From 93bacceee8ca830cc0eb5d25b3be515d82064d88 Mon Sep 17 00:00:00 2001 From: Darioush Jalali Date: Thu, 25 Jun 2026 13:40:32 -0700 Subject: [PATCH 1/3] chore(deps): fix cargo audit advisories --- Cargo.lock | 371 +++++++++-------------------------------------------- Cargo.toml | 2 +- 2 files changed, 63 insertions(+), 310 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 43030ba44c8..9a825cbe2b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -311,17 +311,6 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b34d609dfbaf33d6889b2b7106d3ca345eacad44200913df5ba02bfd31d2ba9" -[[package]] -name = "async-channel" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" -dependencies = [ - "concurrent-queue", - "event-listener", - "futures-core", -] - [[package]] name = "async-trait" version = "0.1.89" @@ -345,7 +334,7 @@ version = "0.28.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07a9b245ba0739fc90935094c29adbaee3f977218b5fb95e822e261cda7f56a3" dependencies = [ - "http 1.3.1", + "http", "log", "native-tls", "serde", @@ -507,10 +496,10 @@ dependencies = [ "bytes", "form_urlencoded", "futures-util", - "http 1.3.1", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-util", "itoa", "matchit", @@ -539,8 +528,8 @@ checksum = "68464cd0412f486726fb3373129ef5d2993f90c34bc2bc1c1e9943b2f4fc7ca6" dependencies = [ "bytes", "futures-core", - "http 1.3.1", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", "mime", "pin-project-lite", @@ -575,9 +564,9 @@ dependencies = [ "bytesize 2.0.1", "cookie", "expect-json", - "http 1.3.1", + "http", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-util", "mime", "pretty_assertions", @@ -1205,15 +1194,6 @@ dependencies = [ "static_assertions", ] -[[package]] -name = "concurrent-queue" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" -dependencies = [ - "crossbeam-utils", -] - [[package]] name = "congestion-model" version = "0.0.0" @@ -1805,14 +1785,12 @@ dependencies = [ [[package]] name = "deadpool" -version = "0.9.5" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "421fe0f90f2ab22016f32a9881be5134fdd71c65298917084b0c7477cbc3856e" +checksum = "5ed5957ff93768adf7a65ab167a17835c3d2c3c50d084fe305174c112f468e2f" dependencies = [ - "async-trait", "deadpool-runtime", "num_cpus", - "retain_mut", "tokio", ] @@ -2306,12 +2284,6 @@ dependencies = [ "uint", ] -[[package]] -name = "event-listener" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" - [[package]] name = "evm" version = "0.39.1" @@ -2411,15 +2383,6 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a" -[[package]] -name = "fastrand" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" -dependencies = [ - "instant", -] - [[package]] name = "fastrand" version = "2.2.0" @@ -2572,9 +2535,9 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures" -version = "0.3.21" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f73fe65f54d1e12b726f517d3e2135ca3125a437b6d998caf1962961f7172d9e" +checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876" dependencies = [ "futures-channel", "futures-core", @@ -2603,9 +2566,9 @@ checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" [[package]] name = "futures-executor" -version = "0.3.21" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9420b90cfa29e327d0429f19be13e7ddb68fa1cccb09d65e5706b8c7a749b8a6" +checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f" dependencies = [ "futures-core", "futures-task", @@ -2618,21 +2581,6 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" -[[package]] -name = "futures-lite" -version = "1.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49a9d51ce47660b1e808d3c990b4709f2f415d928835a17dfd16991515c46bce" -dependencies = [ - "fastrand 1.9.0", - "futures-core", - "futures-io", - "memchr", - "parking", - "pin-project-lite", - "waker-fn", -] - [[package]] name = "futures-macro" version = "0.3.31" @@ -2656,12 +2604,6 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" -[[package]] -name = "futures-timer" -version = "3.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24" - [[package]] name = "futures-util" version = "0.3.31" @@ -2729,17 +2671,6 @@ dependencies = [ "tempfile", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.15" @@ -2802,25 +2733,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "h2" -version = "0.3.26" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" -dependencies = [ - "bytes", - "fnv", - "futures-core", - "futures-sink", - "futures-util", - "http 0.2.12", - "indexmap 2.14.0", - "slab", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "h2" version = "0.4.8" @@ -2832,7 +2744,7 @@ dependencies = [ "fnv", "futures-core", "futures-sink", - "http 1.3.1", + "http", "indexmap 2.14.0", "slab", "tokio", @@ -3023,17 +2935,6 @@ dependencies = [ "windows-sys 0.59.0", ] -[[package]] -name = "http" -version = "0.2.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" -dependencies = [ - "bytes", - "fnv", - "itoa", -] - [[package]] name = "http" version = "1.3.1" @@ -3045,17 +2946,6 @@ dependencies = [ "itoa", ] -[[package]] -name = "http-body" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" -dependencies = [ - "bytes", - "http 0.2.12", - "pin-project-lite", -] - [[package]] name = "http-body" version = "1.0.1" @@ -3063,7 +2953,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", - "http 1.3.1", + "http", ] [[package]] @@ -3074,32 +2964,11 @@ checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" dependencies = [ "bytes", "futures-core", - "http 1.3.1", - "http-body 1.0.1", + "http", + "http-body", "pin-project-lite", ] -[[package]] -name = "http-types" -version = "2.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e9b187a72d63adbfba487f48095306ac823049cb504ee195541e91c7775f5ad" -dependencies = [ - "anyhow", - "async-channel", - "base64 0.13.0", - "futures-lite", - "http 0.2.12", - "infer", - "pin-project-lite", - "rand 0.7.3", - "serde", - "serde_json", - "serde_qs", - "serde_urlencoded", - "url", -] - [[package]] name = "httparse" version = "1.10.1" @@ -3118,30 +2987,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" -[[package]] -name = "hyper" -version = "0.14.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" -dependencies = [ - "bytes", - "futures-channel", - "futures-core", - "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "httparse", - "httpdate", - "itoa", - "pin-project-lite", - "socket2 0.5.8", - "tokio", - "tower-service", - "tracing", - "want", -] - [[package]] name = "hyper" version = "1.7.0" @@ -3152,9 +2997,9 @@ dependencies = [ "bytes", "futures-channel", "futures-core", - "h2 0.4.8", - "http 1.3.1", - "http-body 1.0.1", + "h2", + "http", + "http-body", "httparse", "httpdate", "itoa", @@ -3171,8 +3016,8 @@ version = "0.27.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" dependencies = [ - "http 1.3.1", - "hyper 1.7.0", + "http", + "hyper", "hyper-util", "rustls", "rustls-native-certs", @@ -3188,7 +3033,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0" dependencies = [ - "hyper 1.7.0", + "hyper", "hyper-util", "pin-project-lite", "tokio", @@ -3203,7 +3048,7 @@ checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" dependencies = [ "bytes", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-util", "native-tls", "tokio", @@ -3222,14 +3067,14 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", - "http 1.3.1", - "http-body 1.0.1", - "hyper 1.7.0", + "http", + "http-body", + "hyper", "ipnet", "libc", "percent-encoding", "pin-project-lite", - "socket2 0.6.0", + "socket2", "system-configuration", "tokio", "tower-service", @@ -3510,12 +3355,6 @@ dependencies = [ "web-time", ] -[[package]] -name = "infer" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64e9829a50b42bb782c1df523f78d332fe371b10c661e78b7a3c34b0198e9fac" - [[package]] name = "insta" version = "1.41.1" @@ -4621,7 +4460,7 @@ dependencies = [ "parking_lot 0.12.1", "primitive-types 0.10.1", "rand 0.8.5", - "rand_hc 0.3.1", + "rand_hc", "serde", "tracing", ] @@ -5983,10 +5822,10 @@ dependencies = [ "chrono", "form_urlencoded", "futures", - "http 1.3.1", + "http", "http-body-util", "humantime", - "hyper 1.7.0", + "hyper", "itertools 0.14.0", "parking_lot 0.12.1", "percent-encoding", @@ -6115,7 +5954,7 @@ version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbee664a43e07615731afc539ca60c6d9f1a9425e25ca09c57bc36c87c55852b" dependencies = [ - "http 1.3.1", + "http", "opentelemetry", "opentelemetry-proto", "opentelemetry_sdk", @@ -6221,12 +6060,6 @@ dependencies = [ "syn 1.0.103", ] -[[package]] -name = "parking" -version = "2.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba" - [[package]] name = "parking_lot" version = "0.11.2" @@ -6745,7 +6578,7 @@ dependencies = [ "quinn-udp", "rustc-hash 2.1.2", "rustls", - "socket2 0.6.0", + "socket2", "thiserror 2.0.18", "tokio", "tracing", @@ -6754,9 +6587,9 @@ dependencies = [ [[package]] name = "quinn-proto" -version = "0.11.14" +version = "0.11.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e" dependencies = [ "aws-lc-rs", "bytes", @@ -6783,7 +6616,7 @@ dependencies = [ "cfg_aliases", "libc", "once_cell", - "socket2 0.6.0", + "socket2", "tracing", "windows-sys 0.60.2", ] @@ -6812,19 +6645,6 @@ dependencies = [ "ptr_meta", ] -[[package]] -name = "rand" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" -dependencies = [ - "getrandom 0.1.16", - "libc", - "rand_chacha 0.2.2", - "rand_core 0.5.1", - "rand_hc 0.2.0", -] - [[package]] name = "rand" version = "0.8.5" @@ -6848,16 +6668,6 @@ dependencies = [ "zerocopy 0.8.23", ] -[[package]] -name = "rand_chacha" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" -dependencies = [ - "ppv-lite86", - "rand_core 0.5.1", -] - [[package]] name = "rand_chacha" version = "0.3.1" @@ -6878,15 +6688,6 @@ dependencies = [ "rand_core 0.9.3", ] -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", -] - [[package]] name = "rand_core" version = "0.6.4" @@ -6906,15 +6707,6 @@ dependencies = [ "getrandom 0.3.1", ] -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", -] - [[package]] name = "rand_hc" version = "0.3.1" @@ -7119,11 +6911,11 @@ dependencies = [ "bytes", "futures-core", "futures-util", - "h2 0.4.8", - "http 1.3.1", - "http-body 1.0.1", + "h2", + "http", + "http-body", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-rustls", "hyper-tls", "hyper-util", @@ -7166,11 +6958,11 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", - "h2 0.4.8", - "http 1.3.1", - "http-body 1.0.1", + "h2", + "http", + "http-body", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-rustls", "hyper-tls", "hyper-util", @@ -7222,12 +7014,6 @@ dependencies = [ "nearcore", ] -[[package]] -name = "retain_mut" -version = "0.1.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4389f1d5789befaf6029ebd9f7dac4af7f7e3d61b69d4f30e2ac02b57e7712b0" - [[package]] name = "rfc6979" version = "0.4.0" @@ -7438,7 +7224,7 @@ dependencies = [ "bytes", "futures-core", "futures-util", - "http 1.3.1", + "http", "mime", "rand 0.9.0", "thiserror 2.0.18", @@ -7460,7 +7246,7 @@ dependencies = [ "futures", "hex", "hmac 0.12.1", - "http 1.3.1", + "http", "log", "maybe-async", "md5", @@ -7888,17 +7674,6 @@ dependencies = [ "serde", ] -[[package]] -name = "serde_qs" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7715380eec75f029a4ef7de39a9200e0a63823176b759d055b613f5a87df6a6" -dependencies = [ - "percent-encoding", - "serde", - "thiserror 1.0.50", -] - [[package]] name = "serde_repr" version = "0.1.19" @@ -8134,16 +7909,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "socket2" -version = "0.5.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "socket2" version = "0.6.0" @@ -8420,7 +8185,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c317e0a526ee6120d8dabad239c8dadca62b24b6f168914bbbc8e2fb1f0e567" dependencies = [ "cfg-if", - "fastrand 2.2.0", + "fastrand", "getrandom 0.3.1", "once_cell", "rustix", @@ -8727,7 +8492,7 @@ dependencies = [ "pin-project-lite", "signal-hook-registry", "slab", - "socket2 0.6.0", + "socket2", "tokio-macros", "windows-sys 0.59.0", ] @@ -8844,10 +8609,10 @@ dependencies = [ "async-trait", "base64 0.22.1", "bytes", - "http 1.3.1", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", - "hyper 1.7.0", + "hyper", "hyper-timeout", "hyper-util", "percent-encoding", @@ -8889,8 +8654,8 @@ dependencies = [ "bitflags 2.11.0", "bytes", "futures-util", - "http 1.3.1", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", "iri-string", "pin-project-lite", @@ -9192,7 +8957,6 @@ dependencies = [ "form_urlencoded", "idna", "percent-encoding", - "serde", ] [[package]] @@ -9289,12 +9053,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "waker-fn" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317211a0dc0ceedd78fb2ca9a44aed3d7b9b26f81870d485c07122b4350673b7" - [[package]] name = "walkdir" version = "2.3.2" @@ -9316,12 +9074,6 @@ dependencies = [ "try-lock", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" @@ -10270,24 +10022,25 @@ dependencies = [ [[package]] name = "wiremock" -version = "0.5.22" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13a3a53eaf34f390dd30d7b1b078287dd05df2aa2e21a589ccb80f5c7253c2e9" +checksum = "08db1edfb05d9b3c1542e521aea074442088292f00b5f28e435c714a98f85031" dependencies = [ "assert-json-diff", - "async-trait", - "base64 0.21.0", + "base64 0.22.1", "deadpool", "futures", - "futures-timer", - "http-types", - "hyper 0.14.28", + "http", + "http-body-util", + "hyper", + "hyper-util", "log", "once_cell", "regex", "serde", "serde_json", "tokio", + "url", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 319f66546b9..27ebd416db9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -419,7 +419,7 @@ winapi = { version = "0.3", features = [ "winnt", "impl-default", ] } -wiremock = "0.5.19" +wiremock = "0.6.5" xshell = "0.2.1" xz2 = "0.1.6" yansi = "0.5.1" From 6858c7fd610be8a9e0e8345a21048fb2402b78b6 Mon Sep 17 00:00:00 2001 From: Darioush Jalali Date: Thu, 25 Jun 2026 13:45:02 -0700 Subject: [PATCH 2/3] chore(deps): ignore unreachable memmap2 advisory --- .cargo/audit.toml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 6c0df9c043b..bb2041e9017 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -38,4 +38,12 @@ ignore = [ # and nearcore has no custom `log::Log` impl (logging goes through tracing). # Fixed in rand >= 0.9.3 / >= 0.10.1; 0.8.x has no patch and 0.7.3/0.9.0 are transitive. "RUSTSEC-2026-0097", + + # RUSTSEC-2026-0186: memmap2 unsoundness is confined to advise_range/flush_range/ + # flush_async_range/unchecked_advise_range. dynasmrt 2.0 (its only consumer here, via + # the near-vm singlepass JIT; the wasmtime path does not use dynasmrt) calls none of + # these, only map_anon/make_exec/make_mut. The fix is in memmap2 >= 0.9.11, unreachable + # without upgrading dynasmrt 2.0 -> 3.0, a 260-callsite migration of the x86-64 emitter. + # TODO: remove this entry when near-vm is deprecated in favor of the wasmtime path. + "RUSTSEC-2026-0186", ] From fb19366fc5b80d06f53a950cf6eaa33105de002e Mon Sep 17 00:00:00 2001 From: Darioush Jalali Date: Thu, 25 Jun 2026 13:47:38 -0700 Subject: [PATCH 3/3] chore(deps): drop stale lock_api audit ignore --- .cargo/audit.toml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.cargo/audit.toml b/.cargo/audit.toml index bb2041e9017..eda2b789052 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -6,9 +6,6 @@ ignore = [ # It cannot be a security liability in production, considering it only provides bindings to the OS X kernel. "RUSTSEC-2020-0168", - # older versions of parking-lot are vulnerable, but used by reed-solomon-erasure. - "RUSTSEC-2020-0070", - # proc-macro-error is unmaintained, but hard to replace right now (via dynasm). # Follow https://github.com/Kyuuhachi/syn_derive/issues/4 "RUSTSEC-2024-0370", @@ -43,7 +40,7 @@ ignore = [ # flush_async_range/unchecked_advise_range. dynasmrt 2.0 (its only consumer here, via # the near-vm singlepass JIT; the wasmtime path does not use dynasmrt) calls none of # these, only map_anon/make_exec/make_mut. The fix is in memmap2 >= 0.9.11, unreachable - # without upgrading dynasmrt 2.0 -> 3.0, a 260-callsite migration of the x86-64 emitter. + # without a breaking dynasmrt 2.0 -> 3.0 upgrade of the x86-64 emitter. # TODO: remove this entry when near-vm is deprecated in favor of the wasmtime path. "RUSTSEC-2026-0186", ]