diff --git a/Cargo.lock b/Cargo.lock index b9ab02f6d1..d6600717bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -45,6 +45,12 @@ dependencies = [ "tokio", ] +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + [[package]] name = "autocfg" version = "1.1.0" @@ -68,9 +74,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.7" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bindgen" @@ -331,15 +337,15 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" -version = "0.3.26" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +checksum = "fa82e28a107a8cc405f0839610bdc9b15f1e25ec7d696aa5cf173edbcb1486ab" dependencies = [ + "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", - "futures-util", "http", "indexmap", "slab", @@ -365,9 +371,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.11" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" dependencies = [ "bytes", "fnv", @@ -376,12 +382,24 @@ dependencies = [ [[package]] name = "http-body" -version = "0.4.6" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" dependencies = [ "bytes", "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", "pin-project-lite", ] @@ -391,47 +409,60 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" -[[package]] -name = "httpdate" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" - [[package]] name = "hyper" -version = "0.14.28" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" +checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" dependencies = [ "bytes", "futures-channel", - "futures-core", "futures-util", "h2", "http", "http-body", "httparse", - "httpdate", "itoa", "pin-project-lite", - "socket2", + "smallvec", "tokio", - "tower-service", - "tracing", "want", ] [[package]] name = "hyper-tls" -version = "0.5.0" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" dependencies = [ "bytes", + "http-body-util", "hyper", + "hyper-util", "native-tls", "tokio", "tokio-native-tls", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa" +dependencies = [ + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "pin-project-lite", + "socket2", + "tokio", + "tower", + "tower-service", + "tracing", ] [[package]] @@ -655,6 +686,26 @@ version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" +[[package]] +name = "pin-project" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "pin-project-lite" version = "0.2.13" @@ -732,9 +783,9 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reqwest" -version = "0.11.24" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6920094eb85afde5e4a138be3f2de8bbdf28000f0029e72c45025a56b042251" +checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10" dependencies = [ "async-compression", "base64", @@ -745,8 +796,10 @@ dependencies = [ "h2", "http", "http-body", + "http-body-util", "hyper", "hyper-tls", + "hyper-util", "ipnet", "js-sys", "log", @@ -800,13 +853,20 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ "base64", + "rustls-pki-types", ] +[[package]] +name = "rustls-pki-types" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" + [[package]] name = "ryu" version = "1.0.16" @@ -917,6 +977,12 @@ dependencies = [ "autocfg", ] +[[package]] +name = "smallvec" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" + [[package]] name = "socket2" version = "0.5.5" @@ -1043,6 +1109,28 @@ dependencies = [ "tracing", ] +[[package]] +name = "tower" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" +dependencies = [ + "futures-core", + "futures-util", + "pin-project", + "pin-project-lite", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-layer" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" + [[package]] name = "tower-service" version = "0.3.2" @@ -1055,6 +1143,7 @@ version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ + "log", "pin-project-lite", "tracing-core", ] @@ -1362,9 +1451,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" [[package]] name = "winreg" -version = "0.50.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" dependencies = [ "cfg-if", "windows-sys 0.48.0", diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index 45461e8542..eb30af9688 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -11,7 +11,7 @@ qubesdb = [] [dependencies] anyhow = {version = "1.0.75"} futures-util = "0.3.30" -reqwest = {version = "0.11.20", features = ["gzip", "stream"]} +reqwest = { version = "0.12", features = ["gzip", "stream"] } serde = {version = "1.0.188", features = ["derive"]} serde_json = "1.0.107" tokio = {version = "1.0", features = ["macros", "rt"]} diff --git a/proxy/src/main.rs b/proxy/src/main.rs index d1cb65635d..b6e04772ea 100644 --- a/proxy/src/main.rs +++ b/proxy/src/main.rs @@ -165,10 +165,12 @@ async fn main() -> ExitCode { match proxy().await { Ok(()) => ExitCode::SUCCESS, Err(err) => { + let mut error = err.to_string(); + if let Some(source) = err.source() { + error = format!("{}: {}", error, source); + } // Try to serialize into our error format - let resp = ErrorResponse { - error: err.to_string(), - }; + let resp = ErrorResponse { error }; match serde_json::to_string(&resp) { Ok(json) => { // Print the error to stderr diff --git a/proxy/tests/test_errors.py b/proxy/tests/test_errors.py index 68b877fd13..b7b909085b 100644 --- a/proxy/tests/test_errors.py +++ b/proxy/tests/test_errors.py @@ -67,6 +67,5 @@ def test_cannot_connect(proxy_request): assert ( result.stderr.decode().strip() == '{"error":"error sending request for url (http://missing.test/): ' - + "error trying to connect: dns error: failed to lookup address information: " - + 'Name or service not known"}' + + 'client error (Connect)"}' ) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 86d4c0ebc4..9fe860cb32 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -7,6 +7,11 @@ criteria = "safe-to-run" version = "0.4.6" notes = "only usage of unsafe is in zstd support, via Unshared, which we're not enabling" +[[audits.atomic-waker]] +who = "Kunal Mehta " +criteria = "safe-to-run" +delta = "1.1.0 -> 1.1.2" + [[audits.clang-sys]] who = "Kunal Mehta " criteria = "safe-to-run" @@ -61,11 +66,27 @@ criteria = "safe-to-run" version = "1.0.4" notes = "code is fine, cannot vouch for correctness though" +[[audits.rustls-pemfile]] +who = "Kunal Mehta " +criteria = "safe-to-run" +delta = "1.0.4 -> 2.1.2" + +[[audits.rustls-pki-types]] +who = "Kunal Mehta " +criteria = "safe-to-run" +version = "1.7.0" +notes = "Code is reasonable, none of the business logic related to PKI/TLS was verified" + [[audits.slab]] who = "Kunal Mehta " criteria = "safe-to-run" delta = "0.4.8 -> 0.4.9" +[[audits.smallvec]] +who = "Kunal Mehta " +criteria = "safe-to-run" +delta = "1.11.1 -> 1.13.2" + [[audits.socket2]] who = "Kunal Mehta " criteria = "safe-to-run" @@ -81,6 +102,11 @@ who = "Kunal Mehta " criteria = "safe-to-run" delta = "3.9.0 -> 3.10.0" +[[audits.tower-layer]] +who = "Kunal Mehta " +criteria = "safe-to-run" +delta = "0.3.1 -> 0.3.2" + [[audits.tracing]] who = "Kunal Mehta " criteria = "safe-to-run" @@ -93,6 +119,13 @@ criteria = "safe-to-run" delta = "4.0.2 -> 4.3.0" notes = "Windows-specific code was not reviewed." +[[trusted.atomic-waker]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2023-01-15" +end = "2024-11-17" +notes = "Rust Project member" + [[trusted.flate2]] criteria = "safe-to-deploy" user-id = 4333 @@ -128,6 +161,13 @@ start = "2020-10-05" end = "2024-08-29" notes = "Rust Project member" +[[trusted.h2]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-03-13" +end = "2024-11-17" +notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" + [[trusted.home]] criteria = "safe-to-deploy" user-id = 6202 # Eric Huss (ehuss) @@ -135,6 +175,27 @@ start = "2023-04-25" end = "2024-09-12" notes = "Rust Project member" +[[trusted.http]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-04-05" +end = "2024-11-17" +notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" + +[[trusted.http-body-util]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2022-10-25" +end = "2024-11-17" +notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" + +[[trusted.hyper]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-03-01" +end = "2024-11-17" +notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" + [[trusted.hyper-tls]] criteria = "safe-to-deploy" user-id = 359 # Sean McArthur (seanmonstar) @@ -142,6 +203,13 @@ start = "2019-03-19" end = "2024-09-12" notes = "per https://github.com/freedomofpress/securedrop-engineering/pull/87" +[[trusted.hyper-util]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2022-01-15" +end = "2024-11-17" +notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" + [[trusted.indexmap]] criteria = "safe-to-deploy" user-id = 539 # Josh Stone (cuviper) @@ -191,6 +259,20 @@ start = "2023-03-24" end = "2024-08-12" notes = "Rust Project member" +[[trusted.pin-project]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-03-02" +end = "2024-11-17" +notes = "Rust Project member" + +[[trusted.pin-project-internal]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-08-11" +end = "2024-11-17" +notes = "Rust Project member" + [[trusted.prettyplease]] criteria = "safe-to-deploy" user-id = 3618 # David Tolnay (dtolnay) @@ -289,6 +371,13 @@ start = "2021-01-12" end = "2024-09-12" notes = "per https://github.com/freedomofpress/securedrop-engineering/pull/87" +[[trusted.tower-layer]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2019-04-27" +end = "2024-11-17" +notes = "Rust Project member" + [[trusted.wasm-bindgen-futures]] criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 6cb9e5fa4a..d6cd7f2976 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1,6 +1,13 @@ # cargo-vet imports lock +[[publisher.atomic-waker]] +version = "1.1.0" +when = "2023-01-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + [[publisher.cexpr]] version = "0.6.0" when = "2021-10-11" @@ -43,6 +50,13 @@ user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" +[[publisher.h2]] +version = "0.4.5" +when = "2024-05-17" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + [[publisher.home]] version = "0.5.9" when = "2023-12-15" @@ -50,9 +64,37 @@ user-id = 6202 user-login = "ehuss" user-name = "Eric Huss" +[[publisher.http]] +version = "1.1.0" +when = "2024-03-04" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.http-body-util]] +version = "0.1.1" +when = "2024-03-11" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.hyper]] +version = "1.3.1" +when = "2024-04-16" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + [[publisher.hyper-tls]] -version = "0.5.0" -when = "2020-12-29" +version = "0.6.0" +when = "2023-11-27" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.hyper-util]] +version = "0.1.3" +when = "2024-01-31" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -99,6 +141,20 @@ user-id = 163 user-login = "alex" user-name = "Alex Gaynor" +[[publisher.pin-project]] +version = "1.1.5" +when = "2024-03-05" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.pin-project-internal]] +version = "1.1.5" +when = "2024-03-05" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + [[publisher.prettyplease]] version = "0.2.16" when = "2024-01-02" @@ -114,8 +170,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.reqwest]] -version = "0.11.24" -when = "2024-01-31" +version = "0.12.4" +when = "2024-04-19" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -260,11 +316,16 @@ Still looks like a good DWARF-parsing crate, nothing major was added or deleted and no `unsafe` code to review here. """ -[[audits.bytecode-alliance.audits.http]] +[[audits.bytecode-alliance.audits.http-body]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "1.0.0-rc.2" + +[[audits.bytecode-alliance.audits.http-body]] who = "Alex Crichton " criteria = "safe-to-deploy" -delta = "0.2.9 -> 1.0.0" -notes = "Minor changes leading up to the 1.0.0 release and nothing fundamentally new here." +delta = "1.0.0-rc.2 -> 1.0.0" +notes = "Only minor changes made for a stable release." [[audits.bytecode-alliance.audits.idna]] who = "Alex Crichton " @@ -582,42 +643,6 @@ criteria = "safe-to-deploy" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.3.18" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.3.18 -> 0.3.19" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.3.19 -> 0.3.20" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.3.20 -> 0.3.21" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.3.21 -> 0.3.24" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.h2]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.3.24 -> 0.3.26" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.hashbrown]] who = "Nicholas Bishop " criteria = "safe-to-run" @@ -630,36 +655,12 @@ criteria = "safe-to-run" delta = "0.13.2 -> 0.14.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.http]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.2.9" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.http-body]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.4.5" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.httparse]] who = "George Burgess IV " criteria = "safe-to-run" version = "1.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.httpdate]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "1.0.3" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.hyper]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.14.27" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.itertools]] who = "ChromeOS" criteria = "safe-to-run" @@ -890,6 +891,12 @@ criteria = "safe-to-run" version = "0.4.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.smallvec]] +who = "Android Legacy" +criteria = "safe-to-run" +version = "1.6.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.socket2]] who = "Vovo Yang " criteria = "safe-to-run" @@ -915,6 +922,18 @@ criteria = "safe-to-run" version = "3.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.tower]] +who = "ChromeOS" +criteria = "safe-to-run" +version = "0.4.13" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.tower-layer]] +who = "ChromeOS" +criteria = "safe-to-run" +version = "0.3.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.tower-service]] who = "ChromeOS" criteria = "safe-to-run" @@ -973,13 +992,12 @@ delta = "0.21.4 -> 0.21.5" [[audits.isrg.audits.base64]] who = "Brandon Pitman " criteria = "safe-to-run" -delta = "0.21.5 -> 0.21.6" -notes = "sourcegraph-based diff did not see the v0.21.6 tag; I retrieved a local copy of the repo and used that for diff'ing." +delta = "0.21.7 -> 0.22.0" [[audits.isrg.audits.base64]] who = "David Cook " criteria = "safe-to-run" -delta = "0.21.6 -> 0.21.7" +delta = "0.22.0 -> 0.22.1" [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " @@ -1183,6 +1201,12 @@ delta = "0.3.0 -> 0.4.0" notes = "Primarily adding a no_std mode" aggregated-from = "https://raw.githubusercontent.com/freedomofpress/securedrop/develop/supply-chain/audits.toml" +[[audits.securedrop.audits.smallvec]] +who = "Kunal Mehta " +criteria = "safe-to-run" +delta = "1.6.1 -> 1.11.1" +aggregated-from = "https://raw.githubusercontent.com/freedomofpress/securedrop/develop/supply-chain/audits.toml" + [[audits.zcash.audits.anyhow]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1211,6 +1235,12 @@ being mmapped and loaded. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.base64]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.21.5 -> 0.21.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.bytes]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1293,24 +1323,6 @@ notes = """ """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.http]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.0 -> 0.2.11" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.http-body]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.4.5 -> 0.4.6" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.hyper]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.14.27 -> 0.14.28" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.ipnet]] who = "Jack Grigg " criteria = "safe-to-deploy"