package and supply chain updates to fix vulnerabilities

h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all
bytecodealliance · May 16, 2023 · f44643f · f44643f
1 parent fec30b3
commit f44643f
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 25 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
@@ -1353,6 +1353,11 @@ criteria = "safe-to-deploy"
 delta = "0.25.6 -> 0.25.7"
 notes = "This is a minor bug-fix update."
 
+[[audits.tempfile]]
+who = "Pat Hickey <phickey@fastly.com>"
+criteria = "safe-to-deploy"
+delta = "3.3.0 -> 3.5.0"
+
 [[audits.test-log]]
 who = "Pat Hickey <phickey@fastly.com>"
 criteria = "safe-to-deploy"

diff --git a/supply-chain/config.toml b/supply-chain/config.toml
@@ -320,7 +320,7 @@ version = "0.10.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.h2]]
-version = "0.3.16"
+version = "0.3.19"
 criteria = "safe-to-deploy"
 notes = "we are exempting tokio, hyper, and their tightly coupled dependencies by the same authors, expecting that the authors at aws will publish attestions we can import at some point soon"
 
@@ -637,6 +637,10 @@ criteria = "safe-to-deploy"
 version = "0.2.13"
 criteria = "safe-to-deploy"
 
+[[exemptions.redox_syscall]]
+version = "0.3.5"
+criteria = "safe-to-deploy"
+
 [[exemptions.redox_users]]
 version = "0.4.3"
 criteria = "safe-to-deploy"
@@ -657,10 +661,6 @@ criteria = "safe-to-deploy"
 version = "2.2.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.remove_dir_all]]
-version = "0.5.3"
-criteria = "safe-to-deploy"
-
 [[exemptions.ring]]
 version = "0.16.20"
 criteria = "safe-to-deploy"