Make unsafe
<!-- Please describe your changes on the following line: -->
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] These changes fix#16868 (GitHub issue number if applicable) (maybe – I'm not sure)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [x] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Bump httparse from 1.3.4 to 1.3.5
Bumps [httparse](https://github.com/seanmonstar/httparse) from 1.3.4 to 1.3.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/seanmonstar/httparse/releases">httparse's releases</a>.</em></p>
<blockquote>
<h2>v1.3.5</h2>
<ul>
<li><strong>FIX</strong>: Set <code>Response.reason</code> to an empty string if <code>obs-text</code> is found in the reason-phrase.</li>
<li><strong>PERF</strong>: Fix faster <code>next_8</code> to work when there are exactly 8 bytes left.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ae34f2a56b"><code>ae34f2a</code></a> v1.3.5</li>
<li><a href="3dc923f61d"><code>3dc923f</code></a> Set Response.reason to an empty string when obs-text characters are found in ...</li>
<li><a href="419aa9cbe4"><code>419aa9c</code></a> Describe return of parse function. (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/82">#82</a>)</li>
<li><a href="ec1500632b"><code>ec15006</code></a> Basic fuzzing using cargo-fuzz (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/80">#80</a>)</li>
<li><a href="7a322ec20e"><code>7a322ec</code></a> Add missing Eq derivations (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/77">#77</a>)</li>
<li><a href="0376bc146d"><code>0376bc1</code></a> Fix off-by-one error (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/75">#75</a>)</li>
<li><a href="a9377af771"><code>a9377af</code></a> Correct <code>&</code> to <code>&&</code> (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/76">#76</a>)</li>
<li><a href="01e6854260"><code>01e6854</code></a> Set specific version of pico-sys in Cargo.toml (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/72">#72</a>)</li>
<li><a href="c7a552f051"><code>c7a552f</code></a> Use HTTPS for links (<a href="https://github-redirect.dependabot.com/seanmonstar/httparse/issues/73">#73</a>)</li>
<li>See full diff in <a href="https://github.com/seanmonstar/httparse/compare/v1.3.4...v1.3.5">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=httparse&package-manager=cargo&previous-version=1.3.4&new-version=1.3.5)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Bump glslopt from 0.1.7 to 0.1.8
Bumps [glslopt](https://github.com/jamienicol/glslopt-rs) from 0.1.7 to 0.1.8.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jamienicol/glslopt-rs/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=glslopt&package-manager=cargo&previous-version=0.1.7&new-version=0.1.8)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Bump jpeg-decoder from 0.1.21 to 0.1.22
Bumps [jpeg-decoder](https://github.com/image-rs/jpeg-decoder) from 0.1.21 to 0.1.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/image-rs/jpeg-decoder/blob/master/CHANGELOG.md">jpeg-decoder's changelog</a>.</em></p>
<blockquote>
<h2>v0.1.22 (2021-01-27)</h2>
<ul>
<li>Fix panic on jpeg without frames.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3bf223f7dc"><code>3bf223f</code></a> Update meta data for 0.1.22</li>
<li><a href="ff16c659a8"><code>ff16c65</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/180">#180</a> from image-rs/issue-image-1410-panic</li>
<li><a href="7095d6bc0c"><code>7095d6b</code></a> Catch Frame being missing at image end</li>
<li><a href="ed1b4792ac"><code>ed1b479</code></a> Add test files against panic from missing frame</li>
<li><a href="ee4fc87844"><code>ee4fc87</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/178">#178</a> from image-rs/release-0.1.21</li>
<li>See full diff in <a href="https://github.com/image-rs/jpeg-decoder/compare/v0.1.21...v0.1.22">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=jpeg-decoder&package-manager=cargo&previous-version=0.1.21&new-version=0.1.22)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Use 2.7-compatible get-pip in docker build.
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix#28122
- [x] There are tests for these changes
Bump jpeg-decoder from 0.1.20 to 0.1.21
Bumps [jpeg-decoder](https://github.com/image-rs/jpeg-decoder) from 0.1.20 to 0.1.21.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/image-rs/jpeg-decoder/blob/master/CHANGELOG.md">jpeg-decoder's changelog</a>.</em></p>
<blockquote>
<h2>v0.1.21 (2021-01-23)</h2>
<ul>
<li>Fix incorrect order of MCUs in non-interleaved streams</li>
<li>DCT Progressive images with incomplete coefficient blocks are now rendered</li>
<li>Fix a panic on invalid dimensions</li>
<li>Reduce allocations and runtime of decoding</li>
<li>Rework multi-threading to run a thread per component</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="adc1bb346b"><code>adc1bb3</code></a> Update crate meta data for 0.1.21</li>
<li><a href="3bdaa07fe0"><code>3bdaa07</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/177">#177</a> from quilan1/process-unfinished-progressive-data</li>
<li><a href="b022ad1575"><code>b022ad1</code></a> Progressive images now render incomplete coefficients</li>
<li><a href="9cb72e5202"><code>9cb72e5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/168">#168</a> from Shnatsel/multithreading-poc</li>
<li><a href="92350c7321"><code>92350c7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/175">#175</a> from okaneco/byteorder</li>
<li><a href="bc18ecf4b8"><code>bc18ecf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/176">#176</a> from quilan1/bugfix-non-interleaved-mcus</li>
<li><a href="bc1a817fe6"><code>bc1a817</code></a> Added test case for non-interleaved MCU crash</li>
<li><a href="6d9fd3ef34"><code>6d9fd3e</code></a> The decoder now treats non-interleaved streams as blocks</li>
<li><a href="29b9c047ad"><code>29b9c04</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/image-rs/jpeg-decoder/issues/174">#174</a> from jrmuizel/icc</li>
<li><a href="7666d6dbd9"><code>7666d6d</code></a> Remove byteorder dep</li>
<li>Additional commits viewable in <a href="https://github.com/image-rs/jpeg-decoder/compare/v0.1.20...v0.1.21">compare view</a></li>
</ul>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=jpeg-decoder&package-manager=cargo&previous-version=0.1.20&new-version=0.1.21)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
Disallow duplicate taskcluster artifacts.
Taskcluster has started complaining if the task's payload contains duplicate artifacts. These changes strip them out and add automated tests that detect them in the future.
