diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 104176b2..bfc08a75 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -149,10 +149,6 @@ criteria = "safe-to-run" version = "0.3.4" criteria = "safe-to-run" -[[exemptions.portable-atomic]] -version = "1.9.0" -criteria = "safe-to-deploy" - [[exemptions.ppv-lite86]] version = "0.2.16" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b67e3bc7..2d58fcb3 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -590,6 +590,19 @@ version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.once_cell]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.17.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.once_cell]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "1.20.1 -> 1.20.2" +notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -700,16 +713,6 @@ criteria = "safe-to-deploy" delta = "2.7.2 -> 2.7.4" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.once_cell]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.17.0 -> 1.17.1" -notes = """ -Small refactor that reduces the overall amount of `unsafe` code. The new strict provenance -approach looks reasonable. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.unicode-ident]] who = "Daira Hopwood " criteria = "safe-to-deploy"