commit e7266b9d5d5535714448194abc99c626170ca40d
parent 0a52c894392c6d9bf85f58f8cb83cdc40a525116
Author: Erich Gubler <erichdongubler@gmail.com>
Date: Thu, 2 Oct 2025 12:42:35 +0000
Bug 1991226 - chore(rust): audit `serde{,_derive}` 1.0.226 → 1.0.227, `serde_core` 1.0.227, trust releases by @dtolnay until 2026-10-01 r=supply-chain-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D266479
Diffstat:
2 files changed, 68 insertions(+), 2 deletions(-)
diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
@@ -5407,6 +5407,11 @@ who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.198 -> 1.0.201"
+[[audits.serde]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "1.0.226 -> 1.0.227"
+
[[audits.serde_bytes]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@@ -5432,6 +5437,11 @@ who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.1 -> 0.11.2"
+[[audits.serde_core]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "1.0.226 -> 1.0.227"
+
[[audits.serde_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@@ -5457,6 +5467,11 @@ who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.198 -> 1.0.201"
+[[audits.serde_derive]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "1.0.226 -> 1.0.227"
+
[[audits.serde_json]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@@ -7638,7 +7653,7 @@ end = "2024-05-05"
criteria = "safe-to-deploy"
user-id = 3618 # David Tolnay (dtolnay)
start = "2019-03-01"
-end = "2025-05-31"
+end = "2026-10-01"
[[trusted.serde_bytes]]
criteria = "safe-to-deploy"
@@ -7646,11 +7661,17 @@ user-id = 3618 # David Tolnay (dtolnay)
start = "2019-02-25"
end = "2024-04-25"
+[[trusted.serde_core]]
+criteria = "safe-to-deploy"
+user-id = 3618 # David Tolnay (dtolnay)
+start = "2025-09-13"
+end = "2026-10-01"
+
[[trusted.serde_derive]]
criteria = "safe-to-deploy"
user-id = 3618 # David Tolnay (dtolnay)
start = "2019-03-01"
-end = "2025-05-31"
+end = "2026-10-01"
[[trusted.serde_json]]
criteria = "safe-to-deploy"
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
@@ -2732,6 +2732,51 @@ who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
version = "1.12.1"
+[[audits.isrg.audits.serde]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.219 -> 1.0.224"
+
+[[audits.isrg.audits.serde]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.224 -> 1.0.225"
+
+[[audits.isrg.audits.serde]]
+who = "Tim Geoghegan <timg@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.225 -> 1.0.226"
+
+[[audits.isrg.audits.serde_core]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+version = "1.0.224"
+
+[[audits.isrg.audits.serde_core]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.224 -> 1.0.225"
+
+[[audits.isrg.audits.serde_core]]
+who = "Tim Geoghegan <timg@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.225 -> 1.0.226"
+
+[[audits.isrg.audits.serde_derive]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.219 -> 1.0.224"
+
+[[audits.isrg.audits.serde_derive]]
+who = "J.C. Jones <jc@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.224 -> 1.0.225"
+
+[[audits.isrg.audits.serde_derive]]
+who = "Tim Geoghegan <timg@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.225 -> 1.0.226"
+
[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
