qa: Import Rust crate audits from Embark Studios

2023-01-10 14:57:04 +00:00 · 2023-01-10 14:57:04 +00:00 · 172ac8516f
parent ea9dab68e4
commit 172ac8516f
2 changed files with 20 additions and 4 deletions
--- a/qa/supply-chain/config.toml
+++ b/qa/supply-chain/config.toml
@ -4,6 +4,9 @@
 [imports.bytecode-alliance]
 url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"

+[imports.embark-studios]
+url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
+
 [imports.firefox]
 url = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

@ -61,10 +64,6 @@ criteria = "safe-to-deploy"
 version = "0.7.19"
 criteria = "safe-to-deploy"

-[[exemptions.anyhow]]
-version = "1.0.56"
-criteria = "safe-to-deploy"
-
 [[exemptions.arrayref]]
 version = "0.3.6"
 criteria = "safe-to-deploy"
--- a/qa/supply-chain/imports.lock
+++ b/qa/supply-chain/imports.lock
@ -168,6 +168,23 @@ criteria = "safe-to-deploy"
 version = "0.42.0"
 notes = "This is a Windows API bindings library maintained by Microsoft themselves."

+[[audits.embark-studios.audits.anyhow]]
+who = "Johan Andersson <opensource@embark-studios.com>"
+criteria = "safe-to-deploy"
+version = "1.0.58"
+
+[[audits.embark-studios.audits.anyhow]]
+who = "Johan Andersson <opensource@embark-studios.com>"
+criteria = "safe-to-deploy"
+delta = "1.0.58 -> 1.0.66"
+notes = "New unsafe usage, looks sane. Expert maintainer"
+
+[[audits.embark-studios.audits.tinyvec_macros]]
+who = "Johan Andersson <opensource@embark-studios.com>"
+criteria = "safe-to-deploy"
+version = "0.1.0"
+notes = "Inspected it and is a tiny crate with single safe macro"
+
 [[audits.firefox.audits.aho-corasick]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"