send` bound to the +`unsafe impl Sync for FuturesUnordered`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-util]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" +notes = """ +- Removes `build.rs` now that it can rely on the `target_has_atomic` attribute. +- Almost all changes to `unsafe` blocks are to either move them around, or + replace them with safe method calls. +- One new `unsafe` block is added for a slice lifetime transmutation. The slice + reconstruction is obviously correct. AFAICT the lifetime transmutation is also + correct; the slice's lifetime logically comes from the `AsyncBufRead` reader + inside `FillBuf`, rather than the `Context`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.group]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -2226,6 +2271,36 @@ version = "0.1.3" notes = "Reviewed in full." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.io-lifetimes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.ipnet]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.7.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.ipnet]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.7.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.ipnet]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.7.2 -> 2.8.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.ipnet]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.8.0 -> 2.9.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.libm]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2233,6 +2308,41 @@ delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.memchr]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.6.3 -> 2.6.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.memchr]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.6.4 -> 2.7.1" +notes = """ +Change to an `unsafe fn` is to rework the short-tail handling of a fixed-length +comparison between `u8` pointers. The new tail code matches the existing head +code (but adapted to `u16` and `u8` reads, instead of `u32`). +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.parity-scale-codec]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "3.6.1 -> 3.6.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.parity-scale-codec]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "3.6.5 -> 3.6.9" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.parity-scale-codec-derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "3.6.5 -> 3.6.9" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.parking_lot]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2246,6 +2356,20 @@ criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.proc-macro-crate]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.2.1 -> 1.3.0" +notes = "Migrates from `toml` to `toml_edit`." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.proc-macro-crate]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.3.0 -> 1.3.1" +notes = "Bumps MSRV to 1.60." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.proptest]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2257,12 +2381,37 @@ API would be used intentionally by downstream tests). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.quote]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.31 -> 1.0.33" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.quote]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.33 -> 1.0.35" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.rand_xorshift]] who = "Sean Bowe " criteria = "safe-to-deploy" version = "0.3.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.redox_users]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.3 -> 0.4.4" +notes = "Switches from `redox_syscall` crate to `libredox` crate for syscalls." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.regex-syntax]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.6.28 -> 0.6.29" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.regex-syntax]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2275,6 +2424,18 @@ criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.rustc-demangle]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.1.21 -> 0.1.22" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.rustc-demangle]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.22 -> 0.1.23" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.rustc_version]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2290,6 +2451,139 @@ be set correctly by `cargo`. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.sharded-slab]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.7" +notes = "Only change to an `unsafe` block is to fix a clippy lint." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.signature]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +version = "2.1.0" +notes = """ +This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations. +I did not review whether implementing these APIs would present any undocumented cryptographic hazards. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.signature]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.siphasher]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.10 -> 0.3.11" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.thread_local]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.1.4 -> 1.1.7" +notes = """ +New `unsafe` usage: +- An extra `deallocate_bucket`, to replace a `Mutex::lock` with a `compare_exchange`. +- Setting and getting a `#[thread_local] static mut Option` on nightly. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.time-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.1.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tinyvec_macros]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +notes = "Adds `#![forbid(unsafe_code)]` and license files." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-attributes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.23 -> 0.1.25" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-attributes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.25 -> 0.1.26" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-attributes]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.26 -> 0.1.27" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.30 -> 0.1.31" +notes = """ +The only new `unsafe` block is to intentionally leak a scoped subscriber onto +the heap when setting it as the global default dispatcher. I checked that the +global default can only be set once and is never dropped. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.31 -> 0.1.32" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-subscriber]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.17 -> 0.3.18" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.typenum]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.17.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.uint]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.9.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.want]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" +notes = """ +Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked +`unsafe` (but that were being used safely). +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.which]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "4.3.0 -> 4.4.0" +notes = "New APIs are remixes of existing code." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.which]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "4.4.0 -> 4.4.2" +notes = """ +Crate now has `#![forbid(unsafe_code)]`, replacing its last `unsafe` block with a +dependency on the `rustix` crate. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.zerocopy]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2301,3 +2595,22 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.7.31 -> 0.7.32" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.zeroize_derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 1.3.3" +notes = "Removes `T: Drop` bound from `impl Drop for SomeType`. I agree it was unnecessary." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.zeroize_derive]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.3.3 -> 1.4.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.zeroize_derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.4.1 -> 1.4.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"