zcash_script/depend/zcash/qa/supply-chain/audits.toml

# cargo-vet audits file

[criteria.crypto-reviewed]
description = "The cryptographic code in this crate has been reviewed for correctness by a member of a designated set of cryptography experts within the project."

[criteria.license-reviewed]
description = "The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`."

[[audits.addr2line]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.19.0"
notes = "Only change to unsafe code is to reduce the scope of some unsafe blocks."

[[audits.aead]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.5.1"
notes = "Adds an AeadCore::generate_nonce function to generate random nonces, given a CryptoRng."

[[audits.aead]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.5.1 -> 0.5.2"

[[audits.anyhow]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.61"
notes = "Update does not introduce new code. Minor build script changes look fine."

[[audits.anyhow]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.61 -> 1.0.65"
notes = "Build script changes just alter what it is probing for; no difference in side effects."

[[audits.anyhow]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.69"

[[audits.anyhow]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.69 -> 1.0.70"

[[audits.arrayref]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.6 -> 0.3.7"

[[audits.bech32]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.1 -> 0.9.1"

[[audits.bellman]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.13.0 -> 0.13.1"
notes = "Adds multi-threaded batch validation, which I checked against the existing single-threaded batch validation."

[[audits.bellman]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.13.1 -> 0.14.0"

[[audits.bip0039]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.1"

[[audits.blake2b_simd]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.0 -> 1.0.1"
notes = "Switches to `constant_time_eq 0.2.4`, which bumps its MSRV to 1.59."

[[audits.blake2s_simd]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.0 -> 1.0.1"
notes = "Switches to `constant_time_eq 0.2.4`, which bumps its MSRV to 1.59."

[[audits.block-buffer]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.10.3 -> 0.10.4"
notes = "Adds panics to prevent a block size of zero from causing unsoundness."

[[audits.bls12_381]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.7.1"

[[audits.bls12_381]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "I previously reviewed the crypto-sensitive portions of these changes as well."

[[audits.bridgetree]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.bumpalo]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.11.1 -> 3.12.0"
notes = "Changes to `unsafe` code are to replace `mem::forget` uses with `ManuallyDrop`."

[[audits.byte-slice-cast]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.2.1 -> 1.2.2"

[[audits.bytes]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.3.0 -> 1.4.0"
notes = """
Adds a `mem::forget` as part of avoiding `Vec::into_boxed_slice` when it would reallocate.
I checked that the required semantics of `mem::forget` are maintained, but it seems like
`ManuallyDrop` should also work here and be compatible with their MSRV.
"""

[[audits.chacha20]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.8.1 -> 0.8.2"
notes = "Unpins zeroize."

[[audits.chacha20]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.9.0"

[[audits.chacha20poly1305]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.9.0 -> 0.9.1"
notes = "Unpins zeroize."

[[audits.chacha20poly1305]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.9.1 -> 0.10.1"
notes = "This mainly adapts to API changes between aead 0.4 and aead 0.5."

[[audits.cipher]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.3"
notes = "Significant rework of (mainly RustCrypto-internal) APIs."

[[audits.cipher]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.4.3 -> 0.4.4"
notes = "Adds panics to prevent a block size of zero from causing unsoundness."

[[audits.clearscreen]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.10"
notes = "Bumps nix and removes some of its default features."

[[audits.clearscreen]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"

[[audits.clearscreen]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.11 -> 2.0.0"

[[audits.clearscreen]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"

[[audits.constant_time_eq]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.2.4 -> 0.2.5"
notes = "No code changes."

[[audits.cpufeatures]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.5"
notes = "Unsafe changes just introduce `#[inline(never)]` wrappers."

[[audits.cpufeatures]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.5 -> 0.2.6"

[[audits.crossbeam-channel]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.5.6 -> 0.5.7"
notes = "Fixes wrapping overflows for large timeouts."

[[audits.crossbeam-deque]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.3"
notes = "No new code."

[[audits.crossbeam-epoch]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.9.13 -> 0.9.14"
notes = "Bumps memoffset to 0.8, and marks some BPF and Sony Vita targets as not having atomics."

[[audits.crossbeam-utils]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.8.14 -> 0.8.15"
notes = """
- Fixes a wrapping overflow for large timeouts.
- Marks some BPF and Sony Vita targets as not having atomics.
"""

[[audits.crypto-common]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.3 -> 0.1.6"
notes = "New trait and type alias look fine."

[[audits.cxx]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxx]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
notes = "Impls Unpin for SharedPtr and UniquePtr. The rationale makes sense."

[[audits.cxx]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"

[[audits.cxx]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = """
This release changes the result of the `cxxbridge` `exception` call to return
a struct containing both the pointer to an error message and its length,
instead of just the raw `*const u8`.
"""

[[audits.cxx]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"

[[audits.cxx]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.83 -> 1.0.91"
notes = """
- Buildscript change is only to bump MSRV.
- Only change to C++ side is to fix a memory leak.
"""

[[audits.cxx]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.92"

[[audits.cxx]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.92 -> 1.0.94"

[[audits.cxxbridge-flags]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"

[[audits.cxxbridge-flags]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = "This is exclusively an update to the `cxxbridge` dependency version."

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.83 -> 1.0.91"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.92"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.92 -> 1.0.94"

[[audits.cxxbridge-macro]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"

[[audits.cxxbridge-macro]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"

[[audits.cxxbridge-macro]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "1.0.78 -> 1.0.79"
notes = "This is exclusively an update to the `cxxbridge` dependency version."

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.79 -> 1.0.83"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.83 -> 1.0.91"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.92"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.92 -> 1.0.94"
notes = """
Migration to `syn 2`. I didn't check the logic, but the changes look reasonable
and I didn't notice anything that seemed like it would adversely change the
generated code.
"""

[[audits.directories]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "4.0.1 -> 5.0.0"

[[audits.dirs]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 4.0.0"
notes = "Some paths change across this upgrade (AFAICT they were bugfixes)."

[[audits.dirs-sys]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.7 -> 0.4.0"
notes = """
Changes to `unsafe` code are migrating from `winapi` to `windows-sys`. The APIs
are equivalent, with the `windows-sys` ones being slightly more type-safe.
"""

[[audits.ed25519-zebra]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.0.0 -> 3.1.0"

[[audits.either]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"

[[audits.equihash]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.equihash]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.f4jumble]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.ff]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"

[[audits.ff]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.13.0"

[[audits.fpe]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
notes = """
I am the author of this crate. This release fixes a regression bug in 0.6.0, and
was reviewed by an ECC engineer.
"""

[[audits.futures-channel]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
notes = "Atomics usage in `Stream::size_hint` impls looks fine."

[[audits.futures-channel]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.27"

[[audits.futures-channel]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
notes = "Dependency updates, and an MSRV update to Rust 1.56."

[[audits.futures-core]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
notes = "Adds optional dependency on `portable-atomic 1` that can be enabled to replace `core::sync::atomic`."

[[audits.futures-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.27"

[[audits.futures-core]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
notes = """
Adds an optimization in unsafe code (https://github.com/rust-lang/futures-rs/pull/2723).
The new code in AtomicWaker calls self.waker.get() twice assuming the same resulting pointer, but this appears to be correct because the AtomicWaker is in the required locked state.
"""

[[audits.futures-task]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"

[[audits.futures-task]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.27"

[[audits.futures-task]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.28"
notes = "Dependency updates, and an MSRV update to Rust 1.56."

[[audits.futures-task]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
notes = "Dependency updates, and an MSRV update to Rust 1.56."

[[audits.futures-util]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
notes = """
Changes to `unsafe` usage are to split `Either::project` into `Either::as_pin_ref` and
`Either::as_pin_mut`. The new code follows the old code's pattern, and also now has SAFETY
documentation.
"""

[[audits.futures-util]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
notes = """
- MSRV bumped to 1.56.
- Changes to `unsafe` code are to move a function call outside an `unsafe fn`,
  and to call the `unsafe fn` earlier. The safety requirement of being in the
  `POLLING` state appears to be preserved.
"""

[[audits.generic-array]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.14.6 -> 0.14.7"

[[audits.getrandom]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
notes = """
Checked that getrandom::wasi::getrandom_inner matches wasi::random_get.
Checked that getrandom::util_libc::Weak lock ordering matches std::sys::unix::weak::DlsymWeak.
"""

[[audits.getrandom]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"
notes = """
The new `getrandom_uninit` method is introduced by retrofitting every system
implementation to take `&mut [MaybeUninit<u8>]` instead of `&mut [u8]`.

Most implementations are only altered to update their signature, and to
internally cast the slice back to `*mut u8` when writing to it. All of these
backends appear to write bytes to the full length of the slice, so it should be
fully initialized afterwards, upholding the invariants of the new `unsafe` code
in the public APIs.

- I did not check the behaviour of each implementation's system method to ensure
  they never write uninitialized bytes; the code prior to this change already
  needed to uphold that invariant as it was writing into `&mut [u8]`.

The following system implementations have additional `unsafe` code modifications:

- `custom`: The slice is zero-filled to ensure the `MaybeUninit<u8>` doesn't
  escape into a system implementation that might not write initialized bytes
  into the entire slice. The internal API between registration and usage is also
  switched from C ABI to Rust ABI, to guard against potential panics.

- `emscripten`: New backend, implementation looks reasonable.

- `hermit`: New backend, writes incrementally to the slice, but ensures that the
  entire slice has been written to before returning `Ok(())`. I note that it is
  possible for the implementation to loop indefinitely if `sys_read_entropy`
  were to always return 0 for some reason.

- `js`: Adds chunking to limit each write to less than 2^31 (but that seems like
  a bugfix). The safety requirements for `Uint8Array::view_mut_raw` appear to be
  satisfied.

- `rdrand`: Code changes to better handle CPU families with broken RDRAND.

- `solaris_illumos`: Now uses `GRND_RANDOM`.

- `windows`: Added `RtlGenRandom` fallback for non-UWP Windows.
"""

[[audits.gimli]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.27.0 -> 0.27.2"

[[audits.group]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.12.1"

[[audits.group]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.13.0"

[[audits.halo2_gadgets]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_gadgets]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_gadgets]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.2.0 -> 0.3.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_legacy_pdqsort]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_proofs]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.2.0 -> 0.3.0"
notes = """
The ECC core team maintains this crate, and we have reviewed every line.
The crate has `deny(unsafe_code)`.
"""

[[audits.hdwallet]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.4.1"

[[audits.http]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"

[[audits.hyper]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.14.23 -> 0.14.24"
notes = """
Fixes a bug where memory was reserved based on an adversary-controllable size, before the
corresponding data was received.
"""

[[audits.hyper]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.14.25 -> 0.14.26"

[[audits.incrementalmerkletree]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
notes = "Fixes bug in calculating altitudes from tree positions on 32-bit platforms."

[[audits.incrementalmerkletree]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.4.0"
notes = "Removes `bridgetree` to a separate crate & updates Frontier representation."

[[audits.indexmap]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.1"
notes = "I'm satisfied that the assertion guarding the new unsafe block is correct."

[[audits.indexmap]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.9.2 -> 1.9.3"

[[audits.inout]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "Reviewed in full."

[[audits.ipnet]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "2.5.0 -> 2.7.1"

[[audits.ipnet]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.7.1 -> 2.7.2"

[[audits.itoa]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.3"
notes = "Update makes no changes to code."

[[audits.itoa]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.5 -> 1.0.6"

[[audits.js-sys]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.3.60 -> 0.3.61"
notes = """
- Adds `i64` variants of existing `Atomics` methods, which I checked them against.
- Adds `Array.length` setter and `Intl.RelativeTimeFormat`; I checked these against their
  MDN documentation.
"""

[[audits.jubjub]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.0"
notes = "I previously reviewed the crypto-sensitive portions of these changes as well."

[[audits.libm]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.5"

[[audits.libm]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.5 -> 0.2.6"

[[audits.link-cplusplus]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.6 -> 1.0.7"

[[audits.link-cplusplus]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.7 -> 1.0.8"

[[audits.lock_api]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.7 -> 0.4.9"
notes = "The unsafe changes fix soundness bugs. The unsafe additions in the new ArcMutexGuard::into_arc method seem fine, but it should probably have used ManuallyDrop instead of mem::forget."

[[audits.log]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.16 -> 0.4.17"
notes = "I confirmed that the unsafe transmutes are fine; NonZeroU128 and NonZeroI128 are `#[repr(transparent)]` wrappers around u128 and i128 respectively."

[[audits.maybe-rayon]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.1"

[[audits.memuse]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "Exposes an existing macro. Note that I am the author of the crate."

[[audits.metrics]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.1"

[[audits.metrics-exporter-prometheus]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.0"

[[audits.metrics-macros]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.0"

[[audits.metrics-util]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.14.0"

[[audits.mio]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.4"
notes = """
Migrates from winapi to windows-sys. The changes to API usage look reasonable
based on what I've seen in other uses of the windows-sys crate. Unsafe code
falls into two categories:
- Usage of `mem::zeroed()`, which doesn't look obviously wrong. The
  `..unsafe { mem::zeroed() }` in `sys::unix::selector::kqueue` looks weird
  but AFAICT is saying \"take any unspecified fields from an instance of this
  struct that has been zero-initialized\", which is fine for integer fields. It
  would be nice if there was documentation to this effect (explaining why this
  is done instead of `..Default::default()`).
- Calls to Windows API methods. These are either pre-existing (and altered for
  the differences in the crate abstractions), or newly added in logic that
  appears to be copied from miow 0.3.6 (I scanned this by eye and didn't see
  any noteworthy changes other than handling windows-sys API differences).
"""

[[audits.mio]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.5"
notes = "The only unsafe changes are in epoll_create1 failure cases. Usage of epoll_create and fcntl looks fine; it is vulnerable to a race condition in multithreaded programs that fork child processes, but epoll_create1 is how you avoid this problem. See the discussion of the O_CLOEXEC flag in the open(2) man page for details."

[[audits.mio]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.8.6"
notes = """
New `unsafe` usages:
- `NonZeroU8::new_unchecked`: I verified the constant is non-zero.
- Additional `syscall!(close(socket))` calls before returning errors.
"""

[[audits.nix]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.26.1 -> 0.26.2"
notes = "Fixes `SockaddrIn6` endianness bug."

[[audits.num-integer]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
notes = "Fixes some argument-handling panic bugs."

[[audits.num_cpus]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.0"

[[audits.object]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.30.1 -> 0.30.2"

[[audits.object]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.30.2 -> 0.30.3"

[[audits.once_cell]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.17.0 -> 1.17.1"
notes = """
Small refactor that reduces the overall amount of `unsafe` code. The new strict provenance
approach looks reasonable.
"""

[[audits.orchard]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.orchard]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.orchard]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.3.0"

[[audits.orchard]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.3.0 -> 0.4.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.orchard]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.4.0 -> 0.5.0"
notes = "Updated to use incrementalmerkletree version 0.4.0."

[[audits.pairing]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.22.0 -> 0.23.0"

[[audits.parity-scale-codec]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.2.1 -> 3.4.0"
notes = "No new code, just refactoring to remove the `full` feature flag."

[[audits.parity-scale-codec-derive]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "3.1.3 -> 3.1.4"
notes = """
- Bumps `syn` minimum version.
- Fixes `max_encoded_len()` to pay attention to `#[codec(skip)]` attribute.
"""

[[audits.parking_lot]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.11.2 -> 0.12.1"
notes = "Most `unsafe {}` changes were to reduce the scope of the unsafe blocks. I didn't closely review the migration to the asm! macro but it looks reasonable."

[[audits.parking_lot_core]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.9.3"

[[audits.parking_lot_core]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.5 -> 0.9.6"

[[audits.parking_lot_core]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.6 -> 0.9.7"

[[audits.pasta_curves]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"

[[audits.pasta_curves]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.1"

[[audits.pbkdf2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.9.0 -> 0.10.1"

[[audits.phf]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.11.1"
notes = """
Mostly modernisation, migrating to `PhfBorrow`, and making more things `&'static`.
No unsafe code in the new `OrderedMap` and `OrderedSet` types.
"""

[[audits.phf_codegen]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.11.1"
notes = "New codegen and changes to existing codegen look fine."

[[audits.phf_generator]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.11.1"
notes = "Just dependency and edition bumps and code formatting."

[[audits.phf_shared]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.11.1"
notes = """
Adds `uncased` dependency, and newly generates unsafe code to transmute `&'static str`
into `&'static UncasedStr`. I verified that `UncasedStr` is a `#[repr(transparent)]`
newtype around `str`.
"""

[[audits.poly1305]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.2 -> 0.8.0"
notes = "Changes to unsafe (avx2) code look reasonable."

[[audits.proc-macro-crate]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.2.1 -> 1.3.0"
notes = "Migrates from `toml` to `toml_edit`."

[[audits.proc-macro-crate]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.3.0 -> 1.3.1"
notes = "Bumps MSRV to 1.60."

[[audits.proc-macro2]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.41"

[[audits.proc-macro2]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.49 -> 1.0.51"

[[audits.proc-macro2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.51 -> 1.0.52"

[[audits.proc-macro2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.54 -> 1.0.56"

[[audits.quanta]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.1"

[[audits.quote]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.23 -> 1.0.26"

[[audits.rand_xorshift]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.0"

[[audits.raw-cpuid]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "10.6.0 -> 10.6.1"

[[audits.raw-cpuid]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "10.6.1 -> 10.7.0"
notes = """
Appears to be a move-only change in display code to expose an internal API.
I did not verify that the change was move-only, but there is no unsafe code affected.
"""

[[audits.reddsa]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.5.0"

[[audits.redjubjub]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
version = "0.7.0"
notes = """
This crate is a thin wrapper around the `reddsa` crate, which I did not review. I also
did not review tests or verify test vectors.

The comment on `batch::Verifier::verify` has an error in the batch verification equation,
filed as https://github.com/ZcashFoundation/redjubjub/issues/163 . It does not affect the
implementation which just delegates to `reddsa`. `reddsa` has the same comment bug filed as
https://github.com/ZcashFoundation/reddsa/issues/52 , but its batch verification implementation
is correct. (I checked the latter against https://zips.z.cash/protocol/protocol.pdf#reddsabatchvalidate
which has had previous cryptographic review by NCC group; see finding NCC-Zcash2018-009 in
https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Zcash2018_Public_Report_2019-01-30_v1.3.pdf ).
"""

[[audits.regex]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.7.1"

[[audits.regex]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.7.1 -> 1.7.3"

[[audits.regex-syntax]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.6.28 -> 0.6.29"

[[audits.rustc-demangle]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.21 -> 0.1.22"

[[audits.rustc-demangle]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.22 -> 0.1.23"

[[audits.ryu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.12 -> 1.0.13"

[[audits.serde]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps serde-derive and adds some constructors."

[[audits.serde]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.145"

[[audits.serde]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.155 -> 1.0.156"

[[audits.serde]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.159 -> 1.0.160"

[[audits.serde_derive]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps syn, inverts some build flags."

[[audits.serde_derive]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.143 -> 1.0.145"

[[audits.serde_derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.155 -> 1.0.156"

[[audits.serde_derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.159 -> 1.0.160"

[[audits.serde_json]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.95 -> 1.0.96"

[[audits.sketches-ddsketch]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
notes = "I did not review the refactor, but there are no unsafe blocks and I didn't see any obvious changes that could result in panics."

[[audits.sketches-ddsketch]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"

[[audits.syn]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.98"

[[audits.syn]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.102 -> 1.0.104"

[[audits.syn]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.102 -> 1.0.107"

[[audits.syn]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.107 -> 1.0.109"
notes = "Fixes string literal parsing to only skip specified whitespace characters."

[[audits.syn]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.11 -> 2.0.13"

[[audits.syn]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.13 -> 2.0.15"

[[audits.terminfo]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.7.3 -> 0.7.5"
notes = "Just dependency and edition updates."

[[audits.thiserror]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Bumps thiserror-impl, no code changes."

[[audits.thiserror]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.32 -> 1.0.37"
notes = "The new build script invokes rustc to determine whether it supports the Provider API. The only side-effect is it overwrites `$OUT_DIR/probe.rs`, which is fine because it is unique to the thiserror package."

[[audits.thiserror-impl]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Only change is to refine an error message."

[[audits.thiserror-impl]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.32 -> 1.0.37"
notes = "Proc macro changes migrating to the Provider API look fine."

[[audits.thread_local]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.1.4 -> 1.1.7"
notes = """
New `unsafe` usage:
- An extra `deallocate_bucket`, to replace a `Mutex::lock` with a `compare_exchange`.
- Setting and getting a `#[thread_local] static mut Option<Thread>` on nightly.
"""

[[audits.time-macros]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.6"

[[audits.time-macros]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.7 -> 0.2.8"
notes = """
- Only new `unsafe` code takes a `NonZeroU16` at proc-macro evaluation time and hard-codes
  its contents into a `NonZeroU16::new_unchecked` constructor, which is safe.
- Bumps MSRV to 1.63.
"""

[[audits.tinyvec_macros]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
notes = "Adds `#![forbid(unsafe_code)]` and license files."

[[audits.toml_datetime]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.5.1"
notes = "Crate has `#![forbid(unsafe_code)]`, no `unwrap / expect / panic`, no ambient capabilities."

[[audits.toml_datetime]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.1"
notes = "Fixes a bug in parsing negative minutes in datetime string offsets."

[[audits.toml_edit]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.19.7 -> 0.19.8"

[[audits.try-lock]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
notes = "Fixes unsoundness."

[[audits.uint]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.4 -> 0.9.5"

[[audits.unicode-ident]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "1.0.2"

[[audits.unicode-ident]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.6 -> 1.0.8"

[[audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."

[[audits.wasm-bindgen-shared]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.83 -> 0.2.84"
notes = "Bumps the schema version to add `linked_modules`."

[[audits.which]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "4.3.0 -> 4.4.0"
notes = "New APIs are remixes of existing code."

[[audits.windows-targets]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"

[[audits.windows_aarch64_gnullvm]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_aarch64_gnullvm]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_aarch64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_aarch64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_aarch64_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_i686_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_i686_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_i686_gnu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_i686_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_i686_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_i686_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_x86_64_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_x86_64_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_x86_64_gnu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_x86_64_gnullvm]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_x86_64_gnullvm]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.windows_x86_64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_x86_64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = """
This is a Windows API bindings library maintained by Microsoft themselves.
Changes are to a bundled binary library; it looks like these were accidentally left out of 0.42.0.
"""

[[audits.windows_x86_64_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."

[[audits.wyz]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.1"
notes = "Only change to unsafe code is to extract a drop impl into a method. I note however that most of the changes in the published 0.5.1 are not present in the v0.5.1 tag on the GitHub repository."

[[audits.zcash_address]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_address]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"

[[audits.zcash_address]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_address]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.2.1 -> 0.3.0"
notes = "Updates the bs58 dependency to version 0.5."

[[audits.zcash_encoding]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_encoding]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"

[[audits.zcash_history]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_note_encryption]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_note_encryption]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"

[[audits.zcash_note_encryption]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.2.0 -> 0.3.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_note_encryption]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.3.0 -> 0.4.0"
notes = "A minor API change that removes some unused parameters."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.6.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.1"

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.1 -> 0.9.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.9.1 -> 0.10.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.10.0 -> 0.10.1"
notes = """
The ECC core team maintains this crate, and we have reviewed every line.
This point release temporarily re-exposes some constructors.
"""

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.10.1 -> 0.10.2"
notes = """
The ECC core team maintains this crate, and we have reviewed every line.
This point release temporarily re-exposes a constructor.
"""

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.10.2 -> 0.11.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.11.0 -> 0.12.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.6.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.7.0 -> 0.7.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.9.0"

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.9.0 -> 0.10.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.10.0 -> 0.11.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Kris Nuttycombe <kris@nutty.land>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "0.11.0 -> 0.12.0"
notes = "The only change is that the zcash_primitives dependency has been updated to version 0.12."

[[audits.zeroize]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.4.3 -> 1.5.7"
notes = "The zeroize_c_string unit test has UB, but that's very unlikely to cause a problem in practice."

[[audits.zeroize]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.5.7 -> 1.6.0"

[[audits.zeroize_derive]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 1.3.3"
notes = "Removes `T: Drop` bound from `impl<T: Zeroize> Drop for SomeType<T>`. I agree it was unnecessary."

[[audits.zeroize_derive]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.3.3 -> 1.4.1"

[[audits.zeroize_derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.4.1 -> 1.4.2"