From 4cb5b303dcab81a9d0a42aa7a72c86a66c52c5ca Mon Sep 17 00:00:00 2001 From: CleverWild Date: Sat, 14 Mar 2026 17:58:36 +0100 Subject: [PATCH] security: audit some crates --- server/supply-chain/audits.toml | 904 +++++++++++- server/supply-chain/config.toml | 445 +----- server/supply-chain/imports.lock | 2273 +++++++++++++++++++++++++++++- 3 files changed, 3119 insertions(+), 503 deletions(-) diff --git a/server/supply-chain/audits.toml b/server/supply-chain/audits.toml index 677bc7d..eb9b258 100644 --- a/server/supply-chain/audits.toml +++ b/server/supply-chain/audits.toml @@ -1,6 +1,41 @@ # cargo-vet audits file +[[audits.alloy-primitives]] +who = "CleverWild " +criteria = "safe-to-deploy" +version = "1.5.7" + +[[audits.console]] +who = "CleverWild " +criteria = "safe-to-deploy" +version = "0.15.11" + +[[audits.encode_unicode]] +who = "CleverWild " +criteria = "safe-to-deploy" +version = "0.3.6" + +[[audits.futures-timer]] +who = "CleverWild " +criteria = "safe-to-run" +version = "3.0.3" + +[[audits.insta]] +who = "CleverWild " +criteria = "safe-to-run" +version = "1.46.3" + +[[audits.pin-project]] +who = "CleverWild " +criteria = "safe-to-deploy" +version = "0.2.16" + +[[audits.protoc-bin-vendored]] +who = "CleverWild " +criteria = "safe-to-deploy" +version = "3.2.0" + [[audits.similar]] who = "hdbg " criteria = "safe-to-deploy" @@ -16,11 +51,214 @@ who = "hdbg " criteria = "safe-to-deploy" delta = "0.2.18 -> 0.2.19" +[[audits.wasm-bindgen]] +who = "CleverWild " +criteria = "safe-to-deploy" +delta = "0.2.100 -> 0.2.114" + +[[trusted.addr2line]] +criteria = "safe-to-deploy" +user-id = 4415 # Philip Craig (philipc) +start = "2019-05-01" +end = "2027-03-14" + +[[trusted.aho-corasick]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-03-28" +end = "2027-03-14" + +[[trusted.anyhow]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-10-05" +end = "2027-03-14" + +[[trusted.async-stream]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2019-06-07" +end = "2027-03-14" + +[[trusted.async-stream]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2021-04-21" +end = "2027-03-14" + +[[trusted.async-stream-impl]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2019-08-13" +end = "2027-03-14" + +[[trusted.async-stream-impl]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2021-04-21" +end = "2027-03-14" + +[[trusted.async-trait]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-07-23" +end = "2027-03-14" + +[[trusted.auto_impl]] +criteria = "safe-to-deploy" +user-id = 3204 # Ashley Mannix (KodrAus) +start = "2022-06-01" +end = "2027-03-14" + +[[trusted.aws-lc-rs]] +criteria = "safe-to-deploy" +user-id = 156764 # Justin W Smith (justsmth) +start = "2023-04-11" +end = "2027-03-14" + +[[trusted.aws-lc-sys]] +criteria = "safe-to-deploy" +user-id = 156764 # Justin W Smith (justsmth) +start = "2022-11-09" +end = "2027-03-14" + +[[trusted.backtrace]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2025-05-06" +end = "2027-03-14" + +[[trusted.bitflags]] +criteria = "safe-to-deploy" +user-id = 3204 # Ashley Mannix (KodrAus) +start = "2019-05-02" +end = "2027-03-14" + +[[trusted.bytes]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-11-27" +end = "2027-03-14" + +[[trusted.bytes]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2021-01-11" +end = "2027-03-14" + [[trusted.cc]] criteria = "safe-to-deploy" user-id = 55123 # rust-lang-owner start = "2022-10-29" -end = "2027-02-16" +end = "2027-03-14" + +[[trusted.cmake]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2022-10-29" +end = "2027-03-14" + +[[trusted.crossbeam-utils]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-12" +end = "2027-03-14" + +[[trusted.derive_more]] +criteria = "safe-to-deploy" +user-id = 3797 # Jelte Fennema-Nio (JelteF) +start = "2019-05-25" +end = "2027-03-14" + +[[trusted.derive_more-impl]] +criteria = "safe-to-deploy" +user-id = 3797 # Jelte Fennema-Nio (JelteF) +start = "2023-07-23" +end = "2027-03-14" + +[[trusted.dyn-clone]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-12-23" +end = "2027-03-14" + +[[trusted.ff]] +criteria = "safe-to-deploy" +user-id = 6289 # Jack Grigg (str4d) +start = "2021-08-11" +end = "2027-03-14" + +[[trusted.find-msvc-tools]] +criteria = "safe-to-deploy" +user-id = 539 # Josh Stone (cuviper) +start = "2025-08-29" +end = "2027-03-14" + +[[trusted.flate2]] +criteria = "safe-to-deploy" +user-id = 980 # Sebastian Thiel (Byron) +start = "2023-08-15" +end = "2027-03-14" + +[[trusted.futures]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-channel]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-core]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-executor]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-io]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-macro]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-sink]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.futures-task]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-07-29" +end = "2027-03-14" + +[[trusted.futures-util]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2020-10-05" +end = "2027-03-14" + +[[trusted.group]] +criteria = "safe-to-deploy" +user-id = 1244 # ebfull +start = "2019-10-08" +end = "2027-03-14" [[trusted.h2]] criteria = "safe-to-deploy" @@ -28,36 +266,372 @@ user-id = 359 # Sean McArthur (seanmonstar) start = "2019-03-13" end = "2027-02-14" +[[trusted.hashbrown]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-04-02" +end = "2027-03-14" + [[trusted.hashbrown]] criteria = "safe-to-deploy" user-id = 55123 # rust-lang-owner start = "2025-04-30" end = "2027-02-14" +[[trusted.http]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-04-05" +end = "2027-03-14" + +[[trusted.http-body-util]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2022-10-25" +end = "2027-03-14" + +[[trusted.httparse]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-07-03" +end = "2027-03-14" + +[[trusted.hyper]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-03-01" +end = "2027-03-14" + [[trusted.hyper-util]] criteria = "safe-to-deploy" user-id = 359 # Sean McArthur (seanmonstar) start = "2022-01-15" end = "2027-02-14" +[[trusted.id-arena]] +criteria = "safe-to-deploy" +user-id = 696 # Nick Fitzgerald (fitzgen) +start = "2026-01-14" +end = "2027-03-14" + +[[trusted.indexmap]] +criteria = "safe-to-deploy" +user-id = 539 # Josh Stone (cuviper) +start = "2020-01-15" +end = "2027-03-14" + +[[trusted.itoa]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-02" +end = "2027-03-14" + +[[trusted.jobserver]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2024-07-23" +end = "2027-03-14" + +[[trusted.js-sys]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + [[trusted.libc]] criteria = "safe-to-deploy" user-id = 55123 # rust-lang-owner start = "2024-08-15" end = "2027-02-16" +[[trusted.libm]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2024-10-26" +end = "2027-03-14" + +[[trusted.linux-raw-sys]] +criteria = "safe-to-deploy" +user-id = 6825 # Dan Gohman (sunfishcode) +start = "2021-06-12" +end = "2027-03-14" + +[[trusted.lock_api]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2027-03-14" + +[[trusted.log]] +criteria = "safe-to-deploy" +user-id = 3204 # Ashley Mannix (KodrAus) +start = "2019-07-10" +end = "2027-03-14" + +[[trusted.macro-string]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2025-02-02" +end = "2027-03-14" + +[[trusted.memchr]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-07-07" +end = "2027-03-14" + +[[trusted.mime]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-09-09" +end = "2027-03-14" + +[[trusted.mio]] +criteria = "safe-to-deploy" +user-id = 6025 # Thomas de Zeeuw (Thomasdezeeuw) +start = "2019-12-17" +end = "2027-03-14" + +[[trusted.num-bigint]] +criteria = "safe-to-deploy" +user-id = 539 # Josh Stone (cuviper) +start = "2019-09-04" +end = "2027-03-14" + +[[trusted.num_cpus]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-06-10" +end = "2027-03-14" + +[[trusted.object]] +criteria = "safe-to-deploy" +user-id = 4415 # Philip Craig (philipc) +start = "2019-04-26" +end = "2027-03-14" + +[[trusted.parking_lot]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2027-03-14" + +[[trusted.parking_lot_core]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2027-03-14" + +[[trusted.paste]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-19" +end = "2027-03-14" + +[[trusted.pin-project]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-03-02" +end = "2027-03-14" + +[[trusted.pin-project-internal]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-08-11" +end = "2027-03-14" + +[[trusted.pin-project-lite]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2019-10-22" +end = "2027-03-14" + +[[trusted.portable-atomic]] +criteria = "safe-to-deploy" +user-id = 33035 # Taiki Endo (taiki-e) +start = "2022-02-24" +end = "2027-03-14" + +[[trusted.prettyplease]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2022-01-04" +end = "2027-03-14" + +[[trusted.proc-macro2]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-04-23" +end = "2027-03-14" + +[[trusted.prost]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2021-07-08" +end = "2027-03-14" + +[[trusted.prost-build]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2021-07-08" +end = "2027-03-14" + +[[trusted.prost-derive]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2021-07-08" +end = "2027-03-14" + +[[trusted.prost-types]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2021-07-08" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-linux-aarch_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-linux-ppcle_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-linux-s390_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2025-07-21" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-linux-x86_32]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-linux-x86_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-macos-aarch_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2024-09-30" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-macos-x86_64]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.protoc-bin-vendored-win32]] +criteria = "safe-to-deploy" +user-id = 220 # Stepan Koltsov (stepancheg) +start = "2022-02-07" +end = "2027-03-14" + +[[trusted.pulldown-cmark-to-cmark]] +criteria = "safe-to-deploy" +user-id = 980 # Sebastian Thiel (Byron) +start = "2019-07-03" +end = "2027-03-14" + +[[trusted.quote]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-04-09" +end = "2027-03-14" + +[[trusted.ref-cast]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-05" +end = "2027-03-14" + +[[trusted.ref-cast-impl]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-05" +end = "2027-03-14" + +[[trusted.regex]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-02-27" +end = "2027-03-14" + +[[trusted.regex-automata]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-02-25" +end = "2027-03-14" + +[[trusted.regex-syntax]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-03-30" +end = "2027-03-14" + +[[trusted.reqwest]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.rustc-demangle]] +criteria = "safe-to-deploy" +user-id = 55123 # rust-lang-owner +start = "2023-03-23" +end = "2027-03-14" + [[trusted.rustix]] criteria = "safe-to-deploy" user-id = 6825 # Dan Gohman (sunfishcode) start = "2021-10-29" end = "2027-02-14" +[[trusted.ryu]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-02" +end = "2027-03-14" + +[[trusted.scopeguard]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2020-02-16" +end = "2027-03-14" + +[[trusted.semver]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2021-05-25" +end = "2027-03-14" + [[trusted.serde_json]] criteria = "safe-to-deploy" user-id = 3618 # David Tolnay (dtolnay) start = "2019-02-28" end = "2027-02-14" +[[trusted.slab]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2021-10-13" +end = "2027-03-14" + +[[trusted.socket2]] +criteria = "safe-to-deploy" +user-id = 6025 # Thomas de Zeeuw (Thomasdezeeuw) +start = "2020-09-09" +end = "2027-03-14" + [[trusted.syn]] criteria = "safe-to-deploy" user-id = 3618 # David Tolnay (dtolnay) @@ -70,26 +644,350 @@ user-id = 2915 # Amanieu d'Antras (Amanieu) start = "2019-09-07" end = "2027-02-16" +[[trusted.time]] +criteria = "safe-to-deploy" +user-id = 15682 # Jacob Pratt (jhpratt) +start = "2019-12-19" +end = "2027-03-14" + +[[trusted.tinystr]] +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-01-14" +end = "2027-03-14" + +[[trusted.tokio]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2020-12-25" +end = "2027-03-14" + +[[trusted.tokio-macros]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2020-10-26" +end = "2027-03-14" + +[[trusted.tokio-stream]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2021-01-04" +end = "2027-03-14" + +[[trusted.tokio-util]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2021-01-12" +end = "2027-03-14" + [[trusted.toml]] criteria = "safe-to-deploy" user-id = 6743 # Ed Page (epage) start = "2022-12-14" end = "2027-02-16" +[[trusted.toml_datetime]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-10-21" +end = "2027-03-14" + +[[trusted.toml_edit]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2021-09-13" +end = "2027-03-14" + [[trusted.toml_parser]] criteria = "safe-to-deploy" user-id = 6743 # Ed Page (epage) start = "2025-07-08" end = "2027-02-16" +[[trusted.tonic]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2019-10-02" +end = "2027-03-14" + [[trusted.tonic-build]] criteria = "safe-to-deploy" -user-id = 10 +user-id = 10 # Carl Lerche (carllerche) start = "2019-09-10" -end = "2027-02-16" +end = "2027-03-14" + +[[trusted.tonic-build]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2019-10-02" +end = "2027-03-14" + +[[trusted.tonic-prost]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2025-07-28" +end = "2027-03-14" + +[[trusted.tonic-prost-build]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2025-07-28" +end = "2027-03-14" + +[[trusted.tower]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2024-09-09" +end = "2027-03-14" + +[[trusted.tower-http]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2024-09-23" +end = "2027-03-14" + +[[trusted.tower-layer]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2019-04-27" +end = "2027-03-14" + +[[trusted.tower-layer]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2019-09-11" +end = "2027-03-14" + +[[trusted.tower-service]] +criteria = "safe-to-deploy" +user-id = 3959 # Lucio Franco (LucioFranco) +start = "2019-08-20" +end = "2027-03-14" + +[[trusted.tracing-subscriber]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2025-08-29" +end = "2027-03-14" + +[[trusted.ucd-trie]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-07-21" +end = "2027-03-14" + +[[trusted.unicase]] +criteria = "safe-to-deploy" +user-id = 359 # Sean McArthur (seanmonstar) +start = "2019-03-05" +end = "2027-03-14" + +[[trusted.unicode-ident]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2021-10-02" +end = "2027-03-14" + +[[trusted.url]] +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-02-18" +end = "2027-03-14" + +[[trusted.uuid]] +criteria = "safe-to-deploy" +user-id = 3204 # Ashley Mannix (KodrAus) +start = "2019-10-18" +end = "2027-03-14" + +[[trusted.valuable]] +criteria = "safe-to-deploy" +user-id = 10 # Carl Lerche (carllerche) +start = "2022-01-03" +end = "2027-03-14" + +[[trusted.wait-timeout]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2025-02-03" +end = "2027-03-14" + +[[trusted.wasi]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2020-06-03" +end = "2027-03-14" + +[[trusted.wasi]] +criteria = "safe-to-deploy" +user-id = 6825 # Dan Gohman (sunfishcode) +start = "2019-07-22" +end = "2027-03-14" + +[[trusted.wasm-bindgen]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.wasm-bindgen-futures]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.wasm-bindgen-macro]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.wasm-bindgen-macro-support]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.wasm-bindgen-shared]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.web-sys]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-03-04" +end = "2027-03-14" + +[[trusted.windows-core]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-11-15" +end = "2027-03-14" + +[[trusted.windows-implement]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-01-27" +end = "2027-03-14" + +[[trusted.windows-interface]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-02-18" +end = "2027-03-14" + +[[trusted.windows-result]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2024-02-02" +end = "2027-03-14" + +[[trusted.windows-strings]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2024-02-02" +end = "2027-03-14" [[trusted.windows-sys]] criteria = "safe-to-deploy" user-id = 64539 # Kenny Kerr (kennykerr) start = "2021-11-15" end = "2027-02-16" + +[[trusted.windows-targets]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-09" +end = "2027-03-14" + +[[trusted.windows_aarch64_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-01" +end = "2027-03-14" + +[[trusted.windows_aarch64_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-11-05" +end = "2027-03-14" + +[[trusted.windows_i686_gnu]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-28" +end = "2027-03-14" + +[[trusted.windows_i686_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2024-04-02" +end = "2027-03-14" + +[[trusted.windows_i686_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-27" +end = "2027-03-14" + +[[trusted.windows_x86_64_gnu]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-28" +end = "2027-03-14" + +[[trusted.windows_x86_64_gnullvm]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2022-09-01" +end = "2027-03-14" + +[[trusted.windows_x86_64_msvc]] +criteria = "safe-to-deploy" +user-id = 64539 # Kenny Kerr (kennykerr) +start = "2021-10-27" +end = "2027-03-14" + +[[trusted.winnow]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-02-22" +end = "2027-03-14" + +[[trusted.yoke]] +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-05-01" +end = "2027-03-14" + +[[trusted.zerocopy]] +criteria = "safe-to-deploy" +user-id = 7178 # Joshua Liebow-Feeser (joshlf) +start = "2019-02-28" +end = "2027-03-14" + +[[trusted.zerocopy-derive]] +criteria = "safe-to-deploy" +user-id = 7178 # Joshua Liebow-Feeser (joshlf) +start = "2019-02-28" +end = "2027-03-14" + +[[trusted.zerotrie]] +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2023-10-03" +end = "2027-03-14" + +[[trusted.zerovec]] +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-04-19" +end = "2027-03-14" + +[[trusted.zmij]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2025-12-18" +end = "2027-03-14" diff --git a/server/supply-chain/config.toml b/server/supply-chain/config.toml index f60f5f6..11f22ff 100644 --- a/server/supply-chain/config.toml +++ b/server/supply-chain/config.toml @@ -4,30 +4,27 @@ [cargo-vet] version = "0.10" +[imports.OpenDevicePartnership] +url = "https://raw.githubusercontent.com/OpenDevicePartnership/rust-crate-audits/refs/heads/main/audits.toml" + [imports.bytecode-alliance] url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" +[imports.embark-studios] +url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml" + [imports.google] url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml" +[imports.isrg] +url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" + [imports.mozilla] url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" [imports.zcash] url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" -[[exemptions.addr2line]] -version = "0.25.1" -criteria = "safe-to-deploy" - -[[exemptions.aho-corasick]] -version = "1.1.4" -criteria = "safe-to-deploy" - -[[exemptions.anyhow]] -version = "1.0.101" -criteria = "safe-to-deploy" - [[exemptions.asn1-rs]] version = "0.7.1" criteria = "safe-to-deploy" @@ -40,18 +37,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.async-trait]] -version = "0.1.89" -criteria = "safe-to-deploy" - -[[exemptions.aws-lc-rs]] -version = "1.15.4" -criteria = "safe-to-deploy" - -[[exemptions.aws-lc-sys]] -version = "0.37.0" -criteria = "safe-to-deploy" - [[exemptions.axum]] version = "0.8.8" criteria = "safe-to-deploy" @@ -60,10 +45,6 @@ criteria = "safe-to-deploy" version = "0.5.6" criteria = "safe-to-deploy" -[[exemptions.backtrace]] -version = "0.3.76" -criteria = "safe-to-deploy" - [[exemptions.backtrace-ext]] version = "0.2.1" criteria = "safe-to-deploy" @@ -72,26 +53,14 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.bitflags]] -version = "2.10.0" -criteria = "safe-to-deploy" - [[exemptions.block-buffer]] version = "0.11.0" criteria = "safe-to-deploy" -[[exemptions.bytes]] -version = "1.11.1" -criteria = "safe-to-deploy" - [[exemptions.cc]] version = "1.2.55" criteria = "safe-to-deploy" -[[exemptions.cfg-if]] -version = "1.0.4" -criteria = "safe-to-deploy" - [[exemptions.chacha20]] version = "0.10.0" criteria = "safe-to-deploy" @@ -100,26 +69,14 @@ criteria = "safe-to-deploy" version = "0.4.43" criteria = "safe-to-deploy" -[[exemptions.cmake]] -version = "0.1.57" -criteria = "safe-to-deploy" - [[exemptions.cpufeatures]] version = "0.2.17" criteria = "safe-to-deploy" -[[exemptions.cpufeatures]] -version = "0.3.0" -criteria = "safe-to-deploy" - [[exemptions.crc32fast]] version = "1.5.0" criteria = "safe-to-deploy" -[[exemptions.crossbeam-utils]] -version = "0.8.21" -criteria = "safe-to-deploy" - [[exemptions.crypto-common]] version = "0.2.0" criteria = "safe-to-deploy" @@ -156,10 +113,6 @@ criteria = "safe-to-deploy" version = "10.0.0" criteria = "safe-to-deploy" -[[exemptions.deranged]] -version = "0.5.5" -criteria = "safe-to-deploy" - [[exemptions.diesel]] version = "2.3.6" criteria = "safe-to-deploy" @@ -192,10 +145,6 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.dyn-clone]] -version = "1.0.20" -criteria = "safe-to-deploy" - [[exemptions.ed25519]] version = "3.0.0-rc.4" criteria = "safe-to-deploy" @@ -204,10 +153,6 @@ criteria = "safe-to-deploy" version = "3.0.0-pre.6" criteria = "safe-to-deploy" -[[exemptions.fiat-crypto]] -version = "0.3.0" -criteria = "safe-to-deploy" - [[exemptions.find-msvc-tools]] version = "0.1.9" criteria = "safe-to-deploy" @@ -216,22 +161,10 @@ criteria = "safe-to-deploy" version = "0.5.7" criteria = "safe-to-deploy" -[[exemptions.flate2]] -version = "1.1.9" -criteria = "safe-to-deploy" - [[exemptions.fs_extra]] version = "1.3.0" criteria = "safe-to-deploy" -[[exemptions.futures-task]] -version = "0.3.31" -criteria = "safe-to-deploy" - -[[exemptions.futures-util]] -version = "0.3.31" -criteria = "safe-to-deploy" - [[exemptions.getrandom]] version = "0.2.17" criteria = "safe-to-deploy" @@ -244,30 +177,10 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" -[[exemptions.hashbrown]] -version = "0.14.5" -criteria = "safe-to-deploy" - -[[exemptions.http]] -version = "1.4.0" -criteria = "safe-to-deploy" - -[[exemptions.http-body-util]] -version = "0.1.3" -criteria = "safe-to-deploy" - -[[exemptions.httparse]] -version = "1.10.1" -criteria = "safe-to-deploy" - [[exemptions.hybrid-array]] version = "0.4.7" criteria = "safe-to-deploy" -[[exemptions.hyper]] -version = "1.8.1" -criteria = "safe-to-deploy" - [[exemptions.hyper-timeout]] version = "0.5.2" criteria = "safe-to-deploy" @@ -276,18 +189,6 @@ criteria = "safe-to-deploy" version = "0.1.65" criteria = "safe-to-deploy" -[[exemptions.id-arena]] -version = "2.3.0" -criteria = "safe-to-deploy" - -[[exemptions.ident_case]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.indexmap]] -version = "2.13.0" -criteria = "safe-to-deploy" - [[exemptions.is_ci]] version = "1.2.0" criteria = "safe-to-deploy" @@ -296,14 +197,6 @@ criteria = "safe-to-deploy" version = "0.14.0" criteria = "safe-to-deploy" -[[exemptions.itoa]] -version = "1.0.17" -criteria = "safe-to-deploy" - -[[exemptions.jobserver]] -version = "0.1.34" -criteria = "safe-to-deploy" - [[exemptions.js-sys]] version = "0.3.85" criteria = "safe-to-deploy" @@ -320,26 +213,10 @@ criteria = "safe-to-deploy" version = "0.35.0" criteria = "safe-to-deploy" -[[exemptions.linux-raw-sys]] -version = "0.11.0" -criteria = "safe-to-deploy" - -[[exemptions.lock_api]] -version = "0.4.14" -criteria = "safe-to-deploy" - -[[exemptions.log]] -version = "0.4.29" -criteria = "safe-to-deploy" - [[exemptions.matchit]] version = "0.8.4" criteria = "safe-to-deploy" -[[exemptions.memchr]] -version = "2.8.0" -criteria = "safe-to-deploy" - [[exemptions.memsafe]] version = "0.4.0" criteria = "safe-to-deploy" @@ -360,34 +237,14 @@ criteria = "safe-to-deploy" version = "2.3.0" criteria = "safe-to-deploy" -[[exemptions.mime]] -version = "0.3.17" -criteria = "safe-to-deploy" - [[exemptions.minimal-lexical]] version = "0.2.1" criteria = "safe-to-deploy" -[[exemptions.mio]] -version = "1.1.1" -criteria = "safe-to-deploy" - [[exemptions.multimap]] version = "0.10.1" criteria = "safe-to-deploy" -[[exemptions.num-bigint]] -version = "0.4.6" -criteria = "safe-to-deploy" - -[[exemptions.num-conv]] -version = "0.2.0" -criteria = "safe-to-deploy" - -[[exemptions.object]] -version = "0.37.3" -criteria = "safe-to-deploy" - [[exemptions.oid-registry]] version = "0.8.1" criteria = "safe-to-deploy" @@ -400,14 +257,6 @@ criteria = "safe-to-deploy" version = "4.2.3" criteria = "safe-to-deploy" -[[exemptions.parking_lot]] -version = "0.12.5" -criteria = "safe-to-deploy" - -[[exemptions.parking_lot_core]] -version = "0.9.12" -criteria = "safe-to-deploy" - [[exemptions.pem]] version = "3.0.6" criteria = "safe-to-deploy" @@ -424,58 +273,14 @@ criteria = "safe-to-deploy" version = "1.1.10" criteria = "safe-to-deploy" -[[exemptions.portable-atomic]] -version = "1.13.1" -criteria = "safe-to-deploy" - -[[exemptions.prettyplease]] -version = "0.2.37" -criteria = "safe-to-deploy" - -[[exemptions.proc-macro2]] -version = "1.0.106" -criteria = "safe-to-deploy" - -[[exemptions.prost]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.prost-build]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.prost-derive]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.prost-types]] -version = "0.14.3" -criteria = "safe-to-deploy" - [[exemptions.pulldown-cmark]] version = "0.13.0" criteria = "safe-to-deploy" -[[exemptions.pulldown-cmark-to-cmark]] -version = "22.0.0" -criteria = "safe-to-deploy" - -[[exemptions.quote]] -version = "1.0.44" -criteria = "safe-to-deploy" - [[exemptions.r-efi]] version = "5.3.0" criteria = "safe-to-deploy" -[[exemptions.rand]] -version = "0.10.0" -criteria = "safe-to-deploy" - -[[exemptions.rand_core]] -version = "0.10.0" -criteria = "safe-to-deploy" - [[exemptions.rcgen]] version = "0.14.7" criteria = "safe-to-deploy" @@ -484,18 +289,6 @@ criteria = "safe-to-deploy" version = "0.5.18" criteria = "safe-to-deploy" -[[exemptions.regex]] -version = "1.12.3" -criteria = "safe-to-deploy" - -[[exemptions.regex-automata]] -version = "0.4.14" -criteria = "safe-to-deploy" - -[[exemptions.regex-syntax]] -version = "0.8.9" -criteria = "safe-to-deploy" - [[exemptions.ring]] version = "0.17.14" criteria = "safe-to-deploy" @@ -504,10 +297,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-deploy" -[[exemptions.rustc-demangle]] -version = "0.1.27" -criteria = "safe-to-deploy" - [[exemptions.rusticata-macros]] version = "4.1.0" criteria = "safe-to-deploy" @@ -528,10 +317,6 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-deploy" -[[exemptions.scopeguard]] -version = "1.2.0" -criteria = "safe-to-deploy" - [[exemptions.secrecy]] version = "0.10.3" criteria = "safe-to-deploy" @@ -540,18 +325,6 @@ criteria = "safe-to-deploy" version = "1.0.27" criteria = "safe-to-deploy" -[[exemptions.serde]] -version = "1.0.228" -criteria = "safe-to-deploy" - -[[exemptions.serde_core]] -version = "1.0.228" -criteria = "safe-to-deploy" - -[[exemptions.serde_derive]] -version = "1.0.228" -criteria = "safe-to-deploy" - [[exemptions.sha2]] version = "0.11.0-rc.5" criteria = "safe-to-deploy" @@ -568,10 +341,6 @@ criteria = "safe-to-deploy" version = "0.3.8" criteria = "safe-to-deploy" -[[exemptions.slab]] -version = "0.4.12" -criteria = "safe-to-deploy" - [[exemptions.smlang]] version = "0.8.0" criteria = "safe-to-deploy" @@ -580,10 +349,6 @@ criteria = "safe-to-deploy" version = "0.8.0" criteria = "safe-to-deploy" -[[exemptions.socket2]] -version = "0.6.2" -criteria = "safe-to-deploy" - [[exemptions.sqlite-wasm-rs]] version = "0.5.2" criteria = "safe-to-deploy" @@ -592,10 +357,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-deploy" -[[exemptions.subtle]] -version = "2.6.1" -criteria = "safe-to-deploy" - [[exemptions.supports-color]] version = "3.0.2" criteria = "safe-to-deploy" @@ -620,74 +381,10 @@ criteria = "safe-to-deploy" version = "0.4.3" criteria = "safe-to-deploy" -[[exemptions.thiserror]] -version = "2.0.18" -criteria = "safe-to-deploy" - -[[exemptions.thiserror-impl]] -version = "2.0.18" -criteria = "safe-to-deploy" - -[[exemptions.time]] -version = "0.3.47" -criteria = "safe-to-deploy" - -[[exemptions.time-core]] -version = "0.1.8" -criteria = "safe-to-deploy" - -[[exemptions.time-macros]] -version = "0.2.27" -criteria = "safe-to-deploy" - -[[exemptions.tokio]] -version = "1.49.0" -criteria = "safe-to-deploy" - -[[exemptions.tokio-macros]] -version = "2.6.0" -criteria = "safe-to-deploy" - [[exemptions.tokio-rustls]] version = "0.26.4" criteria = "safe-to-deploy" -[[exemptions.tokio-stream]] -version = "0.1.18" -criteria = "safe-to-deploy" - -[[exemptions.tokio-util]] -version = "0.7.18" -criteria = "safe-to-deploy" - -[[exemptions.tonic]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.tonic-build]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.tonic-prost]] -version = "0.14.4" -criteria = "safe-to-deploy" - -[[exemptions.tonic-prost-build]] -version = "0.14.3" -criteria = "safe-to-deploy" - -[[exemptions.tower]] -version = "0.5.3" -criteria = "safe-to-deploy" - -[[exemptions.tower-layer]] -version = "0.3.3" -criteria = "safe-to-deploy" - -[[exemptions.tower-service]] -version = "0.3.3" -criteria = "safe-to-deploy" - [[exemptions.tracing]] version = "0.1.44" criteria = "safe-to-deploy" @@ -708,34 +405,10 @@ criteria = "safe-to-run" version = "1.19.0" criteria = "safe-to-deploy" -[[exemptions.unicase]] -version = "2.9.0" -criteria = "safe-to-deploy" - -[[exemptions.unicode-ident]] -version = "1.0.23" -criteria = "safe-to-deploy" - -[[exemptions.untrusted]] -version = "0.7.1" -criteria = "safe-to-deploy" - [[exemptions.untrusted]] version = "0.9.0" criteria = "safe-to-deploy" -[[exemptions.uuid]] -version = "1.20.0" -criteria = "safe-to-deploy" - -[[exemptions.wasi]] -version = "0.11.1+wasi-snapshot-preview1" -criteria = "safe-to-deploy" - -[[exemptions.wasm-bindgen]] -version = "0.2.108" -criteria = "safe-to-deploy" - [[exemptions.wasm-bindgen-macro]] version = "0.2.108" criteria = "safe-to-deploy" @@ -760,102 +433,6 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" -[[exemptions.windows-core]] -version = "0.62.2" -criteria = "safe-to-deploy" - -[[exemptions.windows-implement]] -version = "0.60.2" -criteria = "safe-to-deploy" - -[[exemptions.windows-interface]] -version = "0.59.3" -criteria = "safe-to-deploy" - -[[exemptions.windows-result]] -version = "0.4.1" -criteria = "safe-to-deploy" - -[[exemptions.windows-strings]] -version = "0.5.1" -criteria = "safe-to-deploy" - -[[exemptions.windows-targets]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows-targets]] -version = "0.53.5" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_gnullvm]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_gnullvm]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_msvc]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_msvc]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnu]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnu]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnullvm]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnullvm]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_msvc]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_msvc]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnu]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnu]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnullvm]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnullvm]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_msvc]] -version = "0.52.6" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_msvc]] -version = "0.53.1" -criteria = "safe-to-deploy" - -[[exemptions.winnow]] -version = "0.7.14" -criteria = "safe-to-deploy" - [[exemptions.x509-parser]] version = "0.18.1" criteria = "safe-to-deploy" @@ -864,10 +441,6 @@ criteria = "safe-to-deploy" version = "0.5.2" criteria = "safe-to-deploy" -[[exemptions.zmij]] -version = "1.0.20" -criteria = "safe-to-deploy" - [[exemptions.zstd]] version = "0.13.3" criteria = "safe-to-deploy" diff --git a/server/supply-chain/imports.lock b/server/supply-chain/imports.lock index 0692e20..7737ea1 100644 --- a/server/supply-chain/imports.lock +++ b/server/supply-chain/imports.lock @@ -1,13 +1,102 @@ # cargo-vet imports lock +[[publisher.addr2line]] +version = "0.25.1" +when = "2025-09-13" +user-id = 4415 +user-login = "philipc" +user-name = "Philip Craig" + +[[publisher.aho-corasick]] +version = "1.1.4" +when = "2025-10-28" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.anyhow]] +version = "1.0.102" +when = "2026-02-20" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.async-stream]] +version = "0.3.6" +when = "2024-10-01" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.async-stream-impl]] +version = "0.3.6" +when = "2024-10-01" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.async-trait]] +version = "0.1.89" +when = "2025-08-14" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.auto_impl]] +version = "1.3.0" +when = "2025-04-09" +user-id = 3204 +user-login = "KodrAus" +user-name = "Ashley Mannix" + +[[publisher.aws-lc-rs]] +version = "1.16.1" +when = "2026-03-02" +user-id = 156764 +user-login = "justsmth" +user-name = "Justin W Smith" + +[[publisher.aws-lc-sys]] +version = "0.38.0" +when = "2026-03-02" +user-id = 156764 +user-login = "justsmth" +user-name = "Justin W Smith" + +[[publisher.backtrace]] +version = "0.3.76" +when = "2025-09-26" +user-id = 55123 +user-login = "rust-lang-owner" + +[[publisher.bitflags]] +version = "2.11.0" +when = "2026-02-14" +user-id = 3204 +user-login = "KodrAus" +user-name = "Ashley Mannix" + [[publisher.bumpalo]] -version = "3.19.1" -when = "2025-12-16" +version = "3.20.2" +when = "2026-02-19" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" +[[publisher.bytes]] +version = "1.11.1" +when = "2026-02-03" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.cmake]] +version = "0.1.57" +when = "2025-12-17" +user-id = 55123 +user-login = "rust-lang-owner" + [[publisher.core-foundation-sys]] version = "0.8.4" when = "2023-04-03" @@ -15,6 +104,117 @@ user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" +[[publisher.crossbeam-utils]] +version = "0.8.21" +when = "2024-12-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.derive_more]] +version = "2.1.1" +when = "2025-12-22" +user-id = 3797 +user-login = "JelteF" +user-name = "Jelte Fennema-Nio" + +[[publisher.derive_more-impl]] +version = "2.1.1" +when = "2025-12-22" +user-id = 3797 +user-login = "JelteF" +user-name = "Jelte Fennema-Nio" + +[[publisher.dyn-clone]] +version = "1.0.20" +when = "2025-07-27" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.ff]] +version = "0.13.1" +when = "2025-03-09" +user-id = 6289 +user-login = "str4d" +user-name = "Jack Grigg" + +[[publisher.flate2]] +version = "1.1.9" +when = "2026-02-03" +user-id = 980 +user-login = "Byron" +user-name = "Sebastian Thiel" + +[[publisher.futures]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-channel]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-core]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-executor]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-io]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-macro]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-sink]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-task]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.futures-util]] +version = "0.3.32" +when = "2026-02-15" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.group]] +version = "0.12.0" +when = "2022-05-04" +user-id = 1244 +user-login = "ebfull" + [[publisher.h2]] version = "0.4.13" when = "2026-01-05" @@ -22,6 +222,13 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" +[[publisher.hashbrown]] +version = "0.14.5" +when = "2024-04-28" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + [[publisher.hashbrown]] version = "0.15.5" when = "2025-08-07" @@ -34,6 +241,34 @@ when = "2025-11-20" user-id = 55123 user-login = "rust-lang-owner" +[[publisher.http]] +version = "1.4.0" +when = "2025-11-24" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.http-body-util]] +version = "0.1.3" +when = "2025-03-11" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.httparse]] +version = "1.10.1" +when = "2025-03-03" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.hyper]] +version = "1.8.1" +when = "2025-11-13" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + [[publisher.hyper-util]] version = "0.1.20" when = "2026-02-02" @@ -41,19 +276,331 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" -[[publisher.libc]] -version = "0.2.182" -when = "2026-02-13" +[[publisher.id-arena]] +version = "2.3.0" +when = "2026-01-14" +user-id = 696 +user-login = "fitzgen" +user-name = "Nick Fitzgerald" + +[[publisher.indexmap]] +version = "1.9.3" +when = "2023-03-24" +user-id = 539 +user-login = "cuviper" +user-name = "Josh Stone" + +[[publisher.indexmap]] +version = "2.13.0" +when = "2026-01-07" +user-id = 539 +user-login = "cuviper" +user-name = "Josh Stone" + +[[publisher.itoa]] +version = "1.0.17" +when = "2025-12-27" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.jobserver]] +version = "0.1.34" +when = "2025-08-23" user-id = 55123 user-login = "rust-lang-owner" -[[publisher.rustix]] -version = "1.1.3" +[[publisher.libc]] +version = "0.2.183" +when = "2026-03-08" +user-id = 55123 +user-login = "rust-lang-owner" + +[[publisher.libm]] +version = "0.2.16" +when = "2026-01-24" +user-id = 55123 +user-login = "rust-lang-owner" + +[[publisher.linux-raw-sys]] +version = "0.12.1" when = "2025-12-23" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" +[[publisher.lock_api]] +version = "0.4.14" +when = "2025-10-03" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.log]] +version = "0.4.29" +when = "2025-12-02" +user-id = 3204 +user-login = "KodrAus" +user-name = "Ashley Mannix" + +[[publisher.macro-string]] +version = "0.1.4" +when = "2025-03-03" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.memchr]] +version = "2.8.0" +when = "2026-02-06" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.mime]] +version = "0.3.17" +when = "2023-03-20" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.mio]] +version = "1.1.1" +when = "2025-12-04" +user-id = 6025 +user-login = "Thomasdezeeuw" +user-name = "Thomas de Zeeuw" + +[[publisher.num-bigint]] +version = "0.4.6" +when = "2024-06-27" +user-id = 539 +user-login = "cuviper" +user-name = "Josh Stone" + +[[publisher.num_cpus]] +version = "1.17.0" +when = "2025-05-30" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.object]] +version = "0.37.3" +when = "2025-08-13" +user-id = 4415 +user-login = "philipc" +user-name = "Philip Craig" + +[[publisher.parking_lot]] +version = "0.12.5" +when = "2025-10-03" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.parking_lot_core]] +version = "0.9.12" +when = "2025-10-03" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.paste]] +version = "1.0.15" +when = "2024-05-07" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.portable-atomic]] +version = "1.13.1" +when = "2026-01-31" +user-id = 33035 +user-login = "taiki-e" +user-name = "Taiki Endo" + +[[publisher.prettyplease]] +version = "0.2.37" +when = "2025-08-19" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.proc-macro2]] +version = "1.0.106" +when = "2026-01-21" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.prost]] +version = "0.14.3" +when = "2026-01-10" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.prost-build]] +version = "0.14.3" +when = "2026-01-10" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.prost-derive]] +version = "0.14.3" +when = "2026-01-10" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.prost-types]] +version = "0.14.3" +when = "2026-01-10" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.protoc-bin-vendored-linux-aarch_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-linux-ppcle_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-linux-s390_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-linux-x86_32]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-linux-x86_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-macos-aarch_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-macos-x86_64]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.protoc-bin-vendored-win32]] +version = "3.2.0" +when = "2025-07-21" +user-id = 220 +user-login = "stepancheg" +user-name = "Stepan Koltsov" + +[[publisher.pulldown-cmark-to-cmark]] +version = "22.0.0" +when = "2025-12-23" +user-id = 980 +user-login = "Byron" +user-name = "Sebastian Thiel" + +[[publisher.quote]] +version = "1.0.45" +when = "2026-03-03" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.ref-cast]] +version = "1.0.25" +when = "2025-09-28" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.ref-cast-impl]] +version = "1.0.25" +when = "2025-09-28" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.regex]] +version = "1.12.3" +when = "2026-02-03" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.regex-automata]] +version = "0.4.14" +when = "2026-02-03" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.regex-syntax]] +version = "0.8.10" +when = "2026-02-24" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.reqwest]] +version = "0.12.28" +when = "2025-12-22" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.rustc-demangle]] +version = "0.1.27" +when = "2026-01-15" +user-id = 55123 +user-login = "rust-lang-owner" + +[[publisher.rustix]] +version = "1.1.4" +when = "2026-02-22" +user-id = 6825 +user-login = "sunfishcode" +user-name = "Dan Gohman" + +[[publisher.ryu]] +version = "1.0.23" +when = "2026-02-08" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.scopeguard]] +version = "1.2.0" +when = "2023-07-17" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + [[publisher.serde_json]] version = "1.0.149" when = "2026-01-06" @@ -61,6 +608,20 @@ user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" +[[publisher.slab]] +version = "0.4.12" +when = "2026-01-31" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.socket2]] +version = "0.6.3" +when = "2026-03-06" +user-id = 6025 +user-login = "Thomasdezeeuw" +user-name = "Thomas de Zeeuw" + [[publisher.syn]] version = "1.0.109" when = "2023-02-24" @@ -69,8 +630,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.syn]] -version = "2.0.115" -when = "2026-02-12" +version = "2.0.117" +when = "2026-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -82,6 +643,48 @@ user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" +[[publisher.time]] +version = "0.3.47" +when = "2026-02-05" +user-id = 15682 +user-login = "jhpratt" +user-name = "Jacob Pratt" + +[[publisher.tinystr]] +version = "0.8.2" +when = "2025-10-28" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.tokio]] +version = "1.50.0" +when = "2026-03-03" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.tokio-macros]] +version = "2.6.1" +when = "2026-03-02" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.tokio-stream]] +version = "0.1.18" +when = "2026-01-04" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.tokio-util]] +version = "0.7.18" +when = "2026-01-04" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + [[publisher.toml]] version = "0.9.12+spec-1.1.0" when = "2026-02-10" @@ -89,13 +692,111 @@ user-id = 6743 user-login = "epage" user-name = "Ed Page" -[[publisher.toml_parser]] -version = "1.0.8+spec-1.1.0" -when = "2026-02-12" +[[publisher.toml_datetime]] +version = "1.0.0+spec-1.1.0" +when = "2026-02-11" user-id = 6743 user-login = "epage" user-name = "Ed Page" +[[publisher.toml_edit]] +version = "0.25.4+spec-1.1.0" +when = "2026-03-04" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_parser]] +version = "1.0.9+spec-1.1.0" +when = "2026-02-16" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.tonic]] +version = "0.14.5" +when = "2026-02-19" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.tonic-build]] +version = "0.14.5" +when = "2026-02-19" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.tonic-prost]] +version = "0.14.5" +when = "2026-02-19" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.tonic-prost-build]] +version = "0.14.5" +when = "2026-02-19" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.tower]] +version = "0.5.3" +when = "2026-01-12" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.tower-http]] +version = "0.6.8" +when = "2025-12-08" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.tower-layer]] +version = "0.3.3" +when = "2024-08-13" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.tower-service]] +version = "0.3.3" +when = "2024-08-13" +user-id = 3959 +user-login = "LucioFranco" +user-name = "Lucio Franco" + +[[publisher.ucd-trie]] +version = "0.1.7" +when = "2024-09-29" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + +[[publisher.unicase]] +version = "2.9.0" +when = "2026-01-06" +user-id = 359 +user-login = "seanmonstar" +user-name = "Sean McArthur" + +[[publisher.unicode-ident]] +version = "1.0.24" +when = "2026-02-16" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.unicode-segmentation]] +version = "1.12.0" +when = "2024-09-13" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.unicode-width]] version = "0.1.14" when = "2024-09-19" @@ -117,6 +818,48 @@ user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" +[[publisher.url]] +version = "2.5.8" +when = "2026-01-05" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.utf8_iter]] +version = "1.0.4" +when = "2023-12-01" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" + +[[publisher.uuid]] +version = "1.22.0" +when = "2026-03-05" +user-id = 3204 +user-login = "KodrAus" +user-name = "Ashley Mannix" + +[[publisher.valuable]] +version = "0.1.0" +when = "2022-01-03" +user-id = 10 +user-login = "carllerche" +user-name = "Carl Lerche" + +[[publisher.wait-timeout]] +version = "0.2.1" +when = "2025-02-03" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + +[[publisher.wasi]] +version = "0.11.1+wasi-snapshot-preview1" +when = "2025-06-10" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + [[publisher.wasip2]] version = "1.0.2+wasi-0.2.9" when = "2026-01-15" @@ -131,6 +874,13 @@ user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" +[[publisher.wasm-bindgen]] +version = "0.2.99" +when = "2024-12-07" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + [[publisher.wasm-encoder]] version = "0.244.0" when = "2026-01-06" @@ -147,6 +897,41 @@ version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" +[[publisher.windows-core]] +version = "0.62.2" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-implement]] +version = "0.60.2" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-interface]] +version = "0.59.3" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-result]] +version = "0.4.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-strings]] +version = "0.5.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows-sys]] version = "0.52.0" when = "2023-11-15" @@ -175,6 +960,139 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-targets]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows-targets]] +version = "0.53.5" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_gnullvm]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_gnullvm]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_msvc]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_aarch64_msvc]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnu]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnu]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnullvm]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_gnullvm]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_msvc]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_i686_msvc]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnu]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnu]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnullvm]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_gnullvm]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_msvc]] +version = "0.52.6" +when = "2024-07-03" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.windows_x86_64_msvc]] +version = "0.53.1" +when = "2025-10-06" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + +[[publisher.winnow]] +version = "0.7.15" +when = "2026-03-05" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + [[publisher.wit-bindgen]] version = "0.51.0" when = "2026-01-12" @@ -205,6 +1123,116 @@ version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" +[[publisher.yoke]] +version = "0.8.1" +when = "2025-10-28" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.zerocopy]] +version = "0.8.42" +when = "2026-03-09" +user-id = 7178 +user-login = "joshlf" +user-name = "Joshua Liebow-Feeser" + +[[publisher.zerocopy-derive]] +version = "0.8.42" +when = "2026-03-09" +user-id = 7178 +user-login = "joshlf" +user-name = "Joshua Liebow-Feeser" + +[[publisher.zerotrie]] +version = "0.2.3" +when = "2025-10-28" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.zerovec]] +version = "0.11.5" +when = "2025-10-28" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.zmij]] +version = "1.0.21" +when = "2026-02-12" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[audits.OpenDevicePartnership.audits.num_enum]] +who = "Billy Price " +criteria = "safe-to-deploy" +version = "0.7.5" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.num_enum_derive]] +who = "Billy Price " +criteria = "safe-to-deploy" +version = "0.7.5" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.proc-macro-error]] +who = "Jerry Xie " +criteria = "safe-to-deploy" +version = "1.0.4" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.rand_core]] +who = "Billy Price " +criteria = "safe-to-deploy" +delta = "0.6.4 -> 0.9.5" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.rstest]] +who = "Billy Price " +criteria = "safe-to-run" +delta = "0.22.0 -> 0.26.1" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.rstest_macros]] +who = "Billy Price " +criteria = "safe-to-run" +delta = "0.22.0 -> 0.26.1" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.serde]] +who = "Robert Zieba " +criteria = "safe-to-deploy" +version = "1.0.228" +notes = "Changes are mostly a reorganization of the internal module structure" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.serde_core]] +who = "Robert Zieba " +criteria = "safe-to-deploy" +version = "1.0.226" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.serde_derive]] +who = "Robert Zieba " +criteria = "safe-to-deploy" +version = "1.0.228" +notes = "Diff is clean-up in proc macros" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.thiserror]] +who = "Felipe Balbi " +criteria = "safe-to-deploy" +version = "2.0.17" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml" + +[[audits.OpenDevicePartnership.audits.thiserror-impl]] +who = "Felipe Balbi " +criteria = "safe-to-deploy" +version = "2.0.17" +aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml" + [[audits.bytecode-alliance.wildcard-audits.bumpalo]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" @@ -314,12 +1342,27 @@ criteria = "safe-to-deploy" version = "2.0.0" notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin." +[[audits.bytecode-alliance.audits.allocator-api2]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +delta = "0.2.18 -> 0.2.20" +notes = """ +The changes appear to be reasonable updates from Rust's stdlib imported into +`allocator-api2`'s copy of this code. +""" + [[audits.bytecode-alliance.audits.atomic-waker]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.1.2" notes = "Contains `unsafe` code but it's well-documented and scoped to what it's intended to be doing. Otherwise a well-focused and straightforward crate." +[[audits.bytecode-alliance.audits.cfg-if]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "I am the author of this crate." + [[audits.bytecode-alliance.audits.cipher]] who = "Andrew Brown " criteria = "safe-to-deploy" @@ -335,11 +1378,23 @@ The changes here are all typical bindings updates: new functions, types, and constants. I have not audited all the bindings for ABI conformance. """ +[[audits.bytecode-alliance.audits.der]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +version = "0.7.10" +notes = "No unsafe code aside from transmutes for transparent newtypes." + [[audits.bytecode-alliance.audits.displaydoc]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" +[[audits.bytecode-alliance.audits.encode_unicode]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.3.6 -> 1.0.0" +notes = "Lots of updates, small edits to `unsafe` code, but all as expected." + [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" @@ -381,52 +1436,6 @@ Only a minor amount of `unsafe` code in this crate related to global per-process initialization which looks correct to me. """ -[[audits.bytecode-alliance.audits.futures]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-channel]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-core]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" -notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." - -[[audits.bytecode-alliance.audits.futures-core]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.28 -> 0.3.31" - -[[audits.bytecode-alliance.audits.futures-executor]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-io]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-macro]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-sink]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" - -[[audits.bytecode-alliance.audits.futures-sink]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.28 -> 0.3.31" - [[audits.bytecode-alliance.audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -479,6 +1488,17 @@ who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.1.2" +[[audits.bytecode-alliance.audits.idna]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.3.0" +notes = """ +This is a crate without unsafe code or usage of the standard library. The large +size of this crate comes from the large generated unicode tables file. This +crate is broadly used throughout the ecosystem and does not contain anything +suspicious. +""" + [[audits.bytecode-alliance.audits.inout]] who = "Andrew Brown " criteria = "safe-to-deploy" @@ -562,6 +1582,12 @@ criteria = "safe-to-deploy" version = "0.2.19" notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." +[[audits.bytecode-alliance.audits.pem-rfc7468]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = "Only `unsafe` around a `from_utf8_unchecked`, and no IO." + [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -621,6 +1647,12 @@ criteria = "safe-to-deploy" delta = "1.13.2 -> 1.14.0" notes = "Minor new feature, nothing out of the ordinary." +[[audits.bytecode-alliance.audits.static_assertions]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = "No dependencies and completely a compile-time crate as advertised. Uses `unsafe` in one module as a compile-time check only: `mem::transmute` and `ptr::write` are wrapped in an impossible-to-run closure." + [[audits.bytecode-alliance.audits.test-log]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -650,6 +1682,16 @@ criteria = "safe-to-run" delta = "0.2.16 -> 0.2.18" notes = "Standard macro changes, nothing out of place" +[[audits.bytecode-alliance.audits.tinyvec_macros]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = """ +This is a trivial crate which only contains a singular macro definition which is +intended to multiplex across the internal representation of a tinyvec, +presumably. This trivially doesn't contain anything bad. +""" + [[audits.bytecode-alliance.audits.tracing-log]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -730,6 +1772,43 @@ criteria = "safe-to-deploy" delta = "0.243.0 -> 0.244.0" notes = "The Bytecode Alliance is the author of this crate" +[[audits.embark-studios.audits.cfg_aliases]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +version = "0.1.1" +notes = "No unsafe usage or ambient capabilities" + +[[audits.embark-studios.audits.ident_case]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +version = "1.0.1" +notes = "No unsafe usage or ambient capabilities" + +[[audits.embark-studios.audits.idna]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.4.0" +notes = "No unsafe usage or ambient capabilities" + +[[audits.embark-studios.audits.tap]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +version = "1.0.1" +notes = "No unsafe usage or ambient capabilities" + +[[audits.google.audits.arrayvec]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.7.6" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'` and there were +no hits, except for some `net` usage in tests. + +The crate has quite a few bits of `unsafe` Rust. The audit comments can be +found in https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2 +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.autocfg]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -743,6 +1822,13 @@ criteria = "safe-to-deploy" version = "0.22.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.byteorder]] +who = "danakj " +criteria = "safe-to-deploy" +version = "1.5.0" +notes = "Unsafe review in https://crrev.com/c/5838022" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.either]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -808,12 +1894,123 @@ delta = "0.1.4 -> 0.1.5" notes = "No new `unsafe`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.glob]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.3.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.glob]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "0.3.1 -> 0.3.2" +notes = "Still no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.httpdate]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.icu_collections]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta1" +notes = """ +Two instances of unsafe : + - Non-safety related unsafe API that imposes additional invariants + - `from_utf8` for known-UTF8 integer + +Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_collections]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +delta = "2.0.0-beta1 -> 2.0.0-beta2" +notes = "from_utf8 unsafe removed. no new unsafe added" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_locale_core]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta2" +notes = """ +All unsafe code commented (and improved from prior version): + - A checklisted ULE impl + - from-utf8 code on known-ASCII + - Some unchecked indexing around maintained invariants +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_normalizer]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta2" +notes = """ +All unsafe is unchecked `char` and `str` conversion, mostly well-commented. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_normalizer_data]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta1" +notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_normalizer_data]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +delta = "2.0.0-beta1 -> 2.0.0-beta2" +notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_properties]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta2" +notes = "All unsafe was removed" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_properties_data]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta1" +notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_properties_data]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +delta = "2.0.0-beta1 -> 2.0.0-beta2" +notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_provider]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "2.0.0-beta1" +notes = """ +All unsafe code commented: + - Minor unsafe transmutes between types which are identical but not type-system-provably so. + - One unsafe EqULE impl + - Some repr(transparent) transmutes + - A from_utf8_unchecked for an ascii-validated string + +Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.icu_provider]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +delta = "2.0.0-beta1 -> 2.0.0-beta2" +notes = "from_utf8_unchecked unsafe remove, all other unsafe not meaningfully changed" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.lazy_static]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -835,6 +2032,20 @@ delta = "1.4.0 -> 1.5.0" notes = "Unsafe review notes: https://crrev.com/c/5650836" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.litemap]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.7.4" +notes = "Contains no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.litemap]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "0.7.4 -> 0.7.5" +notes = "Delta implements the entry API but doesn't add or change any unsafe code." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nom]] who = "danakj@chromium.org" criteria = "safe-to-deploy" @@ -851,6 +2062,12 @@ version = "0.1.46" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.num-iter]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.1.43" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" @@ -865,12 +2082,44 @@ delta = "0.2.9 -> 0.2.13" notes = "Audited at https://fxrev.dev/946396" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.potential_utf]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.potential_utf]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.2" +notes = "Addition of safe comparison APIs since last audit" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.rand]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.8.5" +notes = """ +For more detailed unsafe review notes please see https://crrev.com/c/6362797 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rand_chacha]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.3.1" +notes = """ +For more detailed unsafe review notes please see https://crrev.com/c/6362797 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.rand_core]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -880,6 +2129,49 @@ For more detailed unsafe review notes please see https://crrev.com/c/6362797 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.relative-path]] +who = "danakj " +criteria = "safe-to-deploy" +version = "1.9.3" +notes = """ +There is no net or fs usage, no crypto. +There is unsafe to convert pointers from str to RelativePath, where the latter +is a transparent wrapper around str so the pointer will be to a valid +type/value always. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rstest]] +who = "danakj@chromium.org" +criteria = "safe-to-run" +version = "0.17.0" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rstest]] +who = "danakj " +criteria = "safe-to-run" +delta = "0.17.0 -> 0.22.0" +notes = "No new unsafe. fs and net usage, but only in its own tests." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rstest_macros]] +who = "danakj " +criteria = "safe-to-run" +version = "0.22.0" +notes = """ +There is no fs or net usage directly, though there is fs +usage through the glob crate to get lists of files if the user +asks for it in their macro. + +There is no unsafe. Scanned through all the code. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.rustversion]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -987,6 +2279,274 @@ Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.writeable]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.6.0" +notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.writeable]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "0.6.0 -> 0.6.1" +notes = "Minor comment/documentation updates and switch to a non-panicking alternative to split_at()." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.yoke-derive]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.7.5" +notes = "Custom derive implementing the `Yokeable` trait. Generally generates simple code that asserts covariance." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.yoke-derive]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "0.7.5 -> 0.8.0" +notes = "No code changes: only incrementing the version." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.zerofrom]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.1.5" +notes = "Contains no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.zerofrom]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "0.1.5 -> 0.1.6" +notes = "Only minor cfg tweaks." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.zerofrom-derive]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +version = "0.1.5" +notes = "Contains no unsafe" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.zerofrom-derive]] +who = "Daniel Cheng " +criteria = "safe-to-deploy" +delta = "0.1.5 -> 0.1.6" +notes = "Only a minor clippy adjustment." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.isrg.audits.cfg-if]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.0 -> 1.0.1" + +[[audits.isrg.audits.cfg-if]] +who = "J.C. Jones " +criteria = "safe-to-deploy" +delta = "1.0.1 -> 1.0.3" + +[[audits.isrg.audits.cfg-if]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "1.0.3 -> 1.0.4" + +[[audits.isrg.audits.cpufeatures]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.17 -> 0.3.0" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.1.17" +notes = """ +This crate does not contain any unsafe code, and does not use any items from +the standard library or other crates, aside from operations backed by +`std::ops`. All paths with array indexing use integer literals for indexes, so +there are no panics due to indexes out of bounds (as rustc would catch an +out-of-bounds literal index). I did not check whether arithmetic overflows +could cause a panic, and I am relying on the Coq code having satisfied the +necessary preconditions to ensure panics due to overflows are unreachable. +""" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.1.17 -> 0.1.18" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.18 -> 0.1.19" +notes = """ +This release renames many items and adds a new module. The code in the new +module is entirely composed of arithmetic and array accesses. +""" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.19 -> 0.1.20" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.20 -> 0.2.0" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.0 -> 0.2.1" + +[[audits.isrg.audits.fiat-crypto]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.1 -> 0.2.2" +notes = "No changes to `unsafe` code, or any functional changes that I can detect at all." + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.2 -> 0.2.4" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.4 -> 0.2.5" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.7" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.7 -> 0.2.8" + +[[audits.isrg.audits.fiat-crypto]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.8 -> 0.2.9" +notes = "No changes to Rust code between 0.2.8 and 0.2.9" + +[[audits.isrg.audits.fiat-crypto]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.3.0" +notes = "The diff is huge, but that's because it introduces a wrapper around indexing into arrays which is used in many many places. There is no new unsafe code and no change to build scripts I can detect." + +[[audits.isrg.audits.hmac]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.12.1" + +[[audits.isrg.audits.num-iter]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.43 -> 0.1.44" + +[[audits.isrg.audits.num-iter]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.44 -> 0.1.45" + +[[audits.isrg.audits.once_cell]] +who = "J.C. Jones " +criteria = "safe-to-deploy" +delta = "1.21.3 -> 1.21.4" +notes = "The addition is a safe while loop around prior behavior. I don't see any way for that to become malicious." + +[[audits.isrg.audits.opaque-debug]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.3.0" + +[[audits.isrg.audits.rand]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.8.5 -> 0.9.1" + +[[audits.isrg.audits.rand]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.9.1 -> 0.9.2" + +[[audits.isrg.audits.rand]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.9.2 -> 0.10.0" + +[[audits.isrg.audits.rand_chacha]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.3.1 -> 0.9.0" + +[[audits.isrg.audits.rand_core]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.9.5 -> 0.10.0" + +[[audits.isrg.audits.sha2]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.10.2" + +[[audits.isrg.audits.sha2]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.10.8 -> 0.10.9" + +[[audits.isrg.audits.sha3]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.10.6" + +[[audits.isrg.audits.sha3]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.10.6 -> 0.10.7" + +[[audits.isrg.audits.sha3]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.10.7 -> 0.10.8" + +[[audits.isrg.audits.subtle]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.1" + +[[audits.isrg.audits.thiserror]] +who = "J.C. Jones " +criteria = "safe-to-deploy" +delta = "2.0.17 -> 2.0.18" + +[[audits.isrg.audits.thiserror-impl]] +who = "J.C. Jones " +criteria = "safe-to-deploy" +delta = "2.0.17 -> 2.0.18" + +[[audits.isrg.audits.universal-hash]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.4.1" + +[[audits.isrg.audits.universal-hash]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.5.0 -> 0.5.1" + +[[audits.isrg.audits.untrusted]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.7.1" + [[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -997,6 +2557,15 @@ renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.wildcard-audits.unicode-segmentation]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-05-15" +end = "2026-02-01" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.wildcard-audits.unicode-width]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -1015,12 +2584,33 @@ end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.wildcard-audits.utf8_iter]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2022-04-19" +end = "2024-06-16" +notes = "Maintained by Henri Sivonen who works at Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.adler2]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.allocator-api2]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.allocator-api2]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.2.20 -> 0.2.21" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -1040,12 +2630,93 @@ criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.bit-set]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.5.2" +notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.5.2 -> 0.5.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.5.3 -> 0.6.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Jim Blandy " +criteria = "safe-to-deploy" +delta = "0.6.0 -> 0.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.6.3" +notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.6.3 -> 0.7.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Jim Blandy " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.cfg_aliases]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.2.1" +notes = "Very minor changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.core-foundation-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crunchy]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +version = "0.2.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.deranged]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.3.11" +notes = """ +This crate contains a decent bit of `unsafe` code, however all internal +unsafety is verified with copious assertions (many are compile-time), and +otherwise the unsafety is documented and left to the caller to verify. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.deranged]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.3.11 -> 0.4.0" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.deranged]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.5.8" +notes = "New unsafe code is properly guarded" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.displaydoc]] who = "Makoto Kato " criteria = "safe-to-deploy" @@ -1101,16 +2772,22 @@ criteria = "safe-to-deploy" delta = "0.1.5 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-core]] -who = "Mike Hommey " +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" +version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.futures-sink]] -who = "Mike Hommey " +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" +delta = "1.2.0 -> 1.2.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "edgul " +criteria = "safe-to-deploy" +delta = "1.2.1 -> 1.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.gimli]] @@ -1130,6 +2807,13 @@ delta = "0.30.0 -> 0.29.0" notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.hashbrown]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +version = "0.12.3" +notes = "This version is used in rust's libstd, so effectively we're already trusting it" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1142,6 +2826,151 @@ criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.icu_collections]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_collections]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.1.1" +notes = "Adding methods have unsafe code for faster, but these have the commnet why this is safe." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locale_core]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locale_core]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.1.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.1.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0-beta2 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "0.4.0 -> 0.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +delta = "0.5.0 -> 1.0.2" +notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "1.0.2 -> 1.0.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna]] +who = "edgul " +criteria = "safe-to-deploy" +delta = "1.0.3 -> 1.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna_adapter]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna_adapter]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.2.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.litemap]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.7.5 -> 0.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.num-conv]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = """ +Very straightforward, simple crate. No dependencies, unsafe, extern, +side-effectful std functions, etc. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.num-conv]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.2.0" +notes = "Revision only removes code" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" @@ -1176,6 +3005,12 @@ criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.potential_utf]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.1.2 -> 0.1.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.powerfmt]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -1186,6 +3021,83 @@ yet, but it's all valid. Otherwise it's a pretty simple crate. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.proc-macro-error-attr2]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +version = "2.0.0" +notes = "No unsafe block." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.proc-macro-error2]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +version = "2.0.1" +notes = "No unsafe block with a lovely `#![forbid(unsafe_code)]`." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Inden " +criteria = "safe-to-deploy" +version = "0.5.4" +notes = "This is a small crate, providing safe wrappers around various low-level networking specific operating system features. Given that the Rust standard library does not provide safe wrappers for these low-level features, safe wrappers need to be build in the crate itself, i.e. `quinn-udp`, thus requiring `unsafe` code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Inden " +criteria = "safe-to-deploy" +delta = "0.5.4 -> 0.5.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Inden " +criteria = "safe-to-deploy" +delta = "0.5.6 -> 0.5.8" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Inden " +criteria = "safe-to-deploy" +delta = "0.5.8 -> 0.5.9" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Leonard Inden " +criteria = "safe-to-deploy" +delta = "0.5.9 -> 0.5.10" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Leonard Inden " +criteria = "safe-to-deploy" +delta = "0.5.10 -> 0.5.11" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Leonard Inden " +criteria = "safe-to-deploy" +delta = "0.5.11 -> 0.5.12" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.quinn-udp]] +who = "Max Leonard Inden " +criteria = "safe-to-deploy" +delta = "0.5.12 -> 0.5.13" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.rustc-hash]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = "Straightforward crate with no unsafe code, does what it says on the tin." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.rustc-hash]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 2.1.1" +notes = "Simple hashing crate, no unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.rustc_version]] who = "Nika Layzell " criteria = "safe-to-deploy" @@ -1196,6 +3108,18 @@ information for parsing version information. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" +[[audits.mozilla.audits.serde_core]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "1.0.226 -> 1.0.227" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.serde_core]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "1.0.227 -> 1.0.228" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.serde_spanned]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" @@ -1210,6 +3134,23 @@ delta = "1.0.3 -> 1.0.4" notes = "Unchanged" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.sha2]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.10.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.sha2]] +who = "Jeff Muizelaar " +criteria = "safe-to-deploy" +delta = "0.10.6 -> 0.10.8" +notes = """ +The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson. +I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year +which suggests no one else has found anything either. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.sharded-slab]] who = "Mark Hammond " criteria = "safe-to-deploy" @@ -1264,6 +3205,13 @@ criteria = "safe-to-deploy" delta = "0.26.4 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.subtle]] +who = "Simon Friedberger " +criteria = "safe-to-deploy" +version = "2.5.0" +notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" @@ -1323,6 +3271,74 @@ criteria = "safe-to-deploy" delta = "0.16.1 -> 0.16.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +version = "0.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.1.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.1.2 -> 0.1.4" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.8" +notes = "No unsafe code" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +version = "0.2.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.10" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.2.10 -> 0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.2.18 -> 0.2.22" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.2.22 -> 0.2.27" +notes = "Refactors some unsafe code, nothing new" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.tinyvec_macros]] +who = "Drew Willcoxon " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.toml_datetime]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" @@ -1336,6 +3352,12 @@ criteria = "safe-to-deploy" version = "0.1.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" +[[audits.mozilla.audits.wasm-bindgen]] +who = "Lars Eggert " +criteria = "safe-to-deploy" +delta = "0.2.99 -> 0.2.100" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + [[audits.mozilla.audits.windows-link]] who = "Mark Hammond " criteria = "safe-to-deploy" @@ -1349,6 +3371,12 @@ criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.writeable]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.6.1 -> 0.6.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.zeroize]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" @@ -1359,6 +3387,30 @@ for deleting data. This is expected and documented behavior. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.zerovec-derive]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.10.1 -> 0.10.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Max Inden " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.10.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.10.3 -> 0.11.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.zcash.audits.autocfg]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1366,6 +3418,16 @@ delta = "1.4.0 -> 1.5.0" notes = "Filesystem change is to remove the generated LLVM IR output file after probing." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.crunchy]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.2.3 -> 0.2.4" +notes = """ +Build script change is to fix a bug where a path separator for an included file +was being selected by the target OS instead of the host OS. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.dunce]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1407,6 +3469,24 @@ criteria = "safe-to-deploy" delta = "0.3.13 -> 0.3.14" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" +[[audits.zcash.audits.glob]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.2 -> 0.3.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.group]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.12.0 -> 0.12.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.group]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.13.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.http-body]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1419,6 +3499,24 @@ criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.4" aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" +[[audits.zcash.audits.litemap]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.0 -> 0.8.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" + +[[audits.zcash.audits.opaque-debug]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.3.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.quinn-udp]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.5.13 -> 0.5.14" +aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" + [[audits.zcash.audits.rustc_version]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1440,6 +3538,22 @@ delta = "1.0.21 -> 1.0.22" notes = "Changes to generated code are to prepend a clippy annotation." aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" +[[audits.zcash.audits.signature]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +version = "2.1.0" +notes = """ +This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations. +I did not review whether implementing these APIs would present any undocumented cryptographic hazards. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.signature]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.strum]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1459,6 +3573,20 @@ delta = "0.2.4 -> 0.2.5" notes = "Bumps MSRV to remove unsafe code block." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.universal-hash]] +who = "Daira Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.1 -> 0.5.0" +notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.valuable]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +notes = "Build script changes are for linting." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.want]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1476,6 +3604,16 @@ delta = "0.2.0 -> 0.2.1" notes = "No code changes at all." aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" +[[audits.zcash.audits.yoke-derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.8.0 -> 0.8.1" +notes = """ +Changes to generated `unsafe` code are to silence the `clippy::mem_forget` lint; +no actual code changes. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" + [[audits.zcash.audits.zeroize]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1485,3 +3623,10 @@ Changes to `unsafe` code are to alter how `core::mem::size_of` is named; no actu to the `unsafe` logic. """ aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" + +[[audits.zcash.audits.zerovec-derive]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.11.1 -> 0.11.2" +notes = "Only changes to generated code are clippy lints." +aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"