Stream: git-wasmtime

Topic: wasmtime / issue #6706 bump toml to 0.7

view this post on Zulip Wasmtime GitHub notifications bot (Jul 07 2023 at 23:37):

xxchan commented on issue #6706:

 cargo vet
Vetting Failed!

7 unvetted dependencies:
  equivalent:1.0.0 missing ["safe-to-deploy"]
  hashbrown:0.14.0 missing ["safe-to-deploy"]
  serde_spanned:0.6.3 missing ["safe-to-deploy"]
  toml:0.7.6 missing ["safe-to-deploy"]
  toml_datetime:0.6.3 missing ["safe-to-deploy"]
  toml_edit:0.19.12 missing ["safe-to-deploy"]
  winnow:0.4.8 missing ["safe-to-deploy"]

recommended audits for safe-to-deploy:
    Command                                 Publisher  Used By                                    Audit Size
    cargo vet diff toml 0.7.4 0.7.6         epage      winch-tools, wasmtime-cache, and 3 others  3 files changed, 26 insertions(+), 15 deletions(-)
      NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml epage
    cargo vet inspect equivalent 1.0.0      cuviper    indexmap                                   402 lines
      NOTE: this project trusts Josh Stone (cuviper) - consider cargo vet trust equivalent or cargo vet trust --all cuviper
    cargo vet inspect serde_spanned 0.6.3   epage      toml and toml_edit                         563 lines
      NOTE: this project trusts Ed Page (epage) - consider cargo vet trust serde_spanned or cargo vet trust --all epage
    cargo vet inspect toml_datetime 0.6.3   epage      toml and toml_edit                         976 lines
      NOTE: cargo vet import zcash would eliminate this
      NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml_datetime or cargo vet trust --all epage
    cargo vet diff hashbrown 0.13.2 0.14.0  Amanieu    indexmap                                   23 files changed, 1885 insertions(+), 573 deletions(-)
      NOTE: cargo vet import zcash would eliminate this
      NOTE: this project trusts Amanieu d'Antras (Amanieu) - consider cargo vet trust hashbrown or cargo vet trust --all Amanieu
    cargo vet inspect toml_edit 0.19.12     epage      toml                                       16229 lines
      NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml_edit epage
    cargo vet inspect winnow 0.4.8          epage      toml_edit                                  26666 lines
      NOTE: this project trusts Ed Page (epage) - consider cargo vet trust winnow or cargo vet trust --all epage

estimated audit backlog: 47335 lines

Use |cargo vet certify| to record the audits.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 07 2023 at 23:37):

xxchan commented on issue #6706:

cc @jameysharp

view this post on Zulip Wasmtime GitHub notifications bot (Jul 20 2023 at 18:26):

jameysharp commented on issue #6706:

I haven't forgotten about this.

For one thing, I got sidetracked looking at zstd due to your previous PR. Fixes to zstd bugs are merged now (gyscos/zstd-rs#231) so once that's released we should bump that too.

Meanwhile I've audited the changes to the toml crate itself and it's fine, but there are some larger changes in crates it depends on that I got a little stuck reading through.

Last updated: Oct 23 2024 at 20:03 UTC