diff --git a/Cargo.lock b/Cargo.lock index 67540dae..69db41ac 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4631,9 +4631,9 @@ dependencies = [ [[package]] name = "zerovec" -version = "0.10.2" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2cc8827d6c0994478a15c53f374f46fbd41bea663d809b14744bc42e6b109c" +checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" dependencies = [ "yoke", "zerofrom", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 6c60e005..716a5e42 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -90,10 +90,6 @@ criteria = "safe-to-deploy" version = "1.3.3" criteria = "safe-to-deploy" -[[exemptions.bitflags]] -version = "2.6.0" -criteria = "safe-to-deploy" - [[exemptions.bitvec]] version = "1.0.1" criteria = "safe-to-deploy" @@ -874,6 +870,10 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-deploy" +[[exemptions.zerovec]] +version = "0.10.4" +criteria = "safe-to-deploy" + [[exemptions.zstd]] version = "0.13.1" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 876716a5..943004b4 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1821,6 +1821,36 @@ criteria = "safe-to-run" version = "0.7.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.0" +notes = "The changes from the previous version are negligible and thus it retains the same properties." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.cast]] who = "George Burgess IV " criteria = "safe-to-run" @@ -2531,25 +2561,6 @@ criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.zerovec]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "0.9.4" -notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerovec]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.9.4 -> 0.10.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerovec]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.10.1 -> 0.10.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy"