Fix errors in supply chain security workflow (#4497)

This commit is contained in:
Gerard Guillemas Martos 2024-08-12 20:15:18 +02:00 committed by GitHub
parent d038fb2c7a
commit 828f1c50d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 32 additions and 47 deletions

View file

@ -10,6 +10,8 @@ on:
- Cargo.toml
- core/Cargo.toml
- lib/Cargo.toml
- build.rs
- lib/build.rs
- supply-chain/audits.toml
- supply-chain/config.toml
- supply-chain/imports.lock
@ -23,6 +25,8 @@ on:
- Cargo.toml
- core/Cargo.toml
- lib/Cargo.toml
- build.rs
- lib/build.rs
- supply-chain/audits.toml
- supply-chain/config.toml
- supply-chain/imports.lock

4
Cargo.lock generated
View file

@ -1061,9 +1061,9 @@ dependencies = [
[[package]]
name = "bytemuck"
version = "1.15.0"
version = "1.16.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d6d68c57235a3a081186990eca2867354726650f42f7516ca50c28d6281fd15"
checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83"
[[package]]
name = "byteorder"

View file

@ -794,9 +794,6 @@ allow_unsafe = true
[pkg.time]
allow_unsafe = true
[pkg.crossbeam-channel]
allow_unsafe = true
[pkg.thread_local]
allow_unsafe = true
@ -809,9 +806,6 @@ allow_unsafe = true
[pkg.utf8parse]
allow_unsafe = true
[pkg.retain_mut]
allow_unsafe = true
[pkg.base64ct]
allow_unsafe = true
@ -989,9 +983,6 @@ allow_unsafe = true
[pkg.crossbeam-deque]
allow_unsafe = true
[pkg.crossbeam-queue]
allow_unsafe = true
[pkg.anstream]
allow_unsafe = true
@ -1031,22 +1022,12 @@ allow_unsafe = true
[pkg.geo]
allow_unsafe = true
[pkg.nanorand]
allow_unsafe = true
[pkg.futures-lite]
allow_unsafe = true
[pkg.half]
allow_unsafe = true
[pkg.http-types]
build.allow_apis = [
"fs",
"process",
]
allow_unsafe = true
[pkg.any_ascii]
allow_unsafe = true
@ -1117,9 +1098,6 @@ allow_apis = [
[pkg.predicates]
allow_unsafe = true
[pkg.futures-timer]
allow_unsafe = true
[pkg.rustyline]
allow_unsafe = true
allow_apis = [
@ -1172,6 +1150,9 @@ allow_apis = [
allow_apis = [
"fs",
]
build.allow_build_instructions = [
"cargo::rustc-check-cfg=*",
]
[pkg.surrealdb-core]
allow_unsafe = true
@ -1179,6 +1160,9 @@ allow_apis = [
"net",
"fs",
]
build.allow_build_instructions = [
"cargo::rustc-check-cfg=*",
]
[pkg.assert_fs]
from.test.allow_apis = [

View file

@ -447,10 +447,6 @@ criteria = "safe-to-deploy"
version = "1.1.2"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-channel]]
version = "0.5.11"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-deque]]
version = "0.8.5"
criteria = "safe-to-deploy"
@ -2043,10 +2039,6 @@ criteria = "safe-to-deploy"
version = "0.5.1"
criteria = "safe-to-deploy"
[[exemptions.xattr]]
version = "1.3.1"
criteria = "safe-to-deploy"
[[exemptions.xml-rs]]
version = "0.8.20"
criteria = "safe-to-deploy"

View file

@ -683,6 +683,18 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.bytecode-alliance.audits.xattr]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
notes = "This crate contains `unsafe` calls to libc `extattr_*` functions as one would expect from the crate's purpose."
[[audits.bytecode-alliance.audits.xattr]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.3.1"
notes = "Minor changes to MacOS-specific code."
[[audits.embark-studios.audits.assert-json-diff]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-run"
@ -843,14 +855,14 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p
[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.14.3"
notes = "Additional review notes may be found in https://crrev.com/c/5362675."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.14.3 -> 1.15.0"
version = "1.16.3"
notes = """
Review notes from the original audit (of 1.14.3) may be found in
https://crrev.com/c/5362675. Note that this audit has initially missed UB risk
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
Because of this, the original audit has been edited to certify version `1.16.3`
instead (see also https://crrev.com/c/5771867).
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.difflib]]
@ -1417,13 +1429,6 @@ delta = "0.9.3 -> 0.9.4"
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.11 -> 0.5.12"
notes = "Minimal change fixing a memory leak."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crypto-common]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"