From ea85164d072ee2a83001a3a9c35cb6978dc37542 Mon Sep 17 00:00:00 2001 From: Jeff Charles Date: Tue, 28 Nov 2023 17:08:43 -0500 Subject: [PATCH] cargo vet --- supply-chain/config.toml | 20 ++--------- supply-chain/imports.lock | 71 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 18 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index a48d0bb0..00ffe6de 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -88,10 +88,6 @@ criteria = "safe-to-deploy" version = "1.3.3" criteria = "safe-to-deploy" -[[exemptions.bindgen]] -version = "0.69.1" -criteria = "safe-to-deploy" - [[exemptions.bitflags]] version = "1.3.2" criteria = "safe-to-deploy" @@ -228,10 +224,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.form_urlencoded]] -version = "1.2.0" -criteria = "safe-to-deploy" - [[exemptions.from_variant]] version = "0.1.6" criteria = "safe-to-deploy" @@ -382,11 +374,11 @@ version = "11.1.3" criteria = "safe-to-run" [[exemptions.openssl]] -version = "0.10.55" +version = "0.10.60" criteria = "safe-to-deploy" [[exemptions.openssl-sys]] -version = "0.9.90" +version = "0.9.96" criteria = "safe-to-deploy" [[exemptions.parking_lot]] @@ -397,10 +389,6 @@ criteria = "safe-to-deploy" version = "0.9.8" criteria = "safe-to-deploy" -[[exemptions.percent-encoding]] -version = "2.3.0" -criteria = "safe-to-deploy" - [[exemptions.phf]] version = "0.10.1" criteria = "safe-to-deploy" @@ -693,10 +681,6 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" -[[exemptions.url]] -version = "2.4.1" -criteria = "safe-to-deploy" - [[exemptions.uuid]] version = "1.5.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 733e898f..7711ec99 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1449,6 +1449,16 @@ criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.percent-encoding]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "2.2.0" +notes = """ +This crate is a single-file crate that does what it says on the tin. There are +a few `unsafe` blocks related to utf-8 validation which are locally verifiable +as correct and otherwise this crate is good to go. +""" + [[audits.bytecode-alliance.audits.pin-utils]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -1828,6 +1838,43 @@ version = "1.1.0" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.bindgen]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +version = "0.59.2" +notes = "I'm the primary author and maintainer of the crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +delta = "0.59.2 -> 0.63.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.63.0 -> 0.64.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.64.0 -> 0.66.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.66.1 -> 0.68.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Andreas Pehrson " +criteria = "safe-to-deploy" +delta = "0.68.1 -> 0.69.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.bitflags]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -1886,6 +1933,12 @@ version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.fxhash]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1970,6 +2023,12 @@ delta = "1.0.0 -> 0.1.2" notes = "Small refactor of some simple iterator logic, no unsafe code or capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.percent-encoding]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.2.0 -> 2.3.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.pkg-config]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2122,3 +2181,15 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.21 -> 0.1.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "2.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.4.0 -> 2.4.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"