Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the prod group across 1 directory with 13 updates #8640

Closed
wants to merge 7 commits into from
Closed

build(deps): bump the prod group across 1 directory with 13 updates #8640

wants to merge 7 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 24, 2024
edited
Loading

Bumps the prod group with 13 updates in the / directory:

Package From To
clap 4.5.4 4.5.7
lazy_static 1.4.0 1.5.0
toml 0.8.13 0.8.14
tokio 1.37.0 1.38.0
metrics 0.22.3 0.23.0
hyper 0.14.28 1.3.1
metrics-exporter-prometheus 0.14.0 0.15.1
proptest 1.4.0 1.5.0
proptest-derive 0.4.0 0.5.0
console-subscriber 0.2.0 0.3.0
regex 1.10.4 1.10.5
tracing-test 0.2.4 0.2.5
syn 2.0.66 2.0.68

Updates clap from 4.5.4 to 4.5.7

Release notes

Sourced from clap's releases.

v4.5.7

[4.5.7] - 2024-06-10

Fixes

  • Clean up error message when too few arguments for num_args

v4.5.6

[4.5.6] - 2024-06-06

Changelog

Sourced from clap's changelog.

[4.5.7] - 2024-06-10

Fixes

  • Clean up error message when too few arguments for num_args

[4.5.6] - 2024-06-06

[4.5.5] - 2024-06-06

Fixes

  • Allow exclusive to override required_unless_present, required_unless_present_any, required_unless_present_all
Commits

Updates lazy_static from 1.4.0 to 1.5.0

Commits

Updates toml from 0.8.13 to 0.8.14

Commits
  • c383efa chore: Release
  • 7bb1781 docs: Update changelog
  • 0af6deb Merge pull request #740 from epage/key-quotes
  • c9e36e7 fix(encode): Prefer literals over escaping double-quotes
  • 42f7a1b test(encode): Show existing quote behavior
  • 9e6290f chore(deps): Update compatible (dev) (#737)
  • dbf1cc1 Merge pull request #736 from epage/snapbox
  • ec9bfd7 chore: Update to snapbox 0.6
  • 881bf67 chore: Remove unused features
  • b62c76e refactor: Resolve deprecations
  • Additional commits viewable in compare view

Updates tokio from 1.37.0 to 1.38.0

Release notes

Sourced from tokio's releases.

Tokio v1.38.0

This release marks the beginning of stabilization for runtime metrics. It stabilizes RuntimeMetrics::worker_count. Future releases will continue to stabilize more metrics.

Added

  • fs: add File::create_new (#6573)
  • io: add copy_bidirectional_with_sizes (#6500)
  • io: implement AsyncBufRead for Join (#6449)
  • net: add Apple visionOS support (#6465)
  • net: implement Clone for NamedPipeInfo (#6586)
  • net: support QNX OS (#6421)
  • sync: add Notify::notify_last (#6520)
  • sync: add mpsc::Receiver::{capacity,max_capacity} (#6511)
  • sync: add split method to the semaphore permit (#6472, #6478)
  • task: add tokio::task::join_set::Builder::spawn_blocking (#6578)
  • wasm: support rt-multi-thread with wasm32-wasi-preview1-threads (#6510)

Changed

  • macros: make #[tokio::test] append #[test] at the end of the attribute list (#6497)
  • metrics: fix blocking_threads count (#6551)
  • metrics: stabilize RuntimeMetrics::worker_count (#6556)
  • runtime: move task out of the lifo_slot in block_in_place (#6596)
  • runtime: panic if global_queue_interval is zero (#6445)
  • sync: always drop message in destructor for oneshot receiver (#6558)
  • sync: instrument Semaphore for task dumps (#6499)
  • sync: use FIFO ordering when waking batches of wakers (#6521)
  • task: make LocalKey::get work with Clone types (#6433)
  • tests: update nix and mio-aio dev-dependencies (#6552)
  • time: clean up implementation (#6517)
  • time: lazily init timers on first poll (#6512)
  • time: remove the true_when field in TimerShared (#6563)
  • time: use sharding for timer implementation (#6534)

Fixed

  • taskdump: allow building taskdump docs on non-unix machines (#6564)
  • time: check for overflow in Interval::poll_tick (#6487)
  • sync: fix incorrect is_empty on mpsc block boundaries (#6603)

Documented

  • fs: rewrite file system docs (#6467)
  • io: fix stdin documentation (#6581)
  • io: fix obsolete reference in ReadHalf::unsplit() documentation (#6498)
  • macros: render more comprehensible documentation for select! (#6468)
  • net: add missing types to module docs (#6482)
  • net: fix misleading NamedPipeServer example (#6590)

... (truncated)

Commits

Updates metrics from 0.22.3 to 0.23.0

Commits

Updates hyper from 0.14.28 to 1.3.1

Release notes

Sourced from hyper's releases.

v1.3.1

Bug Fixes

  • client: revert auto content-length header for some requests (#3633)

v1.3.0

Bug Fixes

  • client: send content-length even with no body (172fdfaf)
  • http2:
    • max_header_list_size(num) defaults to 16kb (203d1b09)
    • initial_max_send_streams defaults to 100 (2d1bd708)
  • server:
    • avoid unwrapping for the Future impl of HTTP/1 UpgradeableConnection (#3627) (b79be911, closes #3621)
    • avoid graceful_shutdown panic on upgraded H1 connection (#3616) (6ecf8521)

Features

  • client:
    • add max_header_list_size(num) to http2::Builder. (1c5b1b87)
    • add max_pending_accept_reset_streams HTTP2 option (#3617) (330ddf1d)
  • ext: implement From ReasonPhrase for Bytes (dc27043a)
  • service: expose Service and HttpService trait unconditionally (6aee2e6e)
  • server: relax 'static from connection IO trait bounds (#3595) (0013bdda)

New Contributors

Full Changelog: hyperium/hyper@v1.2.0...v1.3.0

v1.2.0

Features

  • http1: support configurable max_headers(num) to client and server (#3523) (b1142448)
  • http2:
    • add config for max_local_error_reset_streams in server (#3530) (d7680e30)
    • add initial_max_send_streams method to HTTP/2 client builder (#3524) (fdfa60d9)
      • NOTE: The default for this will change in v1.3 to something conservative. If you have an environment where the server can always accept a large amount of concurrent streams, and depend on that for performance, you should set this option manually.
    • add max_pending_accept_reset_streams(num) back to HTTP/2 server builder (#3507 (a9fa893f)

Bug Fixes

... (truncated)

Changelog

Sourced from hyper's changelog.

v1.3.1 (2024-04-16)

Bug Fixes

  • client: revert auto content-length header for some requests (#3633)

v1.3.0 (2024-04-15)

Bug Fixes

  • client: send content-length even with no body (172fdfaf)
  • http2:
    • max_header_list_size(num) defaults to 16kb (203d1b09)
    • initial_max_send_streams defaults to 100 (2d1bd708)
  • server:
    • avoid unwrapping for the Future impl of HTTP/1 UpgradeableConnection (#3627) (b79be911, closes #3621)
    • avoid graceful_shutdown panic on upgraded H1 connection (#3616) (6ecf8521)

Features

  • client:
    • add max_header_list_size(num) to http2::Builder. (1c5b1b87)
    • add max_pending_accept_reset_streams HTTP2 option (#3617) (330ddf1d)
  • ext: implement From ReasonPhrase for Bytes (dc27043a)
  • service: expose Service and HttpService trait unconditionally (6aee2e6e)
  • server: relax 'static from connection IO trait bounds (#3595) (0013bdda)

v1.2.0 (2024-02-21)

Bug Fixes

  • http2: typo in trace logging (#3536) (79862ec2)
  • rt: Sleep::downcast_mut_pin() no longer extend lifetime (7206fe30, closes #3556)

Features

  • http1: support configurable max_headers(num) to client and server (#3523) (b1142448)
  • http2:
    • add config for max_local_error_reset_streams in server (#3530) (d7680e30)
    • add initial_max_send_streams method to HTTP/2 client builder (#3524) (fdfa60d9)
    • add max_pending_accept_reset_streams(num) back to HTTP/2 server builder (#3507 (a9fa893f)

Breaking Changes

... (truncated)

Commits
  • c78379e v1.3.1
  • 3705a7e Revert "fix(client): send content-length even with no body"
  • d53305a v1.3.0
  • dc27043 feat(ext): implement From ReasonPhrase for Bytes
  • 6aee2e6 feat(service): expose Service and HttpService trait unconditionally
  • 172fdfa fix(client): send content-length even with no body
  • b79be91 fix(server): avoid unwrapping for the Future impl of HTTP/1 `UpgradeableCon...
  • 203d1b0 fix(http2): max_header_list_size(num) defaults to 16kb
  • 1c5b1b8 feat(client): add max_header_list_size(num) to http2::Builder.
  • df33d4d refactor(h1): use UninitSlice::as_uninit_slice_mut() instead of cast (#3618)
  • Additional commits viewable in compare view

Updates metrics-exporter-prometheus from 0.14.0 to 0.15.1

Commits
  • f84efc4 chore: Release
  • 20b6ec5 metrics-exporter-promethus: update CHANGELOG
  • 9f86b53 Try fixing the Discord invite link... again.
  • db56631 Update Discord invite link.
  • 654c3a1 metrics-exporter-prometheus: use hyper-rustls (#489)
  • 4c002c4 typo fix in CHANGELOG.md (#487)
  • 787b170 chore: Release
  • b48ed78 update changelog
  • 82513b3 Relax bounds on some metrics_util::registry::Registry methods (#484)
  • ce9084b permit trailing commans in describe macros (#483)
  • Additional commits viewable in compare view

Updates proptest from 1.4.0 to 1.5.0

Commits
  • ca308b0 Merge pull request #462 from mirandaconrado/master
  • 0a53eda Merge pull request #467 from matthew-russo/macro-0.1
  • 96a2dab Merge pull request #464 from matthew-russo/master
  • f818fa2 Release : prep for proptest-macro 0.1.0 release
  • e275f8a Release : prep for proptest-derive 0.5 release
  • f87ec63 Release : prep for proptest 1.5 release
  • 060cfbe [Doc] Arbitrary : add a note about the derive macro in Arbitrary's documentation
  • 1426f0f Update changelog
  • 7774b9c Detect empty ranges during tree creation
  • 24412f5 Update compiletest_rs requirement from 0.10 to 0.11 (#455)
  • Additional commits viewable in compare view

Updates proptest-derive from 0.4.0 to 0.5.0

Commits
  • ca308b0 Merge pull request #462 from mirandaconrado/master
  • 0a53eda Merge pull request #467 from matthew-russo/macro-0.1
  • 96a2dab Merge pull request #464 from matthew-russo/master
  • f818fa2 Release : prep for proptest-macro 0.1.0 release
  • e275f8a Release : prep for proptest-derive 0.5 release
  • f87ec63 Release : prep for proptest 1.5 release
  • 060cfbe [Doc] Arbitrary : add a note about the derive macro in Arbitrary's documentation
  • 1426f0f Update changelog
  • 7774b9c Detect empty ranges during tree creation
  • 24412f5 Update compiletest_rs requirement from 0.10 to 0.11 (#455)
  • Additional commits viewable in compare view

Updates console-subscriber from 0.2.0 to 0.3.0

Release notes

Sourced from console-subscriber's releases.

console-subscriber-v0.3.0 - (2024-06-10)

Breaking Changes

  • Bump tonic to 0.11 (#547) (ef6816c)This is a breaking change for users of console-api and console-subscriber, as it changes the public tonic dependency to a semver-incompatible version. This breaks compatibility with tonic 0.10.x.

Added

  • Replace target column with kind column in tasks view (#478) (903d9fa)
  • Reduce retention period to fit in max message size (#503) (bd3dd71)
  • Support grpc-web and add grpc-web feature (#498) (4150253)

Documented

Fixed

  • Don't save poll_ops if no-one is receiving them (#501) (1656c79)
  • Ignore metadata that is not a span or event (#554) (852a977)

Updated

Commits
  • b802bf1 chore: release tokio-console-v0.1.11, console-api-v0.7.0, console-subscriber-...
  • 87ba91c chore(console): update cargo dist (#556)
  • dcf8c2c chore: include tonic updates in release notes (#559)
  • 99437b0 chore: automate releases with Release-plz (#545)
  • 852a977 fix(subscriber): ignore metadata that is not a span or event (#554)
  • a0d20fd docs(console): add note about running on Windows (#510)
  • 60bcf87 chore: get rid of remove_dir_all (#542)
  • 1c1d599 chore: bump clap and clap_complete to the latest version (#552)
  • ef6816c chore: bump tonic to 0.11 (#547)
  • 6cbd6db chore(console): bump ratatui to 0.26.2 and crossterm to 0.27.0 (#515)
  • Additional commits viewable in compare view

Updates regex from 1.10.4 to 1.10.5

Changelog

Sourced from regex's changelog.

1.10.5 (2024-06-09)

This is a new patch release with some minor fixes.

Bug fixes:

Commits
  • 0718fc5 1.10.5
  • 377463b changelog: 1.10.4 and 1.10.5
  • 68c4f0b regex-automata-0.4.7
  • 4757b5f regex-syntax-0.8.4
  • 1430b65 changelog: 1.10.4
  • 1f9f9cc bytes: escape invalid UTF-8 bytes in debug output for Match
  • ab4c8d1 doc: fix duplicate phrasing typo
  • ddeb85e cli/deps: update memmap2 to 0.9
  • 023f1c9 lite: fix attribute warning about rustfmt
  • 9c139f4 syntax: simplify Hir::dot constructors
  • Additional commits viewable in compare view

Updates tracing-test from 0.2.4 to 0.2.5

Changelog

Sourced from tracing-test's changelog.

0.2.5 - 2024-06-02

  • [change] Replace lazy_static dependency with std::sync::OnceCell (#36)
  • [change] Update syn (#40)
  • [change] Include license text in the packaged crates (#41)
Commits

Updates syn from 2.0.66 to 2.0.68

Release notes

Sourced from syn's releases.

2.0.68

  • Improve panic location when parse_quote! parses invalid syntax (#1690, thanks @​stepancheg)
  • More efficient peek implementation for Group and Lifetime (#1687)

2.0.67

  • Produce more accurate error message locations for errors located at the end of a nested group (#1679, #1680)
  • Support peeking LitCStr in ParseStream::peek (#1682)
Commits
  • ecb0429 Release 2.0.68
  • 37edbd2 Merge pull request #1690 from stepancheg/track-called
  • 4338772 track-caller in parse_quote_spanned
  • 537b0c5 Update test suite to nightly-2024-06-22
  • b088d5c Merge pull request #1688 from dtolnay/peeklit
  • 9b4e478 Relocate Lit peek impls into lit module
  • 38f2ddb Merge pull request #1687 from dtolnay/fastpeek
  • ef20bfd Optimize the peek impl of Group and Lifetime
  • 4b6c96a Merge pull request #1686 from dtolnay/isempty
  • 87d5792 Reword explanation of ParseBuffer::is_empty
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
hyper [>= 1.a, < 2]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested review from a team as code owners June 24, 2024 15:51
@dependabot dependabot bot added the A-dependencies Area: Dependency file updates label Jun 24, 2024
@dependabot dependabot bot requested a review from a team as a code owner June 24, 2024 15:51
@dependabot dependabot bot added A-rust Area: Updates to Rust code C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG P-Low ❄️ labels Jun 24, 2024
@dependabot dependabot bot requested review from arya2 and upbqdn and removed request for a team June 24, 2024 15:51
@arya2 arya2 self-assigned this Jun 24, 2024
arya2 and others added 3 commits June 24, 2024 13:40
@arya2
Initializes cargo vet in Zebra
a518704
@arya2
adds audits from zcash/zcashd, google, and mozilla as trusted audits
a93b025
@dependabot @arya2
build(deps): bump the prod group across 1 directory with 13 updates
4dee4fe 
Bumps the prod group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.4` | `4.5.7` |
| [lazy_static](https://github.com/rust-lang-nursery/lazy-static.rs) | `1.4.0` | `1.5.0` |
| [toml](https://github.com/toml-rs/toml) | `0.8.13` | `0.8.14` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.37.0` | `1.38.0` |
| [metrics](https://github.com/metrics-rs/metrics) | `0.22.3` | `0.23.0` |
| [hyper](https://github.com/hyperium/hyper) | `0.14.28` | `1.3.1` |
| [metrics-exporter-prometheus](https://github.com/metrics-rs/metrics) | `0.14.0` | `0.15.1` |
| [proptest](https://github.com/proptest-rs/proptest) | `1.4.0` | `1.5.0` |
| [proptest-derive](https://github.com/proptest-rs/proptest) | `0.4.0` | `0.5.0` |
| [console-subscriber](https://github.com/tokio-rs/console) | `0.2.0` | `0.3.0` |
| [regex](https://github.com/rust-lang/regex) | `1.10.4` | `1.10.5` |
| [tracing-test](https://github.com/dbrgn/tracing-test) | `0.2.4` | `0.2.5` |
| [syn](https://github.com/dtolnay/syn) | `2.0.66` | `2.0.68` |



Updates `clap` from 4.5.4 to 4.5.7
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](clap-rs/clap@clap_complete-v4.5.4...v4.5.7)

Updates `lazy_static` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/rust-lang-nursery/lazy-static.rs/releases)
- [Commits](rust-lang-nursery/lazy-static.rs@1.4.0...1.5.0)

Updates `toml` from 0.8.13 to 0.8.14
- [Commits](toml-rs/toml@toml-v0.8.13...toml-v0.8.14)

Updates `tokio` from 1.37.0 to 1.38.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.37.0...tokio-1.38.0)

Updates `metrics` from 0.22.3 to 0.23.0
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml)
- [Commits](metrics-rs/metrics@metrics-v0.22.3...metrics-v0.23.0)

Updates `hyper` from 0.14.28 to 1.3.1
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper@v0.14.28...v1.3.1)

Updates `metrics-exporter-prometheus` from 0.14.0 to 0.15.1
- [Changelog](https://github.com/metrics-rs/metrics/blob/main/release.toml)
- [Commits](metrics-rs/metrics@metrics-exporter-prometheus-v0.14.0...metrics-exporter-prometheus-v0.15.1)

Updates `proptest` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/proptest-rs/proptest/releases)
- [Changelog](https://github.com/proptest-rs/proptest/blob/master/CHANGELOG.md)
- [Commits](proptest-rs/proptest@v1.4.0...v1.5.0)

Updates `proptest-derive` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/proptest-rs/proptest/releases)
- [Changelog](https://github.com/proptest-rs/proptest/blob/master/CHANGELOG.md)
- [Commits](proptest-rs/proptest@0.4.0...proptest-derive-0.5.0)

Updates `console-subscriber` from 0.2.0 to 0.3.0
- [Release notes](https://github.com/tokio-rs/console/releases)
- [Changelog](https://github.com/tokio-rs/console/blob/main/release-plz.toml)
- [Commits](tokio-rs/console@console-subscriber-v0.2.0...console-subscriber-v0.3.0)

Updates `regex` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](rust-lang/regex@1.10.4...1.10.5)

Updates `tracing-test` from 0.2.4 to 0.2.5
- [Changelog](https://github.com/dbrgn/tracing-test/blob/main/CHANGELOG.md)
- [Commits](dbrgn/tracing-test@v0.2.4...v0.2.5)

Updates `syn` from 2.0.66 to 2.0.68
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.66...2.0.68)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: lazy_static
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: toml
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: metrics
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod
- dependency-name: metrics-exporter-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: proptest
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: proptest-derive
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: console-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: tracing-test
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@arya2 arya2 mentioned this pull request Jun 24, 2024
Merged
7 tasks
@arya2 arya2 force-pushed the dependabot/cargo/prod-0f58da088e branch from 224c615 to d3ff131 Compare June 24, 2024 18:55
@arya2 arya2 changed the base branch from main to add-cargo-vet June 24, 2024 18:56
arya2
arya2 reviewed Jun 24, 2024
View reviewed changes
supply-chain/audits.toml
Comment on lines +6 to +82
[[trusted.clap]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2021-12-08"
end = "2025-06-24"

[[trusted.clap_builder]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2023-03-28"
end = "2025-06-24"

[[trusted.clap_derive]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2021-12-08"
end = "2025-06-24"

[[trusted.console-api]]
criteria = "safe-to-deploy"
user-id = 1249 # Eliza Weisman (hawkw)
start = "2021-12-16"
end = "2025-06-24"

[[trusted.console-subscriber]]
criteria = "safe-to-deploy"
user-id = 1249 # Eliza Weisman (hawkw)
start = "2021-12-16"
end = "2025-06-24"

[[trusted.hyper]]
criteria = "safe-to-deploy"
user-id = 359 # Sean McArthur (seanmonstar)
start = "2019-03-01"
end = "2025-06-24"

[[trusted.lazy_static]]
criteria = "safe-to-deploy"
user-id = 539 # Josh Stone (cuviper)
start = "2024-06-21"
end = "2025-06-24"

[[trusted.regex]]
criteria = "safe-to-deploy"
user-id = 189 # Andrew Gallant (BurntSushi)
start = "2019-02-27"
end = "2025-06-24"

[[trusted.syn]]
criteria = "safe-to-deploy"
user-id = 3618 # David Tolnay (dtolnay)
start = "2019-03-01"
end = "2025-06-24"

[[trusted.tokio]]
criteria = "safe-to-deploy"
user-id = 10 # Carl Lerche (carllerche)
start = "2019-03-02"
end = "2025-06-24"

[[trusted.tokio-macros]]
criteria = "safe-to-deploy"
user-id = 10 # Carl Lerche (carllerche)
start = "2019-04-24"
end = "2025-06-24"

[[trusted.toml]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2022-12-14"
end = "2025-06-24"

[[trusted.toml_edit]]
criteria = "safe-to-deploy"
user-id = 6743 # Ed Page (epage)
start = "2021-09-13"
end = "2025-06-24"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except for console-api and console-subscriber (which are for experimental features and rely on setting the tokio_unstable flag), these are trusted in the mozilla audits.toml file.

@arya2 arya2 force-pushed the dependabot/cargo/prod-0f58da088e branch from d3ff131 to 22d015f Compare June 24, 2024 19:02
Base automatically changed from add-cargo-vet to main June 25, 2024 14:03
@arya2 arya2 added the no-review-reminders Turn off review reminders label Jun 25, 2024
@upbqdn upbqdn added the do-not-merge Tells Mergify not to merge this PR label Jun 28, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 1, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jul 1, 2024
@dependabot dependabot bot deleted the dependabot/cargo/prod-0f58da088e branch July 1, 2024 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 left review comments

@upbqdn upbqdn Awaiting requested review from upbqdn upbqdn is a code owner automatically assigned from ZcashFoundation/unsafe-rust-reviewers

Assignees

@arya2 arya2

Labels
A-dependencies Area: Dependency file updates A-rust Area: Updates to Rust code C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG do-not-merge Tells Mergify not to merge this PR no-review-reminders Turn off review reminders P-Low ❄️
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@arya2 @upbqdn