From ef7af28ef095277f5979dcbc6ff03964c1e0ba12 Mon Sep 17 00:00:00 2001 From: Trevor Elliott Date: Tue, 18 Apr 2023 16:12:09 -0700 Subject: [PATCH] Bump hashbrown to 0.13.2 (#6238) --- Cargo.lock | 14 +++++++------- Cargo.toml | 2 +- supply-chain/audits.toml | 6 ++++++ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a2d61a663e..29166cbdd7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -607,7 +607,7 @@ dependencies = [ "cranelift-isle", "criterion", "gimli", - "hashbrown 0.13.1", + "hashbrown 0.13.2", "log", "regalloc2", "serde", @@ -677,7 +677,7 @@ name = "cranelift-frontend" version = "0.96.0" dependencies = [ "cranelift-codegen", - "hashbrown 0.13.1", + "hashbrown 0.13.2", "log", "similar", "smallvec", @@ -747,7 +747,7 @@ dependencies = [ "anyhow", "cranelift-codegen", "cranelift-control", - "hashbrown 0.13.1", + "hashbrown 0.13.2", ] [[package]] @@ -837,7 +837,7 @@ dependencies = [ "cranelift-codegen", "cranelift-entity", "cranelift-frontend", - "hashbrown 0.13.1", + "hashbrown 0.13.2", "itertools", "log", "serde", @@ -1498,9 +1498,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.13.1" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33ff8ae62cd3a9102e5637afc8452c55acf3844001bd5374e0b0bd7b6616c038" +checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" dependencies = [ "ahash", ] @@ -2049,7 +2049,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea86265d3d3dcb6a27fc51bd29a4bf387fae9d2986b823079d4986af253eb439" dependencies = [ "crc32fast", - "hashbrown 0.13.1", + "hashbrown 0.13.2", "indexmap", "memchr", ] diff --git a/Cargo.toml b/Cargo.toml index 040ad47ae5..0e3cfa7f71 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -190,7 +190,7 @@ log = { version = "0.4.8", default-features = false } object = { version = "0.30.3", default-features = false, features = ['read_core', 'elf', 'std'] } gimli = { version = "0.27.0", default-features = false, features = ['read', 'std'] } clap = { version = "3.2.0", features = ["color", "suggestions", "derive"] } -hashbrown = "0.13" +hashbrown = "0.13.2" cap-std = "1.0.0" cap-rand = "1.0.0" capstone = "0.9.0" diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 1037eabab5..35a86e4e1f 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -565,6 +565,12 @@ criteria = "safe-to-deploy" delta = "0.12.3 -> 0.13.1" notes = "The diff looks plausible. Much of it is low-level memory-layout code and I can't be 100% certain without a deeper dive into the implementation logic, but nothing looks actively malicious." +[[audits.hashbrown]] +who = "Trevor Elliott " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.13.2" +notes = "I read through the diff between v0.13.1 and v0.13.2, and verified that the changes made matched up with the changelog entries. There were very few changes between these two releases, and it was easy to verify what they did." + [[audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy"