From 15caf7139961c4ab2057e34c768376bbb110e9e5 Mon Sep 17 00:00:00 2001
From: Alex Crichton <alex@alexcrichton.com>
Date: Fri, 19 Apr 2024 15:19:25 -0500
Subject: [PATCH] Update some dependencies with security advisories (#8417)

These don't affect Wasmtime itself much as it's mostly related to HTTP
things, but seems good to update them nonetheless
---
 Cargo.lock               | 12 ++++++------
 supply-chain/config.toml | 12 ++++++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 37c6ede4dc09..de9ad7eab980 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1350,9 +1350,9 @@ dependencies = [
 
 [[package]]
 name = "h2"
-version = "0.4.2"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31d030e59af851932b72ceebadf4a2b5986dba4c3b99dd2493f8273a0f151943"
+checksum = "816ec7294445779408f36fe57bc5b7fc1cf59664059096c65f905c1c61f58069"
 dependencies = [
  "bytes",
  "fnv",
@@ -1863,9 +1863,9 @@ dependencies = [
 
 [[package]]
 name = "mio"
-version = "0.8.8"
+version = "0.8.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2"
+checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
 dependencies = [
  "libc",
  "wasi",
@@ -2368,9 +2368,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.22.2"
+version = "0.22.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41"
+checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432"
 dependencies = [
  "log",
  "ring",
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index 66021af73c84..eb2b7081d974 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -315,6 +315,10 @@ version = "0.3.19"
 criteria = "safe-to-deploy"
 notes = "we are exempting tokio, hyper, and their tightly coupled dependencies by the same authors, expecting that the authors at aws will publish attestions we can import at some point soon"
 
+[[exemptions.h2]]
+version = "0.4.4"
+criteria = "safe-to-deploy"
+
 [[exemptions.hermit-abi]]
 version = "0.2.0"
 criteria = "safe-to-deploy"
@@ -388,6 +392,10 @@ version = "0.8.6"
 criteria = "safe-to-deploy"
 notes = "we are exempting tokio, hyper, and their tightly coupled dependencies by the same authors, expecting that the authors at aws will publish attestions we can import at some point soon"
 
+[[exemptions.mio]]
+version = "0.8.11"
+criteria = "safe-to-deploy"
+
 [[exemptions.num_cpus]]
 version = "1.13.1"
 criteria = "safe-to-deploy"
@@ -493,6 +501,10 @@ criteria = "safe-to-deploy"
 version = "0.22.2"
 criteria = "safe-to-deploy"
 
+[[exemptions.rustls]]
+version = "0.22.4"
+criteria = "safe-to-deploy"
+
 [[exemptions.rustls-pki-types]]
 version = "1.3.1"
 criteria = "safe-to-deploy"