build(deps): Bump serde from 1.0.214 to 1.0.215

supply-chain/config.toml

@@ -161,19 +161,10 @@ criteria = "safe-to-deploy"
 version = "0.8.5"
 criteria = "safe-to-deploy"
 
-[[exemptions.rand_distr]]
-version = "0.4.3"
-criteria = "safe-to-run"
-
 [[exemptions.safe_arch]]
 version = "0.7.0"
 criteria = "safe-to-run"
 
-[[exemptions.sha2]]
-version = "0.10.8"
-criteria = "safe-to-deploy"
-notes = "We do not use the new asm backend, either its feature or CPU architecture"
-
 [[exemptions.simba]]
 version = "0.6.0"
 criteria = "safe-to-run"

supply-chain/imports.lock

@@ -107,15 +107,15 @@ user-login = "dtolnay"
 user-name = "David Tolnay"
 
 [[publisher.serde]]
-version = "1.0.214"
-when = "2024-10-28"
+version = "1.0.215"
+when = "2024-11-11"
 user-id = 3618
 user-login = "dtolnay"
 user-name = "David Tolnay"
 
 [[publisher.serde_derive]]
-version = "1.0.214"
-when = "2024-10-28"
+version = "1.0.215"
+when = "2024-11-11"
 user-id = 3618
 user-login = "dtolnay"
 user-name = "David Tolnay"
@@ -626,6 +626,16 @@ criteria = "safe-to-deploy"
 delta = "0.6.3 -> 0.6.4"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.rand_distr]]
+who = "Ben Dean-Kawamura <[email protected]>"
+criteria = "safe-to-deploy"
+version = "0.4.3"
+notes = """
+Simple crate that extends `rand`.  It has little unsafe code and uses Miri to test it.
+As far as I can tell, it does not have any file IO or network access.
+"""
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.rayon]]
 who = "Josh Stone <[email protected]>"
 criteria = "safe-to-deploy"
@@ -639,6 +649,23 @@ criteria = "safe-to-deploy"
 delta = "1.5.3 -> 1.6.1"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.sha2]]
+who = "Mike Hommey <[email protected]>"
+criteria = "safe-to-deploy"
+delta = "0.10.2 -> 0.10.6"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.sha2]]
+who = "Jeff Muizelaar <[email protected]>"
+criteria = "safe-to-deploy"
+delta = "0.10.6 -> 0.10.8"
+notes = """
+The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson.
+I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year
+which suggests no one else has found anything either.
+"""
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.subtle]]
 who = "Simon Friedberger <[email protected]>"
 criteria = "safe-to-deploy"