From 75f4a5d586068292b1453fe298208b4d41b73c1f Mon Sep 17 00:00:00 2001 From: Hansie Odendaal Date: Thu, 6 Mar 2025 18:08:21 +0200 Subject: [PATCH 1/5] Add diagnostics - Added a command-line option to perform diagnostics upon startup. Various statistics will be collected as they are encountered and written to a file once populated. - Added more cucumber tests --- integration_tests/src/p2pool_process.rs | 14 +- integration_tests/tests/features/Sync.feature | 25 ++- p2pool/src/cli/args.rs | 5 + p2pool/src/cli/commands/util.rs | 17 +- p2pool/src/server/config.rs | 2 + p2pool/src/server/http/stats_collector.rs | 194 +++++++++++++++--- p2pool/src/server/p2p/network.rs | 17 +- p2pool/src/server/p2p/peer_store.rs | 48 ++--- p2pool/src/server/server.rs | 2 + 9 files changed, 251 insertions(+), 73 deletions(-) diff --git a/integration_tests/src/p2pool_process.rs b/integration_tests/src/p2pool_process.rs index 369f7d49..6f63d77a 100644 --- a/integration_tests/src/p2pool_process.rs +++ b/integration_tests/src/p2pool_process.rs @@ -75,6 +75,7 @@ pub async fn spawn_p2pool_node_and_wait_for_start( node_config.p2p_service.peer_exchange_interval = Duration::from_secs(1); node_config.p2p_service.meta_data_exchange_interval = Duration::from_secs(1); node_config.network_silence_delay = 0; + node_config.diagnostic_mode_timer = 10; // Each spawned p2pool node will use different ports node_config.p2p_port = get_port(18000..18499, Duration::from_secs(20)).ok_or("p2p_port no free port")?; node_config.grpc_port = get_port(18500..18999, Duration::from_secs(20)).ok_or("grpc_port no free port")?; @@ -171,6 +172,7 @@ pub async fn spawn_p2pool_node_and_wait_for_start( user_agent: None, peer_publish_interval: Some(node_config.p2p_service.peer_info_publish_interval.as_secs()), debug_print_chain: true, + diagnostic_mode: true, max_connections: None, randomx_disabled: false, sha3x_disabled: false, @@ -379,6 +381,10 @@ pub fn to_args_command_line(args: StartArgs) -> Vec { args_vec.push("--debug-print-chain".to_string()); } + if args.diagnostic_mode { + args_vec.push("--diagnostic-mode".to_string()); + } + if let Some(max_connections) = args.max_connections { args_vec.push(format!("--max-connections={}", max_connections)); } @@ -487,8 +493,12 @@ pub async fn verify_peer_connected(world: &mut TariWorld, p2pool_name: String, p ) .into()); } - if counter % 10 == 0 { - debug!(target: LOG_TARGET, "{}: waiting for '{}' to show peer connected", counter, connections_url); + if counter % 50 == 0 { + debug!( + target: LOG_TARGET, + "Iteration {}: waiting {:.2?} for '{}' to show peer connected", + counter, start.elapsed(), connections_url + ); } counter += 1; diff --git a/integration_tests/tests/features/Sync.feature b/integration_tests/tests/features/Sync.feature index 3fa98ecc..b9244427 100644 --- a/integration_tests/tests/features/Sync.feature +++ b/integration_tests/tests/features/Sync.feature @@ -5,18 +5,35 @@ Feature: Sync p2pool nodes @critical - Scenario: New node sync with peers + Scenario: New node sync with peers on startup Given I have a base node BASE_NODE_A And I have a p2pool seed node SEED in squad DOLPHINS connected to base node BASE_NODE_A And I have a p2pool node NODE_A in squad DOLPHINS connected to base node BASE_NODE_A And I add 10 blocks to p2pool node NODE_A And p2pool node NODE_A stats is at height 10 - # Add new node, it syncs + # Add new nodes, they sync And I have a p2pool node NODE_B in squad DOLPHINS connected to base node BASE_NODE_A - And p2pool node NODE_A stats shows connected to peer NODE_B - And p2pool node NODE_B stats is at height 10 + And I have a p2pool node NODE_C in squad DOLPHINS connected to base node BASE_NODE_A + And I have a p2pool node NODE_D in squad DOLPHINS connected to base node BASE_NODE_A + And p2pool node NODE_D stats shows connected to peer NODE_A + And p2pool node NODE_D stats shows connected to peer NODE_B + And p2pool node NODE_D stats shows connected to peer NODE_C + And p2pool node NODE_D stats is at height 10 Then I wait 1 seconds and stop +@critical + Scenario: Node will load up blocks from storage on startup + Given I have a base node BASE_NODE_A + And I have a p2pool seed node SEED in squad DOLPHINS connected to base node BASE_NODE_A + And I have a p2pool node NODE_A in squad DOLPHINS connected to base node BASE_NODE_A + And I add 10 blocks to p2pool node NODE_A + And p2pool node NODE_A stats is at height 10 + # Stop the node + And I stop p2pool node NODE_A + # Start-up node again, it loads blocks from storage + And I re-start p2pool node NODE_A + And p2pool node NODE_A stats is at height 10 + @critical Scenario: New node can be offline and then sync with peers Given I have a base node BASE_NODE_A diff --git a/p2pool/src/cli/args.rs b/p2pool/src/cli/args.rs index 23c28d42..fd094188 100644 --- a/p2pool/src/cli/args.rs +++ b/p2pool/src/cli/args.rs @@ -124,11 +124,16 @@ pub struct StartArgs { #[arg(long)] pub debug_print_chain: bool, + /// If set, basic connectivity statistics about seeds and normal peers will be collected and printed to a csv file. + #[arg(long, short, alias = "diag")] + pub diagnostic_mode: bool, + #[arg(long)] pub max_connections: Option, #[arg(long, default_value_t = false)] pub randomx_disabled: bool, + #[arg(long, default_value_t = false)] pub sha3x_disabled: bool, diff --git a/p2pool/src/cli/commands/util.rs b/p2pool/src/cli/commands/util.rs index 3980c87d..a2c33c4b 100644 --- a/p2pool/src/cli/commands/util.rs +++ b/p2pool/src/cli/commands/util.rs @@ -171,10 +171,6 @@ pub async fn server( )); let coinbase_extras_sha3x = Arc::new(RwLock::new(HashMap::>::new())); - let (stats_tx, stats_rx) = tokio::sync::broadcast::channel(1000); - let stats_broadcast_client = StatsBroadcastClient::new(stats_tx); - let stats_collector = StatsCollector::new(shutdown_signal.clone(), stats_rx); - let swarm = crate::server::p2p::setup::new_swarm(&config).await?; let squad = config.p2p_service.squad_override.clone().unwrap_or_else(|| { let squad_id = @@ -182,6 +178,19 @@ pub async fn server( format!("{}_{}", config.p2p_service.squad_prefix.clone(), squad_id) }); info!(target: LOG_TARGET, "Swarm created. Our id: {}, our squad:{}", swarm.local_peer_id(), squad); + + let (stats_tx, stats_rx) = tokio::sync::broadcast::channel(1000); + let stats_broadcast_client = StatsBroadcastClient::new(stats_tx); + let diagnostic_mode = if args.diagnostic_mode { + Some(( + Duration::from_secs(config.diagnostic_mode_timer), + *swarm.local_peer_id(), + )) + } else { + None + }; + let stats_collector = StatsCollector::new(shutdown_signal.clone(), stats_rx, diagnostic_mode); + if let Some(path) = args.export_libp2p_info.clone() { let libp2p_info = LibP2pInfo { peer_id: *swarm.local_peer_id(), diff --git a/p2pool/src/server/config.rs b/p2pool/src/server/config.rs index 7759c96e..33c9ecbe 100644 --- a/p2pool/src/server/config.rs +++ b/p2pool/src/server/config.rs @@ -26,6 +26,7 @@ pub struct Config { pub block_cache_file: PathBuf, pub minimum_sha3_target_difficulty: Option, pub minimum_randomx_target_difficulty: Option, + pub diagnostic_mode_timer: u64, } impl Default for Config { @@ -47,6 +48,7 @@ impl Default for Config { block_cache_file: PathBuf::from("block_cache"), minimum_sha3_target_difficulty: None, minimum_randomx_target_difficulty: None, + diagnostic_mode_timer: 60, } } } diff --git a/p2pool/src/server/http/stats_collector.rs b/p2pool/src/server/http/stats_collector.rs index 27c189d7..c6b967af 100644 --- a/p2pool/src/server/http/stats_collector.rs +++ b/p2pool/src/server/http/stats_collector.rs @@ -1,10 +1,11 @@ // Copyright 2024 The Tari Project // SPDX-License-Identifier: BSD-3-Clause -use std::time::Duration; +use std::{collections::HashMap, fmt::Debug, fs::File, io::Write, time::Duration}; +use chrono::{DateTime, Local, LocalResult, TimeZone}; use human_format::Formatter; -use libp2p::PeerId; +use libp2p::{Multiaddr, PeerId}; use log::{debug, error, info}; use serde::Serialize; use tari_core::proof_of_work::{Difficulty, PowAlgorithm}; @@ -15,6 +16,15 @@ use tokio::{ time::MissedTickBehavior, }; +#[derive(Clone)] +pub struct PeerStats { + pub peer_is_a_seed_peer: bool, + pub peer_id: PeerId, + pub public_addresses: Vec, + pub number_received: u64, + pub timestamp: EpochTime, +} + const LOG_TARGET: &str = "tari::p2pool::server::stats_collector"; pub(crate) struct StatsCollector { shutdown_signal: ShutdownSignal, @@ -47,10 +57,17 @@ pub(crate) struct StatsCollector { established_incoming: u32, established_outgoing: u32, last_gossip_message: EpochTime, + diagnostic_mode: Option<(Duration, PeerId)>, + peer_stats: HashMap, + local_peer_addresses: Vec, } impl StatsCollector { - pub(crate) fn new(shutdown_signal: ShutdownSignal, stats_broadcast_receiver: Receiver) -> Self { + pub(crate) fn new( + shutdown_signal: ShutdownSignal, + stats_broadcast_receiver: Receiver, + diagnostic_mode: Option<(Duration, PeerId)>, + ) -> Self { let (tx, rx) = tokio::sync::mpsc::channel(100); Self { shutdown_signal, @@ -83,6 +100,9 @@ impl StatsCollector { established_incoming: 0, established_outgoing: 0, last_gossip_message: EpochTime::now(), + diagnostic_mode, + peer_stats: HashMap::new(), + local_peer_addresses: Vec::new(), } } @@ -92,6 +112,7 @@ impl StatsCollector { } } + #[allow(clippy::too_many_lines)] fn handle_stat(&mut self, sample: StatData) { match sample { StatData::InfoChanged { @@ -143,6 +164,45 @@ impl StatsCollector { self.total_black_list = total_black_list; self.total_non_squad_peers = total_non_squad; }, + StatData::PeerStats { + peer_is_a_seed_peer, + peer_id, + public_addresses, + number_received, + timestamp, + } => { + if let Some(current_entry) = self.peer_stats.get(&peer_id.to_base58()) { + self.peer_stats.insert(peer_id.to_base58(), PeerStats { + peer_is_a_seed_peer, + peer_id, + public_addresses, + number_received: if number_received > 0 { + number_received + } else { + current_entry.number_received + }, + timestamp: if number_received > 0 { + timestamp + } else { + current_entry.timestamp + }, + }); + } else { + self.peer_stats.insert(peer_id.to_base58(), PeerStats { + peer_is_a_seed_peer, + peer_id, + public_addresses, + number_received, + timestamp, + }); + } + }, + StatData::LocalPeerAddresses { + local_peer_addresses, + timestamp: _, + } => { + self.local_peer_addresses = local_peer_addresses; + }, StatData::TargetDifficultyChanged { target_difficulty, pow_algo, @@ -185,9 +245,16 @@ impl StatsCollector { } } + #[allow(clippy::too_many_lines)] pub(crate) async fn run(&mut self) -> Result<(), anyhow::Error> { let mut stats_report_timer = tokio::time::interval(tokio::time::Duration::from_secs(10)); stats_report_timer.set_missed_tick_behavior(MissedTickBehavior::Skip); + let (mut diagnostic_report_timer, peer_id) = if let Some((interval, peer_id)) = self.diagnostic_mode { + (tokio::time::interval(interval), Some(peer_id)) + } else { + (tokio::time::interval(tokio::time::Duration::from_secs(u64::MAX)), None) + }; + diagnostic_report_timer.set_missed_tick_behavior(MissedTickBehavior::Skip); loop { tokio::select! { @@ -197,36 +264,73 @@ impl StatsCollector { _ = stats_report_timer.tick() => { let formatter = Formatter::new(); - info!(target: LOG_TARGET, + info!( + target: LOG_TARGET, "========= Uptime: {}. v{}, Sqd: {}, Chains: Rx {}..{}, Sha3 {}..{}. Difficulty (Target/Network): Rx: {}/{} Sha3x: {}/{} Miner accepts(rx/sha): {}/{}. Pool accepts (rx/sha) {}/{}. Peers(tot/gr/bl/non) {}/{}/{}/{} libp2p (i/o) {}/{} Last gossip: {}==== ", humantime::format_duration(Duration::from_secs(EpochTime::now().as_u64().checked_sub( self.first_stat_received.unwrap_or(EpochTime::now()).as_u64() ).unwrap_or_default())), env!("CARGO_PKG_VERSION"), self.last_squad.as_deref().unwrap_or("Not set"), - self.randomx_chain_height.saturating_sub(self.randomx_chain_length), - self.randomx_chain_height, - self.sha3x_chain_height.saturating_sub(self.sha3x_chain_length), - self.sha3x_chain_height, - formatter.format(self.randomx_target_difficulty.as_u64() as f64 ), - formatter.format(self.randomx_network_difficulty.as_u64() as f64), - formatter.format(self.sha_target_difficulty.as_u64() as f64), - formatter.format(self.sha_network_difficulty.as_u64() as f64), - self.miner_rx_accepted, - self.miner_sha_accepted, - self.pool_rx_accepted, - self.pool_sha_accepted, - self.total_peers, - self.total_grey_list, - self.total_black_list, - self.total_non_squad_peers, - self.established_incoming, - self.established_outgoing, - humantime::format_duration(Duration::from_secs(EpochTime::now().as_u64().checked_sub( - self.last_gossip_message.as_u64() - ).unwrap_or_default())), - ); - }, + self.randomx_chain_height.saturating_sub(self.randomx_chain_length), + self.randomx_chain_height, + self.sha3x_chain_height.saturating_sub(self.sha3x_chain_length), + self.sha3x_chain_height, + formatter.format(self.randomx_target_difficulty.as_u64() as f64 ), + formatter.format(self.randomx_network_difficulty.as_u64() as f64), + formatter.format(self.sha_target_difficulty.as_u64() as f64), + formatter.format(self.sha_network_difficulty.as_u64() as f64), + self.miner_rx_accepted, + self.miner_sha_accepted, + self.pool_rx_accepted, + self.pool_sha_accepted, + self.total_peers, + self.total_grey_list, + self.total_black_list, + self.total_non_squad_peers, + self.established_incoming, + self.established_outgoing, + humantime::format_duration(Duration::from_secs(EpochTime::now().as_u64().checked_sub( + self.last_gossip_message.as_u64() + ).unwrap_or_default())), + ); + }, + _ = diagnostic_report_timer.tick() => { + if let Some(peer_id) = peer_id { + let mut peer_stats: Vec = self.peer_stats.values().cloned().collect(); + peer_stats.sort_by(|a, b| a.timestamp.cmp(&b.timestamp)); + if let Ok(mut file) = File::create("peer_connectivity_stats.csv") { + let _unused = writeln!( + file, + "PeerId: {}, Addresses: {}\n", + peer_id.to_base58(), + self.local_peer_addresses.iter().map(|a| a.to_string()).collect::>().join(",") + ); + let _unused = writeln!( + file, + "peer_id,peer_is_a_seed_peer,number_received,timestamp,public_addresses" + ); + for stats in &peer_stats { + let timestamp_i64 = i64::try_from(stats.timestamp.as_u64()).unwrap_or(i64::MAX); + let local_time: LocalResult> = Local.timestamp_opt(timestamp_i64, 0); + let formatted_time = match local_time { + LocalResult::Single(time) => time.format("%Y-%m-%d %H:%M:%S").to_string(), + _ => "Invalid timestamp".to_string(), + }; + let _unused = writeln!( + file, + "{},{},{},{},{}", + stats.peer_id.to_base58(), + stats.peer_is_a_seed_peer, + stats.number_received, + formatted_time, + stats.public_addresses.iter().map(|a| a.to_string()).collect::>().join(",") + ); + } + let _unused = file.flush(); + } + } + } res = self.request_rx.recv() => { match res { Some(StatsRequest::GetStats(pow, tx)) => { @@ -330,6 +434,17 @@ pub(crate) enum StatData { total_non_squad: u64, timestamp: EpochTime, }, + PeerStats { + peer_is_a_seed_peer: bool, + peer_id: PeerId, + public_addresses: Vec, + number_received: u64, + timestamp: EpochTime, + }, + LocalPeerAddresses { + local_peer_addresses: Vec, + timestamp: EpochTime, + }, LibP2PStats { pending_incoming: u32, pending_outgoing: u32, @@ -354,6 +469,8 @@ impl StatData { StatData::NetworkDifficultyChanged { timestamp, .. } => *timestamp, StatData::LibP2PStats { timestamp, .. } => *timestamp, StatData::GossipsubMessageReceived { timestamp } => *timestamp, + StatData::PeerStats { timestamp, .. } => *timestamp, + StatData::LocalPeerAddresses { timestamp, .. } => *timestamp, } } } @@ -462,6 +579,29 @@ impl StatsBroadcastClient { }) } + pub fn update_local_peer_addresses(&self, public_addresses: Vec) -> Result<(), anyhow::Error> { + self.broadcast(StatData::LocalPeerAddresses { + local_peer_addresses: public_addresses, + timestamp: EpochTime::now(), + }) + } + + pub fn send_peer_stats( + &self, + peer_is_a_seed_peer: bool, + peer_id: PeerId, + public_addresses: Vec, + number_received: u64, + ) -> Result<(), anyhow::Error> { + self.broadcast(StatData::PeerStats { + peer_is_a_seed_peer, + peer_id, + public_addresses, + number_received, + timestamp: EpochTime::now(), + }) + } + pub fn send_target_difficulty( &self, pow_algo: PowAlgorithm, diff --git a/p2pool/src/server/p2p/network.rs b/p2pool/src/server/p2p/network.rs index d1548e7c..d79da1c1 100644 --- a/p2pool/src/server/p2p/network.rs +++ b/p2pool/src/server/p2p/network.rs @@ -406,6 +406,12 @@ where S: ShareChain *self.swarm.local_peer_id() } + pub fn local_peer_addresses(&self) -> Vec { + let mut addresses: Vec = self.swarm.external_addresses().cloned().collect(); + addresses.append(&mut self.swarm.listeners().cloned().collect()); + addresses + } + async fn create_peer_info(&mut self, public_addresses: Vec) -> Result { let share_chain_sha3x = self.share_chain_sha3x.clone(); let share_chain_random_x = self.share_chain_random_x.clone(); @@ -1091,6 +1097,15 @@ where S: ShareChain return; } + // Update peer stats + let peer_is_a_seed_peer = self.network_peer_store.read().await.is_seed_peer(&peer_id); + let _unused = self.stats_broadcast_client.send_peer_stats( + peer_is_a_seed_peer, + peer_id, + response.info.public_addresses(), + num_peers_added, + ); + // if we are a seed peer, end here if self.config.is_seed_peer { debug!( @@ -1114,7 +1129,7 @@ where S: ShareChain } // Once we have peer info from the seed peers, disconnect from them. - if self.network_peer_store.read().await.is_seed_peer(&peer_id) { + if peer_is_a_seed_peer { info!(target: LOG_TARGET, "[DIRECT_PEER_EXCHANGE_RESP] Disconnecting from seed peer {}", peer_id); let _ = self.swarm.disconnect_peer_id(peer_id); } diff --git a/p2pool/src/server/p2p/peer_store.rs b/p2pool/src/server/p2p/peer_store.rs index d170d718..4de9a3ab 100644 --- a/p2pool/src/server/p2p/peer_store.rs +++ b/p2pool/src/server/p2p/peer_store.rs @@ -113,6 +113,7 @@ impl PeerStore { record.num_grey_listings = 0; self.whitelist_peers.insert(peer_id.to_base58(), record); + self.update_peer_stats(); } if let Some(entry) = self.blacklist_peers.get_mut(&peer_id.to_base58()) { @@ -296,6 +297,7 @@ impl PeerStore { peer_record.last_grey_list_reason = Some("Seed peer".to_string()); self.greylist_peers.insert(peer_id.to_base58(), peer_record); + self.update_peer_stats(); return AddPeerStatus::Greylisted; } if self.blacklist_peers.contains_key(&peer_id.to_base58()) { @@ -314,14 +316,7 @@ impl PeerStore { }; self.non_squad_peers .insert(peer_id.to_base58(), PeerStoreRecord::new(peer_id, peer_info)); - if return_type == AddPeerStatus::NonSquad { - let _unused = self.stats_broadcast_client.send_new_peer( - self.whitelist_peers.len() as u64, - self.greylist_peers.len() as u64, - self.blacklist_peers.len() as u64, - self.non_squad_peers.len() as u64, - ); - } + self.update_peer_stats(); return return_type; } @@ -337,20 +332,23 @@ impl PeerStore { new_record.last_grey_list_reason = entry.last_grey_list_reason.clone(); *entry = new_record; - // self.whitelist_peers.insert(peer_id, PeerStoreRecord::new(peer_info)); return AddPeerStatus::Existing; } self.whitelist_peers .insert(peer_id.to_base58(), PeerStoreRecord::new(peer_id, peer_info)); + self.update_peer_stats(); + debug!(target: LOG_TARGET, "Peer NewPeer: {}", peer_id); + AddPeerStatus::NewPeer + } + + fn update_peer_stats(&self) { let _unused = self.stats_broadcast_client.send_new_peer( self.whitelist_peers.len() as u64, self.greylist_peers.len() as u64, self.blacklist_peers.len() as u64, self.non_squad_peers.len() as u64, ); - debug!(target: LOG_TARGET, "Peer NewPeer: {}", peer_id); - AddPeerStatus::NewPeer } pub fn clear_grey_list(&mut self) { @@ -366,12 +364,7 @@ impl PeerStore { self.whitelist_peers.insert(peer_id.clone(), record.clone()); } } - let _unused = self.stats_broadcast_client.send_new_peer( - self.whitelist_peers.len() as u64, - self.greylist_peers.len() as u64, - self.blacklist_peers.len() as u64, - self.non_squad_peers.len() as u64, - ); + self.update_peer_stats(); } pub fn clear_black_list(&mut self) { @@ -381,12 +374,7 @@ impl PeerStore { record.num_grey_listings = 0; self.whitelist_peers.insert(peer_id, record); } - let _unused = self.stats_broadcast_client.send_new_peer( - self.whitelist_peers.len() as u64, - self.greylist_peers.len() as u64, - self.blacklist_peers.len() as u64, - self.non_squad_peers.len() as u64, - ); + self.update_peer_stats(); } pub fn move_to_grey_list(&mut self, peer_id: PeerId, reason: String) { @@ -397,12 +385,7 @@ impl PeerStore { record.last_grey_list_reason = Some(reason.clone()); record.num_grey_listings += 1; self.greylist_peers.insert(peer_id.to_base58(), record); - let _unused = self.stats_broadcast_client.send_new_peer( - self.whitelist_peers.len() as u64, - self.greylist_peers.len() as u64, - self.blacklist_peers.len() as u64, - self.non_squad_peers.len() as u64, - ); + self.update_peer_stats(); } } } @@ -419,12 +402,7 @@ impl PeerStore { if let Some(record) = record { warn!(target: LOG_TARGET, "Blacklisting peer {} because of: {}", peer, reason); self.blacklist_peers.insert(peer.to_base58(), record); - let _unused = self.stats_broadcast_client.send_new_peer( - self.whitelist_peers.len() as u64, - self.greylist_peers.len() as u64, - self.blacklist_peers.len() as u64, - self.non_squad_peers.len() as u64, - ); + self.update_peer_stats(); } } diff --git a/p2pool/src/server/server.rs b/p2pool/src/server/server.rs index 123b6282..61d88d16 100644 --- a/p2pool/src/server/server.rs +++ b/p2pool/src/server/server.rs @@ -117,6 +117,8 @@ where S: ShareChain None }; + let _unused = stats_broadcast_client.update_local_peer_addresses(p2p_service.local_peer_addresses()); + Ok(Self { config, p2p_service, From 1a7f365d774cb88ea88154c76bc1236ecc0955fe Mon Sep 17 00:00:00 2001 From: Hansie Odendaal Date: Mon, 10 Mar 2025 14:36:04 +0200 Subject: [PATCH 2/5] codderabbitai nits --- p2pool/src/server/http/stats_collector.rs | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/p2pool/src/server/http/stats_collector.rs b/p2pool/src/server/http/stats_collector.rs index c6b967af..3421ab83 100644 --- a/p2pool/src/server/http/stats_collector.rs +++ b/p2pool/src/server/http/stats_collector.rs @@ -299,17 +299,18 @@ impl StatsCollector { if let Some(peer_id) = peer_id { let mut peer_stats: Vec = self.peer_stats.values().cloned().collect(); peer_stats.sort_by(|a, b| a.timestamp.cmp(&b.timestamp)); - if let Ok(mut file) = File::create("peer_connectivity_stats.csv") { - let _unused = writeln!( + let stats_file = "peer_connectivity_stats.csv"; + let result = File::create(stats_file).and_then(|mut file| { + writeln!( file, "PeerId: {}, Addresses: {}\n", peer_id.to_base58(), self.local_peer_addresses.iter().map(|a| a.to_string()).collect::>().join(",") - ); - let _unused = writeln!( + )?; + writeln!( file, "peer_id,peer_is_a_seed_peer,number_received,timestamp,public_addresses" - ); + )?; for stats in &peer_stats { let timestamp_i64 = i64::try_from(stats.timestamp.as_u64()).unwrap_or(i64::MAX); let local_time: LocalResult> = Local.timestamp_opt(timestamp_i64, 0); @@ -317,7 +318,7 @@ impl StatsCollector { LocalResult::Single(time) => time.format("%Y-%m-%d %H:%M:%S").to_string(), _ => "Invalid timestamp".to_string(), }; - let _unused = writeln!( + writeln!( file, "{},{},{},{},{}", stats.peer_id.to_base58(), @@ -325,9 +326,13 @@ impl StatsCollector { stats.number_received, formatted_time, stats.public_addresses.iter().map(|a| a.to_string()).collect::>().join(",") - ); + )?; } let _unused = file.flush(); + Ok(()) + }); + if let Err(e) = result { + error!(target: LOG_TARGET, "Failed to write diagnostic report ({}): {}", stats_file, e); } } } From f23ce9d164427d3d999b61b09639360a0eafe997 Mon Sep 17 00:00:00 2001 From: Hansie Odendaal Date: Mon, 10 Mar 2025 15:21:26 +0200 Subject: [PATCH 3/5] Update cargo vet --- supply-chain/config.toml | 610 +++++++++++++++++++++++++++++++++- supply-chain/imports.lock | 680 +++++++++++++++++++++++++++++--------- 2 files changed, 1139 insertions(+), 151 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 702ff868..3d80c078 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -89,6 +89,14 @@ criteria = "safe-to-deploy" version = "0.10.3" criteria = "safe-to-deploy" +[[exemptions.aes-kw]] +version = "0.2.1" +criteria = "safe-to-deploy" + +[[exemptions.ahash]] +version = "0.8.11" +criteria = "safe-to-deploy" + [[exemptions.aho-corasick]] version = "1.1.3" criteria = "safe-to-deploy" @@ -133,6 +141,14 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" +[[exemptions.argon2]] +version = "0.5.3" +criteria = "safe-to-deploy" + +[[exemptions.arraydeque]] +version = "0.5.1" +criteria = "safe-to-deploy" + [[exemptions.asn1-rs]] version = "0.6.2" criteria = "safe-to-deploy" @@ -185,10 +201,22 @@ criteria = "safe-to-deploy" version = "0.24.1" criteria = "safe-to-deploy" +[[exemptions.autotools]] +version = "0.2.7" +criteria = "safe-to-deploy" + +[[exemptions.axum]] +version = "0.6.20" +criteria = "safe-to-deploy" + [[exemptions.axum]] version = "0.7.9" criteria = "safe-to-deploy" +[[exemptions.axum-core]] +version = "0.3.4" +criteria = "safe-to-deploy" + [[exemptions.axum-core]] version = "0.4.5" criteria = "safe-to-deploy" @@ -221,6 +249,10 @@ criteria = "safe-to-deploy" version = "1.3.3" criteria = "safe-to-deploy" +[[exemptions.bitfield]] +version = "0.14.0" +criteria = "safe-to-deploy" + [[exemptions.bitflags]] version = "0.9.1" criteria = "safe-to-deploy" @@ -237,6 +269,14 @@ criteria = "safe-to-deploy" version = "0.10.6" criteria = "safe-to-deploy" +[[exemptions.block-padding]] +version = "0.3.3" +criteria = "safe-to-deploy" + +[[exemptions.blowfish]] +version = "0.9.1" +criteria = "safe-to-deploy" + [[exemptions.borsh]] version = "1.5.5" criteria = "safe-to-deploy" @@ -253,10 +293,18 @@ criteria = "safe-to-deploy" version = "0.5.1" criteria = "safe-to-deploy" +[[exemptions.buffer-redux]] +version = "1.0.2" +criteria = "safe-to-deploy" + [[exemptions.byte-slice-cast]] version = "1.2.2" criteria = "safe-to-deploy" +[[exemptions.bytecount]] +version = "0.6.8" +criteria = "safe-to-deploy" + [[exemptions.bytes]] version = "0.5.6" criteria = "safe-to-deploy" @@ -265,6 +313,14 @@ criteria = "safe-to-deploy" version = "1.10.0" criteria = "safe-to-deploy" +[[exemptions.camellia]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.cast5]] +version = "0.11.1" +criteria = "safe-to-deploy" + [[exemptions.cbor4ii]] version = "0.3.3" criteria = "safe-to-deploy" @@ -273,6 +329,10 @@ criteria = "safe-to-deploy" version = "1.2.13" criteria = "safe-to-deploy" +[[exemptions.cfb-mode]] +version = "0.8.2" +criteria = "safe-to-deploy" + [[exemptions.cfg_aliases]] version = "0.2.1" criteria = "safe-to-deploy" @@ -289,6 +349,10 @@ criteria = "safe-to-deploy" version = "0.10.1" criteria = "safe-to-deploy" +[[exemptions.checked_int_cast]] +version = "1.0.0" +criteria = "safe-to-deploy" + [[exemptions.chrono]] version = "0.4.39" criteria = "safe-to-deploy" @@ -305,6 +369,10 @@ criteria = "safe-to-deploy" version = "2.34.0" criteria = "safe-to-deploy" +[[exemptions.clap]] +version = "3.2.25" +criteria = "safe-to-deploy" + [[exemptions.clap]] version = "4.5.28" criteria = "safe-to-deploy" @@ -313,14 +381,26 @@ criteria = "safe-to-deploy" version = "4.5.27" criteria = "safe-to-deploy" +[[exemptions.clap_derive]] +version = "3.2.25" +criteria = "safe-to-deploy" + [[exemptions.clap_derive]] version = "4.5.28" criteria = "safe-to-deploy" +[[exemptions.clap_lex]] +version = "0.2.4" +criteria = "safe-to-deploy" + [[exemptions.clap_lex]] version = "0.7.4" criteria = "safe-to-deploy" +[[exemptions.clipboard-win]] +version = "4.5.0" +criteria = "safe-to-deploy" + [[exemptions.colorchoice]] version = "1.0.3" criteria = "safe-to-deploy" @@ -333,10 +413,30 @@ criteria = "safe-to-deploy" version = "0.14.1" criteria = "safe-to-deploy" +[[exemptions.console]] +version = "0.15.10" +criteria = "safe-to-deploy" + +[[exemptions.console-api]] +version = "0.5.0" +criteria = "safe-to-deploy" + +[[exemptions.console-subscriber]] +version = "0.1.10" +criteria = "safe-to-deploy" + [[exemptions.const-oid]] version = "0.9.6" criteria = "safe-to-deploy" +[[exemptions.const-random]] +version = "0.1.18" +criteria = "safe-to-deploy" + +[[exemptions.const-random-macro]] +version = "0.1.16" +criteria = "safe-to-deploy" + [[exemptions.const_format]] version = "0.2.34" criteria = "safe-to-deploy" @@ -345,6 +445,14 @@ criteria = "safe-to-deploy" version = "0.2.34" criteria = "safe-to-deploy" +[[exemptions.convert_case]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.convert_case]] +version = "0.6.0" +criteria = "safe-to-deploy" + [[exemptions.core2]] version = "0.4.0" criteria = "safe-to-deploy" @@ -353,10 +461,18 @@ criteria = "safe-to-deploy" version = "0.2.17" criteria = "safe-to-deploy" +[[exemptions.crc24]] +version = "0.1.6" +criteria = "safe-to-deploy" + [[exemptions.critical-section]] version = "1.2.0" criteria = "safe-to-deploy" +[[exemptions.crossbeam-channel]] +version = "0.5.14" +criteria = "safe-to-deploy" + [[exemptions.crossbeam-deque]] version = "0.8.6" criteria = "safe-to-deploy" @@ -369,6 +485,14 @@ criteria = "safe-to-deploy" version = "0.8.21" criteria = "safe-to-deploy" +[[exemptions.crossterm]] +version = "0.28.1" +criteria = "safe-to-deploy" + +[[exemptions.crossterm_winapi]] +version = "0.9.1" +criteria = "safe-to-deploy" + [[exemptions.crunchy]] version = "0.2.3" criteria = "safe-to-deploy" @@ -381,6 +505,18 @@ criteria = "safe-to-deploy" version = "0.9.2" criteria = "safe-to-deploy" +[[exemptions.cucumber]] +version = "0.20.2" +criteria = "safe-to-deploy" + +[[exemptions.cucumber-codegen]] +version = "0.20.2" +criteria = "safe-to-deploy" + +[[exemptions.cucumber-expressions]] +version = "0.3.0" +criteria = "safe-to-deploy" + [[exemptions.curve25519-dalek]] version = "4.1.3" criteria = "safe-to-deploy" @@ -429,10 +565,46 @@ criteria = "safe-to-deploy" version = "2.2.0" criteria = "safe-to-deploy" +[[exemptions.derive-getters]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.derive_builder]] +version = "0.20.2" +criteria = "safe-to-deploy" + +[[exemptions.derive_builder_core]] +version = "0.20.2" +criteria = "safe-to-deploy" + +[[exemptions.derive_builder_macro]] +version = "0.20.2" +criteria = "safe-to-deploy" + +[[exemptions.derive_more]] +version = "0.99.19" +criteria = "safe-to-deploy" + +[[exemptions.derive_more]] +version = "1.0.0" +criteria = "safe-to-deploy" + +[[exemptions.derive_more-impl]] +version = "1.0.0" +criteria = "safe-to-deploy" + +[[exemptions.des]] +version = "0.8.1" +criteria = "safe-to-deploy" + [[exemptions.destructure_traitobject]] version = "0.2.0" criteria = "safe-to-deploy" +[[exemptions.dialoguer]] +version = "0.10.4" +criteria = "safe-to-deploy" + [[exemptions.diesel]] version = "2.2.7" criteria = "safe-to-deploy" @@ -469,6 +641,18 @@ criteria = "safe-to-deploy" version = "0.1.2" criteria = "safe-to-deploy" +[[exemptions.dlv-list]] +version = "0.5.2" +criteria = "safe-to-deploy" + +[[exemptions.drain_filter_polyfill]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.dsa]] +version = "0.6.3" +criteria = "safe-to-deploy" + [[exemptions.dsl_auto_type]] version = "0.1.3" criteria = "safe-to-deploy" @@ -477,6 +661,10 @@ criteria = "safe-to-deploy" version = "1.0.9" criteria = "safe-to-deploy" +[[exemptions.eax]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.ecdsa]] version = "0.16.9" criteria = "safe-to-deploy" @@ -489,10 +677,18 @@ criteria = "safe-to-deploy" version = "2.1.1" criteria = "safe-to-deploy" +[[exemptions.ed448-goldilocks]] +version = "0.7.2" +criteria = "safe-to-deploy" + [[exemptions.elliptic-curve]] version = "0.13.8" criteria = "safe-to-deploy" +[[exemptions.encode_unicode]] +version = "1.0.0" +criteria = "safe-to-deploy" + [[exemptions.endian-type]] version = "0.1.2" criteria = "safe-to-deploy" @@ -501,6 +697,10 @@ criteria = "safe-to-deploy" version = "0.6.1" criteria = "safe-to-deploy" +[[exemptions.error-code]] +version = "2.3.1" +criteria = "safe-to-deploy" + [[exemptions.event-listener]] version = "5.4.0" criteria = "safe-to-deploy" @@ -529,6 +729,10 @@ criteria = "safe-to-deploy" version = "0.4.3" criteria = "safe-to-deploy" +[[exemptions.fs_extra]] +version = "1.3.0" +criteria = "safe-to-deploy" + [[exemptions.funty]] version = "2.0.0" criteria = "safe-to-deploy" @@ -585,10 +789,26 @@ criteria = "safe-to-deploy" version = "0.5.1" criteria = "safe-to-deploy" +[[exemptions.gherkin]] +version = "0.14.0" +criteria = "safe-to-deploy" + [[exemptions.gimli]] version = "0.31.1" criteria = "safe-to-deploy" +[[exemptions.git2]] +version = "0.18.3" +criteria = "safe-to-deploy" + +[[exemptions.globset]] +version = "0.4.15" +criteria = "safe-to-deploy" + +[[exemptions.globwalk]] +version = "0.8.1" +criteria = "safe-to-deploy" + [[exemptions.group]] version = "0.13.0" criteria = "safe-to-deploy" @@ -606,7 +826,11 @@ version = "1.8.3" criteria = "safe-to-deploy" [[exemptions.hashbrown]] -version = "0.15.2" +version = "0.14.5" +criteria = "safe-to-deploy" + +[[exemptions.hashlink]] +version = "0.8.4" criteria = "safe-to-deploy" [[exemptions.hdrhistogram]] @@ -617,6 +841,10 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" +[[exemptions.hermit-abi]] +version = "0.1.19" +criteria = "safe-to-deploy" + [[exemptions.hermit-abi]] version = "0.3.9" criteria = "safe-to-deploy" @@ -625,6 +853,10 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" +[[exemptions.hex-literal]] +version = "0.3.4" +criteria = "safe-to-deploy" + [[exemptions.hex-literal]] version = "0.4.1" criteria = "safe-to-deploy" @@ -697,14 +929,26 @@ criteria = "safe-to-deploy" version = "1.6.0" criteria = "safe-to-deploy" +[[exemptions.hyper-timeout]] +version = "0.4.1" +criteria = "safe-to-deploy" + [[exemptions.hyper-timeout]] version = "0.5.2" criteria = "safe-to-deploy" +[[exemptions.hyper-tls]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.hyper-util]] version = "0.1.10" criteria = "safe-to-deploy" +[[exemptions.idea]] +version = "0.5.1" +criteria = "safe-to-deploy" + [[exemptions.ident_case]] version = "1.0.1" criteria = "safe-to-deploy" @@ -725,6 +969,14 @@ criteria = "safe-to-deploy" version = "0.14.3" criteria = "safe-to-deploy" +[[exemptions.ignore]] +version = "0.4.23" +criteria = "safe-to-deploy" + +[[exemptions.image]] +version = "0.23.14" +criteria = "safe-to-deploy" + [[exemptions.impl-codec]] version = "0.6.0" criteria = "safe-to-deploy" @@ -741,6 +993,10 @@ criteria = "safe-to-deploy" version = "1.9.3" criteria = "safe-to-deploy" +[[exemptions.inflections]] +version = "1.1.1" +criteria = "safe-to-deploy" + [[exemptions.instant]] version = "0.1.13" criteria = "safe-to-deploy" @@ -749,6 +1005,10 @@ criteria = "safe-to-deploy" version = "3.0.4" criteria = "safe-to-deploy" +[[exemptions.inventory]] +version = "0.3.19" +criteria = "safe-to-deploy" + [[exemptions.ipconfig]] version = "0.3.2" criteria = "safe-to-deploy" @@ -761,6 +1021,10 @@ criteria = "safe-to-deploy" version = "1.70.1" criteria = "safe-to-deploy" +[[exemptions.iter-read]] +version = "1.1.0" +criteria = "safe-to-deploy" + [[exemptions.itertools]] version = "0.10.5" criteria = "safe-to-deploy" @@ -769,18 +1033,46 @@ criteria = "safe-to-deploy" version = "0.13.0" criteria = "safe-to-deploy" +[[exemptions.jobserver]] +version = "0.1.32" +criteria = "safe-to-deploy" + [[exemptions.js-sys]] version = "0.3.77" criteria = "safe-to-deploy" +[[exemptions.json5]] +version = "0.4.1" +criteria = "safe-to-deploy" + +[[exemptions.junit-report]] +version = "0.8.3" +criteria = "safe-to-deploy" + +[[exemptions.k256]] +version = "0.13.4" +criteria = "safe-to-deploy" + [[exemptions.keccak]] version = "0.1.5" criteria = "safe-to-deploy" +[[exemptions.lazy-regex]] +version = "3.4.1" +criteria = "safe-to-deploy" + +[[exemptions.lazy-regex-proc_macros]] +version = "3.4.1" +criteria = "safe-to-deploy" + [[exemptions.libc]] version = "0.2.169" criteria = "safe-to-deploy" +[[exemptions.libgit2-sys]] +version = "0.16.2+1.7.2" +criteria = "safe-to-deploy" + [[exemptions.liblmdb-sys]] version = "0.2.2" criteria = "safe-to-deploy" @@ -897,6 +1189,26 @@ criteria = "safe-to-deploy" version = "0.31.0" criteria = "safe-to-deploy" +[[exemptions.libtor]] +version = "47.13.0+0.4.7.x" +criteria = "safe-to-deploy" + +[[exemptions.libtor-derive]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.libtor-src]] +version = "47.13.0+0.4.7.13" +criteria = "safe-to-deploy" + +[[exemptions.libtor-sys]] +version = "47.13.0+0.4.7.x" +criteria = "safe-to-deploy" + +[[exemptions.libz-sys]] +version = "1.1.21" +criteria = "safe-to-deploy" + [[exemptions.linux-raw-sys]] version = "0.4.15" criteria = "safe-to-deploy" @@ -933,10 +1245,18 @@ criteria = "safe-to-deploy" version = "0.7.3" criteria = "safe-to-deploy" +[[exemptions.md-5]] +version = "0.10.6" +criteria = "safe-to-deploy" + [[exemptions.memchr]] version = "2.7.4" criteria = "safe-to-deploy" +[[exemptions.memoffset]] +version = "0.6.5" +criteria = "safe-to-deploy" + [[exemptions.memory-stats]] version = "1.2.0" criteria = "safe-to-deploy" @@ -1009,6 +1329,10 @@ criteria = "safe-to-deploy" version = "0.13.0" criteria = "safe-to-deploy" +[[exemptions.native-tls]] +version = "0.2.14" +criteria = "safe-to-deploy" + [[exemptions.netlink-packet-core]] version = "0.7.0" criteria = "safe-to-deploy" @@ -1037,6 +1361,10 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-deploy" +[[exemptions.nix]] +version = "0.23.2" +criteria = "safe-to-deploy" + [[exemptions.nix]] version = "0.26.4" criteria = "safe-to-deploy" @@ -1045,6 +1373,10 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" +[[exemptions.nom_locate]] +version = "4.2.0" +criteria = "safe-to-deploy" + [[exemptions.ntapi]] version = "0.4.1" criteria = "safe-to-deploy" @@ -1057,6 +1389,10 @@ criteria = "safe-to-deploy" version = "0.4.6" criteria = "safe-to-deploy" +[[exemptions.num-bigint-dig]] +version = "0.8.4" +criteria = "safe-to-deploy" + [[exemptions.num-complex]] version = "0.4.6" criteria = "safe-to-deploy" @@ -1065,14 +1401,30 @@ criteria = "safe-to-deploy" version = "0.4.4" criteria = "safe-to-deploy" +[[exemptions.num-rational]] +version = "0.3.2" +criteria = "safe-to-deploy" + [[exemptions.num_cpus]] version = "1.16.0" criteria = "safe-to-deploy" +[[exemptions.num_enum]] +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.num_enum_derive]] +version = "0.7.3" +criteria = "safe-to-deploy" + [[exemptions.object]] version = "0.36.7" criteria = "safe-to-deploy" +[[exemptions.ocb3]] +version = "0.1.0" +criteria = "safe-to-deploy" + [[exemptions.oid-registry]] version = "0.7.1" criteria = "safe-to-deploy" @@ -1085,6 +1437,14 @@ criteria = "safe-to-deploy" version = "0.10.70" criteria = "safe-to-deploy" +[[exemptions.openssl-probe]] +version = "0.1.6" +criteria = "safe-to-deploy" + +[[exemptions.openssl-src]] +version = "300.4.2+3.4.1" +criteria = "safe-to-deploy" + [[exemptions.openssl-sys]] version = "0.9.105" criteria = "safe-to-deploy" @@ -1097,10 +1457,26 @@ criteria = "safe-to-deploy" version = "3.9.2" criteria = "safe-to-deploy" +[[exemptions.ordered-multimap]] +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.os_str_bytes]] +version = "6.6.1" +criteria = "safe-to-deploy" + [[exemptions.p256]] version = "0.13.2" criteria = "safe-to-deploy" +[[exemptions.p384]] +version = "0.13.1" +criteria = "safe-to-deploy" + +[[exemptions.p521]] +version = "0.13.3" +criteria = "safe-to-deploy" + [[exemptions.parity-scale-codec]] version = "3.7.4" criteria = "safe-to-deploy" @@ -1125,6 +1501,10 @@ criteria = "safe-to-deploy" version = "0.4.2" criteria = "safe-to-deploy" +[[exemptions.password-hash]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.paste]] version = "1.0.15" criteria = "safe-to-deploy" @@ -1137,6 +1517,18 @@ criteria = "safe-to-deploy" version = "0.2.3" criteria = "safe-to-deploy" +[[exemptions.peg]] +version = "0.6.3" +criteria = "safe-to-deploy" + +[[exemptions.peg-macros]] +version = "0.6.3" +criteria = "safe-to-deploy" + +[[exemptions.peg-runtime]] +version = "0.6.3" +criteria = "safe-to-deploy" + [[exemptions.pem]] version = "3.0.4" criteria = "safe-to-deploy" @@ -1145,10 +1537,30 @@ criteria = "safe-to-deploy" version = "0.7.0" criteria = "safe-to-deploy" +[[exemptions.pest]] +version = "2.7.15" +criteria = "safe-to-deploy" + +[[exemptions.pest_derive]] +version = "2.7.15" +criteria = "safe-to-deploy" + +[[exemptions.pest_generator]] +version = "2.7.15" +criteria = "safe-to-deploy" + +[[exemptions.pest_meta]] +version = "2.7.15" +criteria = "safe-to-deploy" + [[exemptions.petgraph]] version = "0.6.5" criteria = "safe-to-deploy" +[[exemptions.pgp]] +version = "0.14.2" +criteria = "safe-to-deploy" + [[exemptions.pin-project]] version = "0.4.30" criteria = "safe-to-deploy" @@ -1169,6 +1581,10 @@ criteria = "safe-to-deploy" version = "0.2.16" criteria = "safe-to-deploy" +[[exemptions.pkcs1]] +version = "0.7.5" +criteria = "safe-to-deploy" + [[exemptions.pkcs8]] version = "0.10.2" criteria = "safe-to-deploy" @@ -1265,6 +1681,10 @@ criteria = "safe-to-deploy" version = "0.13.4" criteria = "safe-to-deploy" +[[exemptions.qrcode]] +version = "0.12.0" +criteria = "safe-to-deploy" + [[exemptions.quick-error]] version = "1.2.3" criteria = "safe-to-deploy" @@ -1277,6 +1697,10 @@ criteria = "safe-to-deploy" version = "0.3.1" criteria = "safe-to-deploy" +[[exemptions.quick-xml]] +version = "0.31.0" +criteria = "safe-to-deploy" + [[exemptions.quinn]] version = "0.11.6" criteria = "safe-to-deploy" @@ -1301,6 +1725,10 @@ criteria = "safe-to-deploy" version = "0.8.5" criteria = "safe-to-deploy" +[[exemptions.rand_core]] +version = "0.5.1" +criteria = "safe-to-deploy" + [[exemptions.randomx-rs]] version = "1.3.2" criteria = "safe-to-deploy" @@ -1325,10 +1753,26 @@ criteria = "safe-to-deploy" version = "1.11.1" criteria = "safe-to-deploy" +[[exemptions.regex-automata]] +version = "0.1.10" +criteria = "safe-to-deploy" + [[exemptions.regex-automata]] version = "0.4.9" criteria = "safe-to-deploy" +[[exemptions.regex-syntax]] +version = "0.6.29" +criteria = "safe-to-deploy" + +[[exemptions.regex-syntax]] +version = "0.7.5" +criteria = "safe-to-deploy" + +[[exemptions.reqwest]] +version = "0.11.27" +criteria = "safe-to-deploy" + [[exemptions.resolv-conf]] version = "0.7.0" criteria = "safe-to-deploy" @@ -1345,12 +1789,24 @@ criteria = "safe-to-deploy" version = "0.17.8" criteria = "safe-to-deploy" +[[exemptions.ripemd]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.ron]] +version = "0.8.1" +criteria = "safe-to-deploy" + +[[exemptions.rsa]] +version = "0.9.7" +criteria = "safe-to-deploy" + [[exemptions.rtnetlink]] version = "0.13.1" criteria = "safe-to-deploy" -[[exemptions.rustc-hash]] -version = "2.1.1" +[[exemptions.rust-ini]] +version = "0.20.0" criteria = "safe-to-deploy" [[exemptions.rustc-hex]] @@ -1373,6 +1829,10 @@ criteria = "safe-to-deploy" version = "0.23.22" criteria = "safe-to-deploy" +[[exemptions.rustls-native-certs]] +version = "0.8.1" +criteria = "safe-to-deploy" + [[exemptions.rustls-pemfile]] version = "1.0.4" criteria = "safe-to-deploy" @@ -1393,6 +1853,14 @@ criteria = "safe-to-deploy" version = "0.102.8" criteria = "safe-to-deploy" +[[exemptions.rustyline]] +version = "9.1.2" +criteria = "safe-to-deploy" + +[[exemptions.rustyline-derive]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.rw-stream-sink]] version = "0.4.0" criteria = "safe-to-deploy" @@ -1401,6 +1869,14 @@ criteria = "safe-to-deploy" version = "1.0.19" criteria = "safe-to-deploy" +[[exemptions.same-file]] +version = "1.0.6" +criteria = "safe-to-deploy" + +[[exemptions.schannel]] +version = "0.1.27" +criteria = "safe-to-deploy" + [[exemptions.scheduled-thread-pool]] version = "0.2.7" criteria = "safe-to-deploy" @@ -1421,6 +1897,18 @@ criteria = "safe-to-deploy" version = "0.7.3" criteria = "safe-to-deploy" +[[exemptions.security-framework]] +version = "2.11.1" +criteria = "safe-to-deploy" + +[[exemptions.security-framework]] +version = "3.2.0" +criteria = "safe-to-deploy" + +[[exemptions.security-framework-sys]] +version = "2.14.0" +criteria = "safe-to-deploy" + [[exemptions.semver]] version = "1.0.25" criteria = "safe-to-deploy" @@ -1453,6 +1941,22 @@ criteria = "safe-to-deploy" version = "0.9.34+deprecated" criteria = "safe-to-deploy" +[[exemptions.sha1]] +version = "0.6.0" +criteria = "safe-to-deploy" + +[[exemptions.sha1-checked]] +version = "0.10.0" +criteria = "safe-to-deploy" + +[[exemptions.signal-hook]] +version = "0.3.17" +criteria = "safe-to-deploy" + +[[exemptions.signal-hook-mio]] +version = "0.2.4" +criteria = "safe-to-deploy" + [[exemptions.signal-hook-registry]] version = "1.4.2" criteria = "safe-to-deploy" @@ -1493,6 +1997,14 @@ criteria = "safe-to-deploy" version = "0.1.6" criteria = "safe-to-deploy" +[[exemptions.str-buf]] +version = "1.0.6" +criteria = "safe-to-deploy" + +[[exemptions.strip-ansi-escapes]] +version = "0.2.1" +criteria = "safe-to-deploy" + [[exemptions.structopt]] version = "0.3.26" criteria = "safe-to-deploy" @@ -1521,18 +2033,42 @@ criteria = "safe-to-deploy" version = "2.0.98" criteria = "safe-to-deploy" +[[exemptions.sync_wrapper]] +version = "0.1.2" +criteria = "safe-to-deploy" + [[exemptions.sync_wrapper]] version = "1.0.2" criteria = "safe-to-deploy" +[[exemptions.synthez]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.synthez-codegen]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.synthez-core]] +version = "0.3.1" +criteria = "safe-to-deploy" + [[exemptions.sysinfo]] version = "0.30.13" criteria = "safe-to-deploy" +[[exemptions.system-configuration]] +version = "0.5.1" +criteria = "safe-to-deploy" + [[exemptions.system-configuration]] version = "0.6.1" criteria = "safe-to-deploy" +[[exemptions.system-configuration-sys]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.system-configuration-sys]] version = "0.6.0" criteria = "safe-to-deploy" @@ -1629,6 +2165,14 @@ criteria = "safe-to-deploy" version = "3.16.0" criteria = "safe-to-deploy" +[[exemptions.termcolor]] +version = "1.4.1" +criteria = "safe-to-deploy" + +[[exemptions.terminal_size]] +version = "0.4.1" +criteria = "safe-to-deploy" + [[exemptions.textwrap]] version = "0.11.0" criteria = "safe-to-deploy" @@ -1677,6 +2221,10 @@ criteria = "safe-to-deploy" version = "1.43.0" criteria = "safe-to-deploy" +[[exemptions.tokio-io-timeout]] +version = "1.2.0" +criteria = "safe-to-deploy" + [[exemptions.tokio-macros]] version = "2.5.0" criteria = "safe-to-deploy" @@ -1717,6 +2265,10 @@ criteria = "safe-to-deploy" version = "0.22.24" criteria = "safe-to-deploy" +[[exemptions.tonic]] +version = "0.9.2" +criteria = "safe-to-deploy" + [[exemptions.tonic]] version = "0.12.3" criteria = "safe-to-deploy" @@ -1725,6 +2277,10 @@ criteria = "safe-to-deploy" version = "0.12.3" criteria = "safe-to-deploy" +[[exemptions.tor-hash-passwd]] +version = "1.0.1" +criteria = "safe-to-deploy" + [[exemptions.tower]] version = "0.4.13" criteria = "safe-to-deploy" @@ -1753,6 +2309,22 @@ criteria = "safe-to-deploy" version = "0.1.33" criteria = "safe-to-deploy" +[[exemptions.tracing-subscriber]] +version = "0.3.19" +criteria = "safe-to-deploy" + +[[exemptions.twofish]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.typed-builder]] +version = "0.15.2" +criteria = "safe-to-deploy" + +[[exemptions.typed-builder-macro]] +version = "0.15.2" +criteria = "safe-to-deploy" + [[exemptions.typemap-ors]] version = "1.0.0" criteria = "safe-to-deploy" @@ -1761,6 +2333,10 @@ criteria = "safe-to-deploy" version = "1.17.0" criteria = "safe-to-deploy" +[[exemptions.ucd-trie]] +version = "0.1.7" +criteria = "safe-to-deploy" + [[exemptions.uint]] version = "0.9.5" criteria = "safe-to-deploy" @@ -1793,10 +2369,22 @@ criteria = "safe-to-deploy" version = "1.13.1" criteria = "safe-to-deploy" +[[exemptions.valuable]] +version = "0.1.1" +criteria = "safe-to-deploy" + [[exemptions.version_check]] version = "0.9.5" criteria = "safe-to-deploy" +[[exemptions.vte]] +version = "0.14.1" +criteria = "safe-to-deploy" + +[[exemptions.walkdir]] +version = "2.5.0" +criteria = "safe-to-deploy" + [[exemptions.wasi]] version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" @@ -1813,6 +2401,10 @@ criteria = "safe-to-deploy" version = "0.2.100" criteria = "safe-to-deploy" +[[exemptions.wasm-bindgen-futures]] +version = "0.4.50" +criteria = "safe-to-deploy" + [[exemptions.wasm-bindgen-macro]] version = "0.2.100" criteria = "safe-to-deploy" @@ -1853,6 +2445,10 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" +[[exemptions.winapi-util]] +version = "0.1.9" +criteria = "safe-to-deploy" + [[exemptions.winapi-x86_64-pc-windows-gnu]] version = "0.4.0" criteria = "safe-to-deploy" @@ -1973,6 +2569,10 @@ criteria = "safe-to-deploy" version = "2.0.1" criteria = "safe-to-deploy" +[[exemptions.x448]] +version = "0.6.0" +criteria = "safe-to-deploy" + [[exemptions.x509-parser]] version = "0.16.0" criteria = "safe-to-deploy" @@ -1985,6 +2585,10 @@ criteria = "safe-to-deploy" version = "0.10.3" criteria = "safe-to-deploy" +[[exemptions.yaml-rust2]] +version = "0.8.1" +criteria = "safe-to-deploy" + [[exemptions.yamux]] version = "0.12.1" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 82f82a4f..5479a9bb 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -22,6 +22,13 @@ user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" +[[publisher.encoding_rs]] +version = "0.8.35" +when = "2024-10-24" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" + [[publisher.unicode-normalization]] version = "0.1.24" when = "2024-09-17" @@ -43,6 +50,13 @@ user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" +[[publisher.unicode-width]] +version = "0.2.0" +when = "2024-09-19" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.unicode-xid]] version = "0.2.6" when = "2024-09-19" @@ -82,6 +96,12 @@ publication of this crate from CI. This repository requires all PRs are reviewed by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. """ +[[audits.bytecode-alliance.audits.adler2]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "2.0.0" +notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin." + [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" @@ -91,17 +111,61 @@ Unsafe code, but its logic looks good to me. Necessary given what it is doing. Well tested, has quickchecks. """ +[[audits.bytecode-alliance.audits.atty]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.2.14" +notes = """ +Contains only unsafe code for what this crate's purpose is and only accesses +the environment's terminal information when asked. Does its stated purpose and +no more. +""" + [[audits.bytecode-alliance.audits.base64]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." +[[audits.bytecode-alliance.audits.bitflags]] +who = "Jamey Sharp " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.1" +notes = """ +This version adds unsafe impls of traits from the bytemuck crate when built +with that library enabled, but I believe the impls satisfy the documented +safety requirements for bytemuck. The other changes are minor. +""" + +[[audits.bytecode-alliance.audits.bitflags]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "2.3.2 -> 2.3.3" +notes = """ +Nothing outside the realm of what one would expect from a bitflags generator, +all as expected. +""" + +[[audits.bytecode-alliance.audits.bitflags]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "2.4.1 -> 2.6.0" +notes = """ +Changes in how macros are invoked and various bits and pieces of macro-fu. +Otherwise no major changes and nothing dealing with `unsafe`. +""" + [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" +[[audits.bytecode-alliance.audits.cfg-if]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "I am the author of this crate." + [[audits.bytecode-alliance.audits.cipher]] who = "Andrew Brown " criteria = "safe-to-deploy" @@ -139,6 +203,33 @@ who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.3.9 -> 0.3.10" +[[audits.bytecode-alliance.audits.fd-lock]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "3.0.9" +notes = "This crate uses unsafe to make Windows syscalls, to borrow an Fd with an appropriate lifetime, and to zero a windows API structure that appears to have a valid representation with zeroed memory." + +[[audits.bytecode-alliance.audits.fd-lock]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "3.0.9 -> 3.0.10" +notes = "Just a dependency version bump" + +[[audits.bytecode-alliance.audits.fd-lock]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "3.0.10 -> 3.0.12" +notes = "Just a dependency version bump" + +[[audits.bytecode-alliance.audits.foldhash]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.1.3" +notes = """ +Only a minor amount of `unsafe` code in this crate related to global per-process +initialization which looks correct to me. +""" + [[audits.bytecode-alliance.audits.foreign-types]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -196,6 +287,11 @@ who = "Pat Hickey " criteria = "safe-to-deploy" delta = "0.3.28 -> 0.3.31" +[[audits.bytecode-alliance.audits.hashbrown]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +delta = "0.14.5 -> 0.15.2" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -270,6 +366,47 @@ Minimal `unsafe` usage. Few blocks that existed looked reasonable. Does what it says on the tin: lots of iterators. """ +[[audits.bytecode-alliance.audits.itoa]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "1.0.11 -> 1.0.14" + +[[audits.bytecode-alliance.audits.matchers]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.0" + +[[audits.bytecode-alliance.audits.miniz_oxide]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.7.1" +notes = """ +This crate is a Rust implementation of zlib compression/decompression and has +been used by default by the Rust standard library for quite some time. It's also +a default dependency of the popular `backtrace` crate for decompressing debug +information. This crate forbids unsafe code and does not otherwise access system +resources. It's originally a port of the `miniz.c` library as well, and given +its own longevity should be relatively hardened against some of the more common +compression-related issues. +""" + +[[audits.bytecode-alliance.audits.miniz_oxide]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.8.0" +notes = "Minor updates, using new Rust features like `const`, no major changes." + +[[audits.bytecode-alliance.audits.num-traits]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "0.2.19" +notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." + +[[audits.bytecode-alliance.audits.openssl-macros]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.0" + [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -296,12 +433,46 @@ who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.1.21 -> 0.1.24" +[[audits.bytecode-alliance.audits.sha1]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +delta = "0.10.5 -> 0.10.6" +notes = "Only new code is some loongarch64 additions which include assembly code for that platform." + +[[audits.bytecode-alliance.audits.sharded-slab]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.1.4" +notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe." + [[audits.bytecode-alliance.audits.shlex]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.1.0" notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin." +[[audits.bytecode-alliance.audits.static_assertions]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = "No dependencies and completely a compile-time crate as advertised. Uses `unsafe` in one module as a compile-time check only: `mem::transmute` and `ptr::write` are wrapped in an impossible-to-run closure." + +[[audits.bytecode-alliance.audits.thread_local]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "1.1.4" +notes = "uses unsafe to implement thread local storage of objects" + +[[audits.bytecode-alliance.audits.tinyvec]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.6.0" +notes = """ +This crate, while it implements collections, does so without `std::*` APIs and +without `unsafe`. Skimming the crate everything looks reasonable and what one +would expect from idiomatic safe collections in Rust. +""" + [[audits.bytecode-alliance.audits.tinyvec_macros]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -312,6 +483,12 @@ intended to multiplex across the internal representation of a tinyvec, presumably. This trivially doesn't contain anything bad. """ +[[audits.bytecode-alliance.audits.tokio-native-tls]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.1" +notes = "unsafety is used for smuggling std::task::Context as a raw pointer. Lifetime and type safety appears to be taken care of correctly." + [[audits.bytecode-alliance.audits.try-lock]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -329,21 +506,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.0" -[[audits.google.audits.adler2]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "2.0.0" -notes = ''' -This audit has been reviewed in https://crrev.com/c/5811890 - -The crate is fairly easy to read thanks to its small size and rich comments. - -I've grepped for `-i cipher`, `-i crypto`, `\bfs\b`, `\bnet\b`, and -`\bunsafe\b`. There were no hits (except for a comment in `README.md` -and `lib.rs` pointing out "Zero `unsafe`"). -''' -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.arrayvec]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -396,38 +558,91 @@ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_p [[audits.google.audits.bitflags]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -version = "2.4.2" +delta = "2.6.0 -> 2.8.0" +notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bstr]] +who = "danakj " +criteria = "safe-to-deploy" +version = "1.10.0" notes = """ -Audit notes: - -* I've checked for any discussion in Google-internal cl/546819168 (where audit - of version 2.3.3 happened) -* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` -* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be - correct in a straightforward way - they just propagate the marker trait's - impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type -* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +WARNING: This certification is a result of a **partial** audit. The +`unicode` feature has **not** been audited. The unicode feature has +soundness that depends on the correctness of regex automata that are +shipped as binary blobs. They have not been reviewed here.Ability to +track partial audits is tracked in +https://github.com/mozilla/cargo-vet/issues/380. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bitflags]] +[[audits.google.audits.bstr]] who = "Adrian Taylor " criteria = "safe-to-deploy" -delta = "2.4.2 -> 2.5.0" +delta = "1.10.0 -> 1.11.0" +notes = "Changes two unsafe blocks to use core::mem::align_of instead of core::mem::size_of which shouldn't differ on mainstream platforms." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bitflags]] +[[audits.google.audits.bstr]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.11.0 -> 1.11.1" +notes = "This release just excludes Unicode data files from being published to crates.io" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bstr]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.11.1 -> 1.11.3" +notes = "No unsafe changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.16.3" +notes = """ +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.3 -> 1.17.1" +notes = "Unsafe review comments can be found in https://crrev.com/c/5813463" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] who = "Adrian Taylor " criteria = "safe-to-deploy" -delta = "2.5.0 -> 2.6.0" -notes = "The changes from the previous version are negligible and thus it retains the same properties." +delta = "1.17.1 -> 1.18.0" +notes = "No code changes - just altering feature flag arrangements" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bitflags]] +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.18.0 -> 1.19.0" +notes = "No code changes - just comment changes and adding the track_caller attribute." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -delta = "2.6.0 -> 2.8.0" -notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`." +delta = "1.19.0 -> 1.20.0" +notes = "`unsafe` review can be found at https://crrev.com/c/6096767" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.20.0 -> 1.21.0" +notes = "Unsafe review at https://chromium-review.googlesource.com/c/chromium/src/+/6111154/" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.byteorder]] @@ -437,10 +652,10 @@ version = "1.5.0" notes = "Unsafe review in https://crrev.com/c/5838022" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.cfg-if]] +[[audits.google.audits.color_quant]] who = "George Burgess IV " criteria = "safe-to-deploy" -version = "1.0.0" +version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.crc32fast]] @@ -455,6 +670,12 @@ Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.dirs-next]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "2.0.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.displaydoc]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -475,18 +696,100 @@ criteria = "safe-to-deploy" version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.foldhash]] +[[audits.google.audits.flate2]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -version = "0.1.3" +version = "1.0.30" +notes = ''' +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. Ability to track partial +audits is tracked in https://github.com/mozilla/cargo-vet/issues/380 +Chromium does use the `any_zlib` feature(s). Accidentally depending on +this feature in the future is prevented using the `ban_features` feature +of `gnrt` - see: +https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml + +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`: + +* The code under `src/ffi/...` will not be used because the `mod c` + declaration in `src/ffi/mod.rs` depends on the `any_zlib` config +* 7 uses of `unsafe` in `src/mem.rs` also all depend on the + `any_zlib` config: + - 2 in `fn set_dictionary` (under `impl Compress`) + - 2 in `fn set_level` (under `impl Compress`) + - 3 in `fn set_dictionary` (under `impl Decompress`) + +All hits of `'\bfs\b'` are in comments, or example code, or test code +(but not in product code). + +There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.30 -> 1.0.31" notes = """ -`ub-risk-2` review notes can be found in https://crrev.com/c/6071306/5/third_party/rust/chromium_crates_io/vendor/foldhash-0.1.3/src/seed.rs +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +Only benign changes: -`does-not-implement-crypto` based on `README.md` which explicitly says that -\"Foldhash is **not appropriate for any cryptographic purpose**.\" +* Comment-only changes in `.rs` files +* Also changing dependency version in `Cargo.toml`, but this is for `any_zlib` + feature which is not used in Chromium (i.e. this is a *partial* audit - see + the previous audit notes for 1.0.30) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.31 -> 1.0.33" +notes = """ +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +This delta audit has been reviewed in https://crrev.com/c/5811890 +The delta can be seen at https://diff.rs/flate2/1.0.31/1.0.33 +The delta bumps up `miniz_oxide` dependency to `0.8.0` +The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium +and therefore hasn't been covered by this partial audit. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.33 -> 1.0.34" +notes = """ +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +The delta can be seen at https://diff.rs/flate2/1.0.33/1.0.34 +The delta bumps up `libz-rs-sys` dependency from `0.2.1` to `0.3.0` +The delta in `lib.rs` only tweaks comments and has no code changes. +The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium +and therefore hasn't been covered by this partial audit. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.flate2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.34 -> 1.0.35" +notes = "There are no significant code changes in this delta (just one string constant change). Note that prior audits may have been partial." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.foldhash]] who = "Adrian Taylor " criteria = "safe-to-deploy" @@ -555,15 +858,6 @@ Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.itoa]] -who = "Liza Burakova " -criteria = "safe-to-deploy" -delta = "1.0.11 -> 1.0.14" -notes = """ -Unsafe review at https://crrev.com/c/6051067 -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.lazy_static]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -617,39 +911,6 @@ criteria = "safe-to-deploy" version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.miniz_oxide]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "0.7.4" -notes = ''' -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` -and there were no hits, except for some mentions of "unsafe" in the `README.md` -and in a comment in `src/deflate/core.rs`. The comment discusses whether a -function should be treated as unsafe, but there is no actual `unsafe` code, so -the crate meets the `ub-risk-0` criteria. - -Note that some additional, internal notes about an older version of this crate -can be found at go/image-crate-chromium-security-review. -''' -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.miniz_oxide]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -delta = "0.7.4 -> 0.8.0" -notes = ''' -This delta audit has been reviewed in https://crrev.com/c/5811890 - -The delta can be inspected at https://diff.rs/miniz_oxide/0.7.4/0.8.0 -and is fairly small (changes related to `const fn` and to `adler2` -switch). - -I've grepped for `-i cipher`, `-i crypto`, `\bfs\b`, `\bnet\b`, and -`\bunsafe\b`. There were no hits (except for comments in `core.rs` -and in `Readme.md`). -''' -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.miniz_oxide]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -691,19 +952,6 @@ version = "0.4.2" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.num-traits]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.2.19" -notes = "Contains a single line of float-to-int unsafe with decent safety comments" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.openssl-macros]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "0.1.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.openssl-macros]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -1130,6 +1378,19 @@ delta = "1.0.216 -> 1.0.217" notes = "No changes" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.sha1]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.10.5" +notes = "Reviewed on https://fxrev.dev/712371." +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.shell-words]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.1.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.smallvec]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -1143,23 +1404,6 @@ version = "1.2.0" notes = "Purely a trait, crates using this should be carefully vetted since self-referential stuff can be super tricky around various unsafe rust edges." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.static_assertions]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = """ -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` -and there were no hits except for one `unsafe`. - -The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code -never runs) and is only introduced for some compile-time checks. Additional -unsafe review comments can be found in https://crrev.com/c/5353376. - -This crate has been added to Chromium in https://crrev.com/c/3736562. The CL -description contains a link to a document with an additional security review. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.strsim]] who = "danakj@chromium.org" criteria = "safe-to-deploy" @@ -1171,25 +1415,11 @@ Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.tinyvec]] -who = "Lukasz Anforowicz " +[[audits.google.audits.synstructure]] +who = "Manish Goregaokar " criteria = "safe-to-deploy" -version = "1.6.0" -notes = """ -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` -and there were no hits except for some \"unsafe\" appearing in comments: - -``` -src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on -src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the -src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this -src/lib.rs://! crate* introduces no new `unsafe` code into your project. -src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code -``` - -This crate has been added to Chromium in -https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b -""" +version = "0.13.1" +notes = "Exposes unsafe codegen APIs but does not itself contain unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.tinyvec]] @@ -1266,6 +1496,33 @@ criteria = "safe-to-deploy" delta = "1.0.15 -> 1.0.16" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.unicode-linebreak]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.1.5" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits. + +Version `0.1.2` of this crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.void]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.2" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.write16]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "No unsafe code." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.yoke]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -1313,6 +1570,21 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.9.0" +[[audits.isrg.audits.cmac]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.7.1" + +[[audits.isrg.audits.cmac]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.7.2" + +[[audits.isrg.audits.dbl]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.3.2" + [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" @@ -1513,6 +1785,15 @@ renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.wildcard-audits.encoding_rs]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2019-02-26" +end = "2025-10-23" +notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.wildcard-audits.unicode-normalization]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -1577,6 +1858,38 @@ criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.bitflags]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 2.0.2" +notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "2.2.1 -> 2.3.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "2.3.3 -> 2.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "2.4.0 -> 2.4.1" +notes = "Only allowing new clippy lints" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1590,6 +1903,12 @@ delta = "0.9.3 -> 0.9.4" notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.core-foundation]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.10.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.core-foundation-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" @@ -1629,6 +1948,13 @@ criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.fd-lock]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "3.0.12 -> 3.0.13" +notes = "Dependency updates only" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1962,6 +2288,20 @@ delta = "0.18.4 -> 0.19.0" notes = "Maintained by Mozilla, no addition of unsafe blocks" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.rustc-hash]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = "Straightforward crate with no unsafe code, does what it says on the tin." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.rustc-hash]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 2.1.1" +notes = "Simple hashing crate, no unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.serde_cbor]] who = "R. Martinho Fernandes " criteria = "safe-to-deploy" @@ -1997,6 +2337,24 @@ criteria = "safe-to-deploy" delta = "1.1.0 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.smart-default]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +version = "0.6.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.smart-default]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.6.0 -> 0.7.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.smawk]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.3.2" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.strsim]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" @@ -2021,16 +2379,28 @@ harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.synstructure]] +[[audits.mozilla.audits.textwrap]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.15.0" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.12.6 -> 0.13.0" +delta = "0.15.0 -> 0.15.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.synstructure]] +[[audits.mozilla.audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" -delta = "0.13.0 -> 0.13.1" +delta = "0.15.2 -> 0.16.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.16.0 -> 0.16.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] @@ -2113,20 +2483,6 @@ version = "1.0.5" notes = "I, Henri Sivonen, wrote this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.void]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -version = "1.0.2" -notes = "Very small crate, just hosts the Void type for easier cross-crate interfacing." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.write16]] -who = "Henri Sivonen " -criteria = "safe-to-deploy" -version = "1.0.0" -notes = "I, Henri Sivonen, wrote this (safe-code-only) crate." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" @@ -2296,6 +2652,13 @@ delta = "0.4.0 -> 0.4.1" notes = "Changes to `Command` usage are to add support for `RUSTC_WRAPPER`." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.sharded-slab]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.7" +notes = "Only change to an `unsafe` block is to fix a clippy lint." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.signature]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" @@ -2312,6 +2675,27 @@ criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.thread_local]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.1.4 -> 1.1.7" +notes = """ +New `unsafe` usage: +- An extra `deallocate_bucket`, to replace a `Mutex::lock` with a `compare_exchange`. +- Setting and getting a `#[thread_local] static mut Option` on nightly. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.thread_local]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.1.7 -> 1.1.8" +notes = """ +Adds `unsafe` code that makes an assumption that `ptr::null_mut::>()` is a valid representation +of an `AtomicPtr>`, but this is likely a correct assumption. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.tinyvec_macros]] who = "Jack Grigg " criteria = "safe-to-deploy" From 813142e4f568043904092f69541a35481079be81 Mon Sep 17 00:00:00 2001 From: Hansie Odendaal Date: Tue, 11 Mar 2025 10:32:46 +0200 Subject: [PATCH 4/5] revert diagnostics --- integration_tests/src/p2pool_process.rs | 1 - p2pool/src/cli/commands/util.rs | 10 +- p2pool/src/server/config.rs | 2 - p2pool/src/server/http/stats_collector.rs | 148 +--------------------- p2pool/src/server/p2p/network.rs | 17 +-- p2pool/src/server/server.rs | 2 - supply-chain/config.toml | 4 - supply-chain/imports.lock | 11 ++ 8 files changed, 16 insertions(+), 179 deletions(-) diff --git a/integration_tests/src/p2pool_process.rs b/integration_tests/src/p2pool_process.rs index 6f63d77a..712178dd 100644 --- a/integration_tests/src/p2pool_process.rs +++ b/integration_tests/src/p2pool_process.rs @@ -75,7 +75,6 @@ pub async fn spawn_p2pool_node_and_wait_for_start( node_config.p2p_service.peer_exchange_interval = Duration::from_secs(1); node_config.p2p_service.meta_data_exchange_interval = Duration::from_secs(1); node_config.network_silence_delay = 0; - node_config.diagnostic_mode_timer = 10; // Each spawned p2pool node will use different ports node_config.p2p_port = get_port(18000..18499, Duration::from_secs(20)).ok_or("p2p_port no free port")?; node_config.grpc_port = get_port(18500..18999, Duration::from_secs(20)).ok_or("grpc_port no free port")?; diff --git a/p2pool/src/cli/commands/util.rs b/p2pool/src/cli/commands/util.rs index a2c33c4b..363b8469 100644 --- a/p2pool/src/cli/commands/util.rs +++ b/p2pool/src/cli/commands/util.rs @@ -181,15 +181,7 @@ pub async fn server( let (stats_tx, stats_rx) = tokio::sync::broadcast::channel(1000); let stats_broadcast_client = StatsBroadcastClient::new(stats_tx); - let diagnostic_mode = if args.diagnostic_mode { - Some(( - Duration::from_secs(config.diagnostic_mode_timer), - *swarm.local_peer_id(), - )) - } else { - None - }; - let stats_collector = StatsCollector::new(shutdown_signal.clone(), stats_rx, diagnostic_mode); + let stats_collector = StatsCollector::new(shutdown_signal.clone(), stats_rx); if let Some(path) = args.export_libp2p_info.clone() { let libp2p_info = LibP2pInfo { diff --git a/p2pool/src/server/config.rs b/p2pool/src/server/config.rs index 33c9ecbe..7759c96e 100644 --- a/p2pool/src/server/config.rs +++ b/p2pool/src/server/config.rs @@ -26,7 +26,6 @@ pub struct Config { pub block_cache_file: PathBuf, pub minimum_sha3_target_difficulty: Option, pub minimum_randomx_target_difficulty: Option, - pub diagnostic_mode_timer: u64, } impl Default for Config { @@ -48,7 +47,6 @@ impl Default for Config { block_cache_file: PathBuf::from("block_cache"), minimum_sha3_target_difficulty: None, minimum_randomx_target_difficulty: None, - diagnostic_mode_timer: 60, } } } diff --git a/p2pool/src/server/http/stats_collector.rs b/p2pool/src/server/http/stats_collector.rs index 3421ab83..04d4467a 100644 --- a/p2pool/src/server/http/stats_collector.rs +++ b/p2pool/src/server/http/stats_collector.rs @@ -1,11 +1,10 @@ // Copyright 2024 The Tari Project // SPDX-License-Identifier: BSD-3-Clause -use std::{collections::HashMap, fmt::Debug, fs::File, io::Write, time::Duration}; +use std::{fmt::Debug, time::Duration}; -use chrono::{DateTime, Local, LocalResult, TimeZone}; use human_format::Formatter; -use libp2p::{Multiaddr, PeerId}; +use libp2p::PeerId; use log::{debug, error, info}; use serde::Serialize; use tari_core::proof_of_work::{Difficulty, PowAlgorithm}; @@ -16,15 +15,6 @@ use tokio::{ time::MissedTickBehavior, }; -#[derive(Clone)] -pub struct PeerStats { - pub peer_is_a_seed_peer: bool, - pub peer_id: PeerId, - pub public_addresses: Vec, - pub number_received: u64, - pub timestamp: EpochTime, -} - const LOG_TARGET: &str = "tari::p2pool::server::stats_collector"; pub(crate) struct StatsCollector { shutdown_signal: ShutdownSignal, @@ -57,17 +47,10 @@ pub(crate) struct StatsCollector { established_incoming: u32, established_outgoing: u32, last_gossip_message: EpochTime, - diagnostic_mode: Option<(Duration, PeerId)>, - peer_stats: HashMap, - local_peer_addresses: Vec, } impl StatsCollector { - pub(crate) fn new( - shutdown_signal: ShutdownSignal, - stats_broadcast_receiver: Receiver, - diagnostic_mode: Option<(Duration, PeerId)>, - ) -> Self { + pub(crate) fn new(shutdown_signal: ShutdownSignal, stats_broadcast_receiver: Receiver) -> Self { let (tx, rx) = tokio::sync::mpsc::channel(100); Self { shutdown_signal, @@ -100,9 +83,6 @@ impl StatsCollector { established_incoming: 0, established_outgoing: 0, last_gossip_message: EpochTime::now(), - diagnostic_mode, - peer_stats: HashMap::new(), - local_peer_addresses: Vec::new(), } } @@ -164,45 +144,6 @@ impl StatsCollector { self.total_black_list = total_black_list; self.total_non_squad_peers = total_non_squad; }, - StatData::PeerStats { - peer_is_a_seed_peer, - peer_id, - public_addresses, - number_received, - timestamp, - } => { - if let Some(current_entry) = self.peer_stats.get(&peer_id.to_base58()) { - self.peer_stats.insert(peer_id.to_base58(), PeerStats { - peer_is_a_seed_peer, - peer_id, - public_addresses, - number_received: if number_received > 0 { - number_received - } else { - current_entry.number_received - }, - timestamp: if number_received > 0 { - timestamp - } else { - current_entry.timestamp - }, - }); - } else { - self.peer_stats.insert(peer_id.to_base58(), PeerStats { - peer_is_a_seed_peer, - peer_id, - public_addresses, - number_received, - timestamp, - }); - } - }, - StatData::LocalPeerAddresses { - local_peer_addresses, - timestamp: _, - } => { - self.local_peer_addresses = local_peer_addresses; - }, StatData::TargetDifficultyChanged { target_difficulty, pow_algo, @@ -249,12 +190,6 @@ impl StatsCollector { pub(crate) async fn run(&mut self) -> Result<(), anyhow::Error> { let mut stats_report_timer = tokio::time::interval(tokio::time::Duration::from_secs(10)); stats_report_timer.set_missed_tick_behavior(MissedTickBehavior::Skip); - let (mut diagnostic_report_timer, peer_id) = if let Some((interval, peer_id)) = self.diagnostic_mode { - (tokio::time::interval(interval), Some(peer_id)) - } else { - (tokio::time::interval(tokio::time::Duration::from_secs(u64::MAX)), None) - }; - diagnostic_report_timer.set_missed_tick_behavior(MissedTickBehavior::Skip); loop { tokio::select! { @@ -295,47 +230,6 @@ impl StatsCollector { ).unwrap_or_default())), ); }, - _ = diagnostic_report_timer.tick() => { - if let Some(peer_id) = peer_id { - let mut peer_stats: Vec = self.peer_stats.values().cloned().collect(); - peer_stats.sort_by(|a, b| a.timestamp.cmp(&b.timestamp)); - let stats_file = "peer_connectivity_stats.csv"; - let result = File::create(stats_file).and_then(|mut file| { - writeln!( - file, - "PeerId: {}, Addresses: {}\n", - peer_id.to_base58(), - self.local_peer_addresses.iter().map(|a| a.to_string()).collect::>().join(",") - )?; - writeln!( - file, - "peer_id,peer_is_a_seed_peer,number_received,timestamp,public_addresses" - )?; - for stats in &peer_stats { - let timestamp_i64 = i64::try_from(stats.timestamp.as_u64()).unwrap_or(i64::MAX); - let local_time: LocalResult> = Local.timestamp_opt(timestamp_i64, 0); - let formatted_time = match local_time { - LocalResult::Single(time) => time.format("%Y-%m-%d %H:%M:%S").to_string(), - _ => "Invalid timestamp".to_string(), - }; - writeln!( - file, - "{},{},{},{},{}", - stats.peer_id.to_base58(), - stats.peer_is_a_seed_peer, - stats.number_received, - formatted_time, - stats.public_addresses.iter().map(|a| a.to_string()).collect::>().join(",") - )?; - } - let _unused = file.flush(); - Ok(()) - }); - if let Err(e) = result { - error!(target: LOG_TARGET, "Failed to write diagnostic report ({}): {}", stats_file, e); - } - } - } res = self.request_rx.recv() => { match res { Some(StatsRequest::GetStats(pow, tx)) => { @@ -439,17 +333,6 @@ pub(crate) enum StatData { total_non_squad: u64, timestamp: EpochTime, }, - PeerStats { - peer_is_a_seed_peer: bool, - peer_id: PeerId, - public_addresses: Vec, - number_received: u64, - timestamp: EpochTime, - }, - LocalPeerAddresses { - local_peer_addresses: Vec, - timestamp: EpochTime, - }, LibP2PStats { pending_incoming: u32, pending_outgoing: u32, @@ -474,8 +357,6 @@ impl StatData { StatData::NetworkDifficultyChanged { timestamp, .. } => *timestamp, StatData::LibP2PStats { timestamp, .. } => *timestamp, StatData::GossipsubMessageReceived { timestamp } => *timestamp, - StatData::PeerStats { timestamp, .. } => *timestamp, - StatData::LocalPeerAddresses { timestamp, .. } => *timestamp, } } } @@ -584,29 +465,6 @@ impl StatsBroadcastClient { }) } - pub fn update_local_peer_addresses(&self, public_addresses: Vec) -> Result<(), anyhow::Error> { - self.broadcast(StatData::LocalPeerAddresses { - local_peer_addresses: public_addresses, - timestamp: EpochTime::now(), - }) - } - - pub fn send_peer_stats( - &self, - peer_is_a_seed_peer: bool, - peer_id: PeerId, - public_addresses: Vec, - number_received: u64, - ) -> Result<(), anyhow::Error> { - self.broadcast(StatData::PeerStats { - peer_is_a_seed_peer, - peer_id, - public_addresses, - number_received, - timestamp: EpochTime::now(), - }) - } - pub fn send_target_difficulty( &self, pow_algo: PowAlgorithm, diff --git a/p2pool/src/server/p2p/network.rs b/p2pool/src/server/p2p/network.rs index d79da1c1..d1548e7c 100644 --- a/p2pool/src/server/p2p/network.rs +++ b/p2pool/src/server/p2p/network.rs @@ -406,12 +406,6 @@ where S: ShareChain *self.swarm.local_peer_id() } - pub fn local_peer_addresses(&self) -> Vec { - let mut addresses: Vec = self.swarm.external_addresses().cloned().collect(); - addresses.append(&mut self.swarm.listeners().cloned().collect()); - addresses - } - async fn create_peer_info(&mut self, public_addresses: Vec) -> Result { let share_chain_sha3x = self.share_chain_sha3x.clone(); let share_chain_random_x = self.share_chain_random_x.clone(); @@ -1097,15 +1091,6 @@ where S: ShareChain return; } - // Update peer stats - let peer_is_a_seed_peer = self.network_peer_store.read().await.is_seed_peer(&peer_id); - let _unused = self.stats_broadcast_client.send_peer_stats( - peer_is_a_seed_peer, - peer_id, - response.info.public_addresses(), - num_peers_added, - ); - // if we are a seed peer, end here if self.config.is_seed_peer { debug!( @@ -1129,7 +1114,7 @@ where S: ShareChain } // Once we have peer info from the seed peers, disconnect from them. - if peer_is_a_seed_peer { + if self.network_peer_store.read().await.is_seed_peer(&peer_id) { info!(target: LOG_TARGET, "[DIRECT_PEER_EXCHANGE_RESP] Disconnecting from seed peer {}", peer_id); let _ = self.swarm.disconnect_peer_id(peer_id); } diff --git a/p2pool/src/server/server.rs b/p2pool/src/server/server.rs index 61d88d16..123b6282 100644 --- a/p2pool/src/server/server.rs +++ b/p2pool/src/server/server.rs @@ -117,8 +117,6 @@ where S: ShareChain None }; - let _unused = stats_broadcast_client.update_local_peer_addresses(p2p_service.local_peer_addresses()); - Ok(Self { config, p2p_service, diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 3d80c078..0db931cb 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -781,10 +781,6 @@ criteria = "safe-to-deploy" version = "0.2.15" criteria = "safe-to-deploy" -[[exemptions.getrandom]] -version = "0.3.1" -criteria = "safe-to-deploy" - [[exemptions.ghash]] version = "0.5.1" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 5479a9bb..2a7e4497 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1986,6 +1986,17 @@ criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.getrandom]] +who = "Chris Martin " +criteria = "safe-to-deploy" +delta = "0.2.15 -> 0.3.1" +notes = """ +I've looked over all unsafe code, and it appears to be safe, fully initializing the rng buffers. +In addition, I've checked Linux, Windows, Mac, and Android more thoroughly against API +documentation. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" From b7fe072555245ae621d9d9a9fb07d725b2451e6c Mon Sep 17 00:00:00 2001 From: Hansie Odendaal Date: Tue, 11 Mar 2025 10:40:15 +0200 Subject: [PATCH 5/5] revert cli args --- integration_tests/src/p2pool_process.rs | 5 ----- p2pool/src/cli/args.rs | 4 ---- 2 files changed, 9 deletions(-) diff --git a/integration_tests/src/p2pool_process.rs b/integration_tests/src/p2pool_process.rs index 712178dd..d0334ac8 100644 --- a/integration_tests/src/p2pool_process.rs +++ b/integration_tests/src/p2pool_process.rs @@ -171,7 +171,6 @@ pub async fn spawn_p2pool_node_and_wait_for_start( user_agent: None, peer_publish_interval: Some(node_config.p2p_service.peer_info_publish_interval.as_secs()), debug_print_chain: true, - diagnostic_mode: true, max_connections: None, randomx_disabled: false, sha3x_disabled: false, @@ -380,10 +379,6 @@ pub fn to_args_command_line(args: StartArgs) -> Vec { args_vec.push("--debug-print-chain".to_string()); } - if args.diagnostic_mode { - args_vec.push("--diagnostic-mode".to_string()); - } - if let Some(max_connections) = args.max_connections { args_vec.push(format!("--max-connections={}", max_connections)); } diff --git a/p2pool/src/cli/args.rs b/p2pool/src/cli/args.rs index fd094188..14f95928 100644 --- a/p2pool/src/cli/args.rs +++ b/p2pool/src/cli/args.rs @@ -124,10 +124,6 @@ pub struct StartArgs { #[arg(long)] pub debug_print_chain: bool, - /// If set, basic connectivity statistics about seeds and normal peers will be collected and printed to a csv file. - #[arg(long, short, alias = "diag")] - pub diagnostic_mode: bool, - #[arg(long)] pub max_connections: Option,