Import Rust crate audits from ISRG
This commit is contained in:
parent
12334b3a18
commit
d99edccaa3
|
@ -7,6 +7,9 @@ version = "0.9"
|
|||
[imports.google]
|
||||
url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml"
|
||||
|
||||
[imports.isrg]
|
||||
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml"
|
||||
|
||||
[imports.mozilla]
|
||||
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
|
||||
|
||||
|
@ -260,10 +263,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.8.16"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.crunchy]]
|
||||
version = "0.2.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.crypto-common]]
|
||||
version = "0.1.6"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -384,10 +383,6 @@ criteria = "safe-to-run"
|
|||
version = "0.3.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.hmac]]
|
||||
version = "0.12.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.home]]
|
||||
version = "0.5.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -508,18 +503,10 @@ criteria = "safe-to-deploy"
|
|||
version = "0.7.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.num-bigint]]
|
||||
version = "0.4.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.num-format]]
|
||||
version = "0.4.4"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.num-traits]]
|
||||
version = "0.2.17"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.num_cpus]]
|
||||
version = "1.16.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -536,10 +523,6 @@ criteria = "safe-to-deploy"
|
|||
version = "11.1.3"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.opaque-debug]]
|
||||
version = "0.3.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.os_str_bytes]]
|
||||
version = "6.6.1"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -656,22 +639,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.8.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_chacha]]
|
||||
version = "0.3.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_core]]
|
||||
version = "0.6.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rayon]]
|
||||
version = "1.8.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rayon-core]]
|
||||
version = "1.12.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.reddsa]]
|
||||
version = "0.5.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -908,14 +875,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.1.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.universal-hash]]
|
||||
version = "0.5.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.untrusted]]
|
||||
version = "0.7.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.untrusted]]
|
||||
version = "0.9.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -525,6 +525,81 @@ Previously reviewed during security review and the audit is grandparented in.
|
|||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.isrg.audits.crunchy]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.2"
|
||||
|
||||
[[audits.isrg.audits.hmac]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.12.1"
|
||||
|
||||
[[audits.isrg.audits.num-bigint]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.4.3 -> 0.4.4"
|
||||
|
||||
[[audits.isrg.audits.num-traits]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.15 -> 0.2.16"
|
||||
|
||||
[[audits.isrg.audits.num-traits]]
|
||||
who = "Ameer Ghani <inahga@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.16 -> 0.2.17"
|
||||
|
||||
[[audits.isrg.audits.opaque-debug]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.3.0"
|
||||
|
||||
[[audits.isrg.audits.rand_chacha]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.3.1"
|
||||
|
||||
[[audits.isrg.audits.rand_core]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.6.3"
|
||||
|
||||
[[audits.isrg.audits.rayon]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.6.1 -> 1.7.0"
|
||||
|
||||
[[audits.isrg.audits.rayon]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.7.0 -> 1.8.0"
|
||||
|
||||
[[audits.isrg.audits.rayon-core]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.10.2 -> 1.11.0"
|
||||
|
||||
[[audits.isrg.audits.rayon-core]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.11.0 -> 1.12.0"
|
||||
|
||||
[[audits.isrg.audits.universal-hash]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.1"
|
||||
|
||||
[[audits.isrg.audits.universal-hash]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.5.0 -> 0.5.1"
|
||||
|
||||
[[audits.isrg.audits.untrusted]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.7.1"
|
||||
|
||||
[[audits.mozilla.wildcard-audits.unicode-normalization]]
|
||||
who = "Manish Goregaokar <manishsmail@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -672,6 +747,13 @@ delta = "0.4.18 -> 0.4.20"
|
|||
notes = "Only cfg attribute and internal macro changes and module refactorings"
|
||||
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-bigint]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.3"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-integer]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -679,6 +761,51 @@ version = "0.1.45"
|
|||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.num-traits]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.15"
|
||||
notes = "All code written or reviewed by Josh Stone."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rand_core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.6.3 -> 0.6.4"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.5.3"
|
||||
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.5.3 -> 1.6.1"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Josh Stone <jistone@redhat.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.9.3"
|
||||
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.9.3 -> 1.10.1"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rayon-core]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.10.1 -> 1.10.2"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.rustversion]]
|
||||
who = "Bobby Holley <bobbyholley@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -839,6 +966,13 @@ delta = "0.1.0 -> 0.1.1"
|
|||
notes = "Adds `#![forbid(unsafe_code)]` and license files."
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.universal-hash]]
|
||||
who = "Daira Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.4.1 -> 0.5.0"
|
||||
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
Loading…
Reference in New Issue