From 72eda0c6ef94380bcb6d811f11242d67ecfb6373 Mon Sep 17 00:00:00 2001 From: Robin Freyler Date: Mon, 14 Nov 2022 23:51:48 +0100 Subject: [PATCH] Update `wasmi` to `0.20.0` in `wasmtime-fuzzing` (#5256) * update wasmi to 0.20 in wasmtime-fuzzing * add cargo-vet entries for wasmi_core 0.5.0 and wasmi 0.20.0 --- Cargo.lock | 15 ++++----------- crates/fuzzing/Cargo.toml | 2 +- supply-chain/audits.toml | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4386a8b9d2..42adce13cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1744,12 +1744,6 @@ dependencies = [ "autocfg 1.1.0", ] -[[package]] -name = "memory_units" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8452105ba047068f40ff7093dd1d9da90898e63dd61736462e9cdda6a90ad3c3" - [[package]] name = "miette" version = "5.1.0" @@ -3302,9 +3296,9 @@ dependencies = [ [[package]] name = "wasmi" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7428e8361e19d3affa9221ad674014b4a29381b07c755aab9b1cd4f74610221a" +checksum = "01bf50edb2ea9d922aa75a7bf3c15e26a6c9e2d18c56e862b49737a582901729" dependencies = [ "spin 0.9.4", "wasmi_arena", @@ -3320,13 +3314,12 @@ checksum = "a1ea379cbb0b41f3a9f0bf7b47036d036aae7f43383d8cc487d4deccf40dee0a" [[package]] name = "wasmi_core" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c9559a70c22f27793520b9e098baea45915088fb5093dd7041fcfe238b95d4e" +checksum = "c5bf998ab792be85e20e771fe14182b4295571ad1d4f89d3da521c1bef5f597a" dependencies = [ "downcast-rs", "libm", - "memory_units", "num-traits", ] diff --git a/crates/fuzzing/Cargo.toml b/crates/fuzzing/Cargo.toml index 338acac489..053bd79ddf 100644 --- a/crates/fuzzing/Cargo.toml +++ b/crates/fuzzing/Cargo.toml @@ -25,7 +25,7 @@ wasm-encoder = { workspace = true } wasm-smith = { workspace = true } wasm-mutate = { workspace = true } wasm-spec-interpreter = { path = "./wasm-spec-interpreter", optional = true } -wasmi = "0.19.0" +wasmi = "0.20.0" # We rely on precompiled v8 binaries, but rusty-v8 doesn't have a precompiled # binary for MinGW which is built on our CI. It does have one for Windows-msvc, diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 76517096a2..429c594774 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -481,6 +481,27 @@ unexpected usage of the filesystem or things like that and otherwise is mostly plumbing for all the integer operations in core wasm. """ +[[audits.wasmi_core]] +who = "Robin Freyler " +criteria = "safe-to-run" +version = "0.5.0" +notes = "See notes for version 0.4.0" + +[[audits.wasmi]] +who = "Robin Freyler " +criteria = "safe-to-run" +version = "0.20.0" +notes = """ +I am the author of this crate. It contains unsafe Rust code. +However, the crate does not read or write data from any parts of the filesystem, +it does not install software upon compilation e.g. via build scripts, +it does not connect to network endpoints and does not misuse system resources. + +If any of the above happens it is either by the user explicitly telling the +crate to do so (it is an interpreter) or due to a bug or other unintended +behavior. +""" + [[audits.wasmparser]] who = "Alex Crichton " criteria = "safe-to-deploy"