From 7ec180bc8d7d582f3d072e3b771eb782315b73ec Mon Sep 17 00:00:00 2001 From: "Ben V. Brown" <5425387+Ralim@users.noreply.github.com> Date: Sun, 18 Feb 2024 10:34:28 +1100 Subject: [PATCH] Lock vet (#15) * Lock vet * Update deps --- .github/workflows/test.yml | 4 +- bestool/Cargo.lock | 198 ++++++++++++------------ bestool/src/beslink/message.rs | 10 +- bestool/src/beslink/mod.rs | 2 +- bestool/src/beslink/write_flash.rs | 4 +- bestool/src/cmds/read_image.rs | 4 +- bestool/src/cmds/write_image.rs | 4 +- bestool/supply-chain/audits.toml | 36 +++++ bestool/supply-chain/config.toml | 22 +-- bestool/supply-chain/imports.lock | 240 +++++++++++++++++++++-------- 10 files changed, 322 insertions(+), 202 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2755dc3..a0db7d1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,7 +36,7 @@ jobs: with: components: clippy,rustfmt - run: sudo apt-get update && sudo apt-get install -y libudev-dev - - run: cargo install --locked cargo-vet + - run: cargo install --locked cargo-vet --version "0.9.0" working-directory: bestool - run: cargo vet --locked working-directory: bestool @@ -48,4 +48,4 @@ jobs: - uses: dtolnay/rust-toolchain@stable - run: sudo apt-get update && sudo apt-get install -y libudev-dev - run: cargo build - working-directory: bestool \ No newline at end of file + working-directory: bestool diff --git a/bestool/Cargo.lock b/bestool/Cargo.lock index d2a5c1c..465c7e3 100644 --- a/bestool/Cargo.lock +++ b/bestool/Cargo.lock @@ -2,27 +2,6 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "CoreFoundation-sys" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0e9889e6db118d49d88d84728d0e964d973a5680befb5f85f55141beea5c20b" -dependencies = [ - "libc", - "mach", -] - -[[package]] -name = "IOKit-sys" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99696c398cbaf669d2368076bdb3d627fb0ce51a26899d7c61228c5c0af3bf4a" -dependencies = [ - "CoreFoundation-sys", - "libc", - "mach", -] - [[package]] name = "aho-corasick" version = "1.1.2" @@ -34,9 +13,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.4" +version = "0.6.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" +checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5" dependencies = [ "anstyle", "anstyle-parse", @@ -48,33 +27,33 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.4" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" +checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" [[package]] name = "anstyle-parse" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" +checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" dependencies = [ "windows-sys", ] [[package]] name = "anstyle-wincon" -version = "3.0.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" +checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" dependencies = [ "anstyle", "windows-sys", @@ -100,9 +79,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.0.2" +version = "2.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487f1e0fcbe47deb8b0574e646def1c903389d95241dd1bbcc6ce4a715dfc0c1" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "cfg-if" @@ -112,9 +91,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clap" -version = "4.4.8" +version = "4.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64" +checksum = "c918d541ef2913577a0f9566e9ce27cb35b6df072075769e0b26cb5a554520da" dependencies = [ "clap_builder", "clap_derive", @@ -122,9 +101,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.8" +version = "4.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc" +checksum = "9f3e7391dad68afb0c2ede1bf619f579a3dc9c2ec67f089baa397123a2f3d1eb" dependencies = [ "anstream", "anstyle", @@ -134,9 +113,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.4.7" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442" +checksum = "307bc0538d5f0f83b8248db3087aa92fe504e4691294d0c96c0eabc33f47ba47" dependencies = [ "heck", "proc-macro2", @@ -146,9 +125,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" +checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" [[package]] name = "colorchoice" @@ -156,6 +135,12 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +[[package]] +name = "core-foundation-sys" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" + [[package]] name = "crc" version = "3.0.1" @@ -177,6 +162,16 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +[[package]] +name = "io-kit-sys" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4769cb30e5dcf1710fc6730d3e94f78c47723a014a567de385e113c737394640" +dependencies = [ + "core-foundation-sys", + "mach2", +] + [[package]] name = "lazy_static" version = "1.4.0" @@ -185,9 +180,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libudev" @@ -215,29 +210,20 @@ version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" -[[package]] -name = "mach" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd13ee2dd61cc82833ba05ade5a30bb3d63f7ced605ef827063c63078302de9" -dependencies = [ - "libc", -] - [[package]] name = "mach2" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d0d1830bcd151a6fc4aea1369af235b36c1528fe976b8ff678683c9995eade8" +checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" dependencies = [ "libc", ] [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "nix" @@ -262,9 +248,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "overload" @@ -280,33 +266,33 @@ checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] [[package]] name = "regex" -version = "1.10.2" +version = "1.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15" dependencies = [ "aho-corasick", "memchr", @@ -316,9 +302,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd" dependencies = [ "aho-corasick", "memchr", @@ -339,19 +325,20 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "serialport" -version = "4.2.2" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c32634e2bd4311420caa504404a55fad2131292c485c97014cbed89a5899885f" +checksum = "8f5a15d0be940df84846264b09b51b10b931fb2f275becb80934e3568a016828" dependencies = [ - "CoreFoundation-sys", - "IOKit-sys", - "bitflags 2.0.2", + "bitflags 2.4.2", "cfg-if", + "core-foundation-sys", + "io-kit-sys", "libudev", "mach2", "nix", "regex", "scopeguard", + "unescaper", "winapi", ] @@ -366,21 +353,21 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" [[package]] name = "strsim" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01" [[package]] name = "syn" -version = "2.0.39" +version = "2.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "915aea9e586f80826ee59f8453c1101f9d1c4b3964cd2460185ee8e299ada496" dependencies = [ "proc-macro2", "quote", @@ -389,18 +376,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81" dependencies = [ "proc-macro2", "quote", @@ -474,6 +461,15 @@ dependencies = [ "tracing-log", ] +[[package]] +name = "unescaper" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0adf6ad32eb5b3cadff915f7b770faaac8f7ff0476633aa29eb0d9584d889d34" +dependencies = [ + "thiserror", +] + [[package]] name = "unicode-ident" version = "1.0.12" @@ -516,18 +512,18 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-sys" -version = "0.48.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ "windows-targets", ] [[package]] name = "windows-targets" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", @@ -540,42 +536,42 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" [[package]] name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" [[package]] name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" [[package]] name = "windows_i686_msvc" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" [[package]] name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" diff --git a/bestool/src/beslink/message.rs b/bestool/src/beslink/message.rs index e00aa7d..15b07b8 100644 --- a/bestool/src/beslink/message.rs +++ b/bestool/src/beslink/message.rs @@ -168,22 +168,20 @@ pub fn read_message(serial_port: &mut Box) -> Result Err(e), } } -pub fn validate_packet_checksum(packet: &Vec) -> Result<(), BESLinkError> { - let mut inner_packet = packet.clone(); - let _ = inner_packet.pop(); - let checksum = calculate_message_checksum(&inner_packet); +pub fn validate_packet_checksum(packet: &[u8]) -> Result<(), BESLinkError> { + let checksum = calculate_message_checksum(&packet[1..packet.len()]); if checksum == packet[packet.len() - 1] { return Ok(()); } let e = BESLinkError::BadChecksumError { - failed_packet: packet.clone(), + failed_packet: packet.to_vec(), got: packet[packet.len() - 1], wanted: checksum, }; warn!("Bad Checksum!! {:?}", e); Err(e) } -pub fn calculate_message_checksum(packet: &Vec) -> u8 { +pub fn calculate_message_checksum(packet: &[u8]) -> u8 { let mut sum: u32 = 0; for b in packet { sum += u32::from(*b); diff --git a/bestool/src/beslink/mod.rs b/bestool/src/beslink/mod.rs index 8188426..213593a 100644 --- a/bestool/src/beslink/mod.rs +++ b/bestool/src/beslink/mod.rs @@ -18,7 +18,7 @@ pub use bootloader::start_programmer_runtime_binary_blob; pub use errors::BESLinkError; pub use helper_sync_and_load_programmer::helper_sync_and_load_programmer; pub use memory_info::query_memory_info; -pub use message::read_message; + pub use message::send_message; pub use message::BesMessage; pub use message::MessageTypes; diff --git a/bestool/src/beslink/write_flash.rs b/bestool/src/beslink/write_flash.rs index 66df946..575bf9e 100644 --- a/bestool/src/beslink/write_flash.rs +++ b/bestool/src/beslink/write_flash.rs @@ -123,9 +123,7 @@ fn get_flash_chunk_msg(payload: Vec, chunk: usize) -> BesMessage { let mut digest = crc.digest(); digest.update(&payload); let crc_value = digest.finalize(); - data_message - .payload - .extend(crc_value.to_le_bytes()); + data_message.payload.extend(crc_value.to_le_bytes()); data_message.payload.extend(vec![chunk as u8, 0x00, 0x00]); data_message.set_checksum(); data_message diff --git a/bestool/src/cmds/read_image.rs b/bestool/src/cmds/read_image.rs index c01eeb6..16ee892 100644 --- a/bestool/src/cmds/read_image.rs +++ b/bestool/src/cmds/read_image.rs @@ -11,9 +11,7 @@ use tracing::info; pub fn cmd_read_image(input_file: String, serial_port: String, start: usize, length: usize) { //First gain sync to the device - println!( - "Reading binary data from {serial_port} @ {BES_PROGRAMMING_BAUDRATE}" - ); + println!("Reading binary data from {serial_port} @ {BES_PROGRAMMING_BAUDRATE}"); let mut serial_port = serialport::new(serial_port, BES_PROGRAMMING_BAUDRATE); serial_port = serial_port.timeout(Duration::from_millis(5000)); diff --git a/bestool/src/cmds/write_image.rs b/bestool/src/cmds/write_image.rs index 51a6346..52a1819 100644 --- a/bestool/src/cmds/write_image.rs +++ b/bestool/src/cmds/write_image.rs @@ -11,9 +11,7 @@ use tracing::info; pub fn cmd_write_image(input_file: String, serial_port: String) { //First gain sync to the device - println!( - "Writing binary data to {serial_port} @ {BES_PROGRAMMING_BAUDRATE}" - ); + println!("Writing binary data to {serial_port} @ {BES_PROGRAMMING_BAUDRATE}"); let mut serial_port = serialport::new(serial_port, BES_PROGRAMMING_BAUDRATE); serial_port = serial_port.timeout(Duration::from_millis(5000)); diff --git a/bestool/supply-chain/audits.toml b/bestool/supply-chain/audits.toml index 3788ad0..29f91fd 100644 --- a/bestool/supply-chain/audits.toml +++ b/bestool/supply-chain/audits.toml @@ -1,11 +1,41 @@ # cargo-vet audits file +[[audits.bitflags]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +delta = "2.4.1 -> 2.4.2" + +[[audits.io-kit-sys]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +version = "0.4.0" + [[audits.pkg-config]] who = "Ben V. Brown " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.pkg-config]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +delta = "0.3.29 -> 0.3.30" + +[[audits.serialport]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +delta = "4.2.2 -> 4.3.0" + +[[audits.strsim]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +delta = "0.10.0 -> 0.11.0" + +[[audits.unescaper]] +who = "Ben V. Brown " +criteria = "safe-to-deploy" +version = "0.1.4" + [[trusted.aho-corasick]] criteria = "safe-to-deploy" user-id = 189 # Andrew Gallant (BurntSushi) @@ -78,6 +108,12 @@ user-id = 2915 # Amanieu d'Antras (Amanieu) start = "2021-01-27" end = "2024-11-26" +[[trusted.mach2]] +criteria = "safe-to-deploy" +user-id = 51017 # Yuki Okushi (JohnTitor) +start = "2021-11-15" +end = "2025-02-17" + [[trusted.memchr]] criteria = "safe-to-deploy" user-id = 189 # Andrew Gallant (BurntSushi) diff --git a/bestool/supply-chain/config.toml b/bestool/supply-chain/config.toml index 1709067..ee79313 100644 --- a/bestool/supply-chain/config.toml +++ b/bestool/supply-chain/config.toml @@ -2,7 +2,7 @@ # cargo-vet config file [cargo-vet] -version = "0.8" +version = "0.9" [imports.bytecode-alliance] url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" @@ -22,14 +22,6 @@ url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" [imports.zcash] url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" -[[exemptions.CoreFoundation-sys]] -version = "0.1.4" -criteria = "safe-to-deploy" - -[[exemptions.IOKit-sys]] -version = "0.1.5" -criteria = "safe-to-deploy" - [[exemptions.bitflags]] version = "1.3.2" criteria = "safe-to-deploy" @@ -50,10 +42,6 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-deploy" -[[exemptions.mach]] -version = "0.1.2" -criteria = "safe-to-deploy" - [[exemptions.nix]] version = "0.26.4" criteria = "safe-to-deploy" @@ -66,10 +54,6 @@ criteria = "safe-to-deploy" version = "4.2.2" criteria = "safe-to-deploy" -[[exemptions.sharded-slab]] -version = "0.1.7" -criteria = "safe-to-deploy" - [[exemptions.strsim]] version = "0.10.0" criteria = "safe-to-deploy" @@ -90,10 +74,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.tracing-subscriber]] -version = "0.3.18" -criteria = "safe-to-deploy" - [[exemptions.winapi]] version = "0.3.9" criteria = "safe-to-deploy" diff --git a/bestool/supply-chain/imports.lock b/bestool/supply-chain/imports.lock index 4c329ff..595672a 100644 --- a/bestool/supply-chain/imports.lock +++ b/bestool/supply-chain/imports.lock @@ -9,64 +9,64 @@ user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.anstream]] -version = "0.6.4" -when = "2023-09-29" +version = "0.6.11" +when = "2024-01-18" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle]] -version = "1.0.4" -when = "2023-09-28" +version = "1.0.6" +when = "2024-02-05" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-parse]] -version = "0.2.2" -when = "2023-09-28" +version = "0.2.3" +when = "2023-12-04" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-query]] -version = "1.0.0" -when = "2023-04-13" +version = "1.0.2" +when = "2023-12-08" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.anstyle-wincon]] -version = "3.0.1" -when = "2023-09-29" +version = "3.0.2" +when = "2023-12-04" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap]] -version = "4.4.8" -when = "2023-11-10" +version = "4.5.1" +when = "2024-02-16" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_builder]] -version = "4.4.8" -when = "2023-11-10" +version = "4.5.1" +when = "2024-02-16" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_derive]] -version = "4.4.7" -when = "2023-10-24" +version = "4.5.0" +when = "2024-02-08" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_lex]] -version = "0.6.0" -when = "2023-10-24" +version = "0.7.0" +when = "2024-02-08" user-id = 6743 user-login = "epage" user-name = "Ed Page" @@ -78,6 +78,13 @@ user-id = 6743 user-login = "epage" user-name = "Ed Page" +[[publisher.core-foundation-sys]] +version = "0.8.4" +when = "2023-04-03" +user-id = 5946 +user-login = "jrmuizel" +user-name = "Jeff Muizelaar" + [[publisher.libc]] version = "0.2.146" when = "2023-06-06" @@ -85,37 +92,44 @@ user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" +[[publisher.mach2]] +version = "0.4.2" +when = "2023-12-19" +user-id = 51017 +user-login = "JohnTitor" +user-name = "Yuki Okushi" + [[publisher.memchr]] -version = "2.6.4" -when = "2023-10-01" +version = "2.7.1" +when = "2023-12-28" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.proc-macro2]] -version = "1.0.69" -when = "2023-10-09" +version = "1.0.78" +when = "2024-01-21" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.quote]] -version = "1.0.33" -when = "2023-08-17" +version = "1.0.35" +when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.regex]] -version = "1.10.2" -when = "2023-10-16" +version = "1.10.3" +when = "2024-01-21" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.regex-automata]] -version = "0.4.3" -when = "2023-10-16" +version = "0.4.5" +when = "2024-01-25" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" @@ -135,29 +149,29 @@ user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.smallvec]] -version = "1.11.2" -when = "2023-11-09" +version = "1.13.1" +when = "2024-01-19" user-id = 2017 user-login = "mbrubeck" user-name = "Matt Brubeck" [[publisher.syn]] -version = "2.0.39" -when = "2023-11-06" +version = "2.0.49" +when = "2024-02-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror]] -version = "1.0.50" -when = "2023-10-19" +version = "1.0.57" +when = "2024-02-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror-impl]] -version = "1.0.50" -when = "2023-10-19" +version = "1.0.57" +when = "2024-02-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -184,74 +198,102 @@ user-login = "carllerche" user-name = "Carl Lerche" [[publisher.windows-sys]] -version = "0.48.0" -when = "2023-03-31" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.48.5" -when = "2023-08-18" +version = "0.52.0" +when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[audits.bytecode-alliance.audits.bitflags]] +who = "Jamey Sharp " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.1" +notes = """ +This version adds unsafe impls of traits from the bytemuck crate when built +with that library enabled, but I believe the impls satisfy the documented +safety requirements for bytemuck. The other changes are minor. +""" + +[[audits.bytecode-alliance.audits.bitflags]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "2.3.2 -> 2.3.3" +notes = """ +Nothing outside the realm of what one would expect from a bitflags generator, +all as expected. +""" + [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.core-foundation-sys]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.6" +notes = """ +The changes here are all typical bindings updates: new functions, types, and +constants. I have not audited all the bindings for ABI conformance. +""" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -270,6 +312,18 @@ criteria = "safe-to-deploy" delta = "0.2.148 -> 0.2.149" notes = "Lots of new functions and constants for new platforms and nothing out of the ordinary for what one would expect of the `libc` crate." +[[audits.bytecode-alliance.audits.libc]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.2.149 -> 0.2.151" +notes = "More new functions, types, and constants, as is usual for the `libc` crate, as well as various minor code cleanups." + +[[audits.bytecode-alliance.audits.libc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.151 -> 0.2.153" +notes = "More bindings for more platforms. I have not verified that everything is exactly as-is on the platform as specified but nothing major is otherwise introduced as part of this bump." + [[audits.bytecode-alliance.audits.nu-ansi-term]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -288,6 +342,26 @@ criteria = "safe-to-deploy" version = "0.3.25" notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.29" +notes = """ +No `unsafe` additions or anything outside of the purview of the crate in this +change. +""" + +[[audits.bytecode-alliance.audits.sharded-slab]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.4" +notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe." + +[[audits.bytecode-alliance.audits.tracing-subscriber]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.17" + [audits.fermyon.audits] [[audits.google.audits.pin-project-lite]] @@ -304,10 +378,20 @@ version = "0.2.1" notes = "Reviewed on https://fxrev.dev/904811" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" -[[audits.isrg.audits.libc]] +[[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "0.2.149 -> 0.2.150" +delta = "1.18.0 -> 1.19.0" + +[[audits.mozilla.wildcard-audits.core-foundation-sys]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +user-id = 5946 # Jeff Muizelaar (jrmuizel) +start = "2020-10-14" +end = "2023-05-04" +renew = false +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Alex Franchuk " @@ -316,6 +400,31 @@ delta = "1.3.2 -> 2.0.2" notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.bitflags]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "2.2.1 -> 2.3.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "2.3.3 -> 2.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "2.4.0 -> 2.4.1" +notes = "Only allowing new clippy lints" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -348,12 +457,6 @@ delta = "0.4.17 -> 0.4.18" notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" -[[audits.mozilla.audits.mach2]] -who = "Gabriele Svelto " -criteria = "safe-to-deploy" -version = "0.4.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.pkg-config]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -377,3 +480,16 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.sharded-slab]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.7" +notes = "Only change to an `unsafe` block is to fix a clippy lint." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-subscriber]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.17 -> 0.3.18" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"