Merge pull request #6469 from str4d/rust-audit-import-updates
qa: Update imported `cargo-vet` audit registries
This commit is contained in:
commit
2b5b5363c9
|
@ -4,15 +4,18 @@
|
|||
[imports.bytecode-alliance]
|
||||
url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
|
||||
|
||||
[imports.chromeos]
|
||||
url = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[imports.embark-studios]
|
||||
url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
|
||||
|
||||
[imports.firefox]
|
||||
url = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[imports.isrg]
|
||||
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml"
|
||||
|
||||
[imports.mozilla]
|
||||
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
|
||||
|
||||
[[exemptions.addr2line]]
|
||||
version = "0.17.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -301,10 +304,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.9.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.lazy_static]]
|
||||
version = "1.4.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.libc]]
|
||||
version = "0.2.126"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -505,10 +504,6 @@ criteria = "safe-to-deploy"
|
|||
version = "10.6.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rayon-core]]
|
||||
version = "1.10.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.reddsa]]
|
||||
version = "0.3.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -150,404 +150,62 @@ criteria = "safe-to-deploy"
|
|||
version = "0.42.0"
|
||||
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
|
||||
|
||||
[audits.chromeos.criteria.crypto-safe]
|
||||
description = """
|
||||
All crypto algorithms in this crate have been reviewed by a relevant expert.
|
||||
|
||||
**Note**: If a crate does not implement crypto, use `does-not-implement-crypto`,
|
||||
which implies `crypto-safe`, but does not require expert review in order to
|
||||
audit for."""
|
||||
|
||||
[audits.chromeos.criteria.does-not-implement-crypto]
|
||||
description = """
|
||||
Inspection reveals that the crate in question does not attempt to implement any
|
||||
cryptographic algorithms on its own.
|
||||
|
||||
Note that certification of this does not require an expert on all forms of
|
||||
cryptography: it's expected for crates we import to be \"good enough\" citizens,
|
||||
so they'll at least be forthcoming if they try to implement something
|
||||
cryptographic. When in doubt, please ask an expert."""
|
||||
implies = "crypto-safe"
|
||||
|
||||
[audits.chromeos.criteria.rule-of-two-safe-to-deploy]
|
||||
description = """
|
||||
This is a stronger requirement than the built-in safe-to-deploy criteria,
|
||||
motivated by Chromium's rule-of-two related requirements:
|
||||
https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md#unsafe-code-in-safe-languages
|
||||
|
||||
This crate will not introduce a serious security vulnerability to production
|
||||
software exposed to untrusted input.
|
||||
|
||||
Auditors are not required to perform a full logic review of the entire crate.
|
||||
Rather, they must review enough to fully reason about the behavior of all unsafe
|
||||
blocks and usage of powerful imports. For any reasonable usage of the crate in
|
||||
real-world software, an attacker must not be able to manipulate the runtime
|
||||
behavior of these sections in an exploitable or surprising way.
|
||||
|
||||
Ideally, ambient capabilities (e.g. filesystem access) are hardened against
|
||||
manipulation and consistent with the advertised behavior of the crate. However,
|
||||
some discretion is permitted. In such cases, the nature of the discretion should
|
||||
be recorded in the `notes` field of the audit record.
|
||||
|
||||
Any unsafe code in this crate must, in general, be kept well-contained, and
|
||||
documentation must exist to describe how Rust's invariants are being upheld
|
||||
despite the unsafe block(s). Nontrivial uses of unsafe must be reviewed by an
|
||||
expert in Rust's unsafety guarantees/non-guarantees.
|
||||
|
||||
For crates which generate deployed code (e.g. build dependencies or procedural
|
||||
macros), reasonable usage of the crate should output code which meets the above
|
||||
criteria."""
|
||||
implies = "safe-to-deploy"
|
||||
|
||||
[audits.chromeos.audits]
|
||||
|
||||
[[audits.embark-studios.audits.anyhow]]
|
||||
who = "Johan Andersson <opensource@embark-studios.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.58"
|
||||
|
||||
[[audits.firefox.audits.aho-corasick]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.7.18 -> 0.7.20"
|
||||
|
||||
[[audits.firefox.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.57 -> 1.0.61"
|
||||
|
||||
[[audits.firefox.audits.anyhow]]
|
||||
who = "Bobby Holley <bobbyholley@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.58 -> 1.0.57"
|
||||
notes = "No functional differences, just CI config and docs."
|
||||
|
||||
[[audits.firefox.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.61 -> 1.0.62"
|
||||
|
||||
[[audits.firefox.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.62 -> 1.0.68"
|
||||
|
||||
[[audits.firefox.audits.autocfg]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.1.0"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
|
||||
[[audits.firefox.audits.block-buffer]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.10.2 -> 0.10.3"
|
||||
|
||||
[[audits.firefox.audits.bytes]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.2.1 -> 1.3.0"
|
||||
|
||||
[[audits.firefox.audits.crossbeam-epoch]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.9.8 -> 0.9.10"
|
||||
|
||||
[[audits.firefox.audits.crossbeam-epoch]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.9.10 -> 0.9.13"
|
||||
|
||||
[[audits.firefox.audits.crossbeam-utils]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.8.8 -> 0.8.11"
|
||||
|
||||
[[audits.firefox.audits.crossbeam-utils]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.8.11 -> 0.8.14"
|
||||
|
||||
[[audits.firefox.audits.digest]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.10.3 -> 0.10.6"
|
||||
|
||||
[[audits.firefox.audits.either]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.6.1 -> 1.7.0"
|
||||
|
||||
[[audits.firefox.audits.either]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.7.0 -> 1.8.0"
|
||||
|
||||
[[audits.firefox.audits.fnv]]
|
||||
who = "Bobby Holley <bobbyholley@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.7"
|
||||
notes = "Simple hasher implementation with no unsafe code."
|
||||
|
||||
[[audits.firefox.audits.futures-channel]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
|
||||
[[audits.firefox.audits.futures-channel]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
|
||||
[[audits.firefox.audits.futures-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
|
||||
[[audits.firefox.audits.futures-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
|
||||
[[audits.firefox.audits.futures-task]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
|
||||
[[audits.firefox.audits.futures-task]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
|
||||
[[audits.firefox.audits.futures-util]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
|
||||
[[audits.firefox.audits.futures-util]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
|
||||
[[audits.firefox.audits.getrandom]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.7 -> 0.2.8"
|
||||
|
||||
[[audits.firefox.audits.hashbrown]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.12.3"
|
||||
notes = "This version is used in rust's libstd, so effectively we're already trusting it"
|
||||
|
||||
[[audits.firefox.audits.hex]]
|
||||
who = "Simon Friedberger <simon@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.3"
|
||||
|
||||
[[audits.firefox.audits.indexmap]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.9.1 -> 1.9.2"
|
||||
|
||||
[[audits.firefox.audits.itoa]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.2 -> 1.0.3"
|
||||
|
||||
[[audits.firefox.audits.itoa]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.3 -> 1.0.5"
|
||||
|
||||
[[audits.firefox.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.126 -> 0.2.132"
|
||||
|
||||
[[audits.firefox.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.132 -> 0.2.138"
|
||||
|
||||
[[audits.firefox.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.138 -> 0.2.139"
|
||||
|
||||
[[audits.firefox.audits.log]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.17"
|
||||
|
||||
[[audits.firefox.audits.memoffset]]
|
||||
who = "Gabriele Svelto <gsvelto@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.6.5 -> 0.7.1"
|
||||
|
||||
[[audits.firefox.audits.miniz_oxide]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.5.3 -> 0.6.2"
|
||||
|
||||
[[audits.firefox.audits.num-bigint]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.3"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
|
||||
[[audits.firefox.audits.num-integer]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.1.45"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
|
||||
[[audits.firefox.audits.num-traits]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.15"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
|
||||
[[audits.firefox.audits.num_cpus]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.13.1 -> 1.14.0"
|
||||
|
||||
[[audits.firefox.audits.ppv-lite86]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.16 -> 0.2.17"
|
||||
|
||||
[[audits.firefox.audits.proc-macro2]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.39"
|
||||
notes = """
|
||||
`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
|
||||
`proc_macro` crate, or as a fallback implementation of the crate, depending on
|
||||
where it is used.
|
||||
|
||||
If using this crate on older versions of rustc (1.56 and earlier), it will
|
||||
temporarily replace the panic handler while initializing in order to detect if
|
||||
it is running within a `proc_macro`, which could lead to surprising behaviour.
|
||||
This should not be an issue for more recent compiler versions, which support
|
||||
`proc_macro::is_available()`.
|
||||
|
||||
The `proc-macro2` crate's fallback behaviour is not identical to the complex
|
||||
behaviour of the rustc compiler (e.g. it does not perform unicode normalization
|
||||
for identifiers), however it behaves well enough for its intended use-case
|
||||
(tests and scripts processing rust code).
|
||||
|
||||
`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
|
||||
allow bypassing checks in the fallback implementation when constructing
|
||||
`Literal` using `from_str_unchecked`. This was intended to only be used by the
|
||||
`quote!` macro, however it has been removed
|
||||
(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
|
||||
and is likely completely unused. Even when used, this API shouldn't be able to
|
||||
cause unsoundness.
|
||||
"""
|
||||
|
||||
[[audits.firefox.audits.proc-macro2]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.39 -> 1.0.43"
|
||||
|
||||
[[audits.firefox.audits.proc-macro2]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.43 -> 1.0.49"
|
||||
|
||||
[[audits.firefox.audits.quote]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.18"
|
||||
notes = """
|
||||
`quote` is a utility crate used by proc-macros to generate TokenStreams
|
||||
conveniently from source code. The bulk of the logic is some complex
|
||||
interlocking `macro_rules!` macros which are used to parse and build the
|
||||
`TokenStream` within the proc-macro.
|
||||
|
||||
This crate contains no unsafe code, and the internal logic, while difficult to
|
||||
read, is generally straightforward. I have audited the the quote macros, ident
|
||||
formatter, and runtime logic.
|
||||
"""
|
||||
|
||||
[[audits.firefox.audits.quote]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.18 -> 1.0.21"
|
||||
|
||||
[[audits.firefox.audits.quote]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.21 -> 1.0.23"
|
||||
|
||||
[[audits.firefox.audits.rayon]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.5.3"
|
||||
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
|
||||
|
||||
[[audits.firefox.audits.rayon]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.5.3 -> 1.6.1"
|
||||
|
||||
[[audits.firefox.audits.regex]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.6.0 -> 1.7.0"
|
||||
|
||||
[[audits.firefox.audits.regex-syntax]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.6.27 -> 0.6.28"
|
||||
|
||||
[[audits.firefox.audits.ryu]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.11 -> 1.0.12"
|
||||
|
||||
[[audits.firefox.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.143 -> 1.0.144"
|
||||
|
||||
[[audits.firefox.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.144 -> 1.0.151"
|
||||
|
||||
[[audits.firefox.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.151 -> 1.0.152"
|
||||
|
||||
[[audits.firefox.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.143 -> 1.0.144"
|
||||
|
||||
[[audits.firefox.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.144 -> 1.0.151"
|
||||
|
||||
[[audits.firefox.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.151 -> 1.0.152"
|
||||
|
||||
[[audits.firefox.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.81 -> 1.0.83"
|
||||
|
||||
[[audits.firefox.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.83 -> 1.0.85"
|
||||
|
||||
[[audits.firefox.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.85 -> 1.0.91"
|
||||
|
||||
[[audits.firefox.audits.synstructure]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.12.6"
|
||||
notes = """
|
||||
I am the primary author of the `synstructure` crate, and its current
|
||||
maintainer. The one use of `unsafe` is unnecessary, but documented and
|
||||
harmless. It will be removed in the next version.
|
||||
"""
|
||||
|
||||
[[audits.firefox.audits.thiserror]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.32 -> 1.0.38"
|
||||
|
||||
[[audits.firefox.audits.thiserror-impl]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.32 -> 1.0.38"
|
||||
|
||||
[[audits.firefox.audits.typenum]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.15.0 -> 1.16.0"
|
||||
|
||||
[[audits.firefox.audits.unicode-ident]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.3 -> 1.0.6"
|
||||
|
||||
[[audits.firefox.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.19 -> 0.1.20"
|
||||
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
|
||||
|
||||
[[audits.firefox.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.20 -> 0.1.21"
|
||||
|
||||
[[audits.firefox.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.21 -> 0.1.22"
|
||||
|
||||
[[audits.isrg.audits.block-buffer]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -598,3 +256,491 @@ version = "0.7.1"
|
|||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.83"
|
||||
|
||||
[[audits.mozilla.audits.aho-corasick]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.7.18 -> 0.7.20"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.57 -> 1.0.61"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.anyhow]]
|
||||
who = "Bobby Holley <bobbyholley@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.58 -> 1.0.57"
|
||||
notes = "No functional differences, just CI config and docs."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.61 -> 1.0.62"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.anyhow]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.62 -> 1.0.68"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.autocfg]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.1.0"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.block-buffer]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.10.2 -> 0.10.3"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.bytes]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.2.1 -> 1.3.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.crossbeam-epoch]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.9.8 -> 0.9.10"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.crossbeam-epoch]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.9.10 -> 0.9.13"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.crossbeam-utils]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.8.8 -> 0.8.11"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.crossbeam-utils]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.8.11 -> 0.8.14"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.digest]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.10.3 -> 0.10.6"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.either]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.6.1 -> 1.7.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.either]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.7.0 -> 1.8.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.fnv]]
|
||||
who = "Bobby Holley <bobbyholley@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.7"
|
||||
notes = "Simple hasher implementation with no unsafe code."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-channel]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-channel]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-task]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-task]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-util]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-util]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.getrandom]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.7 -> 0.2.8"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.hashbrown]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.12.3"
|
||||
notes = "This version is used in rust's libstd, so effectively we're already trusting it"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.hex]]
|
||||
who = "Simon Friedberger <simon@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.3"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.indexmap]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.9.1 -> 1.9.2"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.itoa]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.2 -> 1.0.3"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.itoa]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.3 -> 1.0.5"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.lazy_static]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.4.0"
|
||||
notes = "I have read over the macros, and audited the unsafe code."
|
||||
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.126 -> 0.2.132"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.132 -> 0.2.138"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.libc]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.138 -> 0.2.139"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.log]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.17"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.memoffset]]
|
||||
who = "Gabriele Svelto <gsvelto@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.6.5 -> 0.7.1"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.miniz_oxide]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.5.3 -> 0.6.2"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-bigint]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.3"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-integer]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.1.45"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-traits]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.15"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num_cpus]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.13.1 -> 1.14.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.ppv-lite86]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.16 -> 0.2.17"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.proc-macro2]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.39"
|
||||
notes = """
|
||||
`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
|
||||
`proc_macro` crate, or as a fallback implementation of the crate, depending on
|
||||
where it is used.
|
||||
|
||||
If using this crate on older versions of rustc (1.56 and earlier), it will
|
||||
temporarily replace the panic handler while initializing in order to detect if
|
||||
it is running within a `proc_macro`, which could lead to surprising behaviour.
|
||||
This should not be an issue for more recent compiler versions, which support
|
||||
`proc_macro::is_available()`.
|
||||
|
||||
The `proc-macro2` crate's fallback behaviour is not identical to the complex
|
||||
behaviour of the rustc compiler (e.g. it does not perform unicode normalization
|
||||
for identifiers), however it behaves well enough for its intended use-case
|
||||
(tests and scripts processing rust code).
|
||||
|
||||
`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
|
||||
allow bypassing checks in the fallback implementation when constructing
|
||||
`Literal` using `from_str_unchecked`. This was intended to only be used by the
|
||||
`quote!` macro, however it has been removed
|
||||
(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
|
||||
and is likely completely unused. Even when used, this API shouldn't be able to
|
||||
cause unsoundness.
|
||||
"""
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.proc-macro2]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.39 -> 1.0.43"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.proc-macro2]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.43 -> 1.0.49"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.quote]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.18"
|
||||
notes = """
|
||||
`quote` is a utility crate used by proc-macros to generate TokenStreams
|
||||
conveniently from source code. The bulk of the logic is some complex
|
||||
interlocking `macro_rules!` macros which are used to parse and build the
|
||||
`TokenStream` within the proc-macro.
|
||||
|
||||
This crate contains no unsafe code, and the internal logic, while difficult to
|
||||
read, is generally straightforward. I have audited the the quote macros, ident
|
||||
formatter, and runtime logic.
|
||||
"""
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.quote]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.18 -> 1.0.21"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.quote]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.21 -> 1.0.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.5.3"
|
||||
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.5.3 -> 1.6.1"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.9.3"
|
||||
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.9.3 -> 1.10.1"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.10.1 -> 1.10.2"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.regex]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.6.0 -> 1.7.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.regex-syntax]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.6.27 -> 0.6.28"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.ryu]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.11 -> 1.0.12"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.143 -> 1.0.144"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.144 -> 1.0.151"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.151 -> 1.0.152"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.143 -> 1.0.144"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.144 -> 1.0.151"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_derive]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.151 -> 1.0.152"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.81 -> 1.0.83"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.83 -> 1.0.85"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.serde_json]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.85 -> 1.0.91"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.synstructure]]
|
||||
who = "Nika Layzell <nika@thelayzells.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.12.6"
|
||||
notes = """
|
||||
I am the primary author of the `synstructure` crate, and its current
|
||||
maintainer. The one use of `unsafe` is unnecessary, but documented and
|
||||
harmless. It will be removed in the next version.
|
||||
"""
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.thiserror]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.32 -> 1.0.38"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.thiserror-impl]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.32 -> 1.0.38"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.typenum]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.15.0 -> 1.16.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.unicode-ident]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.0.3 -> 1.0.6"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.19 -> 0.1.20"
|
||||
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.20 -> 0.1.21"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.unicode-normalization]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.21 -> 0.1.22"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
|
Loading…
Reference in New Issue