-
Notifications
You must be signed in to change notification settings - Fork 573
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Cargo dependencies to fix dependabot alerts
Fixes: - https://github.com/iron-fish/ironfish/security/dependabot/76 (openssl) - https://github.com/iron-fish/ironfish/security/dependabot/81 (h2) - https://github.com/iron-fish/ironfish/security/dependabot/91 (mio) - https://github.com/iron-fish/ironfish/security/dependabot/93 (h2)
- Loading branch information
Showing
3 changed files
with
98 additions
and
11 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,12 +40,42 @@ who = "Andrea <[email protected]>" | |
| criteria = "safe-to-deploy" | ||
| version = "1.0.0" | ||
|
|
||
| [[audits.h2]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.4.0 -> 0.3.26" | ||
|
|
||
| [[audits.hashbrown]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.14.0 -> 0.14.3" | ||
|
|
||
| [[audits.indexmap]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.9.3 -> 2.2.6" | ||
|
|
||
| [[audits.jubjub]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.9.0 -> 0.9.0@git:a1a0c2ed69eec4d5d5e87842e2a40849f7fa4633" | ||
| notes = "Fork of the official jubjub owned by Iron Fish" | ||
|
|
||
| [[audits.mio]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.8.8 -> 0.8.11" | ||
|
|
||
| [[audits.openssl]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.10.59 -> 0.10.64" | ||
|
|
||
| [[audits.openssl-sys]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.9.95 -> 0.9.102" | ||
|
|
||
| [[audits.reddsa]] | ||
| who = "Andrea <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -209,6 +209,24 @@ who = "Pat Hickey <[email protected]>" | |
| criteria = "safe-to-deploy" | ||
| version = "0.3.27" | ||
|
|
||
| [[audits.bytecode-alliance.audits.h2]] | ||
| who = "Alex Crichton <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.3.19 -> 0.4.0" | ||
| notes = "A number of changes but nothing adding new `unsafe` or anything outside the purview of what this crate already manages." | ||
|
|
||
| [[audits.bytecode-alliance.audits.hashbrown]] | ||
| who = "Chris Fallin <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.12.3 -> 0.13.1" | ||
| notes = "The diff looks plausible. Much of it is low-level memory-layout code and I can't be 100% certain without a deeper dive into the implementation logic, but nothing looks actively malicious." | ||
|
|
||
| [[audits.bytecode-alliance.audits.hashbrown]] | ||
| who = "Trevor Elliott <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.1 -> 0.13.2" | ||
| notes = "I read through the diff between v0.13.1 and v0.13.2, and verified that the changes made matched up with the changelog entries. There were very few changes between these two releases, and it was easy to verify what they did." | ||
|
|
||
| [[audits.bytecode-alliance.audits.httpdate]] | ||
| who = "Pat Hickey <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -383,6 +401,12 @@ criteria = "safe-to-deploy" | |
| version = "0.2.7" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.equivalent]] | ||
| who = "George Burgess IV <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "1.0.1" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.fastrand]] | ||
| who = "George Burgess IV <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -1066,6 +1090,17 @@ criteria = "safe-to-deploy" | |
| delta = "0.12.1 -> 0.13.0" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.hashbrown]] | ||
| who = "Daira Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.2 -> 0.14.0" | ||
| notes = """ | ||
| There is some additional use of unsafe code but the changes in this crate looked plausible. | ||
| There is a new default dependency on the `allocator-api2` crate, which itself has quite a lot of unsafe code. | ||
| Many previously undocumented safety requirements have been documented. | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.inout]] | ||
| who = "Daira Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
||