# cargo-vet imports lock [[publisher.addr2line]] version = "0.25.1" when = "2025-09-13" user-id = 4415 user-login = "philipc" user-name = "Philip Craig" [[publisher.aho-corasick]] version = "1.1.4" when = "2025-10-28" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.anyhow]] version = "1.0.102" when = "2026-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.async-stream]] version = "0.3.6" when = "2024-10-01" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.async-stream-impl]] version = "0.3.6" when = "2024-10-01" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.async-trait]] version = "0.1.89" when = "2025-08-14" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.auto_impl]] version = "1.3.0" when = "2025-04-09" user-id = 3204 user-login = "KodrAus" user-name = "Ashley Mannix" [[publisher.aws-lc-rs]] version = "1.16.1" when = "2026-03-02" user-id = 156764 user-login = "justsmth" user-name = "Justin W Smith" [[publisher.aws-lc-sys]] version = "0.38.0" when = "2026-03-02" user-id = 156764 user-login = "justsmth" user-name = "Justin W Smith" [[publisher.backtrace]] version = "0.3.76" when = "2025-09-26" user-id = 55123 user-login = "rust-lang-owner" [[publisher.bitflags]] version = "2.11.0" when = "2026-02-14" user-id = 3204 user-login = "KodrAus" user-name = "Ashley Mannix" [[publisher.bumpalo]] version = "3.20.2" when = "2026-02-19" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.bytes]] version = "1.11.1" when = "2026-02-03" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.cmake]] version = "0.1.57" when = "2025-12-17" user-id = 55123 user-login = "rust-lang-owner" [[publisher.core-foundation-sys]] version = "0.8.4" when = "2023-04-03" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.crossbeam-utils]] version = "0.8.21" when = "2024-12-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.derive_more]] version = "2.1.1" when = "2025-12-22" user-id = 3797 user-login = "JelteF" user-name = "Jelte Fennema-Nio" [[publisher.derive_more-impl]] version = "2.1.1" when = "2025-12-22" user-id = 3797 user-login = "JelteF" user-name = "Jelte Fennema-Nio" [[publisher.dyn-clone]] version = "1.0.20" when = "2025-07-27" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.ff]] version = "0.13.1" when = "2025-03-09" user-id = 6289 user-login = "str4d" user-name = "Jack Grigg" [[publisher.flate2]] version = "1.1.9" when = "2026-02-03" user-id = 980 user-login = "Byron" user-name = "Sebastian Thiel" [[publisher.futures]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-channel]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-core]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-executor]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-io]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-macro]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-sink]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-task]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.futures-util]] version = "0.3.32" when = "2026-02-15" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.group]] version = "0.12.0" when = "2022-05-04" user-id = 1244 user-login = "ebfull" [[publisher.h2]] version = "0.4.13" when = "2026-01-05" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.hashbrown]] version = "0.14.5" when = "2024-04-28" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.hashbrown]] version = "0.15.5" when = "2025-08-07" user-id = 55123 user-login = "rust-lang-owner" [[publisher.hashbrown]] version = "0.16.1" when = "2025-11-20" user-id = 55123 user-login = "rust-lang-owner" [[publisher.http]] version = "1.4.0" when = "2025-11-24" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.http-body-util]] version = "0.1.3" when = "2025-03-11" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.httparse]] version = "1.10.1" when = "2025-03-03" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.hyper]] version = "1.8.1" when = "2025-11-13" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.hyper-util]] version = "0.1.20" when = "2026-02-02" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.id-arena]] version = "2.3.0" when = "2026-01-14" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.indexmap]] version = "1.9.3" when = "2023-03-24" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.indexmap]] version = "2.13.0" when = "2026-01-07" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.itoa]] version = "1.0.17" when = "2025-12-27" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.jobserver]] version = "0.1.34" when = "2025-08-23" user-id = 55123 user-login = "rust-lang-owner" [[publisher.libc]] version = "0.2.183" when = "2026-03-08" user-id = 55123 user-login = "rust-lang-owner" [[publisher.libm]] version = "0.2.16" when = "2026-01-24" user-id = 55123 user-login = "rust-lang-owner" [[publisher.linux-raw-sys]] version = "0.12.1" when = "2025-12-23" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.lock_api]] version = "0.4.14" when = "2025-10-03" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.log]] version = "0.4.29" when = "2025-12-02" user-id = 3204 user-login = "KodrAus" user-name = "Ashley Mannix" [[publisher.macro-string]] version = "0.1.4" when = "2025-03-03" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.memchr]] version = "2.8.0" when = "2026-02-06" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.mime]] version = "0.3.17" when = "2023-03-20" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.mio]] version = "1.1.1" when = "2025-12-04" user-id = 6025 user-login = "Thomasdezeeuw" user-name = "Thomas de Zeeuw" [[publisher.num-bigint]] version = "0.4.6" when = "2024-06-27" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.num_cpus]] version = "1.17.0" when = "2025-05-30" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.object]] version = "0.37.3" when = "2025-08-13" user-id = 4415 user-login = "philipc" user-name = "Philip Craig" [[publisher.parking_lot]] version = "0.12.5" when = "2025-10-03" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.parking_lot_core]] version = "0.9.12" when = "2025-10-03" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.paste]] version = "1.0.15" when = "2024-05-07" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.portable-atomic]] version = "1.13.1" when = "2026-01-31" user-id = 33035 user-login = "taiki-e" user-name = "Taiki Endo" [[publisher.prettyplease]] version = "0.2.37" when = "2025-08-19" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.proc-macro2]] version = "1.0.106" when = "2026-01-21" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.prost]] version = "0.14.3" when = "2026-01-10" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.prost-build]] version = "0.14.3" when = "2026-01-10" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.prost-derive]] version = "0.14.3" when = "2026-01-10" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.prost-types]] version = "0.14.3" when = "2026-01-10" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.protoc-bin-vendored-linux-aarch_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-linux-ppcle_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-linux-s390_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-linux-x86_32]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-linux-x86_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-macos-aarch_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-macos-x86_64]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.protoc-bin-vendored-win32]] version = "3.2.0" when = "2025-07-21" user-id = 220 user-login = "stepancheg" user-name = "Stepan Koltsov" [[publisher.pulldown-cmark-to-cmark]] version = "22.0.0" when = "2025-12-23" user-id = 980 user-login = "Byron" user-name = "Sebastian Thiel" [[publisher.quote]] version = "1.0.45" when = "2026-03-03" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.ref-cast]] version = "1.0.25" when = "2025-09-28" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.ref-cast-impl]] version = "1.0.25" when = "2025-09-28" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.regex]] version = "1.12.3" when = "2026-02-03" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.regex-automata]] version = "0.4.14" when = "2026-02-03" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.regex-syntax]] version = "0.8.10" when = "2026-02-24" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.reqwest]] version = "0.12.28" when = "2025-12-22" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.rustc-demangle]] version = "0.1.27" when = "2026-01-15" user-id = 55123 user-login = "rust-lang-owner" [[publisher.rustix]] version = "1.1.4" when = "2026-02-22" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.ryu]] version = "1.0.23" when = "2026-02-08" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.scopeguard]] version = "1.2.0" when = "2023-07-17" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.serde_json]] version = "1.0.149" when = "2026-01-06" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.slab]] version = "0.4.12" when = "2026-01-31" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.socket2]] version = "0.6.3" when = "2026-03-06" user-id = 6025 user-login = "Thomasdezeeuw" user-name = "Thomas de Zeeuw" [[publisher.syn]] version = "1.0.109" when = "2023-02-24" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.syn]] version = "2.0.117" when = "2026-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thread_local]] version = "1.1.9" when = "2025-06-12" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.time]] version = "0.3.47" when = "2026-02-05" user-id = 15682 user-login = "jhpratt" user-name = "Jacob Pratt" [[publisher.tinystr]] version = "0.8.2" when = "2025-10-28" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.tokio]] version = "1.50.0" when = "2026-03-03" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.tokio-macros]] version = "2.6.1" when = "2026-03-02" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.tokio-stream]] version = "0.1.18" when = "2026-01-04" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.tokio-util]] version = "0.7.18" when = "2026-01-04" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.toml]] version = "0.9.12+spec-1.1.0" when = "2026-02-10" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_datetime]] version = "1.0.0+spec-1.1.0" when = "2026-02-11" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_edit]] version = "0.25.4+spec-1.1.0" when = "2026-03-04" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_parser]] version = "1.0.9+spec-1.1.0" when = "2026-02-16" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.tonic]] version = "0.14.5" when = "2026-02-19" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.tonic-build]] version = "0.14.5" when = "2026-02-19" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.tonic-prost]] version = "0.14.5" when = "2026-02-19" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.tonic-prost-build]] version = "0.14.5" when = "2026-02-19" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.tower]] version = "0.5.3" when = "2026-01-12" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.tower-http]] version = "0.6.8" when = "2025-12-08" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.tower-layer]] version = "0.3.3" when = "2024-08-13" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.tower-service]] version = "0.3.3" when = "2024-08-13" user-id = 3959 user-login = "LucioFranco" user-name = "Lucio Franco" [[publisher.ucd-trie]] version = "0.1.7" when = "2024-09-29" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.unicase]] version = "2.9.0" when = "2026-01-06" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.unicode-ident]] version = "1.0.24" when = "2026-02-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.unicode-segmentation]] version = "1.12.0" when = "2024-09-13" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-width]] version = "0.1.14" when = "2024-09-19" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-width]] version = "0.2.2" when = "2025-10-06" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-xid]] version = "0.2.6" when = "2024-09-19" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.url]] version = "2.5.8" when = "2026-01-05" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.utf8_iter]] version = "1.0.4" when = "2023-12-01" user-id = 4484 user-login = "hsivonen" user-name = "Henri Sivonen" [[publisher.uuid]] version = "1.22.0" when = "2026-03-05" user-id = 3204 user-login = "KodrAus" user-name = "Ashley Mannix" [[publisher.valuable]] version = "0.1.0" when = "2022-01-03" user-id = 10 user-login = "carllerche" user-name = "Carl Lerche" [[publisher.wait-timeout]] version = "0.2.1" when = "2025-02-03" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasi]] version = "0.11.1+wasi-snapshot-preview1" when = "2025-06-10" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasip2]] version = "1.0.2+wasi-0.2.9" when = "2026-01-15" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasip3]] version = "0.4.0+wasi-0.3.0-rc-2026-01-06" when = "2026-01-15" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-bindgen]] version = "0.2.99" when = "2024-12-07" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-encoder]] version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" [[publisher.wasm-metadata]] version = "0.236.0" when = "2025-07-28" user-id = 73222 user-login = "wasmtime-publish" [[publisher.wasmparser]] version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" [[publisher.windows-core]] version = "0.62.2" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-implement]] version = "0.60.2" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-interface]] version = "0.59.3" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-result]] version = "0.4.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-strings]] version = "0.5.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-sys]] version = "0.52.0" when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-sys]] version = "0.59.0" when = "2024-07-30" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-sys]] version = "0.60.2" when = "2025-06-12" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-sys]] version = "0.61.2" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] version = "0.53.5" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnullvm]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnullvm]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] version = "0.52.6" when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] version = "0.53.1" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.winnow]] version = "0.7.15" when = "2026-03-05" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.wit-bindgen]] version = "0.51.0" when = "2026-01-12" trusted-publisher = "github:bytecodealliance/wit-bindgen" [[publisher.wit-bindgen-core]] version = "0.51.0" when = "2026-01-12" trusted-publisher = "github:bytecodealliance/wit-bindgen" [[publisher.wit-bindgen-rust]] version = "0.51.0" when = "2026-01-12" trusted-publisher = "github:bytecodealliance/wit-bindgen" [[publisher.wit-bindgen-rust-macro]] version = "0.51.0" when = "2026-01-12" trusted-publisher = "github:bytecodealliance/wit-bindgen" [[publisher.wit-component]] version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" [[publisher.wit-parser]] version = "0.244.0" when = "2026-01-06" trusted-publisher = "github:bytecodealliance/wasm-tools" [[publisher.yoke]] version = "0.8.1" when = "2025-10-28" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.zerocopy]] version = "0.8.42" when = "2026-03-09" user-id = 7178 user-login = "joshlf" user-name = "Joshua Liebow-Feeser" [[publisher.zerocopy-derive]] version = "0.8.42" when = "2026-03-09" user-id = 7178 user-login = "joshlf" user-name = "Joshua Liebow-Feeser" [[publisher.zerotrie]] version = "0.2.3" when = "2025-10-28" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.zerovec]] version = "0.11.5" when = "2025-10-28" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.zmij]] version = "1.0.21" when = "2026-02-12" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[audits.OpenDevicePartnership.audits.num_enum]] who = "Billy Price " criteria = "safe-to-deploy" version = "0.7.5" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.num_enum_derive]] who = "Billy Price " criteria = "safe-to-deploy" version = "0.7.5" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.proc-macro-error]] who = "Jerry Xie " criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.rand_core]] who = "Billy Price " criteria = "safe-to-deploy" delta = "0.6.4 -> 0.9.5" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.rstest]] who = "Billy Price " criteria = "safe-to-run" delta = "0.22.0 -> 0.26.1" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.rstest_macros]] who = "Billy Price " criteria = "safe-to-run" delta = "0.22.0 -> 0.26.1" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.serde]] who = "Robert Zieba " criteria = "safe-to-deploy" version = "1.0.228" notes = "Changes are mostly a reorganization of the internal module structure" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.serde_core]] who = "Robert Zieba " criteria = "safe-to-deploy" version = "1.0.226" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.serde_derive]] who = "Robert Zieba " criteria = "safe-to-deploy" version = "1.0.228" notes = "Diff is clean-up in proc macros" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.thiserror]] who = "Felipe Balbi " criteria = "safe-to-deploy" version = "2.0.17" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml" [[audits.OpenDevicePartnership.audits.thiserror-impl]] who = "Felipe Balbi " criteria = "safe-to-deploy" version = "2.0.17" aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml" [[audits.bytecode-alliance.wildcard-audits.bumpalo]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" user-id = 696 # Nick Fitzgerald (fitzgen) start = "2019-03-16" end = "2026-08-21" [[audits.bytecode-alliance.wildcard-audits.wasip2]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2025-08-10" end = "2026-08-21" notes = """ This is a Bytecode Alliance authored crate. """ [[audits.bytecode-alliance.wildcard-audits.wasip3]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2025-09-10" end = "2026-08-21" notes = """ This is a Bytecode Alliance authored crate. """ [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wasm-tools" start = "2025-08-14" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 73222 # wasmtime-publish start = "2023-01-01" end = "2026-06-03" notes = """ The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate publication of this crate from CI. This repository requires all PRs are reviewed by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. """ [[audits.bytecode-alliance.wildcard-audits.wasmparser]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wasm-tools" start = "2025-08-14" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-bindgen]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wit-bindgen" start = "2025-08-13" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-bindgen-core]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wit-bindgen" start = "2025-08-13" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wit-bindgen" start = "2025-08-13" end = "2027-01-12" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust-macro]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wit-bindgen" start = "2025-08-13" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-component]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wasm-tools" start = "2025-08-14" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.wildcard-audits.wit-parser]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wasm-tools" start = "2025-08-14" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.adler2]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "2.0.0" notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin." [[audits.bytecode-alliance.audits.allocator-api2]] who = "Chris Fallin " criteria = "safe-to-deploy" delta = "0.2.18 -> 0.2.20" notes = """ The changes appear to be reasonable updates from Rust's stdlib imported into `allocator-api2`'s copy of this code. """ [[audits.bytecode-alliance.audits.atomic-waker]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.1.2" notes = "Contains `unsafe` code but it's well-documented and scoped to what it's intended to be doing. Otherwise a well-focused and straightforward crate." [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.cipher]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "0.4.4" notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads." [[audits.bytecode-alliance.audits.core-foundation-sys]] who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.8.4 -> 0.8.6" notes = """ The changes here are all typical bindings updates: new functions, types, and constants. I have not audited all the bindings for ABI conformance. """ [[audits.bytecode-alliance.audits.der]] who = "Chris Fallin " criteria = "safe-to-deploy" version = "0.7.10" notes = "No unsafe code aside from transmutes for transparent newtypes." [[audits.bytecode-alliance.audits.displaydoc]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" [[audits.bytecode-alliance.audits.encode_unicode]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.3.6 -> 1.0.0" notes = "Lots of updates, small edits to `unsafe` code, but all as expected." [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.3.0" notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value." [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" notes = "Just a dependency version bump and a bug fix for redox" [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.3.9 -> 0.3.10" [[audits.bytecode-alliance.audits.fastrand]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" notes = """ This update had a few doc updates but no otherwise-substantial source code updates. """ [[audits.bytecode-alliance.audits.fastrand]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.1.1 -> 2.3.0" notes = "Minor refactoring, nothing new." [[audits.bytecode-alliance.audits.foldhash]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.3" notes = """ Only a minor amount of `unsafe` code in this crate related to global per-process initialization which looks correct to me. """ [[audits.bytecode-alliance.audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.31.0" notes = "Various updates here and there, nothing too major, what you'd expect from a DWARF parsing crate." [[audits.bytecode-alliance.audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.31.0 -> 0.31.1" notes = "No fundmanetally new `unsafe` code, some small refactoring of existing code. Lots of changes in tests, not as many changes in the rest of the crate. More dwarf!" [[audits.bytecode-alliance.audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.31.1 -> 0.32.0" notes = "Ever more DWARF to parse, but also no new `unsafe` and everything looks like gimli." [[audits.bytecode-alliance.audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.32.0 -> 0.32.3" notes = "Ever more dwarf, it never ends! (nothing out of the ordinary)" [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.4.0" notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.4.1 -> 0.5.0" notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected." [[audits.bytecode-alliance.audits.http-body]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.0-rc.2" [[audits.bytecode-alliance.audits.http-body]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "1.0.0-rc.2 -> 1.0.0" notes = "Only minor changes made for a stable release." [[audits.bytecode-alliance.audits.iana-time-zone-haiku]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.1.2" [[audits.bytecode-alliance.audits.idna]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.3.0" notes = """ This is a crate without unsafe code or usage of the standard library. The large size of this crate comes from the large generated unicode tables file. This crate is broadly used throughout the ecosystem and does not contain anything suspicious. """ [[audits.bytecode-alliance.audits.inout]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "0.1.3" notes = "A part of RustCrypto/utils, this crate is designed to handle unsafe buffers and carefully documents the safety concerns throughout. Older versions of this tally up to ~130k daily downloads." [[audits.bytecode-alliance.audits.leb128fmt]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.0" notes = "Well-scoped crate do doing LEB encoding with no `unsafe` code and does what it says on the tin." [[audits.bytecode-alliance.audits.matchers]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" [[audits.bytecode-alliance.audits.matchers]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.2.0" notes = "Some unsafe code, but not more than before. Nothing awry." [[audits.bytecode-alliance.audits.miniz_oxide]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.7.1" notes = """ This crate is a Rust implementation of zlib compression/decompression and has been used by default by the Rust standard library for quite some time. It's also a default dependency of the popular `backtrace` crate for decompressing debug information. This crate forbids unsafe code and does not otherwise access system resources. It's originally a port of the `miniz.c` library as well, and given its own longevity should be relatively hardened against some of the more common compression-related issues. """ [[audits.bytecode-alliance.audits.miniz_oxide]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "Minor updates, using new Rust features like `const`, no major changes." [[audits.bytecode-alliance.audits.miniz_oxide]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.5" notes = """ Lots of small updates here and there, for example around modernizing Rust idioms. No new `unsafe` code and everything looks like what you'd expect a compression library to be doing. """ [[audits.bytecode-alliance.audits.miniz_oxide]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.8.5 -> 0.8.9" notes = "No new unsafe code, just refactorings." [[audits.bytecode-alliance.audits.nu-ansi-term]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.46.0" notes = "one use of unsafe to call windows specific api to get console handle." [[audits.bytecode-alliance.audits.nu-ansi-term]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.46.0 -> 0.50.1" notes = "Lots of stylistic/rust-related chanegs, plus new features, but nothing out of the ordrinary." [[audits.bytecode-alliance.audits.nu-ansi-term]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.50.1 -> 0.50.3" notes = "CI changes, Rust changes, nothing out of the ordinary." [[audits.bytecode-alliance.audits.num-traits]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "0.2.19" notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." [[audits.bytecode-alliance.audits.pem-rfc7468]] who = "Chris Fallin " criteria = "safe-to-deploy" version = "0.7.0" notes = "Only `unsafe` around a `from_utf8_unchecked`, and no IO." [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "2.2.0" notes = """ This crate is a single-file crate that does what it says on the tin. There are a few `unsafe` blocks related to utf-8 validation which are locally verifiable as correct and otherwise this crate is good to go. """ [[audits.bytecode-alliance.audits.pin-project-lite]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.2.13 -> 0.2.14" notes = "No substantive changes in this update" [[audits.bytecode-alliance.audits.pin-utils]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" [[audits.bytecode-alliance.audits.pkg-config]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.25" notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." [[audits.bytecode-alliance.audits.pkg-config]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.29" notes = """ No `unsafe` additions or anything outside of the purview of the crate in this change. """ [[audits.bytecode-alliance.audits.pkg-config]] who = "Chris Fallin " criteria = "safe-to-deploy" delta = "0.3.29 -> 0.3.32" [[audits.bytecode-alliance.audits.sharded-slab]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.4" notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe." [[audits.bytecode-alliance.audits.shlex]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.1.0" notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin." [[audits.bytecode-alliance.audits.smallvec]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "1.13.2 -> 1.14.0" notes = "Minor new feature, nothing out of the ordinary." [[audits.bytecode-alliance.audits.static_assertions]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "1.1.0" notes = "No dependencies and completely a compile-time crate as advertised. Uses `unsafe` in one module as a compile-time check only: `mem::transmute` and `ptr::write` are wrapped in an impossible-to-run closure." [[audits.bytecode-alliance.audits.test-log]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.2.11" [[audits.bytecode-alliance.audits.test-log]] who = "Alex Crichton " criteria = "safe-to-run" delta = "0.2.11 -> 0.2.16" notes = "Crate implementation was moved to a `*-macros` crate, crate is very small as a result." [[audits.bytecode-alliance.audits.test-log]] who = "Alex Crichton " criteria = "safe-to-run" delta = "0.2.16 -> 0.2.18" notes = "Minor updates, nothing changing unsafe" [[audits.bytecode-alliance.audits.test-log-macros]] who = "Alex Crichton " criteria = "safe-to-run" version = "0.2.16" notes = "Simple procedural macro copied from its previous source." [[audits.bytecode-alliance.audits.test-log-macros]] who = "Alex Crichton " criteria = "safe-to-run" delta = "0.2.16 -> 0.2.18" notes = "Standard macro changes, nothing out of place" [[audits.bytecode-alliance.audits.tinyvec_macros]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.0" notes = """ This is a trivial crate which only contains a singular macro definition which is intended to multiplex across the internal representation of a tinyvec, presumably. This trivially doesn't contain anything bad. """ [[audits.bytecode-alliance.audits.tracing-log]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.3" notes = """ This is a standard adapter between the `log` ecosystem and the `tracing` ecosystem. There's one `unsafe` block in this crate and it's well-scoped. """ [[audits.bytecode-alliance.audits.tracing-log]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.2.0" notes = "Nothing out of the ordinary, a typical major version update and nothing awry." [[audits.bytecode-alliance.audits.try-lock]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.2.4" notes = "Implements a concurrency primitive with atomics, and is not obviously incorrect" [[audits.bytecode-alliance.audits.vcpkg]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.2.15" notes = "no build.rs, no macros, no unsafe. It reads the filesystem and makes copies of DLLs into OUT_DIR." [[audits.bytecode-alliance.audits.want]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.0" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.236.0 -> 0.237.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.237.0 -> 0.238.1" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.238.1 -> 0.239.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.239.0 -> 0.240.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.240.0 -> 0.241.2" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.241.2 -> 0.242.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.242.0 -> 0.243.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.wasm-metadata]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.243.0 -> 0.244.0" notes = "The Bytecode Alliance is the author of this crate" [[audits.embark-studios.audits.cfg_aliases]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.1.1" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.ident_case]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.1" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.idna]] who = "Johan Andersson " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.tap]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.1" notes = "No unsafe usage or ambient capabilities" [[audits.google.audits.arrayvec]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "0.7.6" notes = ''' Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'` and there were no hits, except for some `net` usage in tests. The crate has quite a few bits of `unsafe` Rust. The audit comments can be found in https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2 ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.autocfg]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "1.4.0" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.base64]] who = "amarjotgill " criteria = "safe-to-deploy" version = "0.22.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.byteorder]] who = "danakj " criteria = "safe-to-deploy" version = "1.5.0" notes = "Unsafe review in https://crrev.com/c/5838022" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.either]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "1.13.0" notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.either]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "1.13.0 -> 1.14.0" notes = """ Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either: - migrating code to use helper macros - migrating match patterns to take advantage of default bindings mode from RFC 2005 Either way, the result is code that does exactly the same thing and does not change the risk of UB. See https://crrev.com/c/6323164 for more audit details. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.either]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.14.0 -> 1.15.0" notes = 'The delta in `lib.rs` only tweaks doc comments and `#[cfg(feature = "std")]`.' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.equivalent]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.equivalent]] who = "Jonathan Hao " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.2" notes = "No changes to any .rs files or Rust code." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.fastrand]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.9.0" notes = """ `does-not-implement-crypto` is certified because this crate explicitly says that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.foldhash]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.4" notes = "No changes to safety-relevant code" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.foldhash]] who = "Chris Palmer " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" notes = "No new `unsafe`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.glob]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.2" notes = "Still no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.httpdate]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.icu_collections]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta1" notes = """ Two instances of unsafe : - Non-safety related unsafe API that imposes additional invariants - `from_utf8` for known-UTF8 integer Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_collections]] who = "Manish Goregaokar " criteria = "safe-to-deploy" delta = "2.0.0-beta1 -> 2.0.0-beta2" notes = "from_utf8 unsafe removed. no new unsafe added" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_locale_core]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta2" notes = """ All unsafe code commented (and improved from prior version): - A checklisted ULE impl - from-utf8 code on known-ASCII - Some unchecked indexing around maintained invariants """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_normalizer]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta2" notes = """ All unsafe is unchecked `char` and `str` conversion, mostly well-commented. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_normalizer_data]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta1" notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_normalizer_data]] who = "Manish Goregaokar " criteria = "safe-to-deploy" delta = "2.0.0-beta1 -> 2.0.0-beta2" notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_properties]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta2" notes = "All unsafe was removed" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_properties_data]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta1" notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_properties_data]] who = "Manish Goregaokar " criteria = "safe-to-deploy" delta = "2.0.0-beta1 -> 2.0.0-beta2" notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_provider]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "2.0.0-beta1" notes = """ All unsafe code commented: - Minor unsafe transmutes between types which are identical but not type-system-provably so. - One unsafe EqULE impl - Some repr(transparent) transmutes - A from_utf8_unchecked for an ascii-validated string Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.icu_provider]] who = "Manish Goregaokar " criteria = "safe-to-deploy" delta = "2.0.0-beta1 -> 2.0.0-beta2" notes = "from_utf8_unchecked unsafe remove, all other unsafe not meaningfully changed" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.lazy_static]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.4.0" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. There are two places where `unsafe` is used. Unsafe review notes can be found in https://crrev.com/c/5347418. This crate has been added to Chromium in https://crrev.com/c/3321895. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.lazy_static]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" notes = "Unsafe review notes: https://crrev.com/c/5650836" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.litemap]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.7.4" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.litemap]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "0.7.4 -> 0.7.5" notes = "Delta implements the entry API but doesn't add or change any unsafe code." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.nom]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "7.1.3" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.num-integer]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.1.46" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.num-iter]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.1.43" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.13" notes = "Audited at https://fxrev.dev/946396" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.potential_utf]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.1.0" notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.potential_utf]] who = "Manish Goregaokar " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.2" notes = "Addition of safe comparison APIs since last audit" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.rand]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "0.8.5" notes = """ For more detailed unsafe review notes please see https://crrev.com/c/6362797 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rand_chacha]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "0.3.1" notes = """ For more detailed unsafe review notes please see https://crrev.com/c/6362797 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rand_core]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "0.6.4" notes = """ For more detailed unsafe review notes please see https://crrev.com/c/6362797 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.relative-path]] who = "danakj " criteria = "safe-to-deploy" version = "1.9.3" notes = """ There is no net or fs usage, no crypto. There is unsafe to convert pointers from str to RelativePath, where the latter is a transparent wrapper around str so the pointer will be to a valid type/value always. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rstest]] who = "danakj@chromium.org" criteria = "safe-to-run" version = "0.17.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rstest]] who = "danakj " criteria = "safe-to-run" delta = "0.17.0 -> 0.22.0" notes = "No new unsafe. fs and net usage, but only in its own tests." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rstest_macros]] who = "danakj " criteria = "safe-to-run" version = "0.22.0" notes = """ There is no fs or net usage directly, though there is fs usage through the glob crate to get lists of files if the user asks for it in their macro. There is no unsafe. Scanned through all the code. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.0.14" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for: * Using trivially-safe `unsafe` in test code: ``` tests/test_const.rs:unsafe fn _unsafe() {} tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; ``` * Using `unsafe` in a string: ``` src/constfn.rs: "unsafe" => Qualifiers::Unsafe, ``` * Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` which is later read back via `include!` used in `src/lib.rs`. Version `1.0.6` of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.14 -> 1.0.15" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "danakj " criteria = "safe-to-deploy" delta = "1.0.15 -> 1.0.16" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.16 -> 1.0.17" notes = "Just updates windows compat" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Liza Burakova " criteria = "safe-to-deploy" delta = "1.0.17 -> 1.0.18" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.18 -> 1.0.19" notes = "No unsafe, just doc changes" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rustversion]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "1.0.19 -> 1.0.20" notes = "Only minor updates to documentation and the mock today used for testing." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.smallvec]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "1.13.2" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.strsim]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "0.10.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.strum]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "0.25.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.strum_macros]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "0.25.3" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.writeable]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.6.0" notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.writeable]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.6.1" notes = "Minor comment/documentation updates and switch to a non-panicking alternative to split_at()." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.yoke-derive]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.7.5" notes = "Custom derive implementing the `Yokeable` trait. Generally generates simple code that asserts covariance." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.yoke-derive]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.0" notes = "No code changes: only incrementing the version." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.zerofrom]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.1.5" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.zerofrom]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.1.6" notes = "Only minor cfg tweaks." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.zerofrom-derive]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "0.1.5" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.zerofrom-derive]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.1.6" notes = "Only a minor clippy adjustment." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.isrg.audits.cfg-if]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.0 -> 1.0.1" [[audits.isrg.audits.cfg-if]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.3" [[audits.isrg.audits.cfg-if]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.4" [[audits.isrg.audits.cpufeatures]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.17 -> 0.3.0" [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" version = "0.1.17" notes = """ This crate does not contain any unsafe code, and does not use any items from the standard library or other crates, aside from operations backed by `std::ops`. All paths with array indexing use integer literals for indexes, so there are no panics due to indexes out of bounds (as rustc would catch an out-of-bounds literal index). I did not check whether arithmetic overflows could cause a panic, and I am relying on the Coq code having satisfied the necessary preconditions to ensure panics due to overflows are unreachable. """ [[audits.isrg.audits.fiat-crypto]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.1.17 -> 0.1.18" [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.18 -> 0.1.19" notes = """ This release renames many items and adds a new module. The code in the new module is entirely composed of arithmetic and array accesses. """ [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.1.20" [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.20 -> 0.2.0" [[audits.isrg.audits.fiat-crypto]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.1" [[audits.isrg.audits.fiat-crypto]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.2.1 -> 0.2.2" notes = "No changes to `unsafe` code, or any functional changes that I can detect at all." [[audits.isrg.audits.fiat-crypto]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.4" [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" [[audits.isrg.audits.fiat-crypto]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.2.5 -> 0.2.6" [[audits.isrg.audits.fiat-crypto]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.7" [[audits.isrg.audits.fiat-crypto]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.8" [[audits.isrg.audits.fiat-crypto]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.2.8 -> 0.2.9" notes = "No changes to Rust code between 0.2.8 and 0.2.9" [[audits.isrg.audits.fiat-crypto]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.3.0" notes = "The diff is huge, but that's because it introduces a wrapper around indexing into arrays which is used in many many places. There is no new unsafe code and no change to build scripts I can detect." [[audits.isrg.audits.hmac]] who = "David Cook " criteria = "safe-to-deploy" version = "0.12.1" [[audits.isrg.audits.num-iter]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.43 -> 0.1.44" [[audits.isrg.audits.num-iter]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.1.44 -> 0.1.45" [[audits.isrg.audits.once_cell]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.21.3 -> 1.21.4" notes = "The addition is a safe while loop around prior behavior. I don't see any way for that to become malicious." [[audits.isrg.audits.opaque-debug]] who = "David Cook " criteria = "safe-to-deploy" version = "0.3.0" [[audits.isrg.audits.rand]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.8.5 -> 0.9.1" [[audits.isrg.audits.rand]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.9.1 -> 0.9.2" [[audits.isrg.audits.rand]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.9.2 -> 0.10.0" [[audits.isrg.audits.rand_chacha]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.9.0" [[audits.isrg.audits.rand_core]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.9.5 -> 0.10.0" [[audits.isrg.audits.sha2]] who = "David Cook " criteria = "safe-to-deploy" version = "0.10.2" [[audits.isrg.audits.sha2]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.10.8 -> 0.10.9" [[audits.isrg.audits.sha3]] who = "David Cook " criteria = "safe-to-deploy" version = "0.10.6" [[audits.isrg.audits.sha3]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.10.6 -> 0.10.7" [[audits.isrg.audits.sha3]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.10.8" [[audits.isrg.audits.subtle]] who = "David Cook " criteria = "safe-to-deploy" delta = "2.5.0 -> 2.6.1" [[audits.isrg.audits.thiserror]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "2.0.17 -> 2.0.18" [[audits.isrg.audits.thiserror-impl]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "2.0.17 -> 2.0.18" [[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" version = "0.4.1" [[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.5.0 -> 0.5.1" [[audits.isrg.audits.untrusted]] who = "David Cook " criteria = "safe-to-deploy" version = "0.7.1" [[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 # Jeff Muizelaar (jrmuizel) start = "2020-10-14" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.unicode-segmentation]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 # Manish Goregaokar (Manishearth) start = "2019-05-15" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.unicode-width]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 # Manish Goregaokar (Manishearth) start = "2019-12-05" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.unicode-xid]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 # Manish Goregaokar (Manishearth) start = "2019-07-25" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.utf8_iter]] who = "Makoto Kato " criteria = "safe-to-deploy" user-id = 4484 # Henri Sivonen (hsivonen) start = "2022-04-19" end = "2024-06-16" notes = "Maintained by Henri Sivonen who works at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.adler2]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.allocator-api2]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.2.18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.allocator-api2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.20 -> 0.2.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.1.2" notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.android_system_properties]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.android_system_properties]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.5.2" notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.6.3 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.cfg_aliases]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.1" notes = "Very minor changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.core-foundation-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crunchy]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.deranged]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.3.11" notes = """ This crate contains a decent bit of `unsafe` code, however all internal unsafety is verified with copious assertions (many are compile-time), and otherwise the unsafety is documented and left to the caller to verify. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.deranged]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.11 -> 0.4.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.deranged]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.8" notes = "New unsafe code is properly guarded" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.displaydoc]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.2.3" notes = """ This crate is convenient macros to implement core::fmt::Display trait. Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access. It meets the criteria for safe-to-deploy. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.displaydoc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.3 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.errno]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fastrand]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "2.1.0 -> 2.1.1" notes = "Fairly trivial changes, no chance of security regression." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.foldhash]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.form_urlencoded]] who = "Valentin Gosu " criteria = "safe-to-deploy" version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.form_urlencoded]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.form_urlencoded]] who = "edgul " criteria = "safe-to-deploy" delta = "1.2.1 -> 1.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.gimli]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.30.0" notes = """ Unsafe code blocks are sound. Minimal dependencies used. No use of side-effectful std functions. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.gimli]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.29.0" notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hex]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" notes = "Adding methods have unsafe code for faster, but these have the commnet why this is safe." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_locale_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_locale_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_normalizer]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_normalizer]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_normalizer_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_normalizer_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_properties]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_properties]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_properties_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_properties_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "0.5.0 -> 1.0.2" notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna]] who = "edgul " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna_adapter]] who = "Valentin Gosu " criteria = "safe-to-deploy" version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.idna_adapter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.litemap]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-conv]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.1.0" notes = """ Very straightforward, simple crate. No dependencies, unsafe, extern, side-effectful std functions, etc. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-conv]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.2.0" notes = "Revision only removes code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.2.0 -> 2.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.3.0 -> 2.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.percent-encoding]] who = "edgul " criteria = "safe-to-deploy" delta = "2.3.1 -> 2.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.pin-project-lite]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.2.14 -> 0.2.16" notes = """ Only functional change is to work around a bug in the negative_impls feature (https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009) """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.pkg-config]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.potential_utf]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.powerfmt]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.2.0" notes = """ A tiny bit of unsafe code to implement functionality that isn't in stable rust yet, but it's all valid. Otherwise it's a pretty simple crate. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.proc-macro-error-attr2]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" version = "2.0.0" notes = "No unsafe block." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.proc-macro-error2]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" version = "2.0.1" notes = "No unsafe block with a lovely `#![forbid(unsafe_code)]`." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" version = "0.5.4" notes = "This is a small crate, providing safe wrappers around various low-level networking specific operating system features. Given that the Rust standard library does not provide safe wrappers for these low-level features, safe wrappers need to be build in the crate itself, i.e. `quinn-udp`, thus requiring `unsafe` code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.6 -> 0.5.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.8 -> 0.5.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.9 -> 0.5.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.10 -> 0.5.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.11 -> 0.5.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.12 -> 0.5.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rustc-hash]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rustc-hash]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "1.1.0 -> 2.1.1" notes = "Simple hashing crate, no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rustc_version]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.4.0" notes = """ Use of powerful capabilities is limited to invoking `rustc -vV` to get version information for parsing version information. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.serde_core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.serde_spanned]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "1.0.3" notes = "Relatively simple Serde trait implementations. No IO or unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_spanned]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.4" notes = "Unchanged" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.sha2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.sha2]] who = "Jeff Muizelaar " criteria = "safe-to-deploy" delta = "0.10.6 -> 0.10.8" notes = """ The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson. I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year which suggests no one else has found anything either. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.sharded-slab]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.shlex]] who = "Max Inden " criteria = "safe-to-deploy" delta = "1.1.0 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.similar]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "2.2.1 -> 2.7.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.smallvec]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.14.0 -> 1.15.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.strsim]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.strum]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.26.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.strum]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.26.3 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.strum_macros]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.25.3 -> 0.26.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.strum_macros]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.26.4 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "2.5.0" notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.12.6" notes = """ I am the primary author of the `synstructure` crate, and its current maintainer. The one use of `unsafe` is unnecessary, but documented and harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.12.6 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.13.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.13.1 -> 0.13.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.textwrap]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.15.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.15.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.textwrap]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.16.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.textwrap]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.16.1 -> 0.16.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.time-core]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.8" notes = "No unsafe code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-macros]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-macros]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-macros]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-macros]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.18 -> 0.2.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.time-macros]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.22 -> 0.2.27" notes = "Refactors some unsafe code, nothing new" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.tinyvec_macros]] who = "Drew Willcoxon " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.toml_datetime]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.7.5+spec-1.1.0" notes = "Pure data type crate with some datetime parsing. No unsafe." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-linebreak]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.1.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.wasm-bindgen]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.99 -> 0.2.100" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.windows-link]] who = "Mark Hammond " criteria = "safe-to-deploy" version = "0.1.1" notes = "A microsoft crate allowing unsafe calls to windows apis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.windows-link]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.6.1 -> 0.6.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.zeroize]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "1.8.1" notes = """ This code DOES contain unsafe code required to internally call volatiles for deleting data. This is expected and documented behavior. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.zerovec-derive]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zcash.audits.autocfg]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" notes = "Filesystem change is to remove the generated LLVM IR output file after probing." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.crunchy]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.3 -> 0.2.4" notes = """ Build script change is to fix a bug where a path separator for an included file was being selected by the target OS instead of the host OS. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.dunce]] who = "Jack Grigg " criteria = "safe-to-deploy" version = "1.0.5" notes = """ Does what it says on the tin. No `unsafe`, and the only IO is `std::fs::canonicalize`. Path and string handling looks plausibly correct. """ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.9" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.10 -> 0.3.11" notes = "The `__errno` location for vxworks and cygwin looks correct from a quick search." aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.11 -> 0.3.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.13 -> 0.3.14" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.glob]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.2 -> 0.3.3" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.group]] who = "Kris Nuttycombe " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.12.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.group]] who = "Sean Bowe " criteria = "safe-to-deploy" delta = "0.12.1 -> 0.13.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.http-body]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.0 -> 1.0.1" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.inout]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.4" aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.litemap]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.1" aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.opaque-debug]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.quinn-udp]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.5.13 -> 0.5.14" aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.rustc_version]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.1" notes = "Changes to `Command` usage are to add support for `RUSTC_WRAPPER`." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.rustversion]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.20 -> 1.0.21" notes = "Build script change is to fix building with `-Zfmt-debug=none`." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.rustversion]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.21 -> 1.0.22" notes = "Changes to generated code are to prepend a clippy annotation." aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.signature]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" version = "2.1.0" notes = """ This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations. I did not review whether implementing these APIs would present any undocumented cryptographic hazards. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.signature]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.strum]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.27.1 -> 0.27.2" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.strum_macros]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.27.1 -> 0.27.2" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.try-lock]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" notes = "Bumps MSRV to remove unsafe code block." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.universal-hash]] who = "Daira Hopwood " criteria = "safe-to-deploy" delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.valuable]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" notes = "Build script changes are for linting." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.want]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" notes = """ Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked `unsafe` (but that were being used safely). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.windows-link]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.1" notes = "No code changes at all." aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.yoke-derive]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.1" notes = """ Changes to generated `unsafe` code are to silence the `clippy::mem_forget` lint; no actual code changes. """ aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.zeroize]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.8.1 -> 1.8.2" notes = """ Changes to `unsafe` code are to alter how `core::mem::size_of` is named; no actual changes to the `unsafe` logic. """ aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.zerovec-derive]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.11.2" notes = "Only changes to generated code are clippy lints." aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"