diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 54c3fa04..fc9966a6 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -61,6 +61,11 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "1.8.1 -> 1.9.0" +[[audits.equivalent]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "1.0.1" + [[audits.errno]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -176,6 +181,11 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.4" +[[audits.log]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.4.18 -> 0.4.20" + [[audits.log-panics]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -201,6 +211,11 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.2.1" +[[audits.opaque-debug]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.3.0" + [[audits.percent-encoding]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -266,11 +281,21 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "1.0.17 -> 1.0.18" +[[audits.serde_path_to_error]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.1.11 -> 0.1.14" + [[audits.serde_plain]] who = "Conrad Ludgate " criteria = "safe-to-deploy" version = "0.3.0" +[[audits.sqlx-macros]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.7.1" + [[audits.static_assertions]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -321,6 +346,11 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" +[[audits.tinyvec_macros]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" + [[audits.tokio-executor-trait]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -341,6 +371,11 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" version = "0.3.1" +[[audits.tower-layer]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.3.1 -> 0.3.2" + [[audits.tower-service]] who = "Conrad Ludgate " criteria = "safe-to-deploy" @@ -396,6 +431,86 @@ who = "Conrad Ludgate " criteria = "safe-to-deploy" delta = "0.23.0 -> 0.24.0" +[[audits.windows-targets]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows-targets]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_aarch64_gnullvm]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_aarch64_gnullvm]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_aarch64_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_aarch64_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_i686_gnu]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_i686_gnu]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_i686_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_i686_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_x86_64_gnu]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_x86_64_gnu]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_x86_64_gnullvm]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_x86_64_gnullvm]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + +[[audits.windows_x86_64_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +version = "0.42.2" + +[[audits.windows_x86_64_msvc]] +who = "Conrad Ludgate " +criteria = "safe-to-deploy" +delta = "0.42.2 -> 0.48.5" + [[audits.wiremock]] who = "Conrad Ludgate " criteria = "safe-to-run" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index f12a6d11..b17f29cf 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -306,10 +306,6 @@ criteria = "safe-to-deploy" version = "0.10.0" criteria = "safe-to-deploy" -[[exemptions.equivalent]] -version = "1.0.1" -criteria = "safe-to-deploy" - [[exemptions.etcetera]] version = "0.8.0" criteria = "safe-to-deploy" @@ -490,10 +486,6 @@ criteria = "safe-to-deploy" version = "0.4.10" criteria = "safe-to-deploy" -[[exemptions.log]] -version = "0.4.20" -criteria = "safe-to-deploy" - [[exemptions.logos]] version = "0.12.1" criteria = "safe-to-deploy" @@ -566,10 +558,6 @@ criteria = "safe-to-deploy" version = "1.18.0" criteria = "safe-to-deploy" -[[exemptions.opaque-debug]] -version = "0.3.0" -criteria = "safe-to-deploy" - [[exemptions.overload]] version = "0.1.1" criteria = "safe-to-deploy" @@ -794,10 +782,6 @@ criteria = "safe-to-deploy" version = "1.0.105" criteria = "safe-to-deploy" -[[exemptions.serde_path_to_error]] -version = "0.1.14" -criteria = "safe-to-deploy" - [[exemptions.serde_regex]] version = "1.1.0" criteria = "safe-to-deploy" @@ -882,10 +866,6 @@ criteria = "safe-to-deploy" version = "0.7.1" criteria = "safe-to-deploy" -[[exemptions.sqlx-macros]] -version = "0.7.1" -criteria = "safe-to-deploy" - [[exemptions.sqlx-macros-core]] version = "0.7.1" criteria = "safe-to-deploy" @@ -942,10 +922,6 @@ criteria = "safe-to-deploy" version = "1.0.0" criteria = "safe-to-deploy" -[[exemptions.tinyvec_macros]] -version = "0.1.1" -criteria = "safe-to-deploy" - [[exemptions.tokio]] version = "1.32.0" criteria = "safe-to-deploy" @@ -978,10 +954,6 @@ criteria = "safe-to-deploy" version = "0.3.5" criteria = "safe-to-deploy" -[[exemptions.tower-layer]] -version = "0.3.2" -criteria = "safe-to-deploy" - [[exemptions.tracing]] version = "0.1.37" criteria = "safe-to-deploy" @@ -1098,70 +1070,6 @@ criteria = "safe-to-deploy" version = "0.48.0" criteria = "safe-to-deploy" -[[exemptions.windows-targets]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows-targets]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_gnullvm]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_gnullvm]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_msvc]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_msvc]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnu]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnu]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_msvc]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_msvc]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnu]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnu]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnullvm]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnullvm]] -version = "0.48.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_msvc]] -version = "0.42.2" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_msvc]] -version = "0.48.5" -criteria = "safe-to-deploy" - [[exemptions.winreg]] version = "0.10.1" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index f019e620..f258f410 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -303,6 +303,16 @@ without `unsafe`. Skimming the crate everything looks reasonable and what one would expect from idiomatic safe collections in Rust. """ +[[audits.bytecode-alliance.audits.tinyvec_macros]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = """ +This is a trivial crate which only contains a singular macro definition which is +intended to multiplex across the internal representation of a tinyvec, +presumably. This trivially doesn't contain anything bad. +""" + [[audits.bytecode-alliance.audits.try-lock]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -591,6 +601,19 @@ version = "0.2.6" notes = "This crate uses unsafe block, but this doesn't have network and file access. I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.log]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +version = "0.4.17" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.4.17 -> 0.4.18" +notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.md-5]] who = "Dana Keeler " criteria = "safe-to-deploy" @@ -754,6 +777,12 @@ a security vulnerability. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.serde_path_to_error]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +version = "0.1.11" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.sha1]] who = "Dana Keeler " criteria = "safe-to-deploy"