T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add cargo-vet entries for dependency update (#5778)

Browse Source 
This adds vet entries for the updates being performed in #5513
This commit is contained in:
Alex Crichton
2023-02-14 12:39:33 -06:00
committed by GitHub
parent b5e9fb710b
commit 49a89f91e5
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
supply-chain/audits.toml
View File

@@ -1,6 +1,15 @@
# cargo-vet audits file
[[audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.19.0"
notes = """
This is a minor update for addr2line which looks to mainly update its
dependencies and refactor existing code to expose more functionality and such.
"""
[[audits.ahash]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
@@ -63,6 +72,16 @@ criteria = "safe-to-deploy"
version = "0.3.66"
notes = "I am the author of this crate."
[[audits.backtrace]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.3.66 -> 0.3.67"
notes = """
This change introduced a new means of learning the current exe by parsing
Linux-specific constructs and does not constitute any major changes to the
crate.
"""
[[audits.base64]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@@ -307,6 +326,16 @@ criteria = "safe-to-deploy"
delta = "0.18.0 -> 0.18.1"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.26.1 -> 0.27.0"
notes = """
This is a standard update to gimli for more DWARF support for more platforms,
more features, etc. Some minor `unsafe` code was added that does not appear
incorrect. Otherwise looks like someone probably ran clippy and/or rustfmt.
"""
[[audits.hashbrown]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
@@ -458,6 +487,12 @@ The only changes from 0.6.1 were from my own PR which updated memfd to newer
dependencies.
"""
[[audits.memoffset]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
[[audits.memory_units]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
@@ -467,6 +502,16 @@ This bump only changed from a function to an associated `const` and trivially
contains no significant changes.
"""
[[audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.5.1 -> 0.5.3"
notes = """
This looks to be a minor update to the crate to remove some `unsafe` code,
update Rust stylistic conventions, and perhaps some clippy lints. No major
changes.
"""
[[audits.object]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"

10
supply-chain/imports.lock
View File

@@ -210,6 +210,16 @@ who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.4 -> 0.5.7"
[[audits.mozilla.audits.memoffset]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.5 -> 0.7.1"
[[audits.mozilla.audits.miniz_oxide]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.3 -> 0.6.2"
[[audits.mozilla.audits.num-integer]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"