summaryrefslogtreecommitdiffstats
path: root/supply-chain/imports.lock
diff options
context:
space:
mode:
Diffstat (limited to 'supply-chain/imports.lock')
-rw-r--r--supply-chain/imports.lock179
1 files changed, 111 insertions, 68 deletions
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index 73065c6c4f..627efa0f44 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -65,8 +65,8 @@ user-login = "fitzgen"
user-name = "Nick Fitzgerald"
[[publisher.byteorder]]
-version = "1.4.3"
-when = "2021-03-10"
+version = "1.5.0"
+when = "2023-10-06"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"
@@ -128,11 +128,11 @@ user-login = "jrmuizel"
user-name = "Jeff Muizelaar"
[[publisher.core-foundation-sys]]
-version = "0.8.3"
-when = "2021-10-12"
-user-id = 2396
-user-login = "jdm"
-user-name = "Josh Matthews"
+version = "0.8.4"
+when = "2023-04-03"
+user-id = 5946
+user-login = "jrmuizel"
+user-name = "Jeff Muizelaar"
[[publisher.core-graphics]]
version = "0.22.3"
@@ -177,8 +177,8 @@ user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.encoding_rs]]
-version = "0.8.33"
-when = "2023-08-23"
+version = "0.8.34"
+when = "2024-04-10"
user-id = 4484
user-login = "hsivonen"
user-name = "Henri Sivonen"
@@ -226,15 +226,15 @@ user-login = "jrmuizel"
user-name = "Jeff Muizelaar"
[[publisher.glean]]
-version = "59.0.0"
-when = "2024-03-28"
+version = "60.0.1"
+when = "2024-05-31"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"
[[publisher.glean-core]]
-version = "59.0.0"
-when = "2024-03-28"
+version = "60.0.1"
+when = "2024-05-31"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"
@@ -253,6 +253,13 @@ user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"
+[[publisher.hashbrown]]
+version = "0.14.5"
+when = "2024-04-28"
+user-id = 2915
+user-login = "Amanieu"
+user-name = "Amanieu d'Antras"
+
[[publisher.headers]]
version = "0.3.9"
when = "2023-08-31"
@@ -268,8 +275,8 @@ user-login = "seanmonstar"
user-name = "Sean McArthur"
[[publisher.indexmap]]
-version = "1.9.3"
-when = "2023-03-24"
+version = "2.2.6"
+when = "2024-03-23"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"
@@ -303,8 +310,8 @@ user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.libc]]
-version = "0.2.152"
-when = "2024-01-07"
+version = "0.2.153"
+when = "2024-01-31"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"
@@ -337,6 +344,13 @@ user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"
+[[publisher.minidump-common]]
+version = "0.21.1"
+when = "2024-03-01"
+user-id = 72814
+user-login = "gabrielesvelto"
+user-name = "Gabriele Svelto"
+
[[publisher.mio]]
version = "0.6.21"
when = "2019-11-27"
@@ -400,8 +414,8 @@ user-id = 52553
user-login = "embark-studios"
[[publisher.prio]]
-version = "0.15.3"
-when = "2023-10-03"
+version = "0.16.2"
+when = "2024-03-19"
user-id = 213776
user-login = "divviup-github-automation"
@@ -483,8 +497,8 @@ user-login = "Amanieu"
user-name = "Amanieu d'Antras"
[[publisher.serde]]
-version = "1.0.197"
-when = "2024-02-20"
+version = "1.0.198"
+when = "2024-04-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
@@ -497,15 +511,15 @@ user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.serde_derive]]
-version = "1.0.197"
-when = "2024-02-20"
+version = "1.0.198"
+when = "2024-04-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.serde_json]]
-version = "1.0.93"
-when = "2023-02-08"
+version = "1.0.116"
+when = "2024-04-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
@@ -546,15 +560,15 @@ user-login = "BurntSushi"
user-name = "Andrew Gallant"
[[publisher.thiserror]]
-version = "1.0.57"
-when = "2024-02-11"
+version = "1.0.59"
+when = "2024-04-20"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.thiserror-impl]]
-version = "1.0.57"
-when = "2024-02-11"
+version = "1.0.59"
+when = "2024-04-20"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
@@ -693,20 +707,20 @@ user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wasm-encoder]]
-version = "0.201.0"
-when = "2024-02-27"
+version = "0.205.0"
+when = "2024-04-18"
user-id = 73222
user-login = "wasmtime-publish"
[[publisher.wasm-smith]]
-version = "0.201.0"
-when = "2024-02-27"
+version = "0.205.0"
+when = "2024-04-18"
user-id = 73222
user-login = "wasmtime-publish"
[[publisher.wast]]
-version = "201.0.0"
-when = "2024-02-27"
+version = "205.0.0"
+when = "2024-04-18"
user-id = 73222
user-login = "wasmtime-publish"
@@ -780,6 +794,20 @@ criteria = "safe-to-deploy"
version = "1.0.2"
notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
+[[audits.bytecode-alliance.audits.ahash]]
+who = "Chris Fallin <chris@cfallin.org>"
+criteria = "safe-to-deploy"
+delta = "0.7.6 -> 0.8.2"
+
+[[audits.bytecode-alliance.audits.ahash]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+delta = "0.8.2 -> 0.8.7"
+notes = """
+Shuffling of features in this update and while there are updates to `unsafe`
+code it's no different than before and the usage remains the same.
+"""
+
[[audits.bytecode-alliance.audits.arrayref]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
@@ -804,25 +832,6 @@ criteria = "safe-to-deploy"
version = "0.21.0"
notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
-[[audits.bytecode-alliance.audits.bitflags]]
-who = "Jamey Sharp <jsharp@fastly.com>"
-criteria = "safe-to-deploy"
-delta = "2.1.0 -> 2.2.1"
-notes = """
-This version adds unsafe impls of traits from the bytemuck crate when built
-with that library enabled, but I believe the impls satisfy the documented
-safety requirements for bytemuck. The other changes are minor.
-"""
-
-[[audits.bytecode-alliance.audits.bitflags]]
-who = "Alex Crichton <alex@alexcrichton.com>"
-criteria = "safe-to-deploy"
-delta = "2.3.2 -> 2.3.3"
-notes = """
-Nothing outside the realm of what one would expect from a bitflags generator,
-all as expected.
-"""
-
[[audits.bytecode-alliance.audits.block-buffer]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
@@ -846,6 +855,15 @@ criteria = "safe-to-deploy"
version = "0.11.1"
notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
+[[audits.bytecode-alliance.audits.core-foundation-sys]]
+who = "Dan Gohman <dev@sunfishcode.online>"
+criteria = "safe-to-deploy"
+delta = "0.8.4 -> 0.8.6"
+notes = """
+The changes here are all typical bindings updates: new functions, types, and
+constants. I have not audited all the bindings for ABI conformance.
+"""
+
[[audits.bytecode-alliance.audits.cpufeatures]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@@ -1123,6 +1141,35 @@ version = "0.37.0+1.3.209"
notes = "Reviewed on https://fxrev.dev/694269"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
+[[audits.google.audits.bitflags]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+version = "2.4.2"
+notes = """
+Audit notes:
+
+* I've checked for any discussion in Google-internal cl/546819168 (where audit
+ of version 2.3.3 happened)
+* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]`
+* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be
+ correct in a straightforward way - they just propagate the marker trait's
+ impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type
+* Additional discussion and/or notes may be found in https://crrev.com/c/5238056
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.bitflags]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "2.4.2 -> 2.5.0"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.equivalent]]
+who = "George Burgess IV <gbiv@google.com>"
+criteria = "safe-to-deploy"
+version = "1.0.1"
+aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
+
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@@ -1343,6 +1390,16 @@ criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.10"
notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
+[[audits.isrg.audits.getrandom]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.2.11 -> 0.2.12"
+
+[[audits.isrg.audits.getrandom]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.2.12 -> 0.2.14"
+
[[audits.isrg.audits.keccak]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@@ -1514,13 +1571,6 @@ version = "0.1.2"
notes = "TOML parser, forked from toml 0.5"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
-[[audits.mozilla.audits.bitflags]]
-who = "Jan-Erik Rediger <jrediger@mozilla.com>"
-criteria = "safe-to-deploy"
-delta = "2.4.0 -> 2.4.1"
-notes = "Only allowing new clippy lints"
-aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
-
[[audits.mozilla.audits.either]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@@ -1531,13 +1581,6 @@ no unsafe code.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
-[[audits.mozilla.audits.goblin]]
-who = "Jan-Erik Rediger <jrediger@mozilla.com>"
-criteria = "safe-to-deploy"
-delta = "0.7.1 -> 0.8.0"
-notes = "MSRV bump, no unsafe changes"
-aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
-
[[audits.mozilla.audits.lazy_static]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"