From 5494ef052b9951bfb8440ad668e7d81801d89ac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robin=20Thunstr=C3=B6m?= Date: Wed, 26 Jun 2024 16:02:02 +0200 Subject: [PATCH] Update cargo vet, cargo fmt and cargo.lock to fix CI (#220) ### Checklist * [x] I have read the [Contributor Guide](../CONTRIBUTING.md) * [x] I have read and agree to the [Code of Conduct](../CODE_OF_CONDUCT.md) * [x] I have added a description of my changes and why I'd like them included in the section below --- Cargo.lock | 8 ++ puffin/src/lib.rs | 9 +-- puffin_http/src/server.rs | 12 +-- supply-chain/config.toml | 48 +----------- supply-chain/imports.lock | 159 +++++++++++++++++++++++++++++++++----- 5 files changed, 161 insertions(+), 75 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5f3579d4..a8d32977 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1624,6 +1624,12 @@ dependencies = [ "windows-targets 0.48.5", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "percent-encoding" version = "2.3.1" @@ -1758,7 +1764,9 @@ dependencies = [ "anyhow", "crossbeam-channel", "log", + "once_cell", "parking_lot", + "paste", "puffin", "simple_logger", ] diff --git a/puffin/src/lib.rs b/puffin/src/lib.rs index 2b034f07..769b7757 100644 --- a/puffin/src/lib.rs +++ b/puffin/src/lib.rs @@ -231,20 +231,19 @@ macro_rules! profile_function { }; } - /// Profile the current scope with the given name (unique in the parent scope). -/// +/// /// This macro is identical to [profile_scope], except that it expands to the expression /// containing the profiling scope, as opposed to [profile_scope] which expands to a /// variable (which cannot be accessed due to macro hygiene). /// /// This allows for profiling scopes to persist for a custom duration. -/// +/// /// # Example -/// +/// /// ```rust /// # use std::iter::FromIterator as _; -/// # +/// # /// # pub mod rayon { pub mod prelude { /// # pub fn for_each_init(vec: &std::vec::Vec, init: fn() -> I, body: fn ((I, T)) -> ()) { /// # } diff --git a/puffin_http/src/server.rs b/puffin_http/src/server.rs index 05763aeb..6b89fc8f 100644 --- a/puffin_http/src/server.rs +++ b/puffin_http/src/server.rs @@ -86,7 +86,7 @@ impl Server { /// // Remove /// |id| _ = get_custom_profiler().remove_sink(id) /// ); - /// + /// /// // Create some custom threads where we use the custom profiler and server /// std::thread::scope(|scope| { /// scope.spawn(move ||{ @@ -124,7 +124,7 @@ impl Server { /// ```rust /// # use std::thread::sleep; /// # use std::time::Duration; - /// + /// /// /// This macro makes it much easier to define profilers /// /// /// /// This macro makes use of the `paste` crate to generate unique identifiers, and `tracing` to log events @@ -137,7 +137,7 @@ impl Server { /// profiler!(@inner { name: $name, port: $port $(,install: |$install_var| $install, drop: |$drop_var| $drop)? }); /// )* /// }; - /// + /// /// (@inner { name: $name:ident, port: $port:expr }) => { /// paste::paste!{ /// #[doc = concat!("The address to bind the ", std::stringify!([< $name:lower >]), " thread profilers' server to")] @@ -203,7 +203,7 @@ impl Server { /// { name: RENDERER, port: 8586 }, /// { name: BACKGROUND, port: 8587 }, /// } - /// + /// /// pub fn demo() { /// std::thread::spawn(|| { /// // Initialise the custom profiler for this thread @@ -223,8 +223,8 @@ impl Server { /// ``` pub fn new_custom( bind_addr: &str, - sink_install: fn (puffin::FrameSink) -> puffin::FrameSinkId, - sink_remove: fn (puffin::FrameSinkId) -> (), + sink_install: fn(puffin::FrameSink) -> puffin::FrameSinkId, + sink_remove: fn(puffin::FrameSinkId) -> (), ) -> anyhow::Result { let tcp_listener = TcpListener::bind(bind_addr).context("binding server TCP socket")?; tcp_listener diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 2895b240..2ff0a637 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -31,10 +31,6 @@ url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-c [imports.zcash] url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" -[policy.errno-dragonfly] -criteria = [] -notes = "Not used, unsupported target" - [policy.orbclient] criteria = [] notes = "Not used, Redox OS-only" @@ -143,10 +139,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.cast]] -version = "0.3.0" -criteria = "safe-to-run" - [[exemptions.cesu8]] version = "1.1.0" criteria = "safe-to-deploy" @@ -191,14 +183,6 @@ criteria = "safe-to-deploy" version = "2.4.0" criteria = "safe-to-deploy" -[[exemptions.core-foundation]] -version = "0.9.4" -criteria = "safe-to-deploy" - -[[exemptions.core-graphics-types]] -version = "0.1.3" -criteria = "safe-to-deploy" - [[exemptions.crc32fast]] version = "1.3.2" criteria = "safe-to-deploy" @@ -211,14 +195,6 @@ criteria = "safe-to-run" version = "0.5.0" criteria = "safe-to-run" -[[exemptions.crossbeam-deque]] -version = "0.8.5" -criteria = "safe-to-run" - -[[exemptions.crossbeam-epoch]] -version = "0.9.18" -criteria = "safe-to-run" - [[exemptions.crossbeam-utils]] version = "0.8.8" criteria = "safe-to-deploy" @@ -239,10 +215,6 @@ criteria = "safe-to-deploy" version = "0.5.2" criteria = "safe-to-deploy" -[[exemptions.downcast-rs]] -version = "1.2.0" -criteria = "safe-to-deploy" - [[exemptions.env_logger]] version = "0.10.1" criteria = "safe-to-deploy" @@ -363,14 +335,6 @@ criteria = "safe-to-deploy" version = "0.11.2" criteria = "safe-to-deploy" -[[exemptions.memmap2]] -version = "0.5.4" -criteria = "safe-to-deploy" - -[[exemptions.memoffset]] -version = "0.6.5" -criteria = "safe-to-deploy" - [[exemptions.memoffset]] version = "0.9.1" criteria = "safe-to-deploy" @@ -427,6 +391,10 @@ criteria = "safe-to-deploy" version = "0.15.10" criteria = "safe-to-deploy" +[[exemptions.paste]] +version = "1.0.15" +criteria = "safe-to-run" + [[exemptions.pkg-config]] version = "0.3.28" criteria = "safe-to-deploy" @@ -455,10 +423,6 @@ criteria = "safe-to-deploy" version = "3.0.0" criteria = "safe-to-deploy" -[[exemptions.quick-xml]] -version = "0.30.0" -criteria = "safe-to-deploy" - [[exemptions.regex-syntax]] version = "0.7.2" criteria = "safe-to-deploy" @@ -535,10 +499,6 @@ criteria = "safe-to-deploy" version = "0.2.9" criteria = "safe-to-deploy" -[[exemptions.tinytemplate]] -version = "1.2.1" -criteria = "safe-to-run" - [[exemptions.toml]] version = "0.8.8" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 3aa7ce83..634adf2e 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -42,6 +42,13 @@ user-id = 6743 user-login = "epage" user-name = "Ed Page" +[[publisher.core-foundation]] +version = "0.9.3" +when = "2022-02-07" +user-id = 5946 +user-login = "jrmuizel" +user-name = "Jeff Muizelaar" + [[publisher.core-foundation-sys]] version = "0.8.4" when = "2023-04-03" @@ -56,6 +63,13 @@ user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" +[[publisher.core-graphics-types]] +version = "0.1.1" +when = "2020-09-15" +user-id = 2396 +user-login = "jdm" +user-name = "Josh Matthews" + [[publisher.ecolor]] version = "0.27.1" when = "2024-03-29" @@ -620,6 +634,15 @@ who = "Radu Matei " criteria = "safe-to-run" version = "11.1.3" +[[audits.firefox.wildcard-audits.core-foundation]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +user-id = 5946 # Jeff Muizelaar (jrmuizel) +start = "2019-03-29" +end = "2023-05-04" +renew = false +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." + [[audits.firefox.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -638,6 +661,15 @@ end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +[[audits.firefox.wildcard-audits.core-graphics-types]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +user-id = 2396 # Josh Matthews (jdm) +start = "2020-07-20" +end = "2023-05-04" +renew = false +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." + [[audits.firefox.wildcard-audits.unicode-segmentation]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -667,11 +699,28 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.73 -> 1.0.78" +[[audits.firefox.audits.core-foundation]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." + [[audits.firefox.audits.core-graphics]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.22.3 -> 0.23.1" +[[audits.firefox.audits.core-graphics-types]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.1.2" + +[[audits.firefox.audits.core-graphics-types]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.1.2 -> 0.1.3" +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." + [[audits.firefox.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -758,26 +807,6 @@ not entirely certain is technically sound, but in either case I am reasonably co it's not exploitable. """ -[[audits.firefox.audits.memmap2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.5.4 -> 0.5.7" - -[[audits.firefox.audits.memmap2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.5.7 -> 0.5.8" - -[[audits.firefox.audits.memmap2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.5.8 -> 0.5.9" - -[[audits.firefox.audits.memmap2]] -who = "Gabriele Svelto " -criteria = "safe-to-deploy" -delta = "0.5.9 -> 0.8.0" - [[audits.firefox.audits.memmap2]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -945,6 +974,12 @@ criteria = "safe-to-deploy" version = "1.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.cast]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.3.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.cfg-if]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -980,12 +1015,36 @@ criteria = "safe-to-deploy" delta = "0.5.7 -> 0.5.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.crossbeam-deque]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.8.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.crossbeam-epoch]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.9.14" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.crossbeam-epoch]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +delta = "0.9.14 -> 0.9.15" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.dirs-sys-next]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.downcast-rs]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.either]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1095,6 +1154,18 @@ criteria = "safe-to-deploy" delta = "0.4.17 -> 0.4.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.memmap2]] +who = "Ying Hsu " +criteria = "safe-to-deploy" +version = "0.8.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.memoffset]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.6.5" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.miniz_oxide]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1170,6 +1241,12 @@ delta = "0.2.9 -> 0.2.13" notes = "Audited at https://fxrev.dev/946396" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.quick-xml]] +who = "Matthew DeVore " +criteria = "safe-to-deploy" +version = "0.30.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.quote]] who = "ChromeOS" criteria = "safe-to-deploy" @@ -1229,6 +1306,12 @@ criteria = "safe-to-deploy" delta = "1.4.0 -> 1.4.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-deploy" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.tracing-core]] who = "David Koloski " criteria = "safe-to-deploy" @@ -1471,6 +1554,42 @@ changes in the build environment. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.crossbeam-deque]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.3 -> 0.8.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.crossbeam-deque]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.5" +notes = "Changes to `unsafe` code look okay." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.crossbeam-epoch]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.15 -> 0.9.16" +notes = "Moved an `unsafe` block while removing `scopeguard` dependency." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.crossbeam-epoch]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.16 -> 0.9.17" +notes = """ +Changes to `unsafe` code are to replace manual pointer logic with equivalent +`unsafe` stdlib methods, now that MSRV is high enough to use them. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.crossbeam-epoch]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.9.17 -> 0.9.18" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy"