diff --git a/Cargo.lock b/Cargo.lock index c4976af4..d89ba97e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1099,6 +1099,12 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "bytemuck" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d6d68c57235a3a081186990eca2867354726650f42f7516ca50c28d6281fd15" + [[package]] name = "byteorder" version = "1.5.0" @@ -2919,12 +2925,6 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" -[[package]] -name = "hex-literal" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" - [[package]] name = "hex-literal" version = "0.4.1" @@ -3642,9 +3642,9 @@ dependencies = [ [[package]] name = "mmap-rs" -version = "0.5.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e6ae912d061146fa8d2b8bf15f66710c8641ac5d1e6478fb6d56839fd958a04" +checksum = "86968d85441db75203c34deefd0c88032f275aaa85cee19a1dcfff6ae9df56da" dependencies = [ "bitflags 1.3.2", "combine", @@ -5016,13 +5016,14 @@ dependencies = [ [[package]] name = "ruint" -version = "1.11.1" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608a5726529f2f0ef81b8fde9873c4bb829d6b5b5ca6be4d97345ddf0749c825" +checksum = "8f308135fef9fc398342da5472ce7c484529df23743fb7c734e0f3d472971e62" dependencies = [ "alloy-rlp", "ark-ff 0.3.0", "ark-ff 0.4.2", + "bytemuck", "bytes", "fastrlp", "num-bigint", @@ -5042,9 +5043,9 @@ dependencies = [ [[package]] name = "ruint-macro" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e666a5496a0b2186dbcd0ff6106e29e093c15591bde62c20d3842007c6978a09" +checksum = "f86854cf50259291520509879a5c294c3c9a4c334e9ff65071c51e42ef1e2343" [[package]] name = "rust-ini" @@ -5285,7 +5286,7 @@ dependencies = [ [[package]] name = "semaphore" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#08b9fd7a9d92260d2ed3d1031db4a90fa7408777" +source = "git+https://github.com/worldcoin/semaphore-rs?rev=5170c42292a4abc9e332742c8c392a480b075609#5170c42292a4abc9e332742c8c392a480b075609" dependencies = [ "ark-bn254", "ark-circom", @@ -5295,11 +5296,13 @@ dependencies = [ "ark-relations", "ark-std 0.3.0", "bincode", + "bytemuck", "color-eyre 0.6.2", "enumset", "ethers-core 2.0.13 (git+https://github.com/gakonst/ethers-rs)", "hex", - "hex-literal 0.3.4", + "hex-literal", + "itertools 0.12.1", "mmap-rs", "num-bigint", "once_cell", @@ -5320,12 +5323,12 @@ dependencies = [ [[package]] name = "semaphore-depth-config" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#08b9fd7a9d92260d2ed3d1031db4a90fa7408777" +source = "git+https://github.com/worldcoin/semaphore-rs?rev=5170c42292a4abc9e332742c8c392a480b075609#5170c42292a4abc9e332742c8c392a480b075609" [[package]] name = "semaphore-depth-macros" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#08b9fd7a9d92260d2ed3d1031db4a90fa7408777" +source = "git+https://github.com/worldcoin/semaphore-rs?rev=5170c42292a4abc9e332742c8c392a480b075609#5170c42292a4abc9e332742c8c392a480b075609" dependencies = [ "itertools 0.10.5", "proc-macro2", @@ -5556,7 +5559,7 @@ dependencies = [ "futures", "futures-util", "hex", - "hex-literal 0.4.1", + "hex-literal", "humantime", "humantime-serde", "hyper", @@ -7308,11 +7311,11 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows" -version = "0.44.0" +version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e745dab35a0c4c77aa3ce42d595e13d2003d6902d6b08c9ef5fc326d08da12b" +checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" dependencies = [ - "windows-targets 0.42.2", + "windows-targets 0.48.5", ] [[package]] @@ -7355,21 +7358,6 @@ dependencies = [ "windows-targets 0.52.0", ] -[[package]] -name = "windows-targets" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" -dependencies = [ - "windows_aarch64_gnullvm 0.42.2", - "windows_aarch64_msvc 0.42.2", - "windows_i686_gnu 0.42.2", - "windows_i686_msvc 0.42.2", - "windows_x86_64_gnu 0.42.2", - "windows_x86_64_gnullvm 0.42.2", - "windows_x86_64_msvc 0.42.2", -] - [[package]] name = "windows-targets" version = "0.48.5" @@ -7400,12 +7388,6 @@ dependencies = [ "windows_x86_64_msvc 0.52.0", ] -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" - [[package]] name = "windows_aarch64_gnullvm" version = "0.48.5" @@ -7424,12 +7406,6 @@ version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd761fd3eb9ab8cc1ed81e56e567f02dd82c4c837e48ac3b2181b9ffc5060807" -[[package]] -name = "windows_aarch64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" - [[package]] name = "windows_aarch64_msvc" version = "0.48.5" @@ -7448,12 +7424,6 @@ version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cab0cf703a96bab2dc0c02c0fa748491294bf9b7feb27e1f4f96340f208ada0e" -[[package]] -name = "windows_i686_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" - [[package]] name = "windows_i686_gnu" version = "0.48.5" @@ -7472,12 +7442,6 @@ version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8cfdbe89cc9ad7ce618ba34abc34bbb6c36d99e96cae2245b7943cd75ee773d0" -[[package]] -name = "windows_i686_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" - [[package]] name = "windows_i686_msvc" version = "0.48.5" @@ -7496,12 +7460,6 @@ version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4dd9b0c0e9ece7bb22e84d70d01b71c6d6248b81a3c60d11869451b4cb24784" -[[package]] -name = "windows_x86_64_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" - [[package]] name = "windows_x86_64_gnu" version = "0.48.5" @@ -7514,12 +7472,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" - [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" @@ -7538,12 +7490,6 @@ version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff1e4aa646495048ec7f3ffddc411e1d829c026a2ec62b39da15c1055e406eaa" -[[package]] -name = "windows_x86_64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" - [[package]] name = "windows_x86_64_msvc" version = "0.48.5" diff --git a/Cargo.toml b/Cargo.toml index 0920b938..42f41980 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -48,9 +48,8 @@ oz-api = { path = "crates/oz-api" } # We need upstream PR#465 to fix #272. prometheus = "0.13.3" reqwest = { version = "0.11.18", features = ["json"] } -# ruint has broken semver, specify exact version. -ruint = { version = "=1.11.1", features = ["primitive-types", "sqlx"] } -semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = [ +ruint = { version = "1.12.1", features = ["primitive-types", "sqlx"] } +semaphore = { git = "https://github.com/worldcoin/semaphore-rs", rev = "5170c42292a4abc9e332742c8c392a480b075609", features = [ "depth_30", ] } serde = { version = "1.0", features = ["derive"] } @@ -88,7 +87,7 @@ maplit = "1.0.2" micro-oz = { path = "crates/micro-oz" } postgres-docker-utils = { path = "crates/postgres-docker-utils" } regex = { version = "1.7.1", features = ["std"] } -semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = [ +semaphore = { git = "https://github.com/worldcoin/semaphore-rs", rev = "5170c42292a4abc9e332742c8c392a480b075609", features = [ "depth_20", ] } similar-asserts = "1.5.0" diff --git a/src/database/mod.rs b/src/database/mod.rs index 96844943..81cf9a9c 100644 --- a/src/database/mod.rs +++ b/src/database/mod.rs @@ -821,8 +821,8 @@ pub trait DatabaseExt<'a>: Executor<'a, Database = Postgres> { async fn identity_exists(self, commitment: Hash) -> Result { Ok(sqlx::query( r#" - select - EXISTS (select commitment from unprocessed_identities where commitment = $1) OR + select + EXISTS (select commitment from unprocessed_identities where commitment = $1) OR EXISTS (select commitment from identities where commitment = $1); "#, ) @@ -894,7 +894,7 @@ mod test { // TODO: we should probably consolidate all tests that propagate errors to // TODO: either use anyhow or eyre - async fn setup_db<'a>(docker: &'a Cli) -> anyhow::Result<(Database, DockerContainer)> { + async fn setup_db(docker: &Cli) -> anyhow::Result<(Database, DockerContainer)> { let db_container = postgres_docker_utils::setup(docker).await?; let url = format!( "postgres://postgres:postgres@{}/database", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 0601178e..7f9f4029 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -252,10 +252,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.base64]] -version = "0.21.7" -criteria = "safe-to-deploy" - [[exemptions.base64-simd]] version = "0.8.0" criteria = "safe-to-deploy" @@ -693,7 +689,7 @@ version = "0.4.2" criteria = "safe-to-deploy" [[exemptions.flate2]] -version = "1.0.28" +version = "1.0.24" criteria = "safe-to-deploy" [[exemptions.flume]] @@ -788,10 +784,6 @@ criteria = "safe-to-deploy" version = "0.3.5" criteria = "safe-to-deploy" -[[exemptions.hex-literal]] -version = "0.3.4" -criteria = "safe-to-deploy" - [[exemptions.hex-literal]] version = "0.4.1" criteria = "safe-to-deploy" @@ -972,16 +964,12 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" -[[exemptions.miniz_oxide]] -version = "0.7.2" -criteria = "safe-to-deploy" - [[exemptions.mio]] version = "0.8.10" criteria = "safe-to-deploy" [[exemptions.mmap-rs]] -version = "0.5.0" +version = "0.6.1" criteria = "safe-to-deploy" [[exemptions.more-asserts]] @@ -1004,10 +992,6 @@ criteria = "safe-to-deploy" version = "0.4.5" criteria = "safe-to-deploy" -[[exemptions.num-conv]] -version = "0.1.0" -criteria = "safe-to-deploy" - [[exemptions.num_enum]] version = "0.7.2" criteria = "safe-to-deploy" @@ -1020,10 +1004,6 @@ criteria = "safe-to-deploy" version = "0.28.4" criteria = "safe-to-deploy" -[[exemptions.object]] -version = "0.32.2" -criteria = "safe-to-deploy" - [[exemptions.once_cell]] version = "1.17.1" criteria = "safe-to-deploy" @@ -1361,11 +1341,11 @@ version = "0.9.6" criteria = "safe-to-deploy" [[exemptions.ruint]] -version = "1.11.1" +version = "1.12.1" criteria = "safe-to-deploy" [[exemptions.ruint-macro]] -version = "1.1.0" +version = "1.2.0" criteria = "safe-to-deploy" [[exemptions.rust-ini]] @@ -1517,7 +1497,7 @@ version = "1.13.1" criteria = "safe-to-deploy" [[exemptions.socket2]] -version = "0.5.5" +version = "0.4.4" criteria = "safe-to-deploy" [[exemptions.solang-parser]] @@ -1905,7 +1885,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.windows]] -version = "0.44.0" +version = "0.48.0" criteria = "safe-to-deploy" [[exemptions.windows-core]] @@ -1932,14 +1912,6 @@ criteria = "safe-to-deploy" version = "0.5.1" criteria = "safe-to-deploy" -[[exemptions.zerocopy]] -version = "0.7.31" -criteria = "safe-to-deploy" - -[[exemptions.zerocopy-derive]] -version = "0.7.31" -criteria = "safe-to-deploy" - [[exemptions.zeroize]] version = "1.7.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b291a77d..fe1bfb5d 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -233,13 +233,6 @@ user-id = 539 user-login = "cuviper" user-name = "Josh Stone" -[[publisher.itoa]] -version = "1.0.10" -when = "2023-12-09" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - [[publisher.libc]] version = "0.2.153" when = "2024-01-31" @@ -310,13 +303,6 @@ user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" -[[publisher.serde_derive]] -version = "1.0.196" -when = "2024-01-26" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - [[publisher.serde_json]] version = "1.0.113" when = "2024-01-29" @@ -499,13 +485,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows-targets]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows-targets]] version = "0.48.5" when = "2023-08-18" @@ -520,13 +499,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_aarch64_gnullvm]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_aarch64_gnullvm]] version = "0.48.5" when = "2023-08-18" @@ -548,13 +520,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_aarch64_msvc]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_aarch64_msvc]] version = "0.48.5" when = "2023-08-18" @@ -576,13 +541,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_i686_gnu]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_i686_gnu]] version = "0.48.5" when = "2023-08-18" @@ -604,13 +562,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_i686_msvc]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_i686_msvc]] version = "0.48.5" when = "2023-08-18" @@ -632,13 +583,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_x86_64_gnu]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_x86_64_gnu]] version = "0.48.5" when = "2023-08-18" @@ -653,13 +597,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_x86_64_gnullvm]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_x86_64_gnullvm]] version = "0.48.5" when = "2023-08-18" @@ -681,13 +618,6 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" -[[publisher.windows_x86_64_msvc]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - [[publisher.windows_x86_64_msvc]] version = "0.48.5" when = "2023-08-18" @@ -854,6 +784,12 @@ the environment's terminal information when asked. Does its stated purpose and no more. """ +[[audits.bytecodealliance.audits.base64]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.21.0" +notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." + [[audits.bytecodealliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" @@ -923,6 +859,12 @@ This update had a few doc updates but no otherwise-substantial source code updates. """ +[[audits.bytecodealliance.audits.flate2]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +delta = "1.0.26 -> 1.0.28" +notes = "No new `unsafe` and no large changes in function. This diff is mostly refactoring with a lot of docs, CI, test changes. Adds some defensive clearing out of certain variables as a safeguard." + [[audits.bytecodealliance.audits.foreign-types]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -1013,6 +955,20 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" +[[audits.bytecodealliance.audits.miniz_oxide]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.7.1" +notes = """ +This crate is a Rust implementation of zlib compression/decompression and has +been used by default by the Rust standard library for quite some time. It's also +a default dependency of the popular `backtrace` crate for decompressing debug +information. This crate forbids unsafe code and does not otherwise access system +resources. It's originally a port of the `miniz.c` library as well, and given +its own longevity should be relatively hardened against some of the more common +compression-related issues. +""" + [[audits.bytecodealliance.audits.native-tls]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -1025,6 +981,18 @@ criteria = "safe-to-deploy" version = "0.46.0" notes = "one use of unsafe to call windows specific api to get console handle." +[[audits.bytecodealliance.audits.object]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.30.3 -> 0.31.1" +notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." + +[[audits.bytecodealliance.audits.object]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.31.1 -> 0.32.0" +notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good." + [[audits.bytecodealliance.audits.openssl-macros]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -1072,11 +1040,6 @@ No `unsafe` additions or anything outside of the purview of the crate in this change. """ -[[audits.bytecodealliance.audits.quote]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.23 -> 1.0.27" - [[audits.bytecodealliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -1264,6 +1227,21 @@ delta = "0.3.4 -> 0.3.5" notes = "Reviewed on https://fxrev.dev/906795" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for reasonable, client-controlled usage of +`std::fs` in `AutoCfg::with_dir`. + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.base64]] who = "Adam Langley " criteria = "safe-to-deploy" @@ -1288,6 +1266,19 @@ Audit notes: """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.14.3" +notes = "Additional review notes may be found in https://crrev.com/c/5362675." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.14.3 -> 1.15.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.dirs-next]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1316,6 +1307,21 @@ criteria = "safe-to-deploy" version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nom]] who = "danakj@chromium.org" criteria = "safe-to-deploy" @@ -1325,6 +1331,12 @@ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.num-iter]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.1.43" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.openssl-macros]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1338,6 +1350,13 @@ version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.13" +notes = "Audited at https://fxrev.dev/946396" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1356,6 +1375,59 @@ Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.35" +notes = """ +Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for benign \"net\" hit in tests and \"fs\" hit in README.md) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rustversion]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.14" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for: + +* Using trivially-safe `unsafe` in test code: + + ``` + tests/test_const.rs:unsafe fn _unsafe() {} + tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; + ``` + +* Using `unsafe` in a string: + + ``` + src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe, + ``` + +* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` + which is later read back via `include!` used in `src/lib.rs`. + +Version `1.0.6` of this crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.196" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.socket2]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.4.4 -> 0.5.5" +notes = "Reviewed at https://fxrev.dev/946307" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.strsim]] who = "danakj@chromium.org" criteria = "safe-to-deploy" @@ -1427,6 +1499,21 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.8.2 -> 0.8.3" +[[audits.isrg.audits.base64]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.21.0 -> 0.21.1" + +[[audits.isrg.audits.base64]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.21.1 -> 0.21.2" + +[[audits.isrg.audits.base64]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.21.2 -> 0.21.3" + [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy" @@ -1628,13 +1715,6 @@ criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.autocfg]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" @@ -1747,6 +1827,19 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.flate2]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.0.24 -> 1.0.25" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.flate2]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "1.0.25 -> 1.0.26" +notes = "Few dep updates, internal refactorings" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1938,13 +2031,6 @@ version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num-iter]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.1.43" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.num-rational]] who = "Josh Stone " criteria = "safe-to-deploy" @@ -1959,6 +2045,18 @@ version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.object]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.28.4 -> 0.30.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.object]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.30.0 -> 0.30.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" @@ -2008,48 +2106,6 @@ version = "0.1.1" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.quote]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.18" -notes = """ -`quote` is a utility crate used by proc-macros to generate TokenStreams -conveniently from source code. The bulk of the logic is some complex -interlocking `macro_rules!` macros which are used to parse and build the -`TokenStream` within the proc-macro. - -This crate contains no unsafe code, and the internal logic, while difficult to -read, is generally straightforward. I have audited the the quote macros, ident -formatter, and runtime logic. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.18 -> 1.0.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.21 -> 1.0.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.27 -> 1.0.28" -notes = "Enabled on wasm targets" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.31" -notes = "Minimal changes and removal of the build.rs" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2082,25 +2138,6 @@ version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.rustversion]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -version = "1.0.9" -notes = """ -This crate has a build-time component and procedural macro logic, which I looked -at enough to convince myself it wasn't going to do anything dramatically wrong. -I don't think logic bugs in the version parsing etc can realistically introduce -a security vulnerability. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rustversion]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.9 -> 1.0.14" -notes = "Doc updates, minimal CI changes and a fix to build-script reruns" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.serde_cbor]] who = "R. Martinho Fernandes " criteria = "safe-to-deploy" @@ -2175,6 +2212,26 @@ criteria = "safe-to-deploy" delta = "2.4.1 -> 2.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.zerocopy]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.7.32" +notes = """ +This crate is `no_std` so doesn't use any side-effectful std functions. It +contains quite a lot of `unsafe` code, however. I verified portions of this. It +also has a large, thorough test suite. The project claims to run tests with +Miri to have stronger soundness checks, and also claims to use formal +verification tools to prove correctness. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerocopy-derive]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.7.32" +notes = "Clean, safe macros for zerocopy." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.zcash.audits.aho-corasick]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2218,6 +2275,24 @@ being mmapped and loaded. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.base64]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.21.3 -> 0.21.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.base64]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.21.4 -> 0.21.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.base64]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.21.5 -> 0.21.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.bech32]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2428,6 +2503,12 @@ code (but adapted to `u16` and `u8` reads, instead of `u32`). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.miniz_oxide]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.7.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.nix]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2442,6 +2523,24 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.num-conv]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.1.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.object]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.32.0 -> 0.32.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.object]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.32.1 -> 0.32.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.parity-scale-codec]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2467,12 +2566,6 @@ delta = "0.11.2 -> 0.12.1" notes = "Most `unsafe {}` changes were to reduce the scope of the unsafe blocks. I didn't closely review the migration to the asm! macro but it looks reasonable." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.pin-project-lite]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.2.9 -> 0.2.13" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.proc-macro-crate]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2498,18 +2591,6 @@ API would be used intentionally by downstream tests). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.quote]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.31 -> 1.0.33" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.quote]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.33 -> 1.0.35" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.rand_xorshift]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -2711,18 +2792,6 @@ dependency on the `rustix` crate. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.zerocopy]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.7.31 -> 0.7.32" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.zerocopy-derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.7.31 -> 0.7.32" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.zeroize_derive]] who = "Jack Grigg " criteria = "safe-to-deploy" diff --git a/tests/common/mod.rs b/tests/common/mod.rs index f3c7a715..65a9f15c 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -747,7 +747,7 @@ pub async fn spawn_deps<'a, 'b, 'c>( )) } -async fn spawn_db<'a>(docker: &'a Cli) -> anyhow::Result> { +async fn spawn_db(docker: &Cli) -> anyhow::Result> { let db_container = postgres_docker_utils::setup(docker).await.unwrap(); Ok(db_container)