From 04efe7bb7512f5bb36b15ca1c1266c1db953f016 Mon Sep 17 00:00:00 2001 From: Markus Unterwaditzer Date: Thu, 30 Oct 2025 13:17:37 +0100 Subject: [PATCH] One pass of cargo-audit Upgrade some yanked dependencies to non-yanked (windows-core) and ignore the other two warnings. --- .cargo/audit.toml | 11 ++++++++++ Cargo.lock | 52 +++++++++++++++++++++++------------------------ 2 files changed, 37 insertions(+), 26 deletions(-) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 0000000..6351cf6 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,11 @@ +[advisories] +ignore = [ + # RSA Marvin Attack in `rsa`, dragged in through rustcrypto (dev builds) + # and adb_client (USB signing only, unrelated to marvin attack which + # targets decryption). + "RUSTSEC-2023-0071", + # paste crate being unmaintained is not important. it's not dealing with + # user-input. we could get rid of this warning by disabling the image + # dependency in adb-client. + "RUSTSEC-2024-0436", +] diff --git a/Cargo.lock b/Cargo.lock index f693544..c94270a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2454,9 +2454,9 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.63" +version = "0.1.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8" +checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -2464,7 +2464,7 @@ dependencies = [ "js-sys", "log", "wasm-bindgen", - "windows-core 0.61.1", + "windows-core 0.57.0", ] [[package]] @@ -5696,7 +5696,7 @@ dependencies = [ "unicode-segmentation", "url", "windows 0.61.1", - "windows-core 0.61.1", + "windows-core 0.61.2", "windows-version", "x11-dl", ] @@ -6851,9 +6851,9 @@ dependencies = [ "webview2-com-macros", "webview2-com-sys", "windows 0.61.1", - "windows-core 0.61.1", - "windows-implement 0.60.0", - "windows-interface 0.59.1", + "windows-core 0.61.2", + "windows-implement 0.60.2", + "windows-interface 0.59.3", ] [[package]] @@ -6875,7 +6875,7 @@ checksum = "36695906a1b53a3bf5c4289621efedac12b73eeb0b89e7e1a89b517302d5d75c" dependencies = [ "thiserror 2.0.12", "windows 0.61.1", - "windows-core 0.61.1", + "windows-core 0.61.2", ] [[package]] @@ -6953,7 +6953,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5ee8f3d025738cb02bad7868bbb5f8a6327501e870bf51f1b455b0a2454a419" dependencies = [ "windows-collections", - "windows-core 0.61.1", + "windows-core 0.61.2", "windows-future", "windows-link 0.1.1", "windows-numerics", @@ -6965,7 +6965,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8" dependencies = [ - "windows-core 0.61.1", + "windows-core 0.61.2", ] [[package]] @@ -6982,14 +6982,14 @@ dependencies = [ [[package]] name = "windows-core" -version = "0.61.1" +version = "0.61.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46ec44dc15085cea82cf9c78f85a9114c463a369786585ad2882d1ff0b0acf40" +checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3" dependencies = [ - "windows-implement 0.60.0", - "windows-interface 0.59.1", + "windows-implement 0.60.2", + "windows-interface 0.59.3", "windows-link 0.1.1", - "windows-result 0.3.3", + "windows-result 0.3.4", "windows-strings", ] @@ -6999,7 +6999,7 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e" dependencies = [ - "windows-core 0.61.1", + "windows-core 0.61.2", "windows-link 0.1.1", "windows-threading", ] @@ -7017,9 +7017,9 @@ dependencies = [ [[package]] name = "windows-implement" -version = "0.60.0" +version = "0.60.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" dependencies = [ "proc-macro2", "quote", @@ -7039,9 +7039,9 @@ dependencies = [ [[package]] name = "windows-interface" -version = "0.59.1" +version = "0.59.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" dependencies = [ "proc-macro2", "quote", @@ -7066,7 +7066,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1" dependencies = [ - "windows-core 0.61.1", + "windows-core 0.61.2", "windows-link 0.1.1", ] @@ -7081,18 +7081,18 @@ dependencies = [ [[package]] name = "windows-result" -version = "0.3.3" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b895b5356fc36103d0f64dd1e94dfa7ac5633f1c9dd6e80fe9ec4adef69e09d" +checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6" dependencies = [ "windows-link 0.1.1", ] [[package]] name = "windows-strings" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a7ab927b2637c19b3dbe0965e75d8f2d30bdd697a1516191cad2ec4df8fb28a" +checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57" dependencies = [ "windows-link 0.1.1", ] @@ -7495,7 +7495,7 @@ dependencies = [ "webkit2gtk-sys", "webview2-com", "windows 0.61.1", - "windows-core 0.61.1", + "windows-core 0.61.2", "windows-version", "x11-dl", ]