From e0d7c3bbe1224ac4b7ac0fde2ae145bc08456e7b Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 20 Jan 2023 11:56:59 -0600 Subject: [PATCH] Update tokio to resolve dependabot warning (#5607) This doesn't fully update tokio since the update to the latest version has quite a few changes I'd prefer to not audit at the moment, but it updates to a patched version. --- Cargo.lock | 5 ++--- supply-chain/audits.toml | 10 ++++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 127fcb9f9d..373e4dcd0c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2900,16 +2900,15 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.18.1" +version = "1.18.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dce653fb475565de9f6fb0614b28bca8df2c430c0cf84bcd9c843f15de5414cc" +checksum = "8bfb875c82dc0a4f1f37a30e720dee181a2b3a06a428b0fc6873ea38d6407850" dependencies = [ "bytes", "libc", "memchr", "mio", "num_cpus", - "once_cell", "pin-project-lite", "socket2", "tokio-macros", diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 49d0fd4775..82a3a59d10 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -506,6 +506,16 @@ intended to multiplex across the internal representation of a tinyvec, presumably. This trivially doesn't contain anything bad. """ +[[audits.tokio]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "1.18.1 -> 1.18.4" +notes = """ +This looks to be a minor release primarily to fix a security-related Windows +issue plus some reorganization around lazy initialization. Altogether nothing +amiss here. +""" + [[audits.unicase]] who = "Alex Crichton " criteria = "safe-to-deploy"