From 4f151e246b297ff9bcd289d6b904f18344205ecd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 19:49:59 +0000 Subject: [PATCH] build(deps): Bump serde from 1.0.214 to 1.0.215 (#1144) --- Cargo.lock | 8 ++++---- supply-chain/config.toml | 9 --------- supply-chain/imports.lock | 35 +++++++++++++++++++++++++++++++---- 3 files changed, 35 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9e599e8d..2fb40c08 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -871,18 +871,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.214" +version = "1.0.215" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" +checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.214" +version = "1.0.215" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" +checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0" dependencies = [ "proc-macro2", "quote", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index bfc08a75..10ff1741 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -161,19 +161,10 @@ criteria = "safe-to-deploy" version = "0.8.5" criteria = "safe-to-deploy" -[[exemptions.rand_distr]] -version = "0.4.3" -criteria = "safe-to-run" - [[exemptions.safe_arch]] version = "0.7.0" criteria = "safe-to-run" -[[exemptions.sha2]] -version = "0.10.8" -criteria = "safe-to-deploy" -notes = "We do not use the new asm backend, either its feature or CPU architecture" - [[exemptions.simba]] version = "0.6.0" criteria = "safe-to-run" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index ead58bc0..cf70d5ea 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -107,15 +107,15 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde]] -version = "1.0.214" -when = "2024-10-28" +version = "1.0.215" +when = "2024-11-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_derive]] -version = "1.0.214" -when = "2024-10-28" +version = "1.0.215" +when = "2024-11-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -626,6 +626,16 @@ criteria = "safe-to-deploy" delta = "0.6.3 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.rand_distr]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +version = "0.4.3" +notes = """ +Simple crate that extends `rand`. It has little unsafe code and uses Miri to test it. +As far as I can tell, it does not have any file IO or network access. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.rayon]] who = "Josh Stone " criteria = "safe-to-deploy" @@ -639,6 +649,23 @@ criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.sha2]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.10.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.sha2]] +who = "Jeff Muizelaar " +criteria = "safe-to-deploy" +delta = "0.10.6 -> 0.10.8" +notes = """ +The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson. +I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year +which suggests no one else has found anything either. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy"