arbiter/server/supply-chain/imports.lock

# cargo-vet imports lock

[[publisher.addr2line]]
version = "0.25.1"
when = "2025-09-13"
user-id = 4415
user-login = "philipc"
user-name = "Philip Craig"

[[publisher.aho-corasick]]
version = "1.1.4"
when = "2025-10-28"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.anyhow]]
version = "1.0.102"
when = "2026-02-20"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.async-stream]]
version = "0.3.6"
when = "2024-10-01"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.async-stream-impl]]
version = "0.3.6"
when = "2024-10-01"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.async-trait]]
version = "0.1.89"
when = "2025-08-14"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.auto_impl]]
version = "1.3.0"
when = "2025-04-09"
user-id = 3204
user-login = "KodrAus"
user-name = "Ashley Mannix"

[[publisher.aws-lc-rs]]
version = "1.16.1"
when = "2026-03-02"
user-id = 156764
user-login = "justsmth"
user-name = "Justin W Smith"

[[publisher.aws-lc-sys]]
version = "0.38.0"
when = "2026-03-02"
user-id = 156764
user-login = "justsmth"
user-name = "Justin W Smith"

[[publisher.backtrace]]
version = "0.3.76"
when = "2025-09-26"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.bitflags]]
version = "2.11.0"
when = "2026-02-14"
user-id = 3204
user-login = "KodrAus"
user-name = "Ashley Mannix"

[[publisher.bumpalo]]
version = "3.20.2"
when = "2026-02-19"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"

[[publisher.bytes]]
version = "1.11.1"
when = "2026-02-03"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.cmake]]
version = "0.1.57"
when = "2025-12-17"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.core-foundation-sys]]
version = "0.8.4"
when = "2023-04-03"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.crossbeam-utils]]
version = "0.8.21"
when = "2024-12-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.derive_more]]
version = "2.1.1"
when = "2025-12-22"
user-id = 3797
user-login = "JelteF"
user-name = "Jelte Fennema-Nio"

[[publisher.derive_more-impl]]
version = "2.1.1"
when = "2025-12-22"
user-id = 3797
user-login = "JelteF"
user-name = "Jelte Fennema-Nio"

[[publisher.dyn-clone]]
version = "1.0.20"
when = "2025-07-27"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ff]]
version = "0.13.1"
when = "2025-03-09"
user-id = 6289
user-login = "str4d"
user-name = "Jack Grigg"

[[publisher.flate2]]
version = "1.1.9"
when = "2026-02-03"
user-id = 980
user-login = "Byron"
user-name = "Sebastian Thiel"

[[publisher.futures]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-channel]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-core]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-executor]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-io]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-macro]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-sink]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-task]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.futures-util]]
version = "0.3.32"
when = "2026-02-15"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.group]]
version = "0.12.0"
when = "2022-05-04"
user-id = 1244
user-login = "ebfull"

[[publisher.h2]]
version = "0.4.13"
when = "2026-01-05"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hashbrown]]
version = "0.14.5"
when = "2024-04-28"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.hashbrown]]
version = "0.15.5"
when = "2025-08-07"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.hashbrown]]
version = "0.16.1"
when = "2025-11-20"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.http]]
version = "1.4.0"
when = "2025-11-24"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.http-body-util]]
version = "0.1.3"
when = "2025-03-11"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.httparse]]
version = "1.10.1"
when = "2025-03-03"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hyper]]
version = "1.8.1"
when = "2025-11-13"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hyper-util]]
version = "0.1.20"
when = "2026-02-02"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.id-arena]]
version = "2.3.0"
when = "2026-01-14"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"

[[publisher.indexmap]]
version = "1.9.3"
when = "2023-03-24"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.indexmap]]
version = "2.13.0"
when = "2026-01-07"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.itoa]]
version = "1.0.17"
when = "2025-12-27"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.jobserver]]
version = "0.1.34"
when = "2025-08-23"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.libc]]
version = "0.2.183"
when = "2026-03-08"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.libm]]
version = "0.2.16"
when = "2026-01-24"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.linux-raw-sys]]
version = "0.12.1"
when = "2025-12-23"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"

[[publisher.lock_api]]
version = "0.4.14"
when = "2025-10-03"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.log]]
version = "0.4.29"
when = "2025-12-02"
user-id = 3204
user-login = "KodrAus"
user-name = "Ashley Mannix"

[[publisher.macro-string]]
version = "0.1.4"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.memchr]]
version = "2.8.0"
when = "2026-02-06"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.mime]]
version = "0.3.17"
when = "2023-03-20"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.mio]]
version = "1.1.1"
when = "2025-12-04"
user-id = 6025
user-login = "Thomasdezeeuw"
user-name = "Thomas de Zeeuw"

[[publisher.num-bigint]]
version = "0.4.6"
when = "2024-06-27"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.num_cpus]]
version = "1.17.0"
when = "2025-05-30"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.object]]
version = "0.37.3"
when = "2025-08-13"
user-id = 4415
user-login = "philipc"
user-name = "Philip Craig"

[[publisher.parking_lot]]
version = "0.12.5"
when = "2025-10-03"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.parking_lot_core]]
version = "0.9.12"
when = "2025-10-03"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.paste]]
version = "1.0.15"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.portable-atomic]]
version = "1.13.1"
when = "2026-01-31"
user-id = 33035
user-login = "taiki-e"
user-name = "Taiki Endo"

[[publisher.prettyplease]]
version = "0.2.37"
when = "2025-08-19"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.proc-macro2]]
version = "1.0.106"
when = "2026-01-21"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.prost]]
version = "0.14.3"
when = "2026-01-10"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.prost-build]]
version = "0.14.3"
when = "2026-01-10"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.prost-derive]]
version = "0.14.3"
when = "2026-01-10"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.prost-types]]
version = "0.14.3"
when = "2026-01-10"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.protoc-bin-vendored-linux-aarch_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-linux-ppcle_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-linux-s390_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-linux-x86_32]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-linux-x86_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-macos-aarch_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-macos-x86_64]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.protoc-bin-vendored-win32]]
version = "3.2.0"
when = "2025-07-21"
user-id = 220
user-login = "stepancheg"
user-name = "Stepan Koltsov"

[[publisher.pulldown-cmark-to-cmark]]
version = "22.0.0"
when = "2025-12-23"
user-id = 980
user-login = "Byron"
user-name = "Sebastian Thiel"

[[publisher.quote]]
version = "1.0.45"
when = "2026-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ref-cast]]
version = "1.0.25"
when = "2025-09-28"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ref-cast-impl]]
version = "1.0.25"
when = "2025-09-28"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.regex]]
version = "1.12.3"
when = "2026-02-03"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.regex-automata]]
version = "0.4.14"
when = "2026-02-03"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.regex-syntax]]
version = "0.8.10"
when = "2026-02-24"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.reqwest]]
version = "0.12.28"
when = "2025-12-22"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.rustc-demangle]]
version = "0.1.27"
when = "2026-01-15"
user-id = 55123
user-login = "rust-lang-owner"

[[publisher.rustix]]
version = "1.1.4"
when = "2026-02-22"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"

[[publisher.ryu]]
version = "1.0.23"
when = "2026-02-08"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.scopeguard]]
version = "1.2.0"
when = "2023-07-17"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.serde_json]]
version = "1.0.149"
when = "2026-01-06"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.slab]]
version = "0.4.12"
when = "2026-01-31"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.socket2]]
version = "0.6.3"
when = "2026-03-06"
user-id = 6025
user-login = "Thomasdezeeuw"
user-name = "Thomas de Zeeuw"

[[publisher.syn]]
version = "1.0.109"
when = "2023-02-24"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.syn]]
version = "2.0.117"
when = "2026-02-20"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.thread_local]]
version = "1.1.9"
when = "2025-06-12"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.time]]
version = "0.3.47"
when = "2026-02-05"
user-id = 15682
user-login = "jhpratt"
user-name = "Jacob Pratt"

[[publisher.tinystr]]
version = "0.8.2"
when = "2025-10-28"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.tokio]]
version = "1.50.0"
when = "2026-03-03"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.tokio-macros]]
version = "2.6.1"
when = "2026-03-02"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.tokio-stream]]
version = "0.1.18"
when = "2026-01-04"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.tokio-util]]
version = "0.7.18"
when = "2026-01-04"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.toml]]
version = "0.9.12+spec-1.1.0"
when = "2026-02-10"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_datetime]]
version = "1.0.0+spec-1.1.0"
when = "2026-02-11"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_edit]]
version = "0.25.4+spec-1.1.0"
when = "2026-03-04"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_parser]]
version = "1.0.9+spec-1.1.0"
when = "2026-02-16"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.tonic]]
version = "0.14.5"
when = "2026-02-19"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.tonic-build]]
version = "0.14.5"
when = "2026-02-19"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.tonic-prost]]
version = "0.14.5"
when = "2026-02-19"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.tonic-prost-build]]
version = "0.14.5"
when = "2026-02-19"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.tower]]
version = "0.5.3"
when = "2026-01-12"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.tower-http]]
version = "0.6.8"
when = "2025-12-08"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.tower-layer]]
version = "0.3.3"
when = "2024-08-13"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.tower-service]]
version = "0.3.3"
when = "2024-08-13"
user-id = 3959
user-login = "LucioFranco"
user-name = "Lucio Franco"

[[publisher.ucd-trie]]
version = "0.1.7"
when = "2024-09-29"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.unicase]]
version = "2.9.0"
when = "2026-01-06"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.unicode-ident]]
version = "1.0.24"
when = "2026-02-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.unicode-segmentation]]
version = "1.12.0"
when = "2024-09-13"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.unicode-width]]
version = "0.1.14"
when = "2024-09-19"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.unicode-width]]
version = "0.2.2"
when = "2025-10-06"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.unicode-xid]]
version = "0.2.6"
when = "2024-09-19"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.url]]
version = "2.5.8"
when = "2026-01-05"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.utf8_iter]]
version = "1.0.4"
when = "2023-12-01"
user-id = 4484
user-login = "hsivonen"
user-name = "Henri Sivonen"

[[publisher.uuid]]
version = "1.22.0"
when = "2026-03-05"
user-id = 3204
user-login = "KodrAus"
user-name = "Ashley Mannix"

[[publisher.valuable]]
version = "0.1.0"
when = "2022-01-03"
user-id = 10
user-login = "carllerche"
user-name = "Carl Lerche"

[[publisher.wait-timeout]]
version = "0.2.1"
when = "2025-02-03"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasi]]
version = "0.11.1+wasi-snapshot-preview1"
when = "2025-06-10"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasip2]]
version = "1.0.2+wasi-0.2.9"
when = "2026-01-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasip3]]
version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
when = "2026-01-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasm-bindgen]]
version = "0.2.99"
when = "2024-12-07"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasm-encoder]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"

[[publisher.wasm-metadata]]
version = "0.236.0"
when = "2025-07-28"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.wasmparser]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"

[[publisher.windows-core]]
version = "0.62.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-implement]]
version = "0.60.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-interface]]
version = "0.59.3"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-result]]
version = "0.4.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-strings]]
version = "0.5.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-sys]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-sys]]
version = "0.59.0"
when = "2024-07-30"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-sys]]
version = "0.60.2"
when = "2025-06-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-sys]]
version = "0.61.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-targets]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-targets]]
version = "0.53.5"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_gnullvm]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_gnullvm]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_msvc]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_msvc]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_gnu]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_gnu]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_gnullvm]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_gnullvm]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_msvc]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_msvc]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnu]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnu]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnullvm]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnullvm]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_msvc]]
version = "0.52.6"
when = "2024-07-03"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_msvc]]
version = "0.53.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.winnow]]
version = "0.7.15"
when = "2026-03-05"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.wit-bindgen]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"

[[publisher.wit-bindgen-core]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"

[[publisher.wit-bindgen-rust]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"

[[publisher.wit-bindgen-rust-macro]]
version = "0.51.0"
when = "2026-01-12"
trusted-publisher = "github:bytecodealliance/wit-bindgen"

[[publisher.wit-component]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"

[[publisher.wit-parser]]
version = "0.244.0"
when = "2026-01-06"
trusted-publisher = "github:bytecodealliance/wasm-tools"

[[publisher.yoke]]
version = "0.8.1"
when = "2025-10-28"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.zerocopy]]
version = "0.8.42"
when = "2026-03-09"
user-id = 7178
user-login = "joshlf"
user-name = "Joshua Liebow-Feeser"

[[publisher.zerocopy-derive]]
version = "0.8.42"
when = "2026-03-09"
user-id = 7178
user-login = "joshlf"
user-name = "Joshua Liebow-Feeser"

[[publisher.zerotrie]]
version = "0.2.3"
when = "2025-10-28"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.zerovec]]
version = "0.11.5"
when = "2025-10-28"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.zmij]]
version = "1.0.21"
when = "2026-02-12"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[audits.OpenDevicePartnership.audits.num_enum]]
who = "Billy Price <williamp@microsoft.com>"
criteria = "safe-to-deploy"
version = "0.7.5"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.num_enum_derive]]
who = "Billy Price <williamp@microsoft.com>"
criteria = "safe-to-deploy"
version = "0.7.5"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embassy-imxrt/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.proc-macro-error]]
who = "Jerry Xie <jerryxie@microsoft.com>"
criteria = "safe-to-deploy"
version = "1.0.4"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.rand_core]]
who = "Billy Price <williamp@microsoft.com>"
criteria = "safe-to-deploy"
delta = "0.6.4 -> 0.9.5"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.rstest]]
who = "Billy Price <williamp@microsoft.com>"
criteria = "safe-to-run"
delta = "0.22.0 -> 0.26.1"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.rstest_macros]]
who = "Billy Price <williamp@microsoft.com>"
criteria = "safe-to-run"
delta = "0.22.0 -> 0.26.1"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.serde]]
who = "Robert Zieba <robertzieba@microsoft.com>"
criteria = "safe-to-deploy"
version = "1.0.228"
notes = "Changes are mostly a reorganization of the internal module structure"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.serde_core]]
who = "Robert Zieba <robertzieba@microsoft.com>"
criteria = "safe-to-deploy"
version = "1.0.226"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.serde_derive]]
who = "Robert Zieba <robertzieba@microsoft.com>"
criteria = "safe-to-deploy"
version = "1.0.228"
notes = "Diff is clean-up in proc macros"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/embedded-services/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.thiserror]]
who = "Felipe Balbi <felipe.balbi@microsoft.com>"
criteria = "safe-to-deploy"
version = "2.0.17"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml"

[[audits.OpenDevicePartnership.audits.thiserror-impl]]
who = "Felipe Balbi <felipe.balbi@microsoft.com>"
criteria = "safe-to-deploy"
version = "2.0.17"
aggregated-from = "https://raw.githubusercontent.com/OpenDevicePartnership/mcxa-pac/refs/heads/main/supply-chain/audits.toml"

[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2026-08-21"

[[audits.bytecode-alliance.wildcard-audits.wasip2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 1 # Alex Crichton (alexcrichton)
start = "2025-08-10"
end = "2026-08-21"
notes = """
This is a Bytecode Alliance authored crate.
"""

[[audits.bytecode-alliance.wildcard-audits.wasip3]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 1 # Alex Crichton (alexcrichton)
start = "2025-09-10"
end = "2026-08-21"
notes = """
This is a Bytecode Alliance authored crate.
"""

[[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""

[[audits.bytecode-alliance.wildcard-audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-bindgen]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-core]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-12"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rust-macro]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wit-bindgen"
start = "2025-08-13"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-component]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.wildcard-audits.wit-parser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
trusted-publisher = "github:bytecodealliance/wasm-tools"
start = "2025-08-14"
end = "2027-01-08"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.adler2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.0.0"
notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin."

[[audits.bytecode-alliance.audits.allocator-api2]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "0.2.18 -> 0.2.20"
notes = """
The changes appear to be reasonable updates from Rust's stdlib imported into
`allocator-api2`'s copy of this code.
"""

[[audits.bytecode-alliance.audits.atomic-waker]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.2"
notes = "Contains `unsafe` code but it's well-documented and scoped to what it's intended to be doing. Otherwise a well-focused and straightforward crate."

[[audits.bytecode-alliance.audits.cfg-if]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."

[[audits.bytecode-alliance.audits.cipher]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "0.4.4"
notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads."

[[audits.bytecode-alliance.audits.core-foundation-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.6"
notes = """
The changes here are all typical bindings updates: new functions, types, and
constants. I have not audited all the bindings for ABI conformance.
"""

[[audits.bytecode-alliance.audits.der]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
version = "0.7.10"
notes = "No unsafe code aside from transmutes for transparent newtypes."

[[audits.bytecode-alliance.audits.displaydoc]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"

[[audits.bytecode-alliance.audits.encode_unicode]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.3.6 -> 1.0.0"
notes = "Lots of updates, small edits to `unsafe` code, but all as expected."

[[audits.bytecode-alliance.audits.errno]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."

[[audits.bytecode-alliance.audits.errno]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
notes = "Just a dependency version bump and a bug fix for redox"

[[audits.bytecode-alliance.audits.errno]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.3.9 -> 0.3.10"

[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
notes = """
This update had a few doc updates but no otherwise-substantial source code
updates.
"""

[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.1.1 -> 2.3.0"
notes = "Minor refactoring, nothing new."

[[audits.bytecode-alliance.audits.foldhash]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = """
Only a minor amount of `unsafe` code in this crate related to global per-process
initialization which looks correct to me.
"""

[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.29.0 -> 0.31.0"
notes = "Various updates here and there, nothing too major, what you'd expect from a DWARF parsing crate."

[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.31.0 -> 0.31.1"
notes = "No fundmanetally new `unsafe` code, some small refactoring of existing code. Lots of changes in tests, not as many changes in the rest of the crate. More dwarf!"

[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.31.1 -> 0.32.0"
notes = "Ever more DWARF to parse, but also no new `unsafe` and everything looks like gimli."

[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.32.0 -> 0.32.3"
notes = "Ever more dwarf, it never ends! (nothing out of the ordinary)"

[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."

[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected."

[[audits.bytecode-alliance.audits.http-body]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.0-rc.2"

[[audits.bytecode-alliance.audits.http-body]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-rc.2 -> 1.0.0"
notes = "Only minor changes made for a stable release."

[[audits.bytecode-alliance.audits.iana-time-zone-haiku]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.2"

[[audits.bytecode-alliance.audits.idna]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = """
This is a crate without unsafe code or usage of the standard library. The large
size of this crate comes from the large generated unicode tables file. This
crate is broadly used throughout the ecosystem and does not contain anything
suspicious.
"""

[[audits.bytecode-alliance.audits.inout]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "A part of RustCrypto/utils, this crate is designed to handle unsafe buffers and carefully documents the safety concerns throughout. Older versions of this tally up to ~130k daily downloads."

[[audits.bytecode-alliance.audits.leb128fmt]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Well-scoped crate do doing LEB encoding with no `unsafe` code and does what it says on the tin."

[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"

[[audits.bytecode-alliance.audits.matchers]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "Some unsafe code, but not more than before. Nothing awry."

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.7.1"
notes = """
This crate is a Rust implementation of zlib compression/decompression and has
been used by default by the Rust standard library for quite some time. It's also
a default dependency of the popular `backtrace` crate for decompressing debug
information. This crate forbids unsafe code and does not otherwise access system
resources. It's originally a port of the `miniz.c` library as well, and given
its own longevity should be relatively hardened against some of the more common
compression-related issues.
"""

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "Minor updates, using new Rust features like `const`, no major changes."

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.5"
notes = """
Lots of small updates here and there, for example around modernizing Rust
idioms. No new `unsafe` code and everything looks like what you'd expect a
compression library to be doing.
"""

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.8.9"
notes = "No new unsafe code, just refactorings."

[[audits.bytecode-alliance.audits.nu-ansi-term]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.46.0"
notes = "one use of unsafe to call windows specific api to get console handle."

[[audits.bytecode-alliance.audits.nu-ansi-term]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.46.0 -> 0.50.1"
notes = "Lots of stylistic/rust-related chanegs, plus new features, but nothing out of the ordrinary."

[[audits.bytecode-alliance.audits.nu-ansi-term]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.50.1 -> 0.50.3"
notes = "CI changes, Rust changes, nothing out of the ordinary."

[[audits.bytecode-alliance.audits.num-traits]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "0.2.19"
notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected."

[[audits.bytecode-alliance.audits.pem-rfc7468]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
version = "0.7.0"
notes = "Only `unsafe` around a `from_utf8_unchecked`, and no IO."

[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""

[[audits.bytecode-alliance.audits.pin-project-lite]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.13 -> 0.2.14"
notes = "No substantive changes in this update"

[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"

[[audits.bytecode-alliance.audits.pkg-config]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."

[[audits.bytecode-alliance.audits.pkg-config]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.29"
notes = """
No `unsafe` additions or anything outside of the purview of the crate in this
change.
"""

[[audits.bytecode-alliance.audits.pkg-config]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "0.3.29 -> 0.3.32"

[[audits.bytecode-alliance.audits.sharded-slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.4"
notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe."

[[audits.bytecode-alliance.audits.shlex]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."

[[audits.bytecode-alliance.audits.smallvec]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.13.2 -> 1.14.0"
notes = "Minor new feature, nothing out of the ordinary."

[[audits.bytecode-alliance.audits.static_assertions]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "No dependencies and completely a compile-time crate as advertised. Uses `unsafe` in one module as a compile-time check only: `mem::transmute` and `ptr::write` are wrapped in an impossible-to-run closure."

[[audits.bytecode-alliance.audits.test-log]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.11"

[[audits.bytecode-alliance.audits.test-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.11 -> 0.2.16"
notes = "Crate implementation was moved to a `*-macros` crate, crate is very small as a result."

[[audits.bytecode-alliance.audits.test-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.16 -> 0.2.18"
notes = "Minor updates, nothing changing unsafe"

[[audits.bytecode-alliance.audits.test-log-macros]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.2.16"
notes = "Simple procedural macro copied from its previous source."

[[audits.bytecode-alliance.audits.test-log-macros]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.2.16 -> 0.2.18"
notes = "Standard macro changes, nothing out of place"

[[audits.bytecode-alliance.audits.tinyvec_macros]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = """
This is a trivial crate which only contains a singular macro definition which is
intended to multiplex across the internal representation of a tinyvec,
presumably. This trivially doesn't contain anything bad.
"""

[[audits.bytecode-alliance.audits.tracing-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = """
This is a standard adapter between the `log` ecosystem and the `tracing`
ecosystem. There's one `unsafe` block in this crate and it's well-scoped.
"""

[[audits.bytecode-alliance.audits.tracing-log]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
notes = "Nothing out of the ordinary, a typical major version update and nothing awry."

[[audits.bytecode-alliance.audits.try-lock]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.4"
notes = "Implements a concurrency primitive with atomics, and is not obviously incorrect"

[[audits.bytecode-alliance.audits.vcpkg]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "no build.rs, no macros, no unsafe. It reads the filesystem and makes copies of DLLs into OUT_DIR."

[[audits.bytecode-alliance.audits.want]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.0"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.236.0 -> 0.237.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.237.0 -> 0.238.1"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.238.1 -> 0.239.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.239.0 -> 0.240.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.240.0 -> 0.241.2"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.241.2 -> 0.242.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.242.0 -> 0.243.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.243.0 -> 0.244.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.embark-studios.audits.cfg_aliases]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.ident_case]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.idna]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.0"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.tap]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.google.audits.arrayvec]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.7.6"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'` and there were
no hits, except for some `net` usage in tests.

The crate has quite a few bits of `unsafe` Rust.  The audit comments can be
found in https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.autocfg]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.base64]]
who = "amarjotgill <amarjotgill@google.com>"
criteria = "safe-to-deploy"
version = "0.22.1"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.byteorder]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
version = "1.5.0"
notes = "Unsafe review in https://crrev.com/c/5838022"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.0"
notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.13.0 -> 1.14.0"
notes = """
Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either:
- migrating code to use helper macros
- migrating match patterns to take advantage of default bindings mode from RFC 2005
Either way, the result is code that does exactly the same thing and does not change the risk of UB.

See https://crrev.com/c/6323164 for more audit details.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.0"
notes = 'The delta in `lib.rs` only tweaks doc comments and `#[cfg(feature = "std")]`.'
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.equivalent]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.2"
notes = "No changes to any .rs files or Rust code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.foldhash]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.4"
notes = "No changes to safety-relevant code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.foldhash]]
who = "Chris Palmer <palmer@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
notes = "No new `unsafe`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.glob]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.glob]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.2"
notes = "Still no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.httpdate]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.icu_collections]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = """
Two instances of unsafe :
 - Non-safety related unsafe API that imposes additional invariants
 - `from_utf8` for known-UTF8 integer

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_collections]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "from_utf8 unsafe removed. no new unsafe added"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = """
All unsafe code commented (and improved from prior version):
  - A checklisted ULE impl
  - from-utf8 code on known-ASCII
  - Some unchecked indexing around maintained invariants
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = """
All unsafe is unchecked `char` and `str` conversion, mostly well-commented.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = "All unsafe was removed"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
  - Minor unsafe transmutes between types which are identical but not type-system-provably so.
  - One unsafe EqULE impl
  - Some repr(transparent) transmutes
  - A from_utf8_unchecked for an ascii-validated string

Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "from_utf8_unchecked unsafe remove, all other unsafe not meaningfully changed"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

There are two places where `unsafe` is used.  Unsafe review notes can be found
in https://crrev.com/c/5347418.

This crate has been added to Chromium in https://crrev.com/c/3321895.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.4.0 -> 1.5.0"
notes = "Unsafe review notes: https://crrev.com/c/5650836"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.litemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.7.4"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.litemap]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.7.4 -> 0.7.5"
notes = "Delta implements the entry API but doesn't add or change any unsafe code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.nom]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "7.1.3"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.num-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.46"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.num-iter]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.1.43"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
notes = "Audited at https://fxrev.dev/946396"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.potential_utf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.potential_utf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.2"
notes = "Addition of safe comparison APIs since last audit"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.rand]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.8.5"
notes = """
For more detailed unsafe review notes please see https://crrev.com/c/6362797
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rand_chacha]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.3.1"
notes = """
For more detailed unsafe review notes please see https://crrev.com/c/6362797
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rand_core]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.6.4"
notes = """
For more detailed unsafe review notes please see https://crrev.com/c/6362797
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.relative-path]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
version = "1.9.3"
notes = """
There is no net or fs usage, no crypto.
There is unsafe to convert pointers from str to RelativePath, where the latter
is a transparent wrapper around str so the pointer will be to a valid
type/value always.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rstest]]
who = "danakj@chromium.org"
criteria = "safe-to-run"
version = "0.17.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rstest]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-run"
delta = "0.17.0 -> 0.22.0"
notes = "No new unsafe. fs and net usage, but only in its own tests."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rstest_macros]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-run"
version = "0.22.0"
notes = """
There is no fs or net usage directly, though there is fs
usage through the glob crate to get lists of files if the user
asks for it in their macro.

There is no unsafe. Scanned through all the code.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.14"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for:

* Using trivially-safe `unsafe` in test code:

    ```
    tests/test_const.rs:unsafe fn _unsafe() {}
    tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
    ```

* Using `unsafe` in a string:

    ```
    src/constfn.rs:            "unsafe" => Qualifiers::Unsafe,
    ```

* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
  which is later read back via `include!` used in `src/lib.rs`.

Version `1.0.6` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.14 -> 1.0.15"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.15 -> 1.0.16"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.16 -> 1.0.17"
notes = "Just updates windows compat"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Liza Burakova <liza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.19"
notes = "No unsafe, just doc changes"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.19 -> 1.0.20"
notes = "Only minor updates to documentation and the mock today used for testing."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.smallvec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.2"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strsim]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.10.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strum]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.25.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strum_macros]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.25.3"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.writeable]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.6.0"
notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.writeable]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
notes = "Minor comment/documentation updates and switch to a non-panicking alternative to split_at()."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.7.5"
notes = "Custom derive implementing the `Yokeable` trait. Generally generates simple code that asserts covariance."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke-derive]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.7.5 -> 0.8.0"
notes = "No code changes: only incrementing the version."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerofrom]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerofrom]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.5 -> 0.1.6"
notes = "Only minor cfg tweaks."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerofrom-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerofrom-derive]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.5 -> 0.1.6"
notes = "Only a minor clippy adjustment."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.isrg.audits.cfg-if]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.0 -> 1.0.1"

[[audits.isrg.audits.cfg-if]]
who = "J.C. Jones <jc@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.3"

[[audits.isrg.audits.cfg-if]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.4"

[[audits.isrg.audits.cpufeatures]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.17 -> 0.3.0"

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.1.17"
notes = """
This crate does not contain any unsafe code, and does not use any items from
the standard library or other crates, aside from operations backed by
`std::ops`. All paths with array indexing use integer literals for indexes, so
there are no panics due to indexes out of bounds (as rustc would catch an
out-of-bounds literal index). I did not check whether arithmetic overflows
could cause a panic, and I am relying on the Coq code having satisfied the
necessary preconditions to ensure panics due to overflows are unreachable.
"""

[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.1.17 -> 0.1.18"

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.18 -> 0.1.19"
notes = """
This release renames many items and adds a new module. The code in the new
module is entirely composed of arithmetic and array accesses.
"""

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.1.20"

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.20 -> 0.2.0"

[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"

[[audits.isrg.audits.fiat-crypto]]
who = "Tim Geoghegan <timg@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.1 -> 0.2.2"
notes = "No changes to `unsafe` code, or any functional changes that I can detect at all."

[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.4"

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"

[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.5 -> 0.2.6"

[[audits.isrg.audits.fiat-crypto]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"

[[audits.isrg.audits.fiat-crypto]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.7 -> 0.2.8"

[[audits.isrg.audits.fiat-crypto]]
who = "Tim Geoghegan <timg@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"
notes = "No changes to Rust code between 0.2.8 and 0.2.9"

[[audits.isrg.audits.fiat-crypto]]
who = "Tim Geoghegan <timg@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.3.0"
notes = "The diff is huge, but that's because it introduces a wrapper around indexing into arrays which is used in many many places. There is no new unsafe code and no change to build scripts I can detect."

[[audits.isrg.audits.hmac]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.12.1"

[[audits.isrg.audits.num-iter]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.43 -> 0.1.44"

[[audits.isrg.audits.num-iter]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"

[[audits.isrg.audits.once_cell]]
who = "J.C. Jones <jc@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.21.3 -> 1.21.4"
notes = "The addition is a safe while loop around prior behavior. I don't see any way for that to become malicious."

[[audits.isrg.audits.opaque-debug]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.0"

[[audits.isrg.audits.rand]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.9.1"

[[audits.isrg.audits.rand]]
who = "Tim Geoghegan <timg@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.9.1 -> 0.9.2"

[[audits.isrg.audits.rand]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.9.2 -> 0.10.0"

[[audits.isrg.audits.rand_chacha]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.9.0"

[[audits.isrg.audits.rand_core]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.9.5 -> 0.10.0"

[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.10.2"

[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.10.8 -> 0.10.9"

[[audits.isrg.audits.sha3]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.10.6"

[[audits.isrg.audits.sha3]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"

[[audits.isrg.audits.sha3]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.10.8"

[[audits.isrg.audits.subtle]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "2.5.0 -> 2.6.1"

[[audits.isrg.audits.thiserror]]
who = "J.C. Jones <jc@divviup.org>"
criteria = "safe-to-deploy"
delta = "2.0.17 -> 2.0.18"

[[audits.isrg.audits.thiserror-impl]]
who = "J.C. Jones <jc@divviup.org>"
criteria = "safe-to-deploy"
delta = "2.0.17 -> 2.0.18"

[[audits.isrg.audits.universal-hash]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.4.1"

[[audits.isrg.audits.universal-hash]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.1"

[[audits.isrg.audits.untrusted]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.7.1"

[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-10-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.unicode-segmentation]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-05-15"
end = "2026-02-01"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2026-02-01"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.unicode-xid]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-07-25"
end = "2026-02-01"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.utf8_iter]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
user-id = 4484 # Henri Sivonen (hsivonen)
start = "2022-04-19"
end = "2024-06-16"
notes = "Maintained by Henri Sivonen who works at Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.adler2]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.allocator-api2]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.2.18"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.allocator-api2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.20 -> 0.2.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-set]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.5.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-set]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.3 -> 0.6.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-set]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-vec]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.3 -> 0.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.bit-vec]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.cfg_aliases]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.2.1"
notes = "Very minor changes."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.core-foundation-sys]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.6 -> 0.8.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.crunchy]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.deranged]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.3.11"
notes = """
This crate contains a decent bit of `unsafe` code, however all internal
unsafety is verified with copious assertions (many are compile-time), and
otherwise the unsafety is documented and left to the caller to verify.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.deranged]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.3.11 -> 0.4.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.deranged]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.8"
notes = "New unsafe code is properly guarded"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.displaydoc]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.2.3"
notes = """
This crate is convenient macros to implement core::fmt::Display trait.
Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access.
It meets the criteria for safe-to-deploy.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.displaydoc]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.errno]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.fastrand]]
who = "Chris Martin <cmartin@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.1.1"
notes = "Fairly trivial changes, no chance of security regression."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.foldhash]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.5 -> 0.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.2.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.form_urlencoded]]
who = "edgul <ed.guloien@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.2.1 -> 1.2.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.gimli]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.30.0"
notes = """
Unsafe code blocks are sound. Minimal dependencies used. No use of
side-effectful std functions.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.gimli]]
who = "Chris Martin <cmartin@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.30.0 -> 0.29.0"
notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.hashbrown]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
version = "0.12.3"
notes = "This version is used in rust's libstd, so effectively we're already trusting it"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.heck]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.hex]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.4.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_collections]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_collections]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.1.1"
notes = "Adding methods have unsafe code for faster, but these have the commnet why this is safe."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_locale_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_locale_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_normalizer]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_normalizer]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_normalizer_data]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_normalizer_data]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_properties]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_properties]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_properties_data]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_properties_data]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_provider]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta2 -> 2.0.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.icu_provider]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 1.0.2"
notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.2 -> 1.0.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna]]
who = "edgul <ed.guloien@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna_adapter]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.idna_adapter]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.2.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.litemap]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.7.5 -> 0.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.num-conv]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = """
Very straightforward, simple crate. No dependencies, unsafe, extern,
side-effectful std functions, etc.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.num-conv]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "Revision only removes code"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.2.0 -> 2.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.3.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.percent-encoding]]
who = "edgul <ed.guloien@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.1 -> 2.3.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.pin-project-lite]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.2.14 -> 0.2.16"
notes = """
Only functional change is to work around a bug in the negative_impls feature
(https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009)
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.pkg-config]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.potential_utf]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.powerfmt]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.0"
notes = """
A tiny bit of unsafe code to implement functionality that isn't in stable rust
yet, but it's all valid. Otherwise it's a pretty simple crate.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.proc-macro-error-attr2]]
who = "Kagami Sascha Rosylight <saschanaz@outlook.com>"
criteria = "safe-to-deploy"
version = "2.0.0"
notes = "No unsafe block."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.proc-macro-error2]]
who = "Kagami Sascha Rosylight <saschanaz@outlook.com>"
criteria = "safe-to-deploy"
version = "2.0.1"
notes = "No unsafe block with a lovely `#![forbid(unsafe_code)]`."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
version = "0.5.4"
notes = "This is a small crate, providing safe wrappers around various low-level networking specific operating system features. Given that the Rust standard library does not provide safe wrappers for these low-level features, safe wrappers need to be build in the crate itself, i.e. `quinn-udp`, thus requiring `unsafe` code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.4 -> 0.5.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.6 -> 0.5.8"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.8 -> 0.5.9"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Leonard Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.9 -> 0.5.10"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Leonard Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.10 -> 0.5.11"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Leonard Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.11 -> 0.5.12"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.quinn-udp]]
who = "Max Leonard Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.5.12 -> 0.5.13"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.rustc-hash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.rustc-hash]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 2.1.1"
notes = "Simple hashing crate, no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.rustc_version]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = """
Use of powerful capabilities is limited to invoking `rustc -vV` to get version
information for parsing version information.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.serde_core]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.226 -> 1.0.227"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.serde_core]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.227 -> 1.0.228"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.serde_spanned]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
notes = "Relatively simple Serde trait implementations.  No IO or unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.serde_spanned]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.4"
notes = "Unchanged"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.sha2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.sha2]]
who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.8"
notes = """
The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson.
I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year
which suggests no one else has found anything either.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.sharded-slab]]
who = "Mark Hammond <mhammond@skippinet.com.au>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.shlex]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.similar]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "2.2.1 -> 2.7.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.smallvec]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.strsim]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.strum]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.25.0 -> 0.26.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.strum]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.26.3 -> 0.27.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.strum_macros]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.25.3 -> 0.26.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.strum_macros]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.26.4 -> 0.27.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.subtle]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "2.5.0"
notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "0.12.6"
notes = """
I am the primary author of the `synstructure` crate, and its current
maintainer. The one use of `unsafe` is unnecessary, but documented and
harmless. It will be removed in the next version.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.synstructure]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.12.6 -> 0.13.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.synstructure]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.13.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.13.1 -> 0.13.2"
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.15.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.15.0 -> 0.15.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.15.2 -> 0.16.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.16.0 -> 0.16.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "0.16.1 -> 0.16.2"
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.1.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.8"
notes = "No unsafe code"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-macros]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-macros]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.10"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-macros]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.18"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-macros]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.2.18 -> 0.2.22"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.time-macros]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.2.22 -> 0.2.27"
notes = "Refactors some unsafe code, nothing new"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.tinyvec_macros]]
who = "Drew Willcoxon <adw@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.toml_datetime]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.7.5+spec-1.1.0"
notes = "Pure data type crate with some datetime parsing. No unsafe."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.unicode-linebreak]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.wasm-bindgen]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.2.99 -> 0.2.100"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.windows-link]]
who = "Mark Hammond <mhammond@skippinet.com.au>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = "A microsoft crate allowing unsafe calls to windows apis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.windows-link]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.writeable]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.6.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zeroize]]
who = "Benjamin Beurdouche <beurdouche@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.8.1"
notes = """
This code DOES contain unsafe code required to internally call volatiles
for deleting data. This is expected and documented behavior.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerovec-derive]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.10.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerovec-derive]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerovec-derive]]
who = "Max Inden <mail@max-inden.de>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.zerovec-derive]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.11.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.zcash.audits.autocfg]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.4.0 -> 1.5.0"
notes = "Filesystem change is to remove the generated LLVM IR output file after probing."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.crunchy]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
notes = """
Build script change is to fix a bug where a path separator for an included file
was being selected by the target OS instead of the host OS.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.dunce]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
version = "1.0.5"
notes = """
Does what it says on the tin. No `unsafe`, and the only IO is `std::fs::canonicalize`.
Path and string handling looks plausibly correct.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.errno]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.3 -> 0.3.8"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.errno]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.8 -> 0.3.9"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.errno]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.10 -> 0.3.11"
notes = "The `__errno` location for vxworks and cygwin looks correct from a quick search."
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.errno]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.11 -> 0.3.13"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.errno]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.13 -> 0.3.14"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.glob]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.2 -> 0.3.3"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.group]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.group]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.13.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.http-body]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.0 -> 1.0.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.inout]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.4"
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.litemap]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.opaque-debug]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.quinn-udp]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.5.13 -> 0.5.14"
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.rustc_version]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"
notes = "Changes to `Command` usage are to add support for `RUSTC_WRAPPER`."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.rustversion]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.20 -> 1.0.21"
notes = "Build script change is to fix building with `-Zfmt-debug=none`."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.rustversion]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.22"
notes = "Changes to generated code are to prepend a clippy annotation."
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.signature]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "2.1.0"
notes = """
This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations.
I did not review whether implementing these APIs would present any undocumented cryptographic hazards.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.signature]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.2.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.strum]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.27.1 -> 0.27.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.strum_macros]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.27.1 -> 0.27.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.try-lock]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"
notes = "Bumps MSRV to remove unsafe code block."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.valuable]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
notes = "Build script changes are for linting."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.want]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
notes = """
Migrates to `try-lock 0.2.4` to replace some unsafe APIs that were not marked
`unsafe` (but that were being used safely).
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.zcash.audits.windows-link]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "No code changes at all."
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[audits.zcash.audits.yoke-derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.1"
notes = """
Changes to generated `unsafe` code are to silence the `clippy::mem_forget` lint;
no actual code changes.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.zeroize]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.8.2"
notes = """
Changes to `unsafe` code are to alter how `core::mem::size_of` is named; no actual changes
to the `unsafe` logic.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"

[[audits.zcash.audits.zerovec-derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.11.1 -> 0.11.2"
notes = "Only changes to generated code are clippy lints."
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"