From 45ce6c3576b9923c0463de527f61d79139d7515c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Oct 2024 18:32:23 +0000 Subject: [PATCH] build(deps): Bump once_cell from 1.20.1 to 1.20.2 (#1121) --- Cargo.lock | 13 ++----------- Cargo.toml | 2 +- supply-chain/config.toml | 4 ---- supply-chain/imports.lock | 23 +++++++++++++---------- 4 files changed, 16 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d295b567..046995cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -626,12 +626,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.20.1" +version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82881c4be219ab5faaf2ad5e5e5ecdff8c66bd7402ca3160975c93b24961afd1" -dependencies = [ - "portable-atomic", -] +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" [[package]] name = "oorandom" @@ -673,12 +670,6 @@ dependencies = [ "plotters-backend", ] -[[package]] -name = "portable-atomic" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc9c68a3f6da06753e9335d63e27f6b9754dd1920d941135b7ea8224f141adb2" - [[package]] name = "ppv-lite86" version = "0.2.16" diff --git a/Cargo.toml b/Cargo.toml index c0d15954..9863eb40 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,7 +45,7 @@ hex-literal = "0.4.1" iai = "0.1" modinverse = "0.1.0" num-bigint = "0.4.6" -once_cell = "1.20.1" +once_cell = "1.20.2" prio = { path = ".", features = ["crypto-dependencies", "test-util"] } statrs = "0.17.1" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 104176b2..bfc08a75 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -149,10 +149,6 @@ criteria = "safe-to-run" version = "0.3.4" criteria = "safe-to-run" -[[exemptions.portable-atomic]] -version = "1.9.0" -criteria = "safe-to-deploy" - [[exemptions.ppv-lite86]] version = "0.2.16" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b67e3bc7..2d58fcb3 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -590,6 +590,19 @@ version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.once_cell]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.17.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.once_cell]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "1.20.1 -> 1.20.2" +notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -700,16 +713,6 @@ criteria = "safe-to-deploy" delta = "2.7.2 -> 2.7.4" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.once_cell]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.17.0 -> 1.17.1" -notes = """ -Small refactor that reduces the overall amount of `unsafe` code. The new strict provenance -approach looks reasonable. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.unicode-ident]] who = "Daira Hopwood " criteria = "safe-to-deploy"