From 6a8a95dd42a2183ba83723d90d15c8100653b8a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Feb 2024 23:06:23 +0000
Subject: [PATCH] build(deps): Bump aes from 0.8.3 to 0.8.4 (#950)

* build(deps): Bump aes from 0.8.3 to 0.8.4

Bumps [aes](https://github.com/RustCrypto/block-ciphers) from 0.8.3 to 0.8.4.
- [Commits](https://github.com/RustCrypto/block-ciphers/compare/aes-v0.8.3...aes-v0.8.4)

---
updated-dependencies:
- dependency-name: aes
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* import cargo vet audits from main

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Geoghegan <timg@divviup.org>
---
 Cargo.lock                |  4 ++--
 Cargo.toml                |  2 +-
 supply-chain/imports.lock | 10 ++++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 992dda6a..aef921ff 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4,9 +4,9 @@ version = 3
 
 [[package]]
 name = "aes"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2"
+checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
  "cfg-if",
  "cipher",
diff --git a/Cargo.toml b/Cargo.toml
index 4a31fd1a..20c88ac9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,7 +11,7 @@ rust-version = "1.71"
 resolver = "2"
 
 [dependencies]
-aes = { version = "0.8.3", optional = true }
+aes = { version = "0.8.4", optional = true }
 bitvec = { version = "1.0.1", optional = true }
 byteorder = "1.5.0"
 ctr = { version = "0.9.2", optional = true }
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index eefd27c7..26f4512b 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -440,6 +440,16 @@ criteria = "safe-to-run"
 version = "2.3.2"
 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
 
+[[audits.isrg.audits.aes]]
+who = "Tim Geoghegan <timg@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.8.3 -> 0.8.4"
+notes = """
+Change affects some unsafe code. The only functional change is to add an
+assertion checking alignment and to change an `as *mut u32` cast to a
+call to `std::pointer::cast`.
+"""
+
 [[audits.isrg.audits.base64]]
 who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-run"