From 59475cca6427882385ba4c3c51ef5e1935163d8c Mon Sep 17 00:00:00 2001 From: Daira-Emma Hopwood Date: Mon, 15 Apr 2024 19:07:00 +0100 Subject: [PATCH 1/4] Additional updated and postponed dependencies for zcashd 5.9.0. Signed-off-by: Daira-Emma Hopwood --- depends/packages/native_cmake.mk | 4 ++-- depends/packages/native_zstd.mk | 4 ++-- qa/zcash/postponed-updates.txt | 13 +++++++++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/depends/packages/native_cmake.mk b/depends/packages/native_cmake.mk index 9e110038802..23db622235d 100644 --- a/depends/packages/native_cmake.mk +++ b/depends/packages/native_cmake.mk @@ -1,8 +1,8 @@ package=native_cmake -$(package)_version=3.28.3 +$(package)_version=3.29.2 $(package)_download_path=https://github.com/Kitware/CMake/releases/download/v$($(package)_version) $(package)_file_name=cmake-$($(package)_version).tar.gz -$(package)_sha256_hash=72b7570e5c8593de6ac4ab433b73eab18c5fb328880460c86ce32608141ad5c1 +$(package)_sha256_hash=36db4b6926aab741ba6e4b2ea2d99c9193222132308b4dc824d4123cb730352e define $(package)_set_vars $(package)_config_opts += -DCMAKE_BUILD_TYPE:STRING=Release diff --git a/depends/packages/native_zstd.mk b/depends/packages/native_zstd.mk index b8844c1f8b9..36ed6a281c2 100644 --- a/depends/packages/native_zstd.mk +++ b/depends/packages/native_zstd.mk @@ -1,8 +1,8 @@ package=native_zstd -$(package)_version=1.5.5 +$(package)_version=1.5.6 $(package)_download_path=https://github.com/facebook/zstd/releases/download/v$($(package)_version) $(package)_file_name=zstd-$($(package)_version).tar.gz -$(package)_sha256_hash=9c4396cc829cfae319a6e2615202e82aad41372073482fce286fac78646d3ee4 +$(package)_sha256_hash=8c29e06cf42aacc1eafc4077ae2ec6c6fcb96a626157e0593d5e82a34fd403c1 $(package)_build_subdir=build/cmake $(package)_dependencies=native_cmake diff --git a/qa/zcash/postponed-updates.txt b/qa/zcash/postponed-updates.txt index c1924fd106e..c94e0f5bf1f 100644 --- a/qa/zcash/postponed-updates.txt +++ b/qa/zcash/postponed-updates.txt @@ -6,7 +6,9 @@ # Boost 1.84.0 causes gtests to fail on macOS. boost 1.84.0 2024-06-15 +boost 1.85.0 2024-06-15 native_b2 1.84.0 2024-06-15 +native_b2 1.85.0 2024-06-15 # Clang and Rust are currently pinned to LLVM 15 libcxx 15.0.7 2024-06-15 @@ -27,6 +29,8 @@ libcxx 17.0.5 2024-06-15 libcxx 17.0.6 2024-06-15 libcxx 18.1.0 2024-06-15 libcxx 18.1.1 2024-06-15 +libcxx 18.1.2 2024-06-15 +libcxx 18.1.3 2024-06-15 native_clang 15.0.7 2024-06-15 native_clang 16.0.0 2024-06-15 native_clang 16.0.1 2024-06-15 @@ -44,6 +48,8 @@ native_clang 17.0.5 2024-06-15 native_clang 17.0.6 2024-06-15 native_clang 18.1.0 2024-06-15 native_clang 18.1.1 2024-06-15 +native_clang 18.1.2 2024-06-15 +native_clang 18.1.3 2024-06-15 native_rust 1.70.0 2024-06-15 native_rust 1.71.0 2024-06-15 native_rust 1.71.1 2024-06-15 @@ -54,6 +60,9 @@ native_rust 1.74.0 2024-06-15 native_rust 1.74.1 2024-06-15 native_rust 1.75.0 2024-06-15 native_rust 1.76.0 2024-06-15 +native_rust 1.77.0 2024-06-15 +native_rust 1.77.1 2024-06-15 +native_rust 1.77.2 2024-06-15 native_cxxbridge 1.0.114 2024-06-15 native_cxxbridge 1.0.115 2024-06-15 @@ -61,12 +70,16 @@ native_cxxbridge 1.0.116 2024-06-15 native_cxxbridge 1.0.117 2024-06-15 native_cxxbridge 1.0.118 2024-06-15 native_cxxbridge 1.0.119 2024-06-15 +native_cxxbridge 1.0.120 2024-06-15 +native_cxxbridge 1.0.121 2024-06-15 rustcxx 1.0.114 2024-06-15 rustcxx 1.0.115 2024-06-15 rustcxx 1.0.116 2024-06-15 rustcxx 1.0.117 2024-06-15 rustcxx 1.0.118 2024-06-15 rustcxx 1.0.119 2024-06-15 +rustcxx 1.0.120 2024-06-15 +rustcxx 1.0.121 2024-06-15 # We follow upstream Bitcoin Core's LevelDB updates leveldb 1.23 2024-06-15 From ed312829e2a4720341acb097927ad9182a2cbc37 Mon Sep 17 00:00:00 2001 From: Daira-Emma Hopwood Date: Tue, 16 Apr 2024 22:16:02 +0100 Subject: [PATCH 2/4] * cargo update * cargo update -p home@0.5.9 --precise 0.5.5 Signed-off-by: Daira-Emma Hopwood --- Cargo.lock | 442 +++++++++++++++++++++++++++-------------------------- 1 file changed, 224 insertions(+), 218 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 11e61be297e..0a97ed86bce 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -29,9 +29,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -40,9 +40,9 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.7" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "once_cell", @@ -52,24 +52,24 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] [[package]] name = "allocator-api2" -version = "0.2.16" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" +checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f" [[package]] name = "anyhow" -version = "1.0.79" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" +checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" [[package]] name = "arrayref" @@ -85,15 +85,15 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "autocfg" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" dependencies = [ "addr2line", "cc", @@ -106,9 +106,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -180,9 +180,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "bitvec" @@ -251,9 +251,9 @@ dependencies = [ [[package]] name = "bs58" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5353f36341f7451062466f0b755b96ac3a9547e4d7f6b70d603fc721a7d7896" +checksum = "bf88ba1141d185c399bee5288d850d63b8369520c1eafc32a0430b5b6c287bf4" dependencies = [ "sha2", "tinyvec", @@ -261,9 +261,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.14.0" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "byteorder" @@ -273,9 +273,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cbc" @@ -288,12 +288,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.0.94" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "17f6e324229dc011159fcc089755d1e2e216a90d43a7dea6853ca740b84f35e7" [[package]] name = "cfg-if" @@ -363,53 +360,46 @@ checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2" [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] [[package]] name = "crossbeam-channel" -version = "0.5.10" +version = "0.5.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82a9b73a36529d9c47029b9fb3a6f0ea3cc916a261195352ba19e770fc1748b2" +checksum = "ab3db02a9c5b5121e1e42fbdb1aeb65f5e02624cc58c43f2884c6ccac0b82f95" dependencies = [ - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-deque" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.17" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.18" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "crunchy" @@ -429,9 +419,9 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" dependencies = [ "cfg-if", "cpufeatures", @@ -452,7 +442,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] @@ -481,14 +471,14 @@ checksum = "7743446286141c9f6d4497c493c01234eb848e14d2e20866ae9811eae0630cb9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] name = "der" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "zeroize", @@ -572,9 +562,9 @@ dependencies = [ [[package]] name = "either" -version = "1.9.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2" [[package]] name = "equihash" @@ -607,9 +597,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "658bd65b1cf4c852a3cc96f18a8ce7b5640f6b703f905c7d74532294c2a63984" [[package]] name = "ff" @@ -624,9 +614,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "c007b1ae3abe1cb6f85a16305acd418b7ca6343b953633fee2b76d8f108b830f" [[package]] name = "fixed-hash" @@ -708,9 +698,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", "libc", @@ -835,9 +825,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.3.3" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hex" @@ -865,9 +855,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" dependencies = [ "bytes", "fnv", @@ -922,12 +912,14 @@ dependencies = [ [[package]] name = "incrementalmerkletree" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "361c467824d4d9d4f284be4b2608800839419dccc4d4608f28345237fe354623" +checksum = "eb1872810fb725b06b8c153dde9e86f3ec26747b9b60096da7a869883b549cbe" dependencies = [ "either", "proptest", + "rand", + "rand_core", ] [[package]] @@ -957,15 +949,15 @@ checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" [[package]] name = "itoa" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "js-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] @@ -1004,9 +996,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.151" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libm" @@ -1016,13 +1008,12 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "libredox" -version = "0.0.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.5.0", "libc", - "redox_syscall", ] [[package]] @@ -1099,9 +1090,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "litrs" @@ -1111,15 +1102,15 @@ checksum = "b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5" [[package]] name = "log" -version = "0.4.20" +version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" [[package]] name = "mach2" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d0d1830bcd151a6fc4aea1369af235b36c1528fe976b8ff678683c9995eade8" +checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" dependencies = [ "libc", ] @@ -1145,9 +1136,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "memuse" @@ -1195,7 +1186,7 @@ checksum = "38b4faf00617defe497754acde3024865bc143d44a86799b24e191ecff91354f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] @@ -1222,18 +1213,18 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" dependencies = [ "adler", ] [[package]] name = "mio" -version = "0.8.10" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" +checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" dependencies = [ "libc", "wasi", @@ -1288,21 +1279,26 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" dependencies = [ "autocfg", "libm", @@ -1320,9 +1316,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -1335,9 +1331,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "orchard" @@ -1461,9 +1457,9 @@ dependencies = [ [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1483,9 +1479,9 @@ dependencies = [ [[package]] name = "platforms" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" [[package]] name = "poly1305" @@ -1528,9 +1524,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "a56dea16b0a29e94408b9aa5e2940a4eedbd128a1ba20e8f7ae60fd3d465af0e" dependencies = [ "unicode-ident", ] @@ -1543,13 +1539,13 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.1", + "bitflags 2.5.0", "lazy_static", "num-traits", "rand", "rand_chacha", "rand_xorshift", - "regex-syntax 0.8.2", + "regex-syntax 0.8.3", "rusty-fork", "tempfile", "unarray", @@ -1579,9 +1575,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -1642,9 +1638,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.8.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" dependencies = [ "either", "rayon-core", @@ -1652,9 +1648,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -1691,20 +1687,11 @@ dependencies = [ "zeroize", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "redox_users" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4" +checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" dependencies = [ "getrandom", "libredox", @@ -1713,14 +1700,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.2" +version = "1.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.3", - "regex-syntax 0.8.2", + "regex-automata 0.4.6", + "regex-syntax 0.8.3", ] [[package]] @@ -1734,13 +1721,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.2", + "regex-syntax 0.8.3", ] [[package]] @@ -1751,9 +1738,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "ring" @@ -1796,11 +1783,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.28" +version = "0.38.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" +checksum = "65e04861e65f21776e67888bfbea442b3642beaa0138fdb1dd7a84a52dffdb89" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.5.0", "errno", "libc", "linux-raw-sys", @@ -1821,15 +1808,15 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.16" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" +checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" [[package]] name = "sapling-crypto" -version = "0.1.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d183012062dfdde85f7e3e758328fcf6e9846d8dd3fce35b04d0efcb6677b0e0" +checksum = "02f4270033afcb0c74c5c7d59c73cfd1040367f67f224fe7ed9a919ae618f1b7" dependencies = [ "aes", "bellman", @@ -1887,35 +1874,35 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.20" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] name = "serde_json" -version = "1.0.110" +version = "1.0.116" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" +checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" dependencies = [ "itoa", "ryu", @@ -1959,18 +1946,18 @@ checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d" [[package]] name = "sketches-ddsketch" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68a406c1882ed7f29cd5e248c9848a80e7cb6ae0fea82346d2746f2f941c07e1" +checksum = "85636c14b73d81f541e525f585c0a2109e6744e1565b5c1668e31c70c10ed65c" [[package]] name = "socket2" -version = "0.5.5" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +checksum = "05ffd9c0a93b7543e062e759284fcf5f5e3b098501104bfbdde4d404db792871" dependencies = [ "libc", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2014,9 +2001,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "4a6531ffc7b071655e4ce2e04bd464c4830bb585a61cabb96cf808f05172615a" dependencies = [ "proc-macro2", "quote", @@ -2031,13 +2018,12 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tempfile" -version = "3.9.0" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "redox_syscall", "rustix", "windows-sys 0.52.0", ] @@ -2057,29 +2043,29 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] name = "thread_local" -version = "1.1.7" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" +checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" dependencies = [ "cfg-if", "once_cell", @@ -2087,12 +2073,13 @@ dependencies = [ [[package]] name = "time" -version = "0.3.31" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ "deranged", "itoa", + "num-conv", "powerfmt", "serde", "time-core", @@ -2107,10 +2094,11 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.16" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f" +checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" dependencies = [ + "num-conv", "time-core", ] @@ -2131,9 +2119,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.35.1" +version = "1.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" dependencies = [ "backtrace", "libc", @@ -2180,7 +2168,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] @@ -2248,9 +2236,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" dependencies = [ "tinyvec", ] @@ -2359,9 +2347,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2369,24 +2357,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2394,28 +2382,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "web-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2470,7 +2458,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.5", ] [[package]] @@ -2490,17 +2478,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -2511,9 +2500,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" @@ -2523,9 +2512,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" @@ -2535,9 +2524,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" @@ -2547,9 +2542,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" @@ -2559,9 +2554,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" @@ -2571,9 +2566,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" @@ -2583,9 +2578,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "wyz" @@ -2604,14 +2599,15 @@ checksum = "213b7324336b53d2414b2db8537e56544d981803139155afa84f76eeebb7a546" [[package]] name = "zcash_address" -version = "0.3.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bce173f1d9ed4f806e310bc3a873301531e7a6dc209928584d6404e3f8228ef4" +checksum = "827c17a1f7e3a69f0d44e991ff610c7a842228afdc9dc2325ffdd1a67fee01e9" dependencies = [ "bech32", "bs58", "f4jumble", "zcash_encoding", + "zcash_protocol", ] [[package]] @@ -2710,6 +2706,16 @@ dependencies = [ "zcash_primitives", ] +[[package]] +name = "zcash_protocol" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f8189d4a304e8aa3aef3b75e89f3874bb0dc84b1cd623316a84e79e06cddabc" +dependencies = [ + "document-features", + "memuse", +] + [[package]] name = "zcash_spec" version = "0.1.0" @@ -2736,7 +2742,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] @@ -2756,14 +2762,14 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.59", ] [[package]] name = "zip32" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d724a63be4dfb50b7f3617e542984e22e4b4a5b8ca5de91f55613152885e6b22" +checksum = "4226d0aee9c9407c27064dfeec9d7b281c917de3374e1e5a2e2cfad9e09de19e" dependencies = [ "blake2b_simd", "memuse", From f1ce9bceb3f5c9511f19991457ebfb456cbb307c Mon Sep 17 00:00:00 2001 From: Daira-Emma Hopwood Date: Tue, 16 Apr 2024 23:44:01 +0100 Subject: [PATCH 3/4] Update audits. Signed-off-by: Daira-Emma Hopwood --- qa/supply-chain/audits.toml | 305 +++++++++++++++- qa/supply-chain/config.toml | 26 +- qa/supply-chain/imports.lock | 654 +++++++++++++++-------------------- 3 files changed, 588 insertions(+), 397 deletions(-) diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index 1816997ec78..630384619f2 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -30,11 +30,21 @@ criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.7" notes = "Build-time `stdsimd` detection is replaced with a nightly-only feature flag." +[[audits.ahash]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.7 -> 0.8.11" + [[audits.aho-corasick]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.1.1 -> 1.1.2" +[[audits.aho-corasick]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.1.2 -> 1.1.3" + [[audits.allocator-api2]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -52,6 +62,11 @@ criteria = "safe-to-deploy" delta = "0.2.15 -> 0.2.16" notes = "Change to `unsafe` block is to fix the `Drop` impl of `Box` to drop its value." +[[audits.allocator-api2]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.16 -> 0.2.18" + [[audits.anyhow]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -105,6 +120,11 @@ Build script changes are to refactor the existing probe into a separate file changes in the build environment. """ +[[audits.anyhow]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.79 -> 1.0.82" + [[audits.arrayref]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -127,6 +147,12 @@ then loaded. These appear to all derive from existing paths that themselves were being mmapped and loaded. """ +[[audits.backtrace]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.69 -> 0.3.71" +notes = "This crate inherently requires a lot of `unsafe` code, but the changes look plausible." + [[audits.base64]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -137,6 +163,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.21.4 -> 0.21.5" +[[audits.base64]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.21.5 -> 0.21.7" + [[audits.bech32]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -204,12 +235,22 @@ criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "I previously reviewed the crypto-sensitive portions of these changes as well." +[[audits.bs58]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.5.0 -> 0.5.1" + [[audits.bumpalo]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "3.11.1 -> 3.12.0" notes = "Changes to `unsafe` code are to replace `mem::forget` uses with `ManuallyDrop`." +[[audits.bumpalo]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "3.15.4 -> 3.16.0" + [[audits.byte-slice-cast]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -246,6 +287,32 @@ notes = """ almost identically to the existing `unsafe impl BufMut for &mut [u8]`. """ +[[audits.bytes]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.5.0 -> 1.6.0" +notes = """ +There is significant use of `unsafe` code, but safety requirements are well documented +and appear correct as far as I can see. +""" + +[[audits.cc]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.0.94" +notes = """ +The optimization to use `buffer.set_len(buffer.capacity())` in `command_helpers::StderrForwarder::forward_available` +doesn't look panic-safe: if `stderr.read` panics and that panic is caught by a caller of `forward_available`, then +the inner buffer of `StderrForwarder` will contain uninitialized data. This looks difficult to trigger in practice, +but I have opened an issue . + +`parallel::async_executor` contains `unsafe` pinning code but it looks reasonable. Similarly for the `unsafe` +initialization code in `parallel::job_token::JobTokenServer` and file operations in `parallel::stderr`. + +This crate executes commands, and my review is likely not sufficient to detect subtle backdoors. +I did not review the use of library handles in the `com` package on Windows. +""" + [[audits.chacha20]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -345,6 +412,11 @@ LoongArch64 CPU feature detection support. This and the supporting macro code is the same as the existing Linux code for AArch64. """ +[[audits.cpufeatures]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" + [[audits.crossbeam-channel]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -376,6 +448,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.3 -> 0.8.4" +[[audits.crossbeam-deque]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.5" +notes = "Changes to `unsafe` code look okay." + [[audits.crossbeam-epoch]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -403,6 +481,11 @@ Changes to `unsafe` code are to replace manual pointer logic with equivalent `unsafe` stdlib methods, now that MSRV is high enough to use them. """ +[[audits.crossbeam-epoch]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.9.17 -> 0.9.18" + [[audits.crossbeam-utils]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -455,6 +538,11 @@ who = "Jack Grigg " criteria = ["safe-to-deploy", "crypto-reviewed"] delta = "4.1.0 -> 4.1.1" +[[audits.curve25519-dalek]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "4.1.1 -> 4.1.2" + [[audits.curve25519-dalek-derive]] who = "Jack Grigg " criteria = ["safe-to-deploy", "crypto-reviewed"] @@ -675,6 +763,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.111 -> 1.0.113" +[[audits.der]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.7.8 -> 0.7.9" +notes = "The change to ignore RUSTSEC-2023-0071 is correct for this crate." + [[audits.deranged]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -760,6 +854,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.8.1 -> 1.9.0" +[[audits.either]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 1.11.0" + [[audits.equivalent]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -785,6 +884,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" +[[audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.0.2" + [[audits.ff]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1037,11 +1141,21 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.2" +[[audits.hermit-abi]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.3 -> 0.3.9" + [[audits.http]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.8 -> 0.2.9" +[[audits.http]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" + [[audits.http]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1171,6 +1285,11 @@ notes = """ MDN documentation. """ +[[audits.js-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.66 -> 0.3.69" + [[audits.jubjub]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1221,6 +1340,11 @@ criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." +[[audits.libredox]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.0.1 -> 0.1.3" + [[audits.link-cplusplus]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1231,6 +1355,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.7 -> 1.0.8" +[[audits.linux-raw-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.12 -> 0.4.13" +notes = "Low-level OS interface crate, so `unsafe` code is expected." + [[audits.lock_api]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1253,6 +1383,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.4.19 -> 0.4.20" +[[audits.log]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.20 -> 0.4.21" + [[audits.maybe-rayon]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1273,6 +1408,11 @@ comparison between `u8` pointers. The new tail code matches the existing head code (but adapted to `u16` and `u8` reads, instead of `u32`). """ +[[audits.memchr]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.7.2" + [[audits.memoffset]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1330,6 +1470,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.15.1" +[[audits.miniz_oxide]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.7.2" + [[audits.mio]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1371,6 +1516,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.8" +[[audits.mio]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.10 -> 0.8.11" + [[audits.nix]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1390,6 +1540,11 @@ Most of the `unsafe` changes are cleaning up their usage: A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look fine. """ +[[audits.num-conv]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.1.0" + [[audits.num-integer]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1427,6 +1582,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.32.0 -> 0.32.1" +[[audits.object]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.32.1 -> 0.32.2" + [[audits.once_cell]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1436,6 +1596,11 @@ Small refactor that reduces the overall amount of `unsafe` code. The new strict approach looks reasonable. """ +[[audits.opaque-debug]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" + [[audits.pairing]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1568,6 +1733,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.13" +[[audits.pin-project-lite]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.13 -> 0.2.14" + [[audits.platforms]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" @@ -1593,6 +1763,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "3.2.0 -> 3.3.0" +[[audits.platforms]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "3.3.0 -> 3.4.0" + [[audits.poly1305]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -1761,6 +1936,11 @@ criteria = "safe-to-deploy" delta = "0.4.3 -> 0.4.4" notes = "Switches from `redox_syscall` crate to `libredox` crate for syscalls." +[[audits.redox_users]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.4 -> 0.4.5" + [[audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1776,6 +1956,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.9.5 -> 1.10.2" +[[audits.regex]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.10.2 -> 1.10.4" + [[audits.regex-automata]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1785,6 +1970,11 @@ There were additions to an `unsafe` trait, but the new code itself doesn't use any `unsafe` functions. """ +[[audits.regex-automata]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.3 -> 0.4.6" + [[audits.regex-syntax]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1800,6 +1990,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.2" +[[audits.regex-syntax]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.3" + [[audits.rustc-demangle]] who = "Sean Bowe " criteria = "safe-to-deploy" @@ -1824,6 +2019,12 @@ execute arbitrary code. But when this crate is used within a build script, `$RUS be set correctly by `cargo`. """ +[[audits.rustix]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.38.28 -> 0.38.32" +notes = "Cursory review." + [[audits.ryu]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1839,6 +2040,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.15 -> 1.0.16" +[[audits.ryu]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.16 -> 1.0.17" + [[audits.scopeguard]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1860,6 +2066,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.19 -> 1.0.20" +[[audits.semver]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.20 -> 1.0.22" + [[audits.serde]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1978,6 +2189,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.108 -> 1.0.110" +[[audits.serde_json]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.110 -> 1.0.116" + [[audits.sha2]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2025,6 +2241,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.1" +[[audits.sketches-ddsketch]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.1 -> 0.2.2" + [[audits.socket2]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2043,6 +2264,11 @@ Adds support for Sony Vita targets. New `unsafe` blocks are for Vita-specific `libc` calls to `getsockopt` and `setsockopt` for non-blocking behaviour. """ +[[audits.socket2]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.5.5 -> 0.5.6" + [[audits.syn]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -2109,6 +2335,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.0.43 -> 2.0.46" +[[audits.syn]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.46 -> 2.0.59" + [[audits.tempfile]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2130,6 +2361,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "3.8.1 -> 3.9.0" +[[audits.tempfile]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "3.9.0 -> 3.10.1" + [[audits.terminfo]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2174,6 +2410,11 @@ Build script changes are to refactor the existing probe into a separate file changes in the build environment. """ +[[audits.thiserror]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.56 -> 1.0.58" + [[audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2206,6 +2447,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.52 -> 1.0.56" +[[audits.thiserror-impl]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.56 -> 1.0.58" + [[audits.thread_local]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2216,6 +2462,15 @@ New `unsafe` usage: - Setting and getting a `#[thread_local] static mut Option` on nightly. """ +[[audits.thread_local]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.1.7 -> 1.1.8" +notes = """ +Adds `unsafe` code that makes an assumption that `ptr::null_mut::>()` is a valid representation +of an `AtomicPtr>`, but this is likely a correct assumption. +""" + [[audits.time]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2235,6 +2490,12 @@ Removes one `unsafe` block by repurposing a constructor containing a more general invocation of the same `unsafe` function. """ +[[audits.time]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.31 -> 0.3.36" +notes = "Some use of `unsafe` code but its safety requirements are documented and look okay." + [[audits.time-core]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2289,6 +2550,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.15 -> 0.2.16" +[[audits.time-macros]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.16 -> 0.2.18" + [[audits.tinyvec_macros]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2300,6 +2566,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.35.0 -> 1.35.1" +[[audits.tokio]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.35.1 -> 1.37.0" +notes = "Cursory review, but new and changed uses of `unsafe` code look fine, as far as I can see." + [[audits.toml_datetime]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2468,11 +2740,26 @@ Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked `unsafe` (but that were being used safely). """ +[[audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" + [[audits.wasm-bindgen-macro]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" +[[audits.wasm-bindgen-macro]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" + +[[audits.wasm-bindgen-macro-support]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.2.92" + [[audits.wasm-bindgen-macro-support]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2494,6 +2781,16 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" +[[audits.wasm-bindgen-shared]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" + +[[audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.66 -> 0.3.69" + [[audits.which]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2594,7 +2891,7 @@ end = "2024-09-21" [[trusted.halo2_legacy_pdqsort]] criteria = ["safe-to-deploy", "crypto-reviewed"] -user-id = 199950 # Daira Hopwood (daira) +user-id = 199950 # Daira Emma Hopwood (daira) start = "2023-02-24" end = "2024-09-21" @@ -2748,6 +3045,12 @@ user-id = 6289 # str4d start = "2021-03-26" end = "2024-09-21" +[[trusted.zcash_protocol]] +criteria = "safe-to-deploy" +user-id = 169181 # Kris Nuttycombe (nuttycom) +start = "2024-01-27" +end = "2025-04-16" + [[trusted.zcash_spec]] criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"] user-id = 6289 # str4d diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index 859eaea43bb..d88777d545e 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -279,10 +279,6 @@ criteria = "safe-to-deploy" version = "2.5.0" criteria = "safe-to-deploy" -[[exemptions.itoa]] -version = "1.0.2" -criteria = "safe-to-deploy" - [[exemptions.js-sys]] version = "0.3.60" criteria = "safe-to-deploy" @@ -443,10 +439,6 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.redox_syscall]] -version = "0.4.1" -criteria = "safe-to-deploy" - [[exemptions.redox_users]] version = "0.4.3" criteria = "safe-to-deploy" @@ -503,14 +495,6 @@ criteria = "safe-to-deploy" version = "0.8.0" criteria = "safe-to-deploy" -[[exemptions.serde]] -version = "1.0.136" -criteria = "safe-to-deploy" - -[[exemptions.serde_derive]] -version = "1.0.136" -criteria = "safe-to-deploy" - [[exemptions.serde_json]] version = "1.0.81" criteria = "safe-to-deploy" @@ -608,7 +592,7 @@ version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen]] -version = "0.2.89" +version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] @@ -619,10 +603,6 @@ criteria = "safe-to-deploy" version = "0.2.87" criteria = "safe-to-deploy" -[[exemptions.wasm-bindgen-macro-support]] -version = "0.2.87" -criteria = "safe-to-deploy" - [[exemptions.web-sys]] version = "0.3.66" criteria = "safe-to-deploy" @@ -643,6 +623,10 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" +[[exemptions.windows_i686_gnullvm]] +version = "0.52.5" +criteria = "safe-to-deploy" + [[exemptions.wyz]] version = "0.5.0" criteria = "safe-to-deploy" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 2a14cfbe3be..eba76070c39 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -8,8 +8,8 @@ user-id = 6289 user-login = "str4d" [[publisher.bumpalo]] -version = "3.14.0" -when = "2023-09-14" +version = "3.15.4" +when = "2024-03-07" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" @@ -37,7 +37,7 @@ version = "0.1.0" when = "2023-03-10" user-id = 199950 user-login = "daira" -user-name = "Daira Hopwood" +user-name = "Daira Emma Hopwood" [[publisher.halo2_proofs]] version = "0.3.0" @@ -46,10 +46,11 @@ user-id = 1244 user-login = "ebfull" [[publisher.incrementalmerkletree]] -version = "0.5.0" -when = "2023-09-08" -user-id = 6289 -user-login = "str4d" +version = "0.5.1" +when = "2024-03-25" +user-id = 169181 +user-login = "nuttycom" +user-name = "Kris Nuttycombe" [[publisher.orchard]] version = "0.7.1" @@ -58,11 +59,18 @@ user-id = 6289 user-login = "str4d" [[publisher.sapling-crypto]] -version = "0.1.1" -when = "2024-02-15" +version = "0.1.3" +when = "2024-03-25" user-id = 6289 user-login = "str4d" +[[publisher.unicode-normalization]] +version = "0.1.23" +when = "2024-02-20" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.windows-sys]] version = "0.48.0" when = "2023-03-31" @@ -85,8 +93,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -99,8 +107,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -113,8 +121,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -127,8 +135,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -141,8 +149,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -155,8 +163,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -169,8 +177,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -183,15 +191,15 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.5" +when = "2024-04-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.zcash_address]] -version = "0.3.1" -when = "2024-01-12" +version = "0.3.2" +when = "2024-03-06" user-id = 6289 user-login = "str4d" @@ -226,6 +234,13 @@ when = "2024-03-01" user-id = 6289 user-login = "str4d" +[[publisher.zcash_protocol]] +version = "0.1.1" +when = "2024-03-25" +user-id = 169181 +user-login = "nuttycom" +user-name = "Kris Nuttycombe" + [[publisher.zcash_spec]] version = "0.1.0" when = "2023-12-07" @@ -233,8 +248,8 @@ user-id = 6289 user-login = "str4d" [[publisher.zip32]] -version = "0.1.0" -when = "2023-12-06" +version = "0.1.1" +when = "2024-03-14" user-id = 6289 user-login = "str4d" @@ -283,25 +298,6 @@ criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." -[[audits.bytecode-alliance.audits.bitflags]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" -notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. -""" - -[[audits.bytecode-alliance.audits.bitflags]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" -notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. -""" - [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" @@ -371,6 +367,12 @@ criteria = "safe-to-deploy" delta = "0.2.9 -> 1.0.0" notes = "Minor changes leading up to the 1.0.0 release and nothing fundamentally new here." +[[audits.bytecode-alliance.audits.libc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.151 -> 0.2.153" +notes = "More bindings for more platforms. I have not verified that everything is exactly as-is on the platform as specified but nothing major is otherwise introduced as part of this bump." + [[audits.bytecode-alliance.audits.libm]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -390,6 +392,12 @@ This is a minor update which has some testing affordances as well as some updated math algorithms. """ +[[audits.bytecode-alliance.audits.mach2]] +who = "Nick Fitzgerald " +criteria = "safe-to-deploy" +delta = "0.4.1 -> 0.4.2" +notes = "It does unsafe FFI bindings, as expected. I didn't check the FFI bindings against the C headers." + [[audits.bytecode-alliance.audits.matchers]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -447,25 +455,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" -[[audits.bytecode-alliance.audits.proc-macro2]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.57" - -[[audits.bytecode-alliance.audits.proc-macro2]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.59 -> 1.0.63" -notes = """ -This is a routine update for new nightly features and new syntax popping up on -nightly, nothing out of the ordinary. -""" - -[[audits.bytecode-alliance.audits.quote]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.23 -> 1.0.27" - [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -537,18 +526,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.8" -[[audits.bytecode-alliance.audits.unicode-normalization]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.1.19" -notes = """ -This crate contains one usage of `unsafe` which I have manually checked to see -it as correct. This crate's size comes in large part due to the generated -unicode tables that it contains. This crate is additionally widely used -throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs -and nothing suspicious. -""" - [[audits.bytecode-alliance.audits.want]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -583,6 +560,62 @@ criteria = "safe-to-deploy" version = "0.1.0" notes = "No unsafe usage or ambient capabilities, sane build script" +[[audits.google.audits.aes]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.4" +notes = "Audited at https://fxrev.dev/987054" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for reasonable, client-controlled usage of +`std::fs` in `AutoCfg::with_dir`. + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 1.2.0" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and nothing changed from the baseline audit of 1.1.0. Skimmed through the +1.1.0 => 1.2.0 delta and everything seemed okay. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.cxxbridge-flags]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -605,6 +638,35 @@ criteria = "safe-to-deploy" version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +notes = """ +Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: + +* Bumping up the version +* A touch up of comments +* And my own PR to make `unsafe` blocks more granular: + https://github.com/dtolnay/itoa/pull/42 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.link-cplusplus]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -631,17 +693,82 @@ version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.78" +notes = """ +Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for a benign \"fs\" hit in a doc comment) + +Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.78 -> 1.0.79" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.79 -> 1.0.80" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.35" +notes = """ +Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for benign \"net\" hit in tests and \"fs\" hit in README.md) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.35 -> 1.0.36" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +There were some hits for `net`, but they were related to serialization and +not actually opening any connections or anything like that. + +There were 2 hits of `unsafe` when grepping: +* In `fn as_str` in `impl Buf` +* In `fn serialize` in `impl Serialize for net::Ipv4Addr` + +Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this +review also covered `serde_json_lenient`). + +Version 1.0.130 of the crate has been added to Chromium in +https://crrev.com/c/3265545. The CL description contains a link to a +(Google-internal, sorry) document with a mini security review. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.version_check]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.isrg.audits.aes]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "0.8.2 -> 0.8.3" - [[audits.isrg.audits.base64]] who = "Tim Geoghegan " criteria = "safe-to-deploy" @@ -736,6 +863,16 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.7" + [[audits.isrg.audits.getrandom]] who = "Tim Geoghegan " criteria = "safe-to-deploy" @@ -747,6 +884,16 @@ who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.11" +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" + +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.12 -> 0.2.14" + [[audits.isrg.audits.hmac]] who = "David Cook " criteria = "safe-to-deploy" @@ -757,6 +904,11 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.4.3 -> 0.4.4" +[[audits.isrg.audits.num-integer]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.45 -> 0.1.46" + [[audits.isrg.audits.num-traits]] who = "David Cook " criteria = "safe-to-deploy" @@ -767,6 +919,11 @@ who = "Ameer Ghani " criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" +[[audits.isrg.audits.num-traits]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.17 -> 0.2.18" + [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -807,75 +964,25 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" -[[audits.isrg.audits.rayon-core]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.10.2 -> 1.11.0" - -[[audits.isrg.audits.rayon-core]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.11.0 -> 1.12.0" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" - -[[audits.isrg.audits.serde]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" - -[[audits.isrg.audits.serde]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " +[[audits.isrg.audits.rayon]] +who = "Ameer Ghani " criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" +delta = "1.8.0 -> 1.8.1" -[[audits.isrg.audits.serde_derive]] +[[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" +delta = "1.8.1 -> 1.9.0" -[[audits.isrg.audits.serde_derive]] +[[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" +delta = "1.9.0 -> 1.10.0" -[[audits.isrg.audits.serde_derive]] -who = "David Cook " +[[audits.isrg.audits.rayon-core]] +who = "Ameer Ghani " criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" +version = "1.12.1" [[audits.isrg.audits.serde_json]] who = "Brandon Pitman " @@ -922,6 +1029,15 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.2.83" +[[audits.mozilla.wildcard-audits.unicode-normalization]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-11-06" +end = "2024-05-03" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -947,13 +1063,6 @@ criteria = "safe-to-deploy" delta = "1.0.62 -> 1.0.68" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.autocfg]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" @@ -974,32 +1083,6 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.bitflags]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 2.0.2" -notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Teodor Tanasoaia " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "2.4.0 -> 2.4.1" -notes = "Only allowing new clippy lints" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1031,6 +1114,19 @@ delta = "0.5.7 -> 0.5.8" notes = "Reviewed the fix, previous versions indeed had were able to trigger a race condition" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.crossbeam-channel]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.5.8 -> 0.5.11" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.crossbeam-channel]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.5.11 -> 0.5.12" +notes = "Minimal change fixing a memory leak." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1055,6 +1151,12 @@ criteria = "safe-to-deploy" delta = "0.8.11 -> 0.8.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crossbeam-utils]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.8.14 -> 0.8.19" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.digest]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1123,18 +1225,6 @@ criteria = "safe-to-deploy" delta = "1.9.1 -> 1.9.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.itoa]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.2 -> 1.0.3" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.itoa]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.3 -> 1.0.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" @@ -1200,104 +1290,6 @@ criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.39" -notes = """ -`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided -`proc_macro` crate, or as a fallback implementation of the crate, depending on -where it is used. - -If using this crate on older versions of rustc (1.56 and earlier), it will -temporarily replace the panic handler while initializing in order to detect if -it is running within a `proc_macro`, which could lead to surprising behaviour. -This should not be an issue for more recent compiler versions, which support -`proc_macro::is_available()`. - -The `proc-macro2` crate's fallback behaviour is not identical to the complex -behaviour of the rustc compiler (e.g. it does not perform unicode normalization -for identifiers), however it behaves well enough for its intended use-case -(tests and scripts processing rust code). - -`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to -allow bypassing checks in the fallback implementation when constructing -`Literal` using `from_str_unchecked`. This was intended to only be used by the -`quote!` macro, however it has been removed -(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), -and is likely completely unused. Even when used, this API shouldn't be able to -cause unsoundness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.39 -> 1.0.43" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.49" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.57 -> 1.0.59" -notes = "Enabled on Wasm" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.63 -> 1.0.66" -notes = "Removed special support for some really old Rust versions" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.18" -notes = """ -`quote` is a utility crate used by proc-macros to generate TokenStreams -conveniently from source code. The bulk of the logic is some complex -interlocking `macro_rules!` macros which are used to parse and build the -`TokenStream` within the proc-macro. - -This crate contains no unsafe code, and the internal logic, while difficult to -read, is generally straightforward. I have audited the the quote macros, ident -formatter, and runtime logic. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.18 -> 1.0.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.21 -> 1.0.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.27 -> 1.0.28" -notes = "Enabled on wasm targets" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.31" -notes = "Minimal changes and removal of the build.rs" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1317,25 +1309,6 @@ criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.rayon-core]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.9.3" -notes = "All code written or reviewed by Josh Stone or Niko Matsakis." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.9.3 -> 1.10.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.10.1 -> 1.10.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.regex-syntax]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1348,56 +1321,6 @@ criteria = "safe-to-deploy" delta = "1.0.11 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and some new trait implementations" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and dependency updates" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1447,22 +1370,3 @@ criteria = "safe-to-deploy" delta = "1.0.8 -> 1.0.9" notes = "Dependency updates only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.unicode-normalization]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.19 -> 0.1.20" -notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.unicode-normalization]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.20 -> 0.1.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.unicode-normalization]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.21 -> 0.1.22" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" From 35f140a4ab7ab67703ecca58c9c67b098adf403d Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 17 Apr 2024 19:37:34 +0000 Subject: [PATCH 4/4] depends: Postpone LLVM 18.1.4 --- qa/zcash/postponed-updates.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qa/zcash/postponed-updates.txt b/qa/zcash/postponed-updates.txt index c94e0f5bf1f..b6401bf1a24 100644 --- a/qa/zcash/postponed-updates.txt +++ b/qa/zcash/postponed-updates.txt @@ -31,6 +31,7 @@ libcxx 18.1.0 2024-06-15 libcxx 18.1.1 2024-06-15 libcxx 18.1.2 2024-06-15 libcxx 18.1.3 2024-06-15 +libcxx 18.1.4 2024-06-15 native_clang 15.0.7 2024-06-15 native_clang 16.0.0 2024-06-15 native_clang 16.0.1 2024-06-15 @@ -50,6 +51,7 @@ native_clang 18.1.0 2024-06-15 native_clang 18.1.1 2024-06-15 native_clang 18.1.2 2024-06-15 native_clang 18.1.3 2024-06-15 +native_clang 18.1.4 2024-06-15 native_rust 1.70.0 2024-06-15 native_rust 1.71.0 2024-06-15 native_rust 1.71.1 2024-06-15