MarketTakers/arbiter
5
0
Fork 0
Code Issues 27 Pull Requests 4 Packages Projects Releases Wiki Activity
Files
075d33219e132d54d858834cb40c8970ab9fe054
arbiter/server/supply-chain/imports.lock
hdbg 4bac70a6e9
All checks were successful
ci/woodpecker/push/server-audit Pipeline was successful
Details
ci/woodpecker/push/server-vet Pipeline was successful
Details
ci/woodpecker/push/server-test Pipeline was successful
Details
security(server): cargo-vet proper init
2026-02-14 19:16:09 +01:00

1041 lines
37 KiB
Plaintext
Raw Blame History

# cargo-vet imports lock
[[publisher.bumpalo]]
version = "3.19.1"
when = "2025-12-16"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
[[publisher.core-foundation-sys]]
version = "0.8.4"
when = "2023-04-03"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"
[[publisher.h2]]
version = "0.4.13"
when = "2026-01-05"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"
[[publisher.hashbrown]]
version = "0.15.5"
when = "2025-08-07"
user-id = 55123
user-login = "rust-lang-owner"
[[publisher.hashbrown]]
version = "0.16.1"
when = "2025-11-20"
user-id = 55123
user-login = "rust-lang-owner"
[[publisher.hyper-util]]
version = "0.1.20"
when = "2026-02-02"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"
[[publisher.rustix]]
version = "1.1.3"
when = "2025-12-23"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"
[[publisher.serde_json]]
version = "1.0.149"
when = "2026-01-06"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.syn]]
version = "1.0.109"
when = "2023-02-24"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.syn]]
version = "2.0.114"
when = "2026-01-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"
[[publisher.unicode-width]]
version = "0.1.14"
when = "2024-09-19"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.unicode-width]]
version = "0.2.2"
when = "2025-10-06"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.unicode-xid]]
version = "0.2.6"
when = "2024-09-19"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.wasip2]]
version = "1.0.2+wasi-0.2.9"
when = "2026-01-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wasip3]]
version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
when = "2026-01-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wasm-encoder]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"
[[publisher.wasm-metadata]]
version = "0.236.0"
when = "2025-07-28"
user-id = 73222
user-login = "wasmtime-publish"
[[publisher.wasmparser]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"
[[publisher.wit-bindgen]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
[[publisher.wit-bindgen-core]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
[[publisher.wit-bindgen-rust]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
[[publisher.wit-bindgen-rust-macro]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
[[publisher.wit-component]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"
[[publisher.wit-parser]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"
[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2026-08-21"
[[audits.bytecode-alliance.wildcard-audits.wasip2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 1 # Alex Crichton (alexcrichton)
start = "2025-08-10"
end = "2026-08-21"
notes = """
This is a Bytecode Alliance authored crate.
"""
[[audits.bytecode-alliance.wildcard-audits.wasip3]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 1 # Alex Crichton (alexcrichton)
start = "2025-09-10"
end = "2026-08-21"
notes = """
This is a Bytecode Alliance authored crate.
"""
[[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""
[[audits.bytecode-alliance.wildcard-audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-core]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-12"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust-macro]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-component]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.wildcard-audits.wit-parser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.adler2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.0.0"
notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin."
[[audits.bytecode-alliance.audits.atomic-waker]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.2"
notes = "Contains `unsafe` code but it's well-documented and scoped to what it's intended to be doing. Otherwise a well-focused and straightforward crate."
[[audits.bytecode-alliance.audits.core-foundation-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.6"
notes = """
The changes here are all typical bindings updates: new functions, types, and
constants. I have not audited all the bindings for ABI conformance.
"""
[[audits.bytecode-alliance.audits.displaydoc]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"
[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
notes = """
This update had a few doc updates but no otherwise-substantial source code
updates.
"""
[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.1.1 -> 2.3.0"
notes = "Minor refactoring, nothing new."
[[audits.bytecode-alliance.audits.foldhash]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = """
Only a minor amount of `unsafe` code in this crate related to global per-process
initialization which looks correct to me.
"""
[[audits.bytecode-alliance.audits.futures]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"
[[audits.bytecode-alliance.audits.futures-channel]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"
[[audits.bytecode-alliance.audits.futures-core]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
[[audits.bytecode-alliance.audits.futures-core]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.28 -> 0.3.31"
[[audits.bytecode-alliance.audits.futures-executor]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"
[[audits.bytecode-alliance.audits.futures-io]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"
[[audits.bytecode-alliance.audits.futures-macro]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"
[[audits.bytecode-alliance.audits.futures-sink]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
[[audits.bytecode-alliance.audits.futures-sink]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.28 -> 0.3.31"
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.29.0 -> 0.31.0"
notes = "Various updates here and there, nothing too major, what you'd expect from a DWARF parsing crate."
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.31.0 -> 0.31.1"
notes = "No fundmanetally new `unsafe` code, some small refactoring of existing code. Lots of changes in tests, not as many changes in the rest of the crate. More dwarf!"
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.31.1 -> 0.32.0"
notes = "Ever more DWARF to parse, but also no new `unsafe` and everything looks like gimli."
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.32.0 -> 0.32.3"
notes = "Ever more dwarf, it never ends! (nothing out of the ordinary)"
[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected."
[[audits.bytecode-alliance.audits.iana-time-zone-haiku]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.2"
[[audits.bytecode-alliance.audits.leb128fmt]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Well-scoped crate do doing LEB encoding with no `unsafe` code and does what it says on the tin."
[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.matchers]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "Some unsafe code, but not more than before. Nothing awry."
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.7.1"
notes = """
This crate is a Rust implementation of zlib compression/decompression and has
been used by default by the Rust standard library for quite some time. It's also
a default dependency of the popular `backtrace` crate for decompressing debug
information. This crate forbids unsafe code and does not otherwise access system
resources. It's originally a port of the `miniz.c` library as well, and given
its own longevity should be relatively hardened against some of the more common
compression-related issues.
"""
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "Minor updates, using new Rust features like `const`, no major changes."
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.5"
notes = """
Lots of small updates here and there, for example around modernizing Rust
idioms. No new `unsafe` code and everything looks like what you'd expect a
compression library to be doing.
"""
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.8.9"
notes = "No new unsafe code, just refactorings."
[[audits.bytecode-alliance.audits.num-traits]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "0.2.19"
notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected."
[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""
[[audits.bytecode-alliance.audits.pin-project-lite]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.13 -> 0.2.14"
notes = "No substantive changes in this update"
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.pkg-config]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
[[audits.bytecode-alliance.audits.pkg-config]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.29"
notes = """
No `unsafe` additions or anything outside of the purview of the crate in this
change.
"""
[[audits.bytecode-alliance.audits.pkg-config]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "0.3.29 -> 0.3.32"
[[audits.bytecode-alliance.audits.sharded-slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.4"
notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe."
[[audits.bytecode-alliance.audits.shlex]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."
[[audits.bytecode-alliance.audits.smallvec]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.13.2 -> 1.14.0"
notes = "Minor new feature, nothing out of the ordinary."
[[audits.bytecode-alliance.audits.test-log]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.11"
[[audits.bytecode-alliance.audits.test-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.11 -> 0.2.16"
notes = "Crate implementation was moved to a `*-macros` crate, crate is very small as a result."
[[audits.bytecode-alliance.audits.test-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.16 -> 0.2.18"
notes = "Minor updates, nothing changing unsafe"
[[audits.bytecode-alliance.audits.test-log-macros]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.2.16"
notes = "Simple procedural macro copied from its previous source."
[[audits.bytecode-alliance.audits.test-log-macros]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.16 -> 0.2.18"
notes = "Standard macro changes, nothing out of place"
[[audits.bytecode-alliance.audits.vcpkg]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "no build.rs, no macros, no unsafe. It reads the filesystem and makes copies of DLLs into OUT_DIR."
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.236.0 -> 0.237.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.237.0 -> 0.238.1"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.238.1 -> 0.239.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.239.0 -> 0.240.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.240.0 -> 0.241.2"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.241.2 -> 0.242.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.242.0 -> 0.243.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.243.0 -> 0.244.0"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.google.audits.base64]]
who = "amarjotgill <amarjotgill@google.com>"
criteria = "safe-to-deploy"
version = "0.22.1"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.either]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.0"
notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.either]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.13.0 -> 1.14.0"
notes = """
Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either:
- migrating code to use helper macros
- migrating match patterns to take advantage of default bindings mode from RFC 2005
Either way, the result is code that does exactly the same thing and does not change the risk of UB.
See https://crrev.com/c/6323164 for more audit details.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.either]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.0"
notes = 'The delta in `lib.rs` only tweaks doc comments and `#[cfg(feature = "std")]`.'
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.equivalent]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.2"
notes = "No changes to any .rs files or Rust code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.foldhash]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.4"
notes = "No changes to safety-relevant code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.foldhash]]
who = "Chris Palmer <palmer@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
notes = "No new `unsafe`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.httpdate]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
There are two places where `unsafe` is used. Unsafe review notes can be found
in https://crrev.com/c/5347418.
This crate has been added to Chromium in https://crrev.com/c/3321895.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.4.0 -> 1.5.0"
notes = "Unsafe review notes: https://crrev.com/c/5650836"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.nom]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "7.1.3"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.num-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.46"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
notes = "Audited at https://fxrev.dev/946396"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.smallvec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.2"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.strsim]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.10.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-10-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2026-02-01"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-xid]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-07-25"
end = "2026-02-01"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.adler2]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.core-foundation-sys]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.6 -> 0.8.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.displaydoc]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.2.3"
notes = """
This crate is convenient macros to implement core::fmt::Display trait.
Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access.
It meets the criteria for safe-to-deploy.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.displaydoc]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Chris Martin <cmartin@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.1.1"
notes = "Fairly trivial changes, no chance of security regression."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.foldhash]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.5 -> 0.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-sink]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.gimli]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.30.0"
notes = """
Unsafe code blocks are sound. Minimal dependencies used. No use of
side-effectful std functions.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.gimli]]
who = "Chris Martin <cmartin@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.30.0 -> 0.29.0"
notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.heck]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.hex]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.4.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.2.0 -> 2.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.3.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.percent-encoding]]
who = "edgul <ed.guloien@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.1 -> 2.3.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.pin-project-lite]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.2.14 -> 0.2.16"
notes = """
Only functional change is to work around a bug in the negative_impls feature
(https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009)
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.pkg-config]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.powerfmt]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.0"
notes = """
A tiny bit of unsafe code to implement functionality that isn't in stable rust
yet, but it's all valid. Otherwise it's a pretty simple crate.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_spanned]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
notes = "Relatively simple Serde trait implementations. No IO or unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_spanned]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.4"
notes = "Unchanged"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.sharded-slab]]
who = "Mark Hammond <mhammond@skippinet.com.au>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.shlex]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.smallvec]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.strsim]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "0.12.6"
notes = """
I am the primary author of the `synstructure` crate, and its current
maintainer. The one use of `unsafe` is unnecessary, but documented and
harmless. It will be removed in the next version.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.synstructure]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.12.6 -> 0.13.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.synstructure]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.13.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.13.1 -> 0.13.2"
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.textwrap]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.15.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.textwrap]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.15.0 -> 0.15.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.textwrap]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.15.2 -> 0.16.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.textwrap]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.16.0 -> 0.16.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.textwrap]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.16.1 -> 0.16.2"
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.toml_datetime]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.7.5+spec-1.1.0"
notes = "Pure data type crate with some datetime parsing. No unsafe."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-linebreak]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
Reference in New Issue View Git Blame Copy Permalink