From dc9d68b5eddbf33808e6beac17d00d1b05f511bb Mon Sep 17 00:00:00 2001
From: Brandon Pitman <bran@bran.land>
Date: Thu, 17 Oct 2024 11:25:41 -0700
Subject: [PATCH] cargo vet

---
 supply-chain/config.toml  |  4 ----
 supply-chain/imports.lock | 23 +++++++++++++----------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index 104176b2..bfc08a75 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -149,10 +149,6 @@ criteria = "safe-to-run"
 version = "0.3.4"
 criteria = "safe-to-run"
 
-[[exemptions.portable-atomic]]
-version = "1.9.0"
-criteria = "safe-to-deploy"
-
 [[exemptions.ppv-lite86]]
 version = "0.2.16"
 criteria = "safe-to-deploy"
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index b67e3bc7..2d58fcb3 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -590,6 +590,19 @@ version = "0.2.15"
 notes = "All code written or reviewed by Josh Stone."
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.once_cell]]
+who = "Mike Hommey <mh+mozilla@glandium.org>"
+criteria = "safe-to-deploy"
+delta = "1.16.0 -> 1.17.1"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.once_cell]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "1.20.1 -> 1.20.2"
+notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.rand_core]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
@@ -700,16 +713,6 @@ criteria = "safe-to-deploy"
 delta = "2.7.2 -> 2.7.4"
 aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
 
-[[audits.zcash.audits.once_cell]]
-who = "Jack Grigg <jack@z.cash>"
-criteria = "safe-to-deploy"
-delta = "1.17.0 -> 1.17.1"
-notes = """
-Small refactor that reduces the overall amount of `unsafe` code. The new strict provenance
-approach looks reasonable.
-"""
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
 [[audits.zcash.audits.unicode-ident]]
 who = "Daira Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"