build(deps): Bump getrandom from 0.2.11 to 0.2.12

Cargo.toml

@@ -17,7 +17,7 @@ byteorder = "1.5.0"
 ctr = { version = "0.9.2", optional = true }
 fiat-crypto = { version = "0.2.5", optional = true }
 fixed = { version = "1.23", optional = true }
-getrandom = { version = "0.2.11", features = ["std"] }
+getrandom = { version = "0.2.12", features = ["std"] }
 hmac = { version = "0.12.1", optional = true }
 num-bigint = { version = "0.4.4", optional = true, features = ["rand", "serde"] }
 num-integer = { version = "0.1.45", optional = true }

supply-chain/imports.lock

@@ -451,6 +451,11 @@ who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-run"
 delta = "0.21.6 -> 0.21.7"
 
+[[audits.isrg.audits.getrandom]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.2.11 -> 0.2.12"
+
 [[audits.isrg.audits.once_cell]]
 who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"
@@ -493,6 +498,12 @@ criteria = "safe-to-deploy"
 delta = "1.7.0 -> 1.8.0"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.getrandom]]
+who = "Yannis Juglaret <yjuglaret@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.2.8 -> 0.2.9"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.half]]
 who = "John M. Schanck <jschanck@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -602,50 +613,6 @@ version = "2.5.0"
 notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
-[[audits.zcash.audits.getrandom]]
-who = "Jack Grigg <jack@electriccoin.co>"
-criteria = "safe-to-deploy"
-delta = "0.2.8 -> 0.2.9"
-notes = """
-The new `getrandom_uninit` method is introduced by retrofitting every system
-implementation to take `&mut [MaybeUninit<u8>]` instead of `&mut [u8]`.
-
-Most implementations are only altered to update their signature, and to
-internally cast the slice back to `*mut u8` when writing to it. All of these
-backends appear to write bytes to the full length of the slice, so it should be
-fully initialized afterwards, upholding the invariants of the new `unsafe` code
-in the public APIs.
-
-- I did not check the behaviour of each implementation's system method to ensure
-  they never write uninitialized bytes; the code prior to this change already
-  needed to uphold that invariant as it was writing into `&mut [u8]`.
-
-The following system implementations have additional `unsafe` code modifications:
-
-- `custom`: The slice is zero-filled to ensure the `MaybeUninit<u8>` doesn't
-  escape into a system implementation that might not write initialized bytes
-  into the entire slice. The internal API between registration and usage is also
-  switched from C ABI to Rust ABI, to guard against potential panics.
-
-- `emscripten`: New backend, implementation looks reasonable.
-
-- `hermit`: New backend, writes incrementally to the slice, but ensures that the
-  entire slice has been written to before returning `Ok(())`. I note that it is
-  possible for the implementation to loop indefinitely if `sys_read_entropy`
-  were to always return 0 for some reason.
-
-- `js`: Adds chunking to limit each write to less than 2^31 (but that seems like
-  a bugfix). The safety requirements for `Uint8Array::view_mut_raw` appear to be
-  satisfied.
-
-- `rdrand`: Code changes to better handle CPU families with broken RDRAND.
-
-- `solaris_illumos`: Now uses `GRND_RANDOM`.
-
-- `windows`: Added `RtlGenRandom` fallback for non-UWP Windows.
-"""
-aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
-
 [[audits.zcash.audits.inout]]
 who = "Daira Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"