Skip to content

Commit

Permalink
build(deps): Bump sha2 from 0.10.7 to 0.10.8 (#775)
Browse files Browse the repository at this point in the history 
* build(deps): Bump sha2 from 0.10.7 to 0.10.8

Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.10.7 to 0.10.8.
- [Commits](RustCrypto/hashes@sha2-v0.10.7...sha2-v0.10.8)

---
updated-dependencies:
- dependency-name: sha2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* cargo add-exception

* cargo vet prune

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ameer Ghani <[email protected]>
  • Loading branch information
@dependabot @inahga
dependabot[bot] and inahga authored Oct 10, 2023
1 parent 1089d27 commit 9ccb045
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 20 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ rand = { version = "0.8", optional = true }
rand_core = "0.6.4"
rayon = { version = "1.8.0", optional = true }
serde = { version = "1.0", features = ["derive"] }
sha2 = { version = "0.10.7", optional = true }
sha2 = { version = "0.10.8", optional = true }
sha3 = "0.10.8"
subtle = "2.5.0"
thiserror = "1.0"
Expand Down
5 changes: 5 additions & 0 deletions supply-chain/config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,11 @@ criteria = "safe-to-run"
version = "0.7.0"
criteria = "safe-to-run"

[[exemptions.sha2]]
version = "0.10.8"
criteria = "safe-to-deploy"
notes = "We do not use the new asm backend, either its feature or CPU architecture"

[[exemptions.simba]]
version = "0.6.0"
criteria = "safe-to-run"
Expand Down
17 changes: 0 additions & 17 deletions supply-chain/imports.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -470,11 +470,6 @@ who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.10.1 -> 1.10.2"

[[audits.firefox.audits.sha2]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.6"

[[audits.firefox.audits.subtle]]
who = "Simon Friedberger <[email protected]>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -608,18 +603,6 @@ approach looks reasonable.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.sha2]]
who = "Jack Grigg <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"
notes = """
The new `unsafe` assembly backend only uses aarch64 intrinsics, via their typed
Rust APIs (aside from the SHA2-specific intrinsics that are not in Rust yet). I
did not perform a cryptographic review, but the code to load from and store into
the function arguments looks correct.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.unicode-ident]]
who = "Daira Hopwood <[email protected]>"
criteria = "safe-to-deploy"
Expand Down

0 comments on commit 9ccb045

Please sign in to comment.