From c6a68d8dd7d43ec18676e71b1f2ea642a4529885 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:29:58 +0000 Subject: [PATCH 1/2] build(deps): Bump serde from 1.0.197 to 1.0.199 Bumps [serde](https://github.com/serde-rs/serde) from 1.0.197 to 1.0.199. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.197...v1.0.199) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c8c54ad2a..bf1b6fa72 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -957,18 +957,18 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.199" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "0c9f6e76df036c77cd94996771fb40db98187f096dd0b9af39c6c6e452ba966a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.199" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "11bd257a6541e141e42ca6d24ae26f7714887b47e89aa739099104c7e4d3b7fc" dependencies = [ "proc-macro2", "quote", From 30bd4289b29664d3e50e71a99aa438b8a359867d Mon Sep 17 00:00:00 2001 From: Brandon Pitman Date: Mon, 29 Apr 2024 11:09:01 -0700 Subject: [PATCH 2/2] cargo vet --- supply-chain/config.toml | 4 ---- supply-chain/imports.lock | 22 ++++++++++++++-------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 8a239b9a0..2c74df52c 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -203,10 +203,6 @@ criteria = "safe-to-run" version = "0.16.0" criteria = "safe-to-run" -[[exemptions.tinytemplate]] -version = "1.2.1" -criteria = "safe-to-run" - [[exemptions.typenum]] version = "1.15.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 066891ab5..574007e03 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -100,8 +100,15 @@ user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.serde]] -version = "1.0.197" -when = "2024-02-20" +version = "1.0.199" +when = "2024-04-27" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.serde_derive]] +version = "1.0.199" +when = "2024-04-27" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -416,12 +423,11 @@ criteria = "safe-to-run" version = "1.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.serde_derive]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.0.197" -notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.version_check]] who = "George Burgess IV "