# cargo-vet imports lock [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.3.6" notes = """ Unsafe code, but its logic looks good to me. Necessary given what it is doing. Well tested, has quickchecks. """ [[audits.bytecode-alliance.audits.arrayvec]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.7.2" notes = """ Well documented invariants, good assertions for those invariants in unsafe code, and tested with MIRI to boot. LGTM. """ [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" [[audits.bytecode-alliance.audits.bumpalo]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "3.11.1" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.constant_time_eq]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.2.4" notes = "A few tiny blocks of `unsafe` but each of them is very obviously correct." [[audits.bytecode-alliance.audits.crypto-common]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" version = "0.1.3" [[audits.bytecode-alliance.audits.digest]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.3" [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.21" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.tinyvec]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.6.0" notes = """ This crate, while it implements collections, does so without `std::*` APIs and without `unsafe`. Skimming the crate everything looks reasonable and what one would expect from idiomatic safe collections in Rust. """ [[audits.bytecode-alliance.audits.tinyvec_macros]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.0" notes = """ This is a trivial crate which only contains a singular macro definition which is intended to multiplex across the internal representation of a tinyvec, presumably. This trivially doesn't contain anything bad. """ [[audits.bytecode-alliance.audits.unicode-normalization]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.19" notes = """ This crate contains one usage of `unsafe` which I have manually checked to see it as correct. This crate's size comes in large part due to the generated unicode tables that it contains. This crate is additionally widely used throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs and nothing suspicious. """ [[audits.bytecode-alliance.audits.windows-sys]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows-sys]] who = "Pat Hickey " criteria = "safe-to-deploy" delta = "0.42.0 -> 0.45.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows-targets]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.42.1" notes = "This is a Windows API bindings library maintained by Microsoft themselves. Additionally, this particular crate is empty and just collects a bunch of dependencies, which are not exported, so I don't understand why it exists at all." [[audits.bytecode-alliance.audits.windows_aarch64_gnullvm]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_aarch64_msvc]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_i686_gnu]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_i686_msvc]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_x86_64_gnu]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_x86_64_gnullvm]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [[audits.bytecode-alliance.audits.windows_x86_64_msvc]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.42.0" notes = "This is a Windows API bindings library maintained by Microsoft themselves." [audits.chromeos.criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" [audits.chromeos.criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" implies = "crypto-safe" [audits.chromeos.criteria.rule-of-two-safe-to-deploy] description = """ This is a stronger requirement than the built-in safe-to-deploy criteria, motivated by Chromium's rule-of-two related requirements: https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md#unsafe-code-in-safe-languages This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. Auditors are not required to perform a full logic review of the entire crate. Rather, they must review enough to fully reason about the behavior of all unsafe blocks and usage of powerful imports. For any reasonable usage of the crate in real-world software, an attacker must not be able to manipulate the runtime behavior of these sections in an exploitable or surprising way. Ideally, ambient capabilities (e.g. filesystem access) are hardened against manipulation and consistent with the advertised behavior of the crate. However, some discretion is permitted. In such cases, the nature of the discretion should be recorded in the `notes` field of the audit record. Any unsafe code in this crate must, in general, be kept well-contained, and documentation must exist to describe how Rust's invariants are being upheld despite the unsafe block(s). Nontrivial uses of unsafe must be reviewed by an expert in Rust's unsafety guarantees/non-guarantees. For crates which generate deployed code (e.g. build dependencies or procedural macros), reasonable usage of the crate should output code which meets the above criteria.""" implies = "safe-to-deploy" [audits.chromeos.audits] [[audits.embark-studios.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.58" [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy" version = "0.9.0" [[audits.isrg.audits.crunchy]] who = "David Cook " criteria = "safe-to-deploy" version = "0.2.2" [[audits.isrg.audits.either]] who = "David Cook " criteria = "safe-to-deploy" version = "1.6.1" [[audits.isrg.audits.opaque-debug]] who = "David Cook " criteria = "safe-to-deploy" version = "0.3.0" [[audits.isrg.audits.serde_json]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "1.0.91 -> 1.0.92" notes = "The only changes are to doccomments, a dev-dependency and the project's CI workflow, so there should be no risk to dependents." [[audits.isrg.audits.serde_json]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.92 -> 1.0.93" [[audits.isrg.audits.unicode-ident]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" [[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" version = "0.4.1" [[audits.isrg.audits.untrusted]] who = "David Cook " criteria = "safe-to-deploy" version = "0.7.1" [[audits.isrg.audits.wasm-bindgen-shared]] who = "David Cook " criteria = "safe-to-deploy" version = "0.2.83" [[audits.mozilla.audits.aho-corasick]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.18 -> 0.7.20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.57 -> 1.0.61" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.anyhow]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "1.0.58 -> 1.0.57" notes = "No functional differences, just CI config and docs." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.61 -> 1.0.62" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.62 -> 1.0.68" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.autocfg]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.1.0" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.2.1 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.8 -> 0.9.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.10 -> 0.9.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.8 -> 0.8.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.11 -> 0.8.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.digest]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.6.1 -> 1.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.getrandom]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hex]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.indexmap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.1 -> 1.9.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.itoa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.itoa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.126 -> 0.2.132" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.132 -> 0.2.138" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.138 -> 0.2.139" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.memoffset]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.6.5 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.miniz_oxide]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-bigint]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.4.3" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-integer]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-traits]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num_cpus]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.13.1 -> 1.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.ppv-lite86]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.proc-macro2]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.0.39" notes = """ `proc-macro2` acts as either a thin(-ish) wrapper around the std-provided `proc_macro` crate, or as a fallback implementation of the crate, depending on where it is used. If using this crate on older versions of rustc (1.56 and earlier), it will temporarily replace the panic handler while initializing in order to detect if it is running within a `proc_macro`, which could lead to surprising behaviour. This should not be an issue for more recent compiler versions, which support `proc_macro::is_available()`. The `proc-macro2` crate's fallback behaviour is not identical to the complex behaviour of the rustc compiler (e.g. it does not perform unicode normalization for identifiers), however it behaves well enough for its intended use-case (tests and scripts processing rust code). `proc-macro2` does not use unsafe code, however exposes one `unsafe` API to allow bypassing checks in the fallback implementation when constructing `Literal` using `from_str_unchecked`. This was intended to only be used by the `quote!` macro, however it has been removed (https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), and is likely completely unused. Even when used, this API shouldn't be able to cause unsoundness. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.proc-macro2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.39 -> 1.0.43" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.proc-macro2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.43 -> 1.0.49" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quote]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.0.18" notes = """ `quote` is a utility crate used by proc-macros to generate TokenStreams conveniently from source code. The bulk of the logic is some complex interlocking `macro_rules!` macros which are used to parse and build the `TokenStream` within the proc-macro. This crate contains no unsafe code, and the internal logic, while difficult to read, is generally straightforward. I have audited the the quote macros, ident formatter, and runtime logic. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quote]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.18 -> 1.0.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quote]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.21 -> 1.0.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rayon]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.5.3" notes = "All code written or reviewed by Josh Stone or Niko Matsakis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rayon]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rayon-core]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.9.3" notes = "All code written or reviewed by Josh Stone or Niko Matsakis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rayon-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.3 -> 1.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rayon-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.10.1 -> 1.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.regex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.6.0 -> 1.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.regex-syntax]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.27 -> 0.6.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.ryu]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.11 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.144" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.144 -> 1.0.151" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.151 -> 1.0.152" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.144" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.144 -> 1.0.151" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.151 -> 1.0.152" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.81 -> 1.0.83" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.83 -> 1.0.85" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.85 -> 1.0.91" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.12.6" notes = """ I am the primary author of the `synstructure` crate, and its current maintainer. The one use of `unsafe` is unnecessary, but documented and harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.thiserror]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.32 -> 1.0.38" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.thiserror-impl]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.32 -> 1.0.38" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.typenum]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-ident]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.1.20" notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.20 -> 0.1.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.21 -> 0.1.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"