Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cargo-audit for openSUSE:Factory checked in at 2025-03-11 20:45:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cargo-audit (Old) and /work/SRC/openSUSE:Factory/.cargo-audit.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cargo-audit" Tue Mar 11 20:45:07 2025 rev:25 rq:1251916 version:0.21.2~git0.18e58c2 Changes: -------- --- /work/SRC/openSUSE:Factory/cargo-audit/cargo-audit.changes 2025-02-04 18:14:37.868731631 +0100 +++ /work/SRC/openSUSE:Factory/.cargo-audit.new.19136/cargo-audit.changes 2025-03-11 20:46:11.916400818 +0100 @@ -1,0 +2,22 @@ +Tue Mar 04 00:49:12 UTC 2025 - [email protected] + +- Update to version 0.21.2~git0.18e58c2: + * Bump date in changelog + * Reference the incompat issue in changelogs + * Populate cargo-audit changelog + * Bump cargo-audit version + * bump rustsec version requirement in Cargo.toml + * Populate changelog for rustsec + * bump rustsec crate to 0.30.2 + * build(deps): bump tame-index from 0.18.0 to 0.18.1 + * Bump tame-index to 0.18 to gain support for Rust 1.85 + * Suppress Clippy complaint + * Update MSRV in Cargo.toml files + * Try 1.73 MSRV to see if that fixes cvss crate + * Don't bump MSRV on crates that don't depend on gix + * bluntly bump the MSRV to 1.81 as it seems to be required by `tame-index`s dependencies. + * update `gix` to v0.70 and `tame-index` index to 0.17. + * Cargo.lock: bump Abscissa to v0.8.2 (#1326) + * Temporarily ignore RUSTSEC-2025-0001 (#1325) + +------------------------------------------------------------------- Old: ---- rustsec-0.21.1~git0.bd6fb0f.tar.zst New: ---- rustsec-0.21.2~git0.18e58c2.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cargo-audit.spec ++++++ --- /var/tmp/diff_new_pack.GDwgnW/_old 2025-03-11 20:46:13.080449426 +0100 +++ /var/tmp/diff_new_pack.GDwgnW/_new 2025-03-11 20:46:13.084449593 +0100 @@ -20,7 +20,7 @@ %global workspace_name rustsec Name: cargo-audit -Version: 0.21.1~git0.bd6fb0f +Version: 0.21.2~git0.18e58c2 Release: 0 Summary: Audit rust sources for known security vulnerabilities License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+ ++++++ _service ++++++ --- /var/tmp/diff_new_pack.GDwgnW/_old 2025-03-11 20:46:13.128451431 +0100 +++ /var/tmp/diff_new_pack.GDwgnW/_new 2025-03-11 20:46:13.132451598 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/RustSec/rustsec.git</param> <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="scm">git</param> - <param name="revision">cargo-audit/v0.21.1</param> + <param name="revision">cargo-audit/v0.21.2</param> <!-- <param name="revision">main</param> --> <param name="match-tag">cargo-audit/v*</param> <param name="versionrewrite-pattern">.*v(\d+\.\d+\.\d+)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.GDwgnW/_old 2025-03-11 20:46:13.152452432 +0100 +++ /var/tmp/diff_new_pack.GDwgnW/_new 2025-03-11 20:46:13.156452600 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/RustSec/rustsec.git</param> - <param name="changesrevision">bd6fb0fba41246ed860e0e8374d8f31aceabc8f9</param></service></servicedata> + <param name="changesrevision">18e58c28d9e6a542a167f19057c97554ec9b845f</param></service></servicedata> (No newline at EOF) ++++++ rustsec-0.21.1~git0.bd6fb0f.tar.zst -> rustsec-0.21.2~git0.18e58c2.tar.zst ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.cargo/audit.toml new/rustsec-0.21.2~git0.18e58c2/.cargo/audit.toml --- old/rustsec-0.21.1~git0.bd6fb0f/.cargo/audit.toml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.cargo/audit.toml 2025-02-28 12:25:42.000000000 +0100 @@ -1,5 +1,9 @@ [advisories] -ignore = [] +ignore = [ + # gix-worktree-state nonexclusive checkout sets executable files world-writable + # TODO(tarcieri): upgrade `gix` (#1322) + "RUSTSEC-2025-0001", +] [output] quiet = false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/cargo-audit.yml new/rustsec-0.21.2~git0.18e58c2/.github/workflows/cargo-audit.yml --- old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/cargo-audit.yml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.github/workflows/cargo-audit.yml 2025-02-28 12:25:42.000000000 +0100 @@ -60,7 +60,7 @@ - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.74.0 + toolchain: 1.81.0 override: true profile: minimal - uses: Swatinem/rust-cache@v2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/cvss.yml new/rustsec-0.21.2~git0.18e58c2/.github/workflows/cvss.yml --- old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/cvss.yml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.github/workflows/cvss.yml 2025-02-28 12:25:42.000000000 +0100 @@ -23,7 +23,7 @@ strategy: matrix: rust: - - 1.60.0 # MSRV + - 1.73.0 # MSRV - stable steps: - uses: actions/checkout@v4 @@ -40,7 +40,7 @@ strategy: matrix: rust: - - 1.60.0 # MSRV + - 1.73.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/quitters.yml new/rustsec-0.21.2~git0.18e58c2/.github/workflows/quitters.yml --- old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/quitters.yml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.github/workflows/quitters.yml 2025-02-28 12:25:42.000000000 +0100 @@ -23,7 +23,7 @@ strategy: matrix: rust: - - 1.70.0 # MSRV of `cargo audit`, should be bumped in tandem + - 1.81.0 # MSRV of `cargo audit`, should be bumped in tandem - stable steps: - uses: actions/checkout@v4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/rustsec.yml new/rustsec-0.21.2~git0.18e58c2/.github/workflows/rustsec.yml --- old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/rustsec.yml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.github/workflows/rustsec.yml 2025-02-28 12:25:42.000000000 +0100 @@ -26,7 +26,7 @@ strategy: matrix: rust: - - 1.73.0 # MSRV + - 1.81.0 # MSRV - stable steps: - uses: actions/checkout@v4 @@ -47,7 +47,7 @@ - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.73.0 # MSRV + toolchain: 1.81.0 # MSRV override: true profile: minimal - uses: Swatinem/rust-cache@v2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/workspace.yml new/rustsec-0.21.2~git0.18e58c2/.github/workflows/workspace.yml --- old/rustsec-0.21.1~git0.bd6fb0f/.github/workflows/workspace.yml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/.github/workflows/workspace.yml 2025-02-28 12:25:42.000000000 +0100 @@ -1,7 +1,7 @@ name: Workspace on: - pull_request: {} + pull_request: { } push: branches: main @@ -25,7 +25,7 @@ - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.78.0 + toolchain: 1.81.0 components: clippy override: true profile: minimal diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/Cargo.lock new/rustsec-0.21.2~git0.18e58c2/Cargo.lock --- old/rustsec-0.21.1~git0.bd6fb0f/Cargo.lock 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/Cargo.lock 2025-02-28 12:25:42.000000000 +0100 @@ -4,9 +4,9 @@ [[package]] name = "abscissa_core" -version = "0.8.1" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "de5df09bc18cb069dec8524aff811cbe9d7bf5f4b78ef739ef125a37b9d3f044" +checksum = "3083187ad864402d6bde86c5b51767b921edf4d02bf03b8ba40172dbd2a9773b" dependencies = [ "abscissa_derive", "arc-swap", @@ -30,9 +30,9 @@ [[package]] name = "abscissa_derive" -version = "0.8.0" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "e04c7df69b2c6b9b6dba8422d1295e58ac4bcfc7c9e7e7d4c55a38aaff2ad92a" +checksum = "08d914621d2ef4da433fe01907e323ee3f2807738d392d5a34c287b381f87fe2" dependencies = [ "ident_case", "proc-macro2", @@ -191,7 +191,7 @@ "proc-macro2", "quote", "serde", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -384,7 +384,7 @@ [[package]] name = "cargo-audit" -version = "0.21.1" +version = "0.21.2" dependencies = [ "abscissa_core", "cargo-lock", @@ -396,7 +396,7 @@ "serde", "serde_json", "tempfile", - "thiserror", + "thiserror 1.0.65", "toml", ] @@ -476,7 +476,7 @@ "heck", "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -632,7 +632,7 @@ "proc-macro2", "quote", "strsim", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -643,7 +643,7 @@ dependencies = [ "darling_core", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -674,7 +674,7 @@ "darling", "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -684,7 +684,7 @@ checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" dependencies = [ "derive_builder_core", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -726,7 +726,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -787,6 +787,9 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183" +dependencies = [ + "serde", +] [[package]] name = "fastrand" @@ -925,9 +928,9 @@ [[package]] name = "gix" -version = "0.66.0" +version = "0.70.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "9048b8d1ae2104f045cb37e5c450fc49d5d8af22609386bfc739c11ba88995eb" +checksum = "736f14636705f3a56ea52b553e67282519418d9a35bb1e90b3a9637a00296b68" dependencies = [ "gix-actor", "gix-attributes", @@ -960,6 +963,7 @@ "gix-revision", "gix-revwalk", "gix-sec", + "gix-shallow", "gix-submodule", "gix-tempfile", "gix-trace", @@ -972,28 +976,28 @@ "gix-worktree-state", "once_cell", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-actor" -version = "0.32.0" +version = "0.33.2" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "fc19e312cd45c4a66cd003f909163dc2f8e1623e30a0c0c6df3776e89b308665" +checksum = "20018a1a6332e065f1fcc8305c1c932c6b8c9985edea2284b3c79dc6fa3ee4b2" dependencies = [ "bstr", "gix-date", "gix-utils", "itoa", - "thiserror", + "thiserror 2.0.11", "winnow", ] [[package]] name = "gix-attributes" -version = "0.22.5" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ebccbf25aa4a973dd352564a9000af69edca90623e8a16dad9cbc03713131311" +checksum = "f151000bf662ef5f641eca6102d942ee31ace80f271a3ef642e99776ce6ddb38" dependencies = [ "bstr", "gix-glob", @@ -1002,33 +1006,33 @@ "gix-trace", "kstring", "smallvec", - "thiserror", + "thiserror 2.0.11", "unicode-bom", ] [[package]] name = "gix-bitmap" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "10f78312288bd02052be5dbc2ecbc342c9f4eb791986d86c0a5c06b92dc72efa" +checksum = "b1db9765c69502650da68f0804e3dc2b5f8ccc6a2d104ca6c85bc40700d37540" dependencies = [ - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-chunk" -version = "0.4.9" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "6c28b58ba04f0c004722344390af9dbc85888fbb84be1981afb934da4114d4cf" +checksum = "0b1f1d8764958699dc764e3f727cef280ff4d1bd92c107bbf8acd85b30c1bd6f" dependencies = [ - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-command" -version = "0.3.10" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "c201d2b9e9cce2365a6638fd0a966f751ed92d74be5c0727ac331e6a29ef5846" +checksum = "cb410b84d6575db45e62025a9118bdbf4d4b099ce7575a76161e898d9ca98df1" dependencies = [ "bstr", "gix-path", @@ -1038,23 +1042,23 @@ [[package]] name = "gix-commitgraph" -version = "0.24.3" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "133b06f67f565836ec0c473e2116a60fb74f80b6435e21d88013ac0e3c60fc78" +checksum = "e23a8ec2d8a16026a10dafdb6ed51bcfd08f5d97f20fa52e200bc50cb72e4877" dependencies = [ "bstr", "gix-chunk", "gix-features", "gix-hash", "memmap2", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-config" -version = "0.40.0" +version = "0.43.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "78e797487e6ca3552491de1131b4f72202f282fb33f198b1c34406d765b42bb0" +checksum = "377c1efd2014d5d469e0b3cd2952c8097bce9828f634e04d5665383249f1d9e9" dependencies = [ "bstr", "gix-config-value", @@ -1066,29 +1070,29 @@ "memchr", "once_cell", "smallvec", - "thiserror", + "thiserror 2.0.11", "unicode-bom", "winnow", ] [[package]] name = "gix-config-value" -version = "0.14.9" +version = "0.14.11" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "f3de3fdca9c75fa4b83a76583d265fa49b1de6b088ebcd210749c24ceeb74660" +checksum = "11365144ef93082f3403471dbaa94cfe4b5e72743bdb9560719a251d439f4cee" dependencies = [ "bitflags", "bstr", "gix-path", "libc", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-credentials" -version = "0.24.5" +version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8ce391d305968782f1ae301c4a3d42c5701df7ff1d8bc03740300f6fd12bce78" +checksum = "cf950f9ee1690bb9c4388b5152baa8a9f41ad61e5cf1ba0ec8c207b08dab9e45" dependencies = [ "bstr", "gix-command", @@ -1098,38 +1102,38 @@ "gix-sec", "gix-trace", "gix-url", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-date" -version = "0.9.1" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "d10d543ac13c97292a15e8e8b7889cd006faf739777437ed95362504b8fe81a0" +checksum = "c57c477b645ee248b173bb1176b52dd528872f12c50375801a58aaf5ae91113f" dependencies = [ "bstr", "itoa", "jiff", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-diff" -version = "0.46.0" +version = "0.50.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "92c9afd80fff00f8b38b1c1928442feb4cd6d2232a6ed806b6b193151a3d336c" +checksum = "62afb7f4ca0acdf4e9dad92065b2eb1bf2993bcc5014b57bc796e3a365b17c4d" dependencies = [ "bstr", "gix-hash", "gix-object", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-discover" -version = "0.35.0" +version = "0.38.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "0577366b9567376bc26e815fd74451ebd0e6218814e242f8e5b7072c58d956d2" +checksum = "d0c2414bdf04064e0f5a5aa029dfda1e663cf9a6c4bfc8759f2d369299bb65d8" dependencies = [ "bstr", "dunce", @@ -1138,14 +1142,14 @@ "gix-path", "gix-ref", "gix-sec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-features" -version = "0.38.2" +version = "0.40.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ac7045ac9fe5f9c727f38799d002a7ed3583cd777e3322a7c4b43e3cf437dc69" +checksum = "8bfdd4838a8d42bd482c9f0cb526411d003ee94cc7c7b08afe5007329c71d554" dependencies = [ "bytes", "crc32fast", @@ -1159,15 +1163,15 @@ "parking_lot", "prodash", "sha1_smol", - "thiserror", + "thiserror 2.0.11", "walkdir", ] [[package]] name = "gix-filter" -version = "0.13.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "4121790ae140066e5b953becc72e7496278138d19239be2e63b5067b0843119e" +checksum = "bdcc36cd7dbc63ed0ec3558645886553d1afd3cd09daa5efb9cba9cceb942bbb" dependencies = [ "bstr", "encoding_rs", @@ -1181,14 +1185,14 @@ "gix-trace", "gix-utils", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-fs" -version = "0.11.3" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "f2bfe6249cfea6d0c0e0990d5226a4cb36f030444ba9e35e0639275db8f98575" +checksum = "182e7fa7bfdf44ffb7cfe7451b373cdf1e00870ac9a488a49587a110c562063d" dependencies = [ "fastrand", "gix-features", @@ -1197,9 +1201,9 @@ [[package]] name = "gix-glob" -version = "0.16.5" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "74908b4bbc0a0a40852737e5d7889f676f081e340d5451a16e5b4c50d592f111" +checksum = "4e9c7249fa0a78f9b363aa58323db71e0a6161fd69860ed6f48dedf0ef3a314e" dependencies = [ "bitflags", "bstr", @@ -1209,19 +1213,19 @@ [[package]] name = "gix-hash" -version = "0.14.2" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "f93d7df7366121b5018f947a04d37f034717e113dcf9ccd85c34b58e57a74d5e" +checksum = "e81c5ec48649b1821b3ed066a44efb95f1a268b35c1d91295e61252539fbe9f8" dependencies = [ "faster-hex", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-hashtable" -version = "0.5.2" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "7ddf80e16f3c19ac06ce415a38b8591993d3f73aede049cb561becb5b3a8e242" +checksum = "189130bc372accd02e0520dc5ab1cef318dcc2bc829b76ab8d84bbe90ac212d1" dependencies = [ "gix-hash", "hashbrown 0.14.5", @@ -1230,9 +1234,9 @@ [[package]] name = "gix-ignore" -version = "0.11.4" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "e447cd96598460f5906a0f6c75e950a39f98c2705fc755ad2f2020c9e937fab7" +checksum = "4f529dcb80bf9855c0a7c49f0ac588df6d6952d63a63fefc254b9c869d2cdf6f" dependencies = [ "bstr", "gix-glob", @@ -1243,9 +1247,9 @@ [[package]] name = "gix-index" -version = "0.35.0" +version = "0.38.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "0cd4203244444017682176e65fd0180be9298e58ed90bd4a8489a357795ed22d" +checksum = "acd12e3626879369310fffe2ac61acc828613ef656b50c4ea984dd59d7dc85d8" dependencies = [ "bitflags", "bstr", @@ -1266,25 +1270,25 @@ "memmap2", "rustix", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-lock" -version = "14.0.0" +version = "16.0.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "e3bc7fe297f1f4614774989c00ec8b1add59571dc9b024b4c00acb7dedd4e19d" +checksum = "9739815270ff6940968441824d162df9433db19211ca9ba8c3fc1b50b849c642" dependencies = [ "gix-tempfile", "gix-utils", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-negotiate" -version = "0.15.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "b4063bf329a191a9e24b6f948a17ccf6698c0380297f5e169cee4f1d2ab9475b" +checksum = "a6a8af1ef7bbe303d30b55312b7f4d33e955de43a3642ae9b7347c623d80ef80" dependencies = [ "bitflags", "gix-commitgraph", @@ -1293,53 +1297,56 @@ "gix-object", "gix-revwalk", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-object" -version = "0.44.0" +version = "0.47.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "2f5b801834f1de7640731820c2df6ba88d95480dc4ab166a5882f8ff12b88efa" +checksum = "ddc4b3a0044244f0fe22347fb7a79cca165e37829d668b41b85ff46a43e5fd68" dependencies = [ "bstr", "gix-actor", "gix-date", "gix-features", "gix-hash", + "gix-hashtable", + "gix-path", "gix-utils", "gix-validate", "itoa", "smallvec", - "thiserror", + "thiserror 2.0.11", "winnow", ] [[package]] name = "gix-odb" -version = "0.63.0" +version = "0.67.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "a3158068701c17df54f0ab2adda527f5a6aca38fd5fd80ceb7e3c0a2717ec747" +checksum = "3e93457df69cd09573608ce9fa4f443fbd84bc8d15d8d83adecd471058459c1b" dependencies = [ "arc-swap", "gix-date", "gix-features", "gix-fs", "gix-hash", + "gix-hashtable", "gix-object", "gix-pack", "gix-path", "gix-quote", "parking_lot", "tempfile", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-pack" -version = "0.53.0" +version = "0.57.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "3223aa342eee21e1e0e403cad8ae9caf9edca55ef84c347738d10681676fd954" +checksum = "fc13a475b3db735617017fb35f816079bf503765312d4b1913b18cf96f3fa515" dependencies = [ "clru", "gix-chunk", @@ -1352,52 +1359,52 @@ "memmap2", "parking_lot", "smallvec", - "thiserror", + "thiserror 2.0.11", "uluru", ] [[package]] name = "gix-packetline" -version = "0.17.6" +version = "0.18.3" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8c43ef4d5fe2fa222c606731c8bdbf4481413ee4ef46d61340ec39e4df4c5e49" +checksum = "c7e5ae6bc3ac160a6bf44a55f5537813ca3ddb08549c0fd3e7ef699c73c439cd" dependencies = [ "bstr", "faster-hex", "gix-trace", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-packetline-blocking" -version = "0.17.5" +version = "0.18.2" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "b9802304baa798dd6f5ff8008a2b6516d54b74a69ca2d3a2b9e2d6c3b5556b40" +checksum = "c1cbf8767c6abd5a6779f586702b5bcd8702380f4208219449cf1c9d0cd1e17c" dependencies = [ "bstr", "faster-hex", "gix-trace", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-path" -version = "0.10.12" +version = "0.10.14" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "c04e5a94fdb56b1e91eb7df2658ad16832428b8eeda24ff1a0f0288de2bce554" +checksum = "c40f12bb65a8299be0cfb90fe718e3be236b7a94b434877012980863a883a99f" dependencies = [ "bstr", "gix-trace", "home", "once_cell", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-pathspec" -version = "0.7.7" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5d23bf239532b4414d0e63b8ab3a65481881f7237ed9647bb10c1e3cc54c5ceb" +checksum = "6430d3a686c08e9d59019806faa78c17315fe22ae73151a452195857ca02f86c" dependencies = [ "bitflags", "bstr", @@ -1405,56 +1412,64 @@ "gix-config-value", "gix-glob", "gix-path", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-prompt" -version = "0.8.8" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "57944bbdb87f7a9893907032276e99ff4eba3640d8db1bdfb1eba8c07edfd006" +checksum = "79f2185958e1512b989a007509df8d61dca014aa759a22bee80cfa6c594c3b6d" dependencies = [ "gix-command", "gix-config-value", "parking_lot", "rustix", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-protocol" -version = "0.45.3" +version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "cc43a1006f01b5efee22a003928c9eb83dde2f52779ded9d4c0732ad93164e3e" +checksum = "6c61bd61afc6b67d213241e2100394c164be421e3f7228d3521b04f48ca5ba90" dependencies = [ "bstr", "gix-credentials", "gix-date", "gix-features", "gix-hash", + "gix-lock", + "gix-negotiate", + "gix-object", + "gix-ref", + "gix-refspec", + "gix-revwalk", + "gix-shallow", + "gix-trace", "gix-transport", "gix-utils", "maybe-async", - "thiserror", + "thiserror 2.0.11", "winnow", ] [[package]] name = "gix-quote" -version = "0.4.13" +version = "0.4.15" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "f89f9a1525dcfd9639e282ea939f5ab0d09d93cf2b90c1fc6104f1b9582a8e49" +checksum = "e49357fccdb0c85c0d3a3292a9f6db32d9b3535959b5471bb9624908f4a066c6" dependencies = [ "bstr", "gix-utils", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-ref" -version = "0.47.0" +version = "0.50.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ae0d8406ebf9aaa91f55a57f053c5a1ad1a39f60fdf0303142b7be7ea44311e5" +checksum = "47adf4c5f933429f8554e95d0d92eee583cfe4b95d2bf665cd6fd4a1531ee20c" dependencies = [ "gix-actor", "gix-features", @@ -1467,45 +1482,47 @@ "gix-utils", "gix-validate", "memmap2", - "thiserror", + "thiserror 2.0.11", "winnow", ] [[package]] name = "gix-refspec" -version = "0.25.0" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ebb005f82341ba67615ffdd9f7742c87787544441c88090878393d0682869ca6" +checksum = "59650228d8f612f68e7f7a25f517fcf386c5d0d39826085492e94766858b0a90" dependencies = [ "bstr", "gix-hash", "gix-revision", "gix-validate", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-revision" -version = "0.29.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ba4621b219ac0cdb9256883030c3d56a6c64a6deaa829a92da73b9a576825e1e" +checksum = "3fe28bbccca55da6d66e6c6efc6bb4003c29d407afd8178380293729733e6b53" dependencies = [ + "bitflags", "bstr", + "gix-commitgraph", "gix-date", "gix-hash", "gix-hashtable", "gix-object", "gix-revwalk", "gix-trace", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-revwalk" -version = "0.15.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "b41e72544b93084ee682ef3d5b31b1ba4d8fa27a017482900e5e044d5b1b3984" +checksum = "d4ecb80c235b1e9ef2b99b23a81ea50dd569a88a9eb767179793269e0e616247" dependencies = [ "gix-commitgraph", "gix-date", @@ -1513,14 +1530,14 @@ "gix-hashtable", "gix-object", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-sec" -version = "0.10.9" +version = "0.10.11" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "a2007538eda296445c07949cf04f4a767307d887184d6b3e83e2d636533ddc6e" +checksum = "d84dae13271f4313f8d60a166bf27e54c968c7c33e2ffd31c48cafe5da649875" dependencies = [ "bitflags", "gix-path", @@ -1529,10 +1546,22 @@ ] [[package]] +name = "gix-shallow" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "ab72543011e303e52733c85bef784603ef39632ddf47f69723def52825e35066" +dependencies = [ + "bstr", + "gix-hash", + "gix-lock", + "thiserror 2.0.11", +] + +[[package]] name = "gix-submodule" -version = "0.14.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "529d0af78cc2f372b3218f15eb1e3d1635a21c8937c12e2dd0b6fc80c2ca874b" +checksum = "74972fe8d46ac8a09490ae1e843b4caf221c5b157c5ac17057e8e1c38417a3ac" dependencies = [ "bstr", "gix-config", @@ -1540,14 +1569,14 @@ "gix-pathspec", "gix-refspec", "gix-url", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-tempfile" -version = "14.0.2" +version = "16.0.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "046b4927969fa816a150a0cda2e62c80016fe11fb3c3184e4dddf4e542f108aa" +checksum = "2558f423945ef24a8328c55d1fd6db06b8376b0e7013b1bb476cc4ffdf678501" dependencies = [ "gix-fs", "libc", @@ -1558,15 +1587,15 @@ [[package]] name = "gix-trace" -version = "0.1.11" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "04bdde120c29f1fc23a24d3e115aeeea3d60d8e65bab92cc5f9d90d9302eb952" +checksum = "7c396a2036920c69695f760a65e7f2677267ccf483f25046977d87e4cb2665f7" [[package]] name = "gix-transport" -version = "0.42.3" +version = "0.45.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "421dcccab01b41a15d97b226ad97a8f9262295044e34fbd37b10e493b0a6481f" +checksum = "11187418489477b1b5b862ae1aedbbac77e582f2c4b0ef54280f20cfe5b964d9" dependencies = [ "base64", "bstr", @@ -1578,14 +1607,14 @@ "gix-sec", "gix-url", "reqwest", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-traverse" -version = "0.41.0" +version = "0.44.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "030da39af94e4df35472e9318228f36530989327906f38e27807df305fccb780" +checksum = "2bec70e53896586ef32a3efa7e4427b67308531ed186bb6120fb3eca0f0d61b4" dependencies = [ "bitflags", "gix-commitgraph", @@ -1595,28 +1624,28 @@ "gix-object", "gix-revwalk", "smallvec", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-url" -version = "0.27.5" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "fd280c5e84fb22e128ed2a053a0daeacb6379469be6a85e3d518a0636e160c89" +checksum = "29218c768b53dd8f116045d87fec05b294c731a4b2bdd257eeca2084cc150b13" dependencies = [ "bstr", "gix-features", "gix-path", - "home", - "thiserror", + "percent-encoding", + "thiserror 2.0.11", "url", ] [[package]] name = "gix-utils" -version = "0.1.13" +version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ba427e3e9599508ed98a6ddf8ed05493db114564e338e41f6a996d2e4790335f" +checksum = "ff08f24e03ac8916c478c8419d7d3c33393da9bb41fa4c24455d5406aeefd35f" dependencies = [ "fastrand", "unicode-normalization", @@ -1624,19 +1653,19 @@ [[package]] name = "gix-validate" -version = "0.9.1" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "e187b263461bc36cea17650141567753bc6207d036cedd1de6e81a52f277ff68" +checksum = "9eaa01c3337d885617c0a42e92823922a2aea71f4caeace6fe87002bdcadbd90" dependencies = [ "bstr", - "thiserror", + "thiserror 2.0.11", ] [[package]] name = "gix-worktree" -version = "0.36.0" +version = "0.39.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "c312ad76a3f2ba8e865b360d5cb3aa04660971d16dec6dd0ce717938d903149a" +checksum = "6673512f7eaa57a6876adceca6978a501d6c6569a4f177767dc405f8b9778958" dependencies = [ "bstr", "gix-attributes", @@ -1653,9 +1682,9 @@ [[package]] name = "gix-worktree-state" -version = "0.13.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "7b05c4b313fa702c0bacd5068dd3e01671da73b938fade97676859fee286de43" +checksum = "86f5e199ad5af972086683bd31d640c82cb85885515bf86d86236c73ce575bf0" dependencies = [ "bstr", "gix-features", @@ -1668,7 +1697,7 @@ "gix-path", "gix-worktree", "io-close", - "thiserror", + "thiserror 2.0.11", ] [[package]] @@ -1749,9 +1778,9 @@ [[package]] name = "http" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea" dependencies = [ "bytes", "fnv", @@ -1991,7 +2020,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -2116,9 +2145,9 @@ [[package]] name = "libc" -version = "0.2.161" +version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1" +checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libm" @@ -2182,7 +2211,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -2410,18 +2439,22 @@ [[package]] name = "proc-macro2" -version = "1.0.89" +version = "1.0.93" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" +checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" dependencies = [ "unicode-ident", ] [[package]] name = "prodash" -version = "28.0.0" +version = "29.0.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "744a264d26b88a6a7e37cbad97953fa233b94d585236310bcbc88474b4092d79" +checksum = "a266d8d6020c61a437be704c5e618037588e1985c7dbb7bf8d265db84cffe325" +dependencies = [ + "log", + "parking_lot", +] [[package]] name = "quick-xml" @@ -2446,7 +2479,7 @@ "rustc-hash", "rustls", "socket2", - "thiserror", + "thiserror 1.0.65", "tokio", "tracing", ] @@ -2463,7 +2496,7 @@ "rustc-hash", "rustls", "slab", - "thiserror", + "thiserror 1.0.65", "tinyvec", "tracing", ] @@ -2685,7 +2718,7 @@ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.85", + "syn 2.0.96", "walkdir", ] @@ -2712,6 +2745,12 @@ checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152" [[package]] +name = "rustc-stable-hash" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "2febf9acc5ee5e99d1ad0afcdbccc02d87aa3f857a1f01f825b80eacf8edfcd1" + +[[package]] name = "rustix" version = "0.38.38" source = "registry+https://github.com/rust-lang/crates.io-index"; @@ -2779,7 +2818,7 @@ [[package]] name = "rustsec" -version = "0.30.1" +version = "0.30.2" dependencies = [ "auditable-info", "auditable-serde", @@ -2797,7 +2836,7 @@ "serde_json", "tame-index", "tempfile", - "thiserror", + "thiserror 1.0.65", "time", "toml", "url", @@ -2821,7 +2860,7 @@ "serde_json", "tame-index", "termcolor", - "thiserror", + "thiserror 1.0.65", "toml", "toml_edit", "xml-rs", @@ -2916,7 +2955,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -3078,9 +3117,9 @@ [[package]] name = "syn" -version = "2.0.85" +version = "2.0.96" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56" +checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80" dependencies = [ "proc-macro2", "quote", @@ -3116,7 +3155,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -3142,9 +3181,9 @@ [[package]] name = "tame-index" -version = "0.14.0" +version = "0.18.1" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "c46e79ebf09a3740c583fc8df63b1b8b5844bf756074c6bf5d392d5a2b708269" +checksum = "ffce9e61c14d088a18efafe197ce1906e639cc1980e21e7e09e45c3cb0bfc50c" dependencies = [ "camino", "crossbeam-channel", @@ -3155,11 +3194,12 @@ "memchr", "rayon", "reqwest", + "rustc-stable-hash", "semver", "serde", "serde_json", "smol_str", - "thiserror", + "thiserror 2.0.11", "tokio", "toml-span", "twox-hash", @@ -3193,7 +3233,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"; checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5" dependencies = [ - "thiserror-impl", + "thiserror-impl 1.0.65", +] + +[[package]] +name = "thiserror" +version = "2.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc" +dependencies = [ + "thiserror-impl 2.0.11", ] [[package]] @@ -3204,7 +3253,18 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.96", ] [[package]] @@ -3275,9 +3335,9 @@ [[package]] name = "tokio" -version = "1.41.0" +version = "1.43.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "145f3413504347a2be84393cc8a7d2fb4d863b375909ea59f2158261aa258bbb" +checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e" dependencies = [ "backtrace", "bytes", @@ -3326,9 +3386,9 @@ [[package]] name = "toml-span" -version = "0.3.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "ce0e1be49e3b9bf33d1a8077c081a3b7afcfc94e4bc1002c80376784381bc106" +checksum = "757f36f490e7b3a25ed9fb692d7a0beb1424eabec3f7e8f40f576bece9a8cdc5" dependencies = [ "smallvec", ] @@ -3386,7 +3446,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -3436,13 +3496,9 @@ [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index"; -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "e7b17f197b3050ba473acf9181f7b1d3b66d1cf7356c6cc57886662276e65908" [[package]] name = "typed-arena" @@ -3608,7 +3664,7 @@ "once_cell", "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", "wasm-bindgen-shared", ] @@ -3642,7 +3698,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3871,7 +3927,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", "synstructure 0.13.1", ] @@ -3893,7 +3949,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] [[package]] @@ -3913,7 +3969,7 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", "synstructure 0.13.1", ] @@ -3942,5 +3998,5 @@ dependencies = [ "proc-macro2", "quote", - "syn 2.0.85", + "syn 2.0.96", ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/Cargo.toml new/rustsec-0.21.2~git0.18e58c2/Cargo.toml --- old/rustsec-0.21.1~git0.bd6fb0f/Cargo.toml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/Cargo.toml 2025-02-28 12:25:42.000000000 +0100 @@ -25,7 +25,7 @@ display-error-chain = "0.2.0" fs-err = "2.11" # NOTE: Keep in sync with `gix` used by `tame-index`. -gix = { version = "0.66", default-features = false } +gix = { version = "0.70.0", default-features = false } gumdrop = "0.8" home = "0.5" once_cell = "1.15.0" @@ -34,11 +34,11 @@ quitters = { version = "0.1.0", path = "./quitters" } regex = { version = "1.10.6", default-features = false } rust-embed = "8.5.0" -rustsec = { version = "0.30.1", path = "./rustsec" } +rustsec = { version = "0.30.2", path = "./rustsec" } semver = "1.0.23" serde = "1" serde_json = "1" -tame-index = { version = "0.14", default-features = false } +tame-index = { version = "0.18.1", default-features = false } tempfile = "3" termcolor = "1" thiserror = "1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/cargo-audit/CHANGELOG.md new/rustsec-0.21.2~git0.18e58c2/cargo-audit/CHANGELOG.md --- old/rustsec-0.21.1~git0.bd6fb0f/cargo-audit/CHANGELOG.md 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/cargo-audit/CHANGELOG.md 2025-02-28 12:25:42.000000000 +0100 @@ -4,6 +4,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.21.2 (2025-02-28) + +### Fixed + + - Upgraded to `rustsec` v0.30.2 to fix an incompatibility with Rust v1.85 and later ([#1333]) + +[#1333]: https://github.com/RustSec/rustsec/pull/1333 + ## 0.21.1 (2025-01-18) ### Fixed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/cargo-audit/Cargo.toml new/rustsec-0.21.2~git0.18e58c2/cargo-audit/Cargo.toml --- old/rustsec-0.21.1~git0.bd6fb0f/cargo-audit/Cargo.toml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/cargo-audit/Cargo.toml 2025-02-28 12:25:42.000000000 +0100 @@ -1,7 +1,7 @@ [package] name = "cargo-audit" description = "Audit Cargo.lock for crates with security vulnerabilities" -version = "0.21.1" +version = "0.21.2" authors = ["Tony Arcieri <[email protected]>"] license = "Apache-2.0 OR MIT" homepage = "https://rustsec.org"; @@ -10,7 +10,7 @@ categories = ["development-tools::cargo-plugins"] keywords = ["cargo-subcommand", "security", "audit", "vulnerability"] edition = "2021" -rust-version = "1.74.0" +rust-version = "1.81.0" exclude = ["tests/"] [badges] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/cvss/Cargo.toml new/rustsec-0.21.2~git0.18e58c2/cvss/Cargo.toml --- old/rustsec-0.21.1~git0.bd6fb0f/cvss/Cargo.toml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/cvss/Cargo.toml 2025-02-28 12:25:42.000000000 +0100 @@ -9,7 +9,7 @@ categories = ["parser-implementations"] keywords = ["cvssv3", "security", "advisory", "vulnerability"] edition = "2021" -rust-version = "1.60" +rust-version = "1.73" [dependencies] serde = { workspace = true, optional = true } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/cvss/src/v3/base/ac.rs new/rustsec-0.21.2~git0.18e58c2/cvss/src/v3/base/ac.rs --- old/rustsec-0.21.1~git0.bd6fb0f/cvss/src/v3/base/ac.rs 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/cvss/src/v3/base/ac.rs 2025-02-28 12:25:42.000000000 +0100 @@ -50,6 +50,7 @@ Low, } +#[allow(clippy::derivable_impls)] impl Default for AttackComplexity { fn default() -> AttackComplexity { AttackComplexity::High diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/rustsec/CHANGELOG.md new/rustsec-0.21.2~git0.18e58c2/rustsec/CHANGELOG.md --- old/rustsec-0.21.1~git0.bd6fb0f/rustsec/CHANGELOG.md 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/rustsec/CHANGELOG.md 2025-02-28 12:25:42.000000000 +0100 @@ -4,6 +4,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.30.2 (2025-02-28) + +### Fixed + + - Upgraded to `tame-index` v0.18.1 to fix an incompatibility with Rust 1.85 and later ([#1333]) + +[#1333]: https://github.com/RustSec/rustsec/pull/1333 + ## 0.30.1 (2025-01-18) ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/rustsec/Cargo.toml new/rustsec-0.21.2~git0.18e58c2/rustsec/Cargo.toml --- old/rustsec-0.21.1~git0.bd6fb0f/rustsec/Cargo.toml 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/rustsec/Cargo.toml 2025-02-28 12:25:42.000000000 +0100 @@ -1,7 +1,7 @@ [package] name = "rustsec" description = "Client library for the RustSec security advisory database" -version = "0.30.1" +version = "0.30.2" authors = ["Tony Arcieri <[email protected]>"] license = "Apache-2.0 OR MIT" homepage = "https://rustsec.org"; @@ -10,7 +10,7 @@ categories = ["api-bindings", "development-tools"] keywords = ["audit", "rustsec", "security", "advisory", "vulnerability"] edition = "2021" -rust-version = "1.73" +rust-version = "1.81" [dependencies] cargo-lock = { workspace = true } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/rustsec/src/repository/git/modification_time.rs new/rustsec-0.21.2~git0.18e58c2/rustsec/src/repository/git/modification_time.rs --- old/rustsec-0.21.1~git0.bd6fb0f/rustsec/src/repository/git/modification_time.rs 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/rustsec/src/repository/git/modification_time.rs 2025-02-28 12:25:42.000000000 +0100 @@ -1,6 +1,7 @@ use crate::advisory::Date; use crate::error::{Error, ErrorKind}; use gix::date::Time; +use gix::traverse::commit::simple::CommitTimeOrder; use std::{ cmp::{max, min}, collections::HashMap, @@ -39,7 +40,9 @@ .rev_walk(Some(repo.head_id().map_err(|err| { format_err!(ErrorKind::Repo, "unable to find head id: {}", err) })?)) - .sorting(gix::traverse::commit::simple::Sorting::ByCommitTimeNewestFirst) + .sorting(gix::revision::walk::Sorting::ByCommitTime( + CommitTimeOrder::NewestFirst, + )) .all() .map_err(|err| format_err!(ErrorKind::Repo, "unable to walk commits: {}", err))?; @@ -101,33 +104,33 @@ .expect("main tree present") .try_into_tree_iter() .expect("id to be a tree"); - let previous_tree: Option<_> = { - parent_commit_id - .and_then(|id| db.try_find(&id, &mut buf2).ok().flatten()) - .and_then(|c| c.decode().ok()) - .and_then(gix::objs::ObjectRef::into_commit) - .map(|c| c.tree()) - .and_then(|tree| db.try_find(&tree, &mut buf2).ok().flatten()) - .and_then(|tree| tree.try_into_tree_iter()) - }; + let previous_tree = parent_commit_id + .and_then(|id| db.try_find(&id, &mut buf2).ok().flatten()) + .and_then(|c| c.decode().ok()) + .and_then(gix::objs::ObjectRef::into_commit) + .map(|c| c.tree()) + .and_then(|tree| db.try_find(&tree, &mut buf2).ok().flatten()) + .and_then(|tree| tree.try_into_tree_iter()) + .unwrap_or_default(); let mut recorder = gix::diff::tree::Recorder::default(); - gix::diff::tree::Changes::from(previous_tree) - .needed_to_obtain( - current_tree, - &mut gix::diff::tree::State::default(), - db, - &mut recorder, + + gix::diff::tree( + previous_tree, + current_tree, + &mut gix::diff::tree::State::default(), + db, + &mut recorder, + ) + .map_err(|err| { + format_err!( + ErrorKind::Repo, + "failed to diff commit {} to its parent {:?}: {}", + info.id, + parent_commit_id, + err ) - .map_err(|err| { - format_err!( - ErrorKind::Repo, - "failed to diff commit {} to its parent {:?}: {}", - info.id, - parent_commit_id, - err - ) - })?; + })?; for diff in recorder.records { // AFAIK files should never be deleted from an advisory db, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rustsec-0.21.1~git0.bd6fb0f/rustsec/src/repository/git/repository.rs new/rustsec-0.21.2~git0.18e58c2/rustsec/src/repository/git/repository.rs --- old/rustsec-0.21.1~git0.bd6fb0f/rustsec/src/repository/git/repository.rs 2025-01-19 04:12:58.000000000 +0100 +++ new/rustsec-0.21.2~git0.18e58c2/rustsec/src/repository/git/repository.rs 2025-02-28 12:25:42.000000000 +0100 @@ -248,7 +248,7 @@ .ok()? .tree() .ok()? - .lookup_entry_by_path(path, &mut Vec::new()) + .lookup_entry_by_path(path) .ok() .map(|_e| true) }; ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/cargo-audit/vendor.tar.zst /work/SRC/openSUSE:Factory/.cargo-audit.new.19136/vendor.tar.zst differ: char 7, line 1
