From 999f8552ad82462e0b61637ed00bda5480ad0410 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Fri, 5 Jan 2024 16:01:46 -0500
Subject: [PATCH 1/2] Import other SecureDrop Rust audits

There's nothing else in this repository yet, but in the future this will
contain imports from other SecureDrop repositories that can be imported.
---
 supply-chain/config.toml  | 3 +++
 supply-chain/imports.lock | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index ea6f9707c8..14fbc7524a 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -17,6 +17,9 @@ url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/au
 [imports.mozilla]
 url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
 
+[imports.securedrop]
+url = "https://raw.githubusercontent.com/freedomofpress/securedrop-supply-chain/main/audits.toml"
+
 [imports.zcash]
 url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml"
 
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index fe50794f69..019d6ef1ea 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -809,6 +809,8 @@ criteria = "safe-to-deploy"
 delta = "0.3.8 -> 0.3.13"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[audits.securedrop.audits]
+
 [[audits.zcash.audits.block-buffer]]
 who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"

From e7a6a0432491cdfaa4af817bf5d3cc1cfdaba098 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Fri, 5 Jan 2024 16:02:01 -0500
Subject: [PATCH 2/2] Upgrade to cargo-vet 0.9.0

---
 .github/workflows/cargo-vet.yml | 2 +-
 supply-chain/config.toml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cargo-vet.yml b/.github/workflows/cargo-vet.yml
index d6873f95bc..49626a3a13 100644
--- a/.github/workflows/cargo-vet.yml
+++ b/.github/workflows/cargo-vet.yml
@@ -11,7 +11,7 @@ jobs:
     # Keep version in sync with rust-toolchain.toml
     container: rust:1.74.1
     env:
-      CARGO_VET_VERSION: 0.8.0
+      CARGO_VET_VERSION: 0.9.0
     steps:
     - uses: actions/checkout@v4
     - uses: actions/cache@v2
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index 14fbc7524a..4fa743770e 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -3,7 +3,7 @@
 default-criteria = "safe-to-run"
 
 [cargo-vet]
-version = "0.8"
+version = "0.9"
 
 [imports.bytecode-alliance]
 url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"