2022-06-09 05:45:26 -07:00
# cargo-vet audits file
2022-06-09 07:50:00 -07:00
[ criteria . crypto-reviewed ]
description = "The cryptographic code in this crate has been reviewed for correctness by a member of a designated set of cryptography experts within the project."
[ criteria . license-reviewed ]
description = "The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`."
2022-06-21 17:04:15 -07:00
2023-01-10 08:01:43 -08:00
[ [ audits . addr2line ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.19.0"
notes = "Only change to unsafe code is to reduce the scope of some unsafe blocks."
2022-09-23 18:49:19 -07:00
[ [ audits . aead ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.5.1"
notes = "Adds an AeadCore::generate_nonce function to generate random nonces, given a CryptoRng."
2022-08-17 01:22:14 -07:00
[ [ audits . anyhow ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.61"
notes = "Update does not introduce new code. Minor build script changes look fine."
2022-10-10 21:07:54 -07:00
[ [ audits . anyhow ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.61 -> 1.0.65"
notes = "Build script changes just alter what it is probing for; no difference in side effects."
2022-07-04 10:33:07 -07:00
[ [ audits . bellman ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.13.0 -> 0.13.1"
notes = "Adds multi-threaded batch validation, which I checked against the existing single-threaded batch validation."
2023-01-10 08:01:43 -08:00
[ [ audits . bls12_381 ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.7.1"
[ [ audits . byte-slice-cast ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.2.1 -> 1.2.2"
2022-08-17 01:22:14 -07:00
[ [ audits . chacha20 ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.8.1 -> 0.8.2"
notes = "Unpins zeroize."
2022-09-23 18:49:19 -07:00
[ [ audits . chacha20 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.9.0"
2022-08-17 01:22:14 -07:00
[ [ audits . chacha20poly1305 ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.9.0 -> 0.9.1"
notes = "Unpins zeroize."
2022-09-23 18:49:19 -07:00
[ [ audits . chacha20poly1305 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.9.1 -> 0.10.1"
notes = "This mainly adapts to API changes between aead 0.4 and aead 0.5."
[ [ audits . cipher ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.3"
notes = "Significant rework of (mainly RustCrypto-internal) APIs."
2022-08-17 01:22:14 -07:00
[ [ audits . clearscreen ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.10"
notes = "Bumps nix and removes some of its default features."
2023-01-10 08:01:43 -08:00
[ [ audits . clearscreen ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"
2023-01-10 17:01:30 -08:00
[ [ audits . clearscreen ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.11 -> 2.0.0"
2022-10-10 12:04:39 -07:00
[ [ audits . cpufeatures ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.5"
notes = "Unsafe changes just introduce `#[inline(never)]` wrappers."
2022-08-17 01:22:14 -07:00
[ [ audits . crypto-common ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.3 -> 0.1.6"
notes = "New trait and type alias look fine."
2022-07-25 05:46:44 -07:00
[ [ audits . cxx ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxx ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
notes = "Impls Unpin for SharedPtr and UniquePtr. The rationale makes sense."
2022-10-10 11:56:12 -07:00
[ [ audits . cxx ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-10-19 11:21:37 -07:00
[ [ audits . cxx ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = "" "
This release changes the result of the ` cxxbridge ` ` exception ` call to return
a struct containing both the pointer to an error message and its length ,
instead of just the raw ` * const u8 ` .
"" "
2023-01-12 14:48:43 -08:00
[ [ audits . cxx ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"
2022-07-25 05:46:44 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
2022-10-10 11:56:12 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-10-19 11:21:37 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = "This is exclusively an update to the `cxxbridge` dependency version."
2023-01-12 14:48:43 -08:00
[ [ audits . cxxbridge-flags ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"
2022-07-25 05:46:44 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
2022-10-10 11:56:12 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-10-19 17:29:15 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
2022-10-19 11:21:37 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = "This is exclusively an update to the `cxxbridge` dependency version."
2023-01-12 14:48:43 -08:00
[ [ audits . cxxbridge-macro ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"
2023-01-10 08:01:43 -08:00
[ [ audits . ed25519-zebra ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.0.0 -> 3.1.0"
2022-06-09 09:06:27 -07:00
[ [ audits . equihash ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 07:50:00 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . equihash ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . f4jumble ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2023-01-10 08:01:43 -08:00
[ [ audits . ff ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"
2022-08-17 01:22:14 -07:00
[ [ audits . getrandom ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
notes = "" "
Checked that getrandom : : wasi : : getrandom_inner matches wasi : : random_get .
Checked that getrandom : : util_libc : : Weak lock ordering matches std : : sys : : unix : : weak : : DlsymWeak .
"" "
2022-10-19 17:29:15 -07:00
[ [ audits . group ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"
2022-06-09 09:06:27 -07:00
[ [ audits . halo2_gadgets ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . halo2_gadgets ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . halo2_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . halo2_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-09-23 11:05:08 -07:00
[ [ audits . indexmap ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.1"
notes = "I'm satisfied that the assertion guarding the new unsafe block is correct."
2022-09-23 18:49:19 -07:00
[ [ audits . inout ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "Reviewed in full."
2023-01-10 08:01:43 -08:00
[ [ audits . ipnet ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "2.5.0 -> 2.7.1"
2022-08-17 01:22:14 -07:00
[ [ audits . itoa ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.3"
notes = "Update makes no changes to code."
2022-10-10 21:07:54 -07:00
[ [ audits . libm ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.5"
2023-01-10 08:01:43 -08:00
[ [ audits . libm ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.5 -> 0.2.6"
2022-10-10 21:07:54 -07:00
[ [ audits . link-cplusplus ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.6 -> 1.0.7"
2023-01-10 08:01:43 -08:00
[ [ audits . link-cplusplus ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.7 -> 1.0.8"
2022-10-10 21:07:54 -07:00
[ [ audits . lock_api ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.7 -> 0.4.9"
notes = "The unsafe changes fix soundness bugs. The unsafe additions in the new ArcMutexGuard::into_arc method seem fine, but it should probably have used ManuallyDrop instead of mem::forget."
[ [ audits . log ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.16 -> 0.4.17"
notes = "I confirmed that the unsafe transmutes are fine; NonZeroU128 and NonZeroI128 are `#[repr(transparent)]` wrappers around u128 and i128 respectively."
2022-09-25 15:38:24 -07:00
[ [ audits . memuse ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "Exposes an existing macro. Note that I am the author of the crate."
2022-09-23 11:05:08 -07:00
[ [ audits . metrics ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.1"
[ [ audits . metrics-exporter-prometheus ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.0"
[ [ audits . metrics-macros ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.0"
[ [ audits . metrics-util ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.14.0"
2022-08-17 01:22:14 -07:00
[ [ audits . mio ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.4"
notes = "" "
Migrates from winapi to windows-sys . The changes to API usage look reasonable
based on what I ' ve seen in other uses of the windows-sys crate . Unsafe code
falls into two categories :
- Usage of ` mem : : zeroed ( ) ` , which doesn ' t look obviously wrong . The
` . . unsafe { mem : : zeroed ( ) } ` in ` sys : : unix : : selector : : kqueue ` looks weird
but AFAICT is saying \ " take any unspecified fields from an instance of this
struct that has been zero-initialized \ " , which is fine for integer fields . It
would be nice if there was documentation to this effect ( explaining why this
is done instead of ` . . Default : : default ( ) ` ) .
- Calls to Windows API methods . These are either pre-existing ( and altered for
the differences in the crate abstractions ) , or newly added in logic that
appears to be copied from miow 0.3 . 6 ( I scanned this by eye and didn ' t see
any noteworthy changes other than handling windows-sys API differences ) .
"" "
2023-01-10 08:01:43 -08:00
[ [ audits . mio ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.5"
notes = "The only unsafe changes are in epoll_create1 failure cases. Usage of epoll_create and fcntl looks fine; it is vulnerable to a race condition in multithreaded programs that fork child processes, but epoll_create1 is how you avoid this problem. See the discussion of the O_CLOEXEC flag in the open(2) man page for details."
2022-08-17 01:22:14 -07:00
[ [ audits . num-integer ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
notes = "Fixes some argument-handling panic bugs."
2023-01-10 08:01:43 -08:00
[ [ audits . num_cpus ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.0"
2023-01-12 15:03:20 -08:00
[ [ audits . object ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.30.1 -> 0.30.2"
2022-06-09 09:06:27 -07:00
[ [ audits . orchard ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . orchard ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-10-19 17:29:15 -07:00
[ [ audits . orchard ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.3.0"
2022-09-23 11:05:08 -07:00
[ [ audits . parking_lot ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.11.2 -> 0.12.1"
notes = "Most `unsafe {}` changes were to reduce the scope of the unsafe blocks. I didn't closely review the migration to the asm! macro but it looks reasonable."
[ [ audits . parking_lot_core ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.9.3"
2023-01-12 15:03:20 -08:00
[ [ audits . parking_lot_core ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.5 -> 0.9.6"
2023-01-10 08:01:43 -08:00
[ [ audits . pasta_curves ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"
2022-09-23 18:49:19 -07:00
[ [ audits . poly1305 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.2 -> 0.8.0"
notes = "Changes to unsafe (avx2) code look reasonable."
2022-07-25 05:46:44 -07:00
[ [ audits . proc-macro2 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.41"
2022-09-23 11:05:08 -07:00
[ [ audits . quanta ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.1"
2023-01-10 08:01:43 -08:00
[ [ audits . regex ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.7.1"
2022-08-17 01:22:14 -07:00
[ [ audits . serde ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps serde-derive and adds some constructors."
2022-10-10 21:07:54 -07:00
[ [ audits . serde ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.145"
2022-08-17 01:22:14 -07:00
[ [ audits . serde_derive ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps syn, inverts some build flags."
2022-10-10 21:07:54 -07:00
[ [ audits . serde_derive ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.145"
2022-09-23 11:05:08 -07:00
[ [ audits . sketches-ddsketch ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
notes = "I did not review the refactor, but there are no unsafe blocks and I didn't see any obvious changes that could result in panics."
2022-07-25 05:46:44 -07:00
[ [ audits . syn ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.98"
2023-01-10 08:01:43 -08:00
[ [ audits . syn ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.102 -> 1.0.107"
2022-08-17 01:22:14 -07:00
[ [ audits . thiserror ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Bumps thiserror-impl, no code changes."
2022-10-10 21:07:54 -07:00
[ [ audits . thiserror ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.32 -> 1.0.37"
notes = "The new build script invokes rustc to determine whether it supports the Provider API. The only side-effect is it overwrites `$OUT_DIR/probe.rs`, which is fine because it is unique to the thiserror package."
2022-08-17 01:22:14 -07:00
[ [ audits . thiserror-impl ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Only change is to refine an error message."
2022-10-10 21:07:54 -07:00
[ [ audits . thiserror-impl ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.32 -> 1.0.37"
notes = "Proc macro changes migrating to the Provider API look fine."
2023-01-10 08:01:43 -08:00
[ [ audits . time-macros ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.6"
[ [ audits . try-lock ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
notes = "Fixes unsoundness."
[ [ audits . uint ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.4 -> 0.9.5"
2022-07-25 05:46:44 -07:00
[ [ audits . unicode-ident ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "1.0.2"
2022-09-23 18:49:19 -07:00
[ [ audits . universal-hash ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
2023-01-12 15:03:20 -08:00
[ [ audits . windows_aarch64_gnullvm ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2022-08-17 01:22:14 -07:00
[ [ audits . windows_aarch64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2023-01-12 15:03:20 -08:00
[ [ audits . windows_aarch64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2022-08-17 01:22:14 -07:00
[ [ audits . windows_i686_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2023-01-12 15:03:20 -08:00
[ [ audits . windows_i686_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2022-08-17 01:22:14 -07:00
[ [ audits . windows_i686_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2023-01-12 15:03:20 -08:00
[ [ audits . windows_i686_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2022-08-17 01:22:14 -07:00
[ [ audits . windows_x86_64_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2023-01-12 15:03:20 -08:00
[ [ audits . windows_x86_64_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
[ [ audits . windows_x86_64_gnullvm ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2022-08-17 01:22:14 -07:00
[ [ audits . windows_x86_64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2023-01-12 15:03:20 -08:00
[ [ audits . windows_x86_64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "" "
This is a Windows API bindings library maintained by Microsoft themselves .
Changes are to a bundled binary library ; it looks like these were accidentally left out of 0.42 . 0 .
"" "
2023-01-10 08:01:43 -08:00
[ [ audits . wyz ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.1"
notes = "Only change to unsafe code is to extract a drop impl into a method. I note however that most of the changes in the published 0.5.1 are not present in the v0.5.1 tag on the GitHub repository."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_address ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-10-19 17:29:15 -07:00
[ [ audits . zcash_address ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_encoding ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-10-19 17:29:15 -07:00
[ [ audits . zcash_encoding ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_history ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.3.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_note_encryption ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-10-19 17:29:15 -07:00
[ [ audits . zcash_note_encryption ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_primitives ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.6.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . zcash_primitives ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-10-19 17:29:15 -07:00
[ [ audits . zcash_primitives ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.1"
2023-01-10 16:56:29 -08:00
[ [ audits . zcash_primitives ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.1 -> 0.9.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.6.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 05:45:26 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-07-04 10:33:07 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.7.0 -> 0.7.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-10-19 17:29:15 -07:00
[ [ audits . zcash_proofs ] ]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
2023-01-10 16:56:29 -08:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.9.0"
2022-09-23 18:49:19 -07:00
[ [ audits . zeroize ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.4.3 -> 1.5.7"
notes = "The zeroize_c_string unit test has UB, but that's very unlikely to cause a problem in practice."
2023-01-10 08:01:43 -08:00
[ [ audits . zeroize_derive ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 1.3.3"
notes = "Removes `T: Drop` bound from `impl<T: Zeroize> Drop for SomeType<T>`. I agree it was unnecessary."