Closed Bug 1807981 Opened 2 years ago Closed 2 years ago

Audit winreg crate and update 0.5.1 -> 0.10.1

Categories

(Core :: General, task)

Product:
Core
Component:
General
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
firefox110 --- fixed

People

(Reporter: rkraesig, Assigned: rkraesig)

Details

Attachments

(1 file)

Bug 1807981 - Audit winreg 0.10.1 as safe-to-run, and upgrade to it r?whimboo!,#supply-chain-reviewers!
48 bytes, text/x-phabricator-request
Details | Review

winreg has not been audited. We should do that, and we might as well upgrade to 0.10.1 while we're at it.

Upgrade winreg (currently used only by mozrunner) to 0.10.1.

As winreg 0.5.1 is currently listed as an exemption in supply-chain,
audit the new version as a blank slate, rather than performing an audit
of the diffs; this is both simpler and allows removing the exemption.

(There are some uses of unsafe that would be concerning in deployment
(more for reasons of stability than security), but the crate does
qualify as safe-to-run.)

winreg 0.5.1 is currently only used by mozrunner, which requires no
source changes for this upgrade.

Pushed by rkraesig@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/62cc6c00f338 Audit winreg 0.10.1 as safe-to-run, and upgrade to it r=supply-chain-reviewers,webdriver-reviewers,whimboo

https://hg.mozilla.org/mozilla-central/rev/62cc6c00f338

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox110: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: