gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-28 06:23:08 -08:00
Code Issues Packages Projects Releases Wiki Activity

ci(supply-chain): Regenerate exemptions for cargo-vet

Browse Source
This commit is contained in:
David Niehues
2025-03-25 17:48:16 +01:00
committed by Jan Winkelmann (keks)
parent 531ae0ef70
commit dbb891a2ed
2 changed files with 425 additions and 526 deletions
Download Patch File Download Diff File Expand all files Collapse all files

380
supply-chain/config.toml
View File

@@ -53,50 +53,26 @@ criteria = "safe-to-deploy"
version = "0.2.15"
criteria = "safe-to-run"
[[exemptions.anstream]]
version = "0.6.15"
criteria = "safe-to-deploy"
[[exemptions.anstream]]
version = "0.6.18"
criteria = "safe-to-deploy"
[[exemptions.anstyle]]
version = "1.0.8"
criteria = "safe-to-deploy"
[[exemptions.anstyle]]
version = "1.0.10"
criteria = "safe-to-deploy"
[[exemptions.anstyle-parse]]
version = "0.2.5"
criteria = "safe-to-deploy"
[[exemptions.anstyle-parse]]
version = "0.2.6"
criteria = "safe-to-deploy"
[[exemptions.anstyle-query]]
version = "1.1.1"
criteria = "safe-to-deploy"
[[exemptions.anstyle-query]]
version = "1.1.2"
criteria = "safe-to-deploy"
[[exemptions.anstyle-wincon]]
version = "3.0.4"
criteria = "safe-to-deploy"
[[exemptions.anstyle-wincon]]
version = "3.0.7"
criteria = "safe-to-deploy"
[[exemptions.anyhow]]
version = "1.0.95"
criteria = "safe-to-deploy"
[[exemptions.anyhow]]
version = "1.0.96"
criteria = "safe-to-deploy"
@@ -117,10 +93,6 @@ criteria = "safe-to-deploy"
version = "1.3.3"
criteria = "safe-to-run"
[[exemptions.bitflags]]
version = "2.8.0"
criteria = "safe-to-deploy"
[[exemptions.blake2]]
version = "0.10.6"
criteria = "safe-to-deploy"
@@ -129,22 +101,10 @@ criteria = "safe-to-deploy"
version = "0.1.4"
criteria = "safe-to-deploy"
[[exemptions.bumpalo]]
version = "3.17.0"
criteria = "safe-to-deploy"
[[exemptions.bytes]]
version = "1.7.2"
criteria = "safe-to-deploy"
[[exemptions.bytes]]
version = "1.10.0"
criteria = "safe-to-deploy"
[[exemptions.cc]]
version = "1.1.30"
criteria = "safe-to-deploy"
[[exemptions.cc]]
version = "1.2.15"
criteria = "safe-to-deploy"
@@ -157,48 +117,20 @@ criteria = "safe-to-deploy"
version = "0.10.1"
criteria = "safe-to-deploy"
[[exemptions.ciborium]]
version = "0.2.2"
criteria = "safe-to-run"
[[exemptions.ciborium-io]]
version = "0.2.2"
criteria = "safe-to-run"
[[exemptions.ciborium-ll]]
version = "0.2.2"
criteria = "safe-to-run"
[[exemptions.clang-sys]]
version = "1.8.1"
criteria = "safe-to-deploy"
[[exemptions.clap]]
version = "4.5.23"
criteria = "safe-to-deploy"
[[exemptions.clap]]
version = "4.5.30"
version = "4.5.31"
criteria = "safe-to-deploy"
[[exemptions.clap_builder]]
version = "4.5.23"
criteria = "safe-to-deploy"
[[exemptions.clap_builder]]
version = "4.5.30"
version = "4.5.31"
criteria = "safe-to-deploy"
[[exemptions.clap_complete]]
version = "4.5.40"
criteria = "safe-to-deploy"
[[exemptions.clap_complete]]
version = "4.5.45"
criteria = "safe-to-deploy"
[[exemptions.clap_derive]]
version = "4.5.18"
version = "4.5.46"
criteria = "safe-to-deploy"
[[exemptions.clap_derive]]
@@ -210,21 +142,13 @@ version = "0.7.4"
criteria = "safe-to-deploy"
[[exemptions.clap_mangen]]
version = "0.2.24"
criteria = "safe-to-deploy"
[[exemptions.cmake]]
version = "0.1.51"
version = "0.2.26"
criteria = "safe-to-deploy"
[[exemptions.cmake]]
version = "0.1.54"
criteria = "safe-to-deploy"
[[exemptions.colorchoice]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.colorchoice]]
version = "1.0.3"
criteria = "safe-to-deploy"
@@ -233,10 +157,6 @@ criteria = "safe-to-deploy"
version = "0.2.3"
criteria = "safe-to-deploy"
[[exemptions.cpufeatures]]
version = "0.2.14"
criteria = "safe-to-deploy"
[[exemptions.cpufeatures]]
version = "0.2.17"
criteria = "safe-to-deploy"
@@ -253,26 +173,14 @@ criteria = "safe-to-run"
version = "1.2.0"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-channel]]
version = "0.5.14"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-deque]]
version = "0.8.6"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
[[exemptions.crossbeam-utils]]
version = "0.8.20"
criteria = "safe-to-run"
[[exemptions.crossbeam-utils]]
version = "0.8.21"
criteria = "safe-to-deploy"
[[exemptions.crunchy]]
version = "0.2.3"
criteria = "safe-to-deploy"
[[exemptions.ctrlc-async]]
version = "3.2.2"
criteria = "safe-to-deploy"
@@ -349,10 +257,6 @@ criteria = "safe-to-deploy"
version = "0.10.2"
criteria = "safe-to-deploy"
[[exemptions.equivalent]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.fastrand]]
version = "2.3.0"
criteria = "safe-to-deploy"
@@ -381,22 +285,10 @@ criteria = "safe-to-deploy"
version = "0.2.15"
criteria = "safe-to-deploy"
[[exemptions.getrandom]]
version = "0.3.1"
criteria = "safe-to-deploy"
[[exemptions.gimli]]
version = "0.31.1"
criteria = "safe-to-deploy"
[[exemptions.glob]]
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.half]]
version = "2.4.1"
criteria = "safe-to-run"
[[exemptions.hash32]]
version = "0.2.1"
criteria = "safe-to-deploy"
@@ -405,6 +297,18 @@ criteria = "safe-to-deploy"
version = "0.15.2"
criteria = "safe-to-deploy"
[[exemptions.hax-lib]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.hax-lib-macros]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.hax-lib-macros-types]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.heapless]]
version = "0.7.17"
criteria = "safe-to-deploy"
@@ -425,14 +329,6 @@ criteria = "safe-to-deploy"
version = "2.1.0"
criteria = "safe-to-deploy"
[[exemptions.indexmap]]
version = "2.6.0"
criteria = "safe-to-deploy"
[[exemptions.indexmap]]
version = "2.7.1"
criteria = "safe-to-deploy"
[[exemptions.inout]]
version = "0.1.4"
criteria = "safe-to-deploy"
@@ -441,10 +337,6 @@ criteria = "safe-to-deploy"
version = "0.18.3"
criteria = "safe-to-run"
[[exemptions.is-terminal]]
version = "0.4.13"
criteria = "safe-to-deploy"
[[exemptions.is-terminal]]
version = "0.4.15"
criteria = "safe-to-deploy"
@@ -453,20 +345,16 @@ criteria = "safe-to-deploy"
version = "1.70.1"
criteria = "safe-to-deploy"
[[exemptions.itoa]]
version = "1.0.14"
criteria = "safe-to-deploy"
[[exemptions.jobserver]]
version = "0.1.32"
criteria = "safe-to-deploy"
[[exemptions.js-sys]]
version = "0.3.72"
version = "0.3.77"
criteria = "safe-to-deploy"
[[exemptions.js-sys]]
version = "0.3.77"
[[exemptions.keccak]]
version = "0.1.5"
criteria = "safe-to-deploy"
[[exemptions.lazycell]]
@@ -474,27 +362,51 @@ version = "1.3.0"
criteria = "safe-to-deploy"
[[exemptions.libc]]
version = "0.2.168"
criteria = "safe-to-deploy"
[[exemptions.libc]]
version = "0.2.169"
version = "0.2.170"
criteria = "safe-to-deploy"
[[exemptions.libcrux]]
version = "0.0.2-pre.2"
criteria = "safe-to-deploy"
[[exemptions.libcrux-blake2]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-chacha20poly1305]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-hacl]]
version = "0.0.2-pre.2"
criteria = "safe-to-deploy"
[[exemptions.libcrux-hacl-rs]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-intrinsics]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-macros]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-ml-kem]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-platform]]
version = "0.0.2-pre.2"
criteria = "safe-to-deploy"
[[exemptions.libfuzzer-sys]]
version = "0.4.8"
[[exemptions.libcrux-poly1305]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libcrux-sha3]]
version = "0.0.2-beta.3"
criteria = "safe-to-deploy"
[[exemptions.libfuzzer-sys]]
@@ -505,18 +417,10 @@ criteria = "safe-to-deploy"
version = "0.0.2-pre.2"
criteria = "safe-to-deploy"
[[exemptions.libloading]]
version = "0.8.5"
criteria = "safe-to-deploy"
[[exemptions.libloading]]
version = "0.8.6"
criteria = "safe-to-deploy"
[[exemptions.linux-raw-sys]]
version = "0.4.14"
criteria = "safe-to-deploy"
[[exemptions.linux-raw-sys]]
version = "0.4.15"
criteria = "safe-to-deploy"
@@ -525,10 +429,6 @@ criteria = "safe-to-deploy"
version = "0.4.12"
criteria = "safe-to-deploy"
[[exemptions.log]]
version = "0.4.26"
criteria = "safe-to-deploy"
[[exemptions.memchr]]
version = "2.7.4"
criteria = "safe-to-deploy"
@@ -549,10 +449,6 @@ criteria = "safe-to-deploy"
version = "0.2.1"
criteria = "safe-to-deploy"
[[exemptions.miniz_oxide]]
version = "0.8.5"
criteria = "safe-to-deploy"
[[exemptions.mio]]
version = "1.0.3"
criteria = "safe-to-deploy"
@@ -561,10 +457,6 @@ criteria = "safe-to-deploy"
version = "0.6.3"
criteria = "safe-to-deploy"
[[exemptions.neli-proc-macros]]
version = "0.1.3"
criteria = "safe-to-deploy"
[[exemptions.neli-proc-macros]]
version = "0.1.4"
criteria = "safe-to-deploy"
@@ -589,18 +481,10 @@ criteria = "safe-to-deploy"
version = "0.2.3"
criteria = "safe-to-deploy"
[[exemptions.netlink-proto]]
version = "0.11.3"
criteria = "safe-to-deploy"
[[exemptions.netlink-proto]]
version = "0.11.5"
criteria = "safe-to-deploy"
[[exemptions.netlink-sys]]
version = "0.8.6"
criteria = "safe-to-deploy"
[[exemptions.netlink-sys]]
version = "0.8.7"
criteria = "safe-to-deploy"
@@ -613,8 +497,8 @@ criteria = "safe-to-deploy"
version = "0.27.1"
criteria = "safe-to-deploy"
[[exemptions.object]]
version = "0.36.5"
[[exemptions.num-bigint]]
version = "0.4.6"
criteria = "safe-to-deploy"
[[exemptions.object]]
@@ -625,10 +509,6 @@ criteria = "safe-to-deploy"
version = "1.20.2"
criteria = "safe-to-deploy"
[[exemptions.once_cell]]
version = "1.20.3"
criteria = "safe-to-deploy"
[[exemptions.oqs-sys]]
version = "0.9.1+liboqs-0.9.0"
criteria = "safe-to-deploy"
@@ -677,58 +557,42 @@ criteria = "safe-to-deploy"
version = "0.2.20"
criteria = "safe-to-deploy"
[[exemptions.prettyplease]]
version = "0.2.22"
criteria = "safe-to-deploy"
[[exemptions.prettyplease]]
version = "0.2.29"
criteria = "safe-to-deploy"
[[exemptions.proc-macro2]]
version = "1.0.93"
[[exemptions.proc-macro-error]]
version = "1.0.4"
criteria = "safe-to-deploy"
[[exemptions.procspawn]]
version = "1.0.1"
criteria = "safe-to-run"
[[exemptions.psm]]
version = "0.1.23"
criteria = "safe-to-deploy"
[[exemptions.psm]]
version = "0.1.25"
criteria = "safe-to-deploy"
[[exemptions.quote]]
version = "1.0.38"
criteria = "safe-to-deploy"
[[exemptions.rand]]
version = "0.8.5"
version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.5.7"
[[exemptions.rand_chacha]]
version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.rand_core]]
version = "0.9.2"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.5.9"
criteria = "safe-to-deploy"
[[exemptions.regex]]
version = "1.11.0"
criteria = "safe-to-deploy"
[[exemptions.regex]]
version = "1.11.1"
criteria = "safe-to-deploy"
[[exemptions.regex-automata]]
version = "0.4.8"
criteria = "safe-to-deploy"
[[exemptions.regex-automata]]
version = "0.4.9"
criteria = "safe-to-deploy"
@@ -741,57 +605,25 @@ criteria = "safe-to-deploy"
version = "0.14.1"
criteria = "safe-to-deploy"
[[exemptions.rustix]]
version = "0.38.42"
criteria = "safe-to-deploy"
[[exemptions.rustix]]
version = "0.38.44"
criteria = "safe-to-deploy"
[[exemptions.rustversion]]
version = "1.0.19"
criteria = "safe-to-deploy"
[[exemptions.ryu]]
version = "1.0.18"
criteria = "safe-to-run"
[[exemptions.ryu]]
version = "1.0.19"
criteria = "safe-to-deploy"
[[exemptions.scc]]
version = "2.2.1"
criteria = "safe-to-run"
[[exemptions.scc]]
version = "2.3.3"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
[[exemptions.scopeguard]]
version = "1.2.0"
criteria = "safe-to-deploy"
[[exemptions.sdd]]
version = "3.0.4"
criteria = "safe-to-run"
[[exemptions.sdd]]
version = "3.0.7"
criteria = "safe-to-deploy"
[[exemptions.semver]]
version = "1.0.25"
criteria = "safe-to-deploy"
[[exemptions.serde]]
version = "1.0.218"
criteria = "safe-to-deploy"
[[exemptions.serde_derive]]
version = "1.0.218"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
[[exemptions.serde_json]]
version = "1.0.139"
@@ -821,14 +653,6 @@ criteria = "safe-to-deploy"
version = "0.4.9"
criteria = "safe-to-deploy"
[[exemptions.smallvec]]
version = "1.14.0"
criteria = "safe-to-deploy"
[[exemptions.socket2]]
version = "0.5.7"
criteria = "safe-to-deploy"
[[exemptions.socket2]]
version = "0.5.8"
criteria = "safe-to-deploy"
@@ -837,10 +661,6 @@ criteria = "safe-to-deploy"
version = "0.9.8"
criteria = "safe-to-deploy"
[[exemptions.stacker]]
version = "0.1.17"
criteria = "safe-to-deploy"
[[exemptions.stacker]]
version = "0.1.19"
criteria = "safe-to-deploy"
@@ -849,10 +669,6 @@ criteria = "safe-to-deploy"
version = "1.0.109"
criteria = "safe-to-deploy"
[[exemptions.syn]]
version = "2.0.87"
criteria = "safe-to-deploy"
[[exemptions.syn]]
version = "2.0.98"
criteria = "safe-to-deploy"
@@ -861,10 +677,6 @@ criteria = "safe-to-deploy"
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.tempfile]]
version = "3.14.0"
criteria = "safe-to-deploy"
[[exemptions.tempfile]]
version = "3.17.1"
criteria = "safe-to-deploy"
@@ -877,34 +689,18 @@ criteria = "safe-to-deploy"
version = "0.4.0"
criteria = "safe-to-run"
[[exemptions.thiserror]]
version = "1.0.69"
criteria = "safe-to-deploy"
[[exemptions.thiserror]]
version = "2.0.11"
criteria = "safe-to-deploy"
[[exemptions.thiserror-impl]]
version = "1.0.69"
criteria = "safe-to-deploy"
[[exemptions.thiserror-impl]]
version = "2.0.11"
criteria = "safe-to-deploy"
[[exemptions.tokio]]
version = "1.42.0"
criteria = "safe-to-deploy"
[[exemptions.tokio]]
version = "1.43.0"
criteria = "safe-to-deploy"
[[exemptions.tokio-macros]]
version = "2.4.0"
criteria = "safe-to-deploy"
[[exemptions.tokio-macros]]
version = "2.5.0"
criteria = "safe-to-deploy"
@@ -921,10 +717,6 @@ criteria = "safe-to-deploy"
version = "0.19.15"
criteria = "safe-to-deploy"
[[exemptions.typenum]]
version = "1.17.0"
criteria = "safe-to-deploy"
[[exemptions.typenum]]
version = "1.18.0"
criteria = "safe-to-deploy"
@@ -942,11 +734,7 @@ version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.uuid]]
version = "1.10.0"
criteria = "safe-to-run"
[[exemptions.uuid]]
version = "1.14.0"
version = "1.15.1"
criteria = "safe-to-deploy"
[[exemptions.version_check]]
@@ -965,53 +753,29 @@ criteria = "safe-to-deploy"
version = "0.13.3+wasi-0.2.2"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen]]
version = "0.2.95"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen]]
version = "0.2.100"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-backend]]
version = "0.2.95"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-backend]]
version = "0.2.100"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro]]
version = "0.2.95"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro]]
version = "0.2.100"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro-support]]
version = "0.2.95"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro-support]]
version = "0.2.100"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-shared]]
version = "0.2.95"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-shared]]
version = "0.2.100"
criteria = "safe-to-deploy"
[[exemptions.web-sys]]
version = "0.3.72"
criteria = "safe-to-run"
[[exemptions.web-sys]]
version = "0.3.77"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
[[exemptions.which]]
version = "4.4.2"
@@ -1181,10 +945,6 @@ criteria = "safe-to-deploy"
version = "3.0.0"
criteria = "safe-to-deploy"
[[exemptions.wit-bindgen-rt]]
version = "0.33.0"
criteria = "safe-to-deploy"
[[exemptions.x25519-dalek]]
version = "2.0.1"
criteria = "safe-to-deploy"
@@ -1193,6 +953,14 @@ criteria = "safe-to-deploy"
version = "0.7.35"
criteria = "safe-to-deploy"
[[exemptions.zerocopy]]
version = "0.8.20"
criteria = "safe-to-deploy"
[[exemptions.zerocopy-derive]]
version = "0.7.35"
criteria = "safe-to-deploy"
[[exemptions.zerocopy-derive]]
version = "0.8.20"
criteria = "safe-to-deploy"

571
supply-chain/imports.lock
View File

@@ -2,8 +2,8 @@
# cargo-vet imports lock
[[publisher.bumpalo]]
version = "3.16.0"
when = "2024-04-08"
version = "3.17.0"
when = "2025-01-28"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
@@ -15,6 +15,12 @@ user-id = 3788
user-login = "emilio"
user-name = "Emilio Cobos Álvarez"
[[publisher.wit-bindgen-rt]]
version = "0.33.0"
when = "2024-09-30"
user-id = 73222
user-login = "wasmtime-publish"
[audits.actix.audits]
[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
@@ -24,6 +30,18 @@ user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2025-07-30"
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rt]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2025-05-08"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""
[[audits.bytecode-alliance.audits.adler2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@@ -103,12 +121,6 @@ who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
version = "0.1.3"
[[audits.bytecode-alliance.audits.either]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.13.0"
notes = "More utilities and such for the `Either` type, no `unsafe` code."
[[audits.bytecode-alliance.audits.embedded-io]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@@ -132,15 +144,6 @@ who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.3.9 -> 0.3.10"
[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
notes = """
This update had a few doc updates but no otherwise-substantial source code
updates.
"""
[[audits.bytecode-alliance.audits.futures]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
@@ -193,11 +196,10 @@ criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected."
[[audits.bytecode-alliance.audits.inout]]
who = "Andrew Brown <andrew.brown@intel.com>"
[[audits.bytecode-alliance.audits.itoa]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "A part of RustCrypto/utils, this crate is designed to handle unsafe buffers and carefully documents the safety concerns throughout. Older versions of this tally up to ~130k daily downloads."
delta = "1.0.11 -> 1.0.14"
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
@@ -219,6 +221,16 @@ criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "Minor updates, using new Rust features like `const`, no major changes."
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.5"
notes = """
Lots of small updates here and there, for example around modernizing Rust
idioms. No new `unsafe` code and everything looks like what you'd expect a
compression library to be doing.
"""
[[audits.bytecode-alliance.audits.num-traits]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
@@ -231,12 +243,6 @@ criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.pin-project-lite]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.13 -> 0.2.14"
notes = "No substantive changes in this update"
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@@ -277,6 +283,18 @@ criteria = "safe-to-deploy"
version = "1.0.1"
notes = "No unsafe usage or ambient capabilities"
[[audits.embark-studios.audits.thiserror]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
[[audits.embark-studios.audits.thiserror-impl]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Found no unsafe or ambient capabilities used"
[[audits.fermyon.audits.oorandom]]
who = "Radu Matei <radu.matei@fermyon.com>"
criteria = "safe-to-run"
@@ -305,6 +323,13 @@ Additional review comments can be found at https://crrev.com/c/4723145/31
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.6.0 -> 2.8.0"
notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.byteorder]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
@@ -318,6 +343,24 @@ criteria = "safe-to-run"
version = "0.3.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.ciborium]]
who = "Daniel Verkamp <dverkamp@chromium.org>"
criteria = "safe-to-run"
version = "0.2.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.ciborium-io]]
who = "Daniel Verkamp <dverkamp@chromium.org>"
criteria = "safe-to-run"
version = "0.2.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.ciborium-ll]]
who = "Daniel Verkamp <dverkamp@chromium.org>"
criteria = "safe-to-run"
version = "0.2.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-channel]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@@ -330,12 +373,6 @@ criteria = "safe-to-run"
delta = "0.5.7 -> 0.5.8"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-deque]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.8.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-epoch]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
@@ -348,21 +385,39 @@ criteria = "safe-to-run"
delta = "0.9.14 -> 0.9.15"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.either]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.0"
notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.either]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.13.0 -> 1.14.0"
notes = """
Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either:
- migrating code to use helper macros
- migrating match patterns to take advantage of default bindings mode from RFC 2005
Either way, the result is code that does exactly the same thing and does not change the risk of UB.
See https://crrev.com/c/6323164 for more audit details.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
[[audits.google.audits.equivalent]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
delta = "1.0.1 -> 1.0.2"
notes = "No changes to any .rs files or Rust code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.glob]]
who = "George Burgess IV <gbiv@google.com>"
@@ -370,6 +425,19 @@ criteria = "safe-to-deploy"
version = "0.3.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.glob]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.2"
notes = "Still no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.half]]
who = "Daniel Verkamp <dverkamp@chromium.org>"
criteria = "safe-to-run"
version = "2.4.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.heck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@@ -383,6 +451,19 @@ https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.indexmap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "2.7.1"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`
and there were no hits.
There is a little bit of `unsafe` Rust code - the audit can be found at
https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.itertools]]
who = "ChromeOS"
criteria = "safe-to-run"
@@ -451,6 +532,20 @@ describe in the review doc.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.log]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.4.22 -> 0.4.25"
notes = "No impact on `unsafe` usage in `lib.rs`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.log]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.4.25 -> 0.4.26"
notes = "Only trivial code and documentation changes."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.nom]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
@@ -460,19 +555,18 @@ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
[[audits.google.audits.num-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
version = "0.1.46"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
notes = "Audited at https://fxrev.dev/946396"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
version = "1.0.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
@@ -551,6 +645,35 @@ delta = "1.0.86 -> 1.0.87"
notes = "No new unsafe interactions."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Liza Burakova <liza@chromium.org"
criteria = "safe-to-deploy"
delta = "1.0.87 -> 1.0.89"
notes = """
Biggest change is adding error handling in build.rs.
Some config related changes in wrapper.rs.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.89 -> 1.0.92"
notes = """
I looked at the delta and the previous discussion at
https://chromium-review.googlesource.com/c/chromium/src/+/5385745/3#message-a8e2813129fa3779dab15acede408ee26d67b7f3
and the changes look okay to me (including the `unsafe fn from_str_unchecked`
changes in `wrapper.rs`).
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.92 -> 1.0.93"
notes = "No `unsafe`-related changes."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@@ -577,6 +700,22 @@ The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.quote]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.38"
notes = "Still no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rand]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.8.5"
notes = """
For more detailed unsafe review notes please see https://crrev.com/c/6362797
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.regex-syntax]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
@@ -584,6 +723,67 @@ version = "0.8.5"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.14"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for:
* Using trivially-safe `unsafe` in test code:
```
tests/test_const.rs:unsafe fn _unsafe() {}
tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
```
* Using `unsafe` in a string:
```
src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe,
```
* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
which is later read back via `include!` used in `src/lib.rs`.
Version `1.0.6` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.14 -> 1.0.15"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.15 -> 1.0.16"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.16 -> 1.0.17"
notes = "Just updates windows compat"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Liza Burakova <liza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.19"
notes = "No unsafe, just doc changes"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.same-file]]
who = "Android Legacy"
criteria = "safe-to-run"
@@ -704,6 +904,13 @@ delta = "1.0.216 -> 1.0.217"
notes = "Minimal changes, nothing unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.217 -> 1.0.218"
notes = "No changes outside comments and documentation."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
@@ -797,51 +1004,11 @@ delta = "1.0.216 -> 1.0.217"
notes = "No changes"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "danakj@chromium.org"
criteria = "safe-to-run"
version = "1.0.108"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.116 -> 1.0.117"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.117 -> 1.0.120"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.120 -> 1.0.122"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.122 -> 1.0.124"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.124 -> 1.0.127"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.serde_json]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-run"
delta = "1.0.127 -> 1.0.128"
[[audits.google.audits.serde_derive]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.217 -> 1.0.218"
notes = "No changes outside comments and documentation."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.small_ctor]]
@@ -868,6 +1035,20 @@ criteria = "safe-to-deploy"
version = "1.13.2"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.smallvec]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.13.2 -> 1.14.0"
notes = """
WARNING: This certification is a result of a **partial** audit. The
`malloc_size_of` feature has **not** been audited. This feature does
not explicitly document its safety requirements.
See also https://chromium-review.googlesource.com/c/chromium/src/+/6275133/comment/ea0d7a93_98051a2e/
and https://github.com/servo/malloc_size_of/issues/8.
This feature is banned in gnrt_config.toml.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.stable_deref_trait]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
@@ -892,44 +1073,11 @@ criteria = "safe-to-run"
version = "1.2.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.unicode-ident]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.12"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
All two functions from the public API of this crate use `unsafe` to avoid bound
checks for an array access. Cross-module analysis shows that the offsets can
be statically proven to be within array bounds. More details can be found in
the unsafe review CL at https://crrev.com/c/5350386.
This crate has been added to Chromium in https://crrev.com/c/3891618.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.unicode-ident]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.12 -> 1.0.13"
notes = "Lots of table updates, and tables are assumed correct with unsafe `.get_unchecked()`, so ub-risk-2 is appropriate"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.isrg.audits.block-buffer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"
[[audits.isrg.audits.crunchy]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.2"
[[audits.isrg.audits.either]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "1.6.1"
[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@@ -1055,11 +1203,36 @@ who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
version = "1.12.1"
[[audits.isrg.audits.sha3]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.10.6"
[[audits.isrg.audits.sha3]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"
[[audits.isrg.audits.sha3]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.10.8"
[[audits.isrg.audits.subtle]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "2.5.0 -> 2.6.1"
[[audits.isrg.audits.thiserror]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.40 -> 1.0.43"
[[audits.isrg.audits.thiserror-impl]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.40 -> 1.0.43"
[[audits.isrg.audits.universal-hash]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@@ -1173,6 +1346,18 @@ criteria = "safe-to-deploy"
delta = "0.5.12 -> 0.5.13"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.13 -> 0.5.14"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.crunchy]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.crypto-common]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@@ -1189,42 +1374,12 @@ comments on older versions of rustc.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.errno]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@@ -1244,12 +1399,29 @@ criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.getrandom]]
who = "Chris Martin <cmartin@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.2.15 -> 0.3.1"
notes = """
I've looked over all unsafe code, and it appears to be safe, fully initializing the rng buffers.
In addition, I've checked Linux, Windows, Mac, and Android more thoroughly against API
documentation.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.hex]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.4.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.once_cell]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.20.2 -> 1.20.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.peeking_take_while]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@@ -1283,6 +1455,12 @@ version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.semver]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.25"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.shlex]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
@@ -1302,6 +1480,18 @@ version = "2.5.0"
notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.thiserror]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.43 -> 1.0.69"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.thiserror-impl]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.43 -> 1.0.69"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.zeroize]]
who = "Benjamin Beurdouche <beurdouche@mozilla.com>"
criteria = "safe-to-deploy"
@@ -1325,17 +1515,10 @@ delta = "0.10.3 -> 0.10.4"
notes = "Adds panics to prevent a block size of zero from causing unsoundness."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.crossbeam-deque]]
[[audits.zcash.audits.crossbeam-utils]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.3 -> 0.8.4"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.crossbeam-deque]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.5"
notes = "Changes to `unsafe` code look okay."
delta = "0.8.20 -> 0.8.21"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.errno]]
@@ -1350,12 +1533,6 @@ criteria = "safe-to-deploy"
delta = "0.3.8 -> 0.3.9"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.fastrand]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.1.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.oorandom]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-run"
@@ -1390,52 +1567,6 @@ delta = "0.4.0 -> 0.4.1"
notes = "Changes to `Command` usage are to add support for `RUSTC_WRAPPER`."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.semver]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.semver]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.semver]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.19 -> 1.0.20"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.semver]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.20 -> 1.0.22"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.semver]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.22 -> 1.0.23"
notes = """
`build.rs` change is to enable checking for expected `#[cfg]` names if compiling
with Rust 1.80 or later.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
[[audits.zcash.audits.serde_json]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.108 -> 1.0.110"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.serde_json]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.110 -> 1.0.116"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"