diff options
Diffstat (limited to 'supply-chain/imports.lock')
| -rw-r--r-- | supply-chain/imports.lock | 179 |
1 files changed, 111 insertions, 68 deletions
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 73065c6c4f..627efa0f44 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -65,8 +65,8 @@ user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.byteorder]] -version = "1.4.3" -when = "2021-03-10" +version = "1.5.0" +when = "2023-10-06" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" @@ -128,11 +128,11 @@ user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.core-foundation-sys]] -version = "0.8.3" -when = "2021-10-12" -user-id = 2396 -user-login = "jdm" -user-name = "Josh Matthews" +version = "0.8.4" +when = "2023-04-03" +user-id = 5946 +user-login = "jrmuizel" +user-name = "Jeff Muizelaar" [[publisher.core-graphics]] version = "0.22.3" @@ -177,8 +177,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.encoding_rs]] -version = "0.8.33" -when = "2023-08-23" +version = "0.8.34" +when = "2024-04-10" user-id = 4484 user-login = "hsivonen" user-name = "Henri Sivonen" @@ -226,15 +226,15 @@ user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.glean]] -version = "59.0.0" -when = "2024-03-28" +version = "60.0.1" +when = "2024-05-31" user-id = 48 user-login = "badboy" user-name = "Jan-Erik Rediger" [[publisher.glean-core]] -version = "59.0.0" -when = "2024-03-28" +version = "60.0.1" +when = "2024-05-31" user-id = 48 user-login = "badboy" user-name = "Jan-Erik Rediger" @@ -253,6 +253,13 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" +[[publisher.hashbrown]] +version = "0.14.5" +when = "2024-04-28" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + [[publisher.headers]] version = "0.3.9" when = "2023-08-31" @@ -268,8 +275,8 @@ user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.indexmap]] -version = "1.9.3" -when = "2023-03-24" +version = "2.2.6" +when = "2024-03-23" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" @@ -303,8 +310,8 @@ user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.libc]] -version = "0.2.152" -when = "2024-01-07" +version = "0.2.153" +when = "2024-01-31" user-id = 51017 user-login = "JohnTitor" user-name = "Yuki Okushi" @@ -337,6 +344,13 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" +[[publisher.minidump-common]] +version = "0.21.1" +when = "2024-03-01" +user-id = 72814 +user-login = "gabrielesvelto" +user-name = "Gabriele Svelto" + [[publisher.mio]] version = "0.6.21" when = "2019-11-27" @@ -400,8 +414,8 @@ user-id = 52553 user-login = "embark-studios" [[publisher.prio]] -version = "0.15.3" -when = "2023-10-03" +version = "0.16.2" +when = "2024-03-19" user-id = 213776 user-login = "divviup-github-automation" @@ -483,8 +497,8 @@ user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.serde]] -version = "1.0.197" -when = "2024-02-20" +version = "1.0.198" +when = "2024-04-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -497,15 +511,15 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_derive]] -version = "1.0.197" -when = "2024-02-20" +version = "1.0.198" +when = "2024-04-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_json]] -version = "1.0.93" -when = "2023-02-08" +version = "1.0.116" +when = "2024-04-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -546,15 +560,15 @@ user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.thiserror]] -version = "1.0.57" -when = "2024-02-11" +version = "1.0.59" +when = "2024-04-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror-impl]] -version = "1.0.57" -when = "2024-02-11" +version = "1.0.59" +when = "2024-04-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -693,20 +707,20 @@ user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-encoder]] -version = "0.201.0" -when = "2024-02-27" +version = "0.205.0" +when = "2024-04-18" user-id = 73222 user-login = "wasmtime-publish" [[publisher.wasm-smith]] -version = "0.201.0" -when = "2024-02-27" +version = "0.205.0" +when = "2024-04-18" user-id = 73222 user-login = "wasmtime-publish" [[publisher.wast]] -version = "201.0.0" -when = "2024-02-27" +version = "205.0.0" +when = "2024-04-18" user-id = 73222 user-login = "wasmtime-publish" @@ -780,6 +794,20 @@ criteria = "safe-to-deploy" version = "1.0.2" notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm." +[[audits.bytecode-alliance.audits.ahash]] +who = "Chris Fallin <chris@cfallin.org>" +criteria = "safe-to-deploy" +delta = "0.7.6 -> 0.8.2" + +[[audits.bytecode-alliance.audits.ahash]] +who = "Alex Crichton <alex@alexcrichton.com>" +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.7" +notes = """ +Shuffling of features in this update and while there are updates to `unsafe` +code it's no different than before and the usage remains the same. +""" + [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald <fitzgen@gmail.com>" criteria = "safe-to-deploy" @@ -804,25 +832,6 @@ criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." -[[audits.bytecode-alliance.audits.bitflags]] -who = "Jamey Sharp <jsharp@fastly.com>" -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" -notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. -""" - -[[audits.bytecode-alliance.audits.bitflags]] -who = "Alex Crichton <alex@alexcrichton.com>" -criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" -notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. -""" - [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier <public@benj.me>" criteria = "safe-to-deploy" @@ -846,6 +855,15 @@ criteria = "safe-to-deploy" version = "0.11.1" notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O." +[[audits.bytecode-alliance.audits.core-foundation-sys]] +who = "Dan Gohman <dev@sunfishcode.online>" +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.6" +notes = """ +The changes here are all typical bindings updates: new functions, types, and +constants. I have not audited all the bindings for ABI conformance. +""" + [[audits.bytecode-alliance.audits.cpufeatures]] who = "Alex Crichton <alex@alexcrichton.com>" criteria = "safe-to-deploy" @@ -1123,6 +1141,35 @@ version = "0.37.0+1.3.209" notes = "Reviewed on https://fxrev.dev/694269" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz <lukasza@chromium.org>" +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor <adetaylor@chromium.org>" +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.equivalent]] +who = "George Burgess IV <gbiv@google.com>" +criteria = "safe-to-deploy" +version = "1.0.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.fastrand]] who = "George Burgess IV <gbiv@google.com>" criteria = "safe-to-deploy" @@ -1343,6 +1390,16 @@ criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.10" notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`." +[[audits.isrg.audits.getrandom]] +who = "David Cook <dcook@divviup.org>" +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" + +[[audits.isrg.audits.getrandom]] +who = "David Cook <dcook@divviup.org>" +criteria = "safe-to-deploy" +delta = "0.2.12 -> 0.2.14" + [[audits.isrg.audits.keccak]] who = "David Cook <dcook@divviup.org>" criteria = "safe-to-deploy" @@ -1514,13 +1571,6 @@ version = "0.1.2" notes = "TOML parser, forked from toml 0.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" -[[audits.mozilla.audits.bitflags]] -who = "Jan-Erik Rediger <jrediger@mozilla.com>" -criteria = "safe-to-deploy" -delta = "2.4.0 -> 2.4.1" -notes = "Only allowing new clippy lints" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.either]] who = "Nika Layzell <nika@thelayzells.com>" criteria = "safe-to-deploy" @@ -1531,13 +1581,6 @@ no unsafe code. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" -[[audits.mozilla.audits.goblin]] -who = "Jan-Erik Rediger <jrediger@mozilla.com>" -criteria = "safe-to-deploy" -delta = "0.7.1 -> 0.8.0" -notes = "MSRV bump, no unsafe changes" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell <nika@thelayzells.com>" criteria = "safe-to-deploy" |