From 82fcf3e562f8befc56f3a3ff6d95bf2c61cc826d Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Mon, 27 Mar 2023 17:07:14 -0700 Subject: [PATCH] Bump cargo-vet to 0.6.1 (#6110) * Bump cargo-vet to 0.6.1. * Add Fuchsia and prune. --- .github/workflows/main.yml | 2 +- supply-chain/config.toml | 15 +++++++-------- supply-chain/imports.lock | 39 +++++++++++++++++++++++--------------- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e3826b9663..1b1e60ca51 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -82,7 +82,7 @@ jobs: if: needs.determine.outputs.audit runs-on: ubuntu-latest env: - CARGO_VET_VERSION: 0.5.0 + CARGO_VET_VERSION: 0.6.1 steps: - uses: actions/checkout@v3 with: diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 6d2b34dc69..d9c5ea1263 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -2,14 +2,17 @@ # cargo-vet config file [cargo-vet] -version = "0.5" - -[imports.chromeos] -url = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" +version = "0.6" [imports.embark-studios] url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml" +[imports.google] +url = [ + "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT", + "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT", +] + [imports.isrg] url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" @@ -858,10 +861,6 @@ criteria = "safe-to-run" version = "0.1.0" criteria = "safe-to-deploy" -[[exemptions.version_check]] -version = "0.9.4" -criteria = "safe-to-deploy" - [[exemptions.wait-timeout]] version = "0.2.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index e2e66717c4..814fabfbf9 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -15,21 +15,6 @@ user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" -[[audits.chromeos.audits.libfuzzer-sys]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.4.4" - -[[audits.chromeos.audits.miniz_oxide]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.6.2" - -[[audits.chromeos.audits.static_assertions]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "1.1.0" - [[audits.embark-studios.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -47,6 +32,30 @@ criteria = "safe-to-deploy" version = "0.2.2" notes = "Inspected it and is a tiny crate with just type definitions" +[[audits.google.audits.libfuzzer-sys]] +who = "ChromeOS" +criteria = "safe-to-run" +version = "0.4.4" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.miniz_oxide]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.6.2" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.static_assertions]] +who = "ChromeOS" +criteria = "safe-to-run" +version = "1.1.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.version_check]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.9.4" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" + [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy"