diff --git a/.github/workflows/cargo-vet.yml b/.github/workflows/cargo-vet.yml deleted file mode 100644 index 2e062508..00000000 --- a/.github/workflows/cargo-vet.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Cargo vet dependencies -on: - push: - branches: - - main - pull_request: - -jobs: - cargo-vet: - name: cargo_vet - runs-on: ubuntu-latest - env: - CARGO_VET_VERSION: 0.9.0 - steps: - - uses: actions/checkout@v6 - - name: Install Rust - run: rustup update stable && rustup default stable - - uses: actions/cache@v5 - with: - path: ${{ runner.tool_cache }}/cargo-vet - key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }} - - name: Add the tool cache directory to the search path - run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH - - name: Ensure that the tool cache is populated with the cargo-vet binary - run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} --locked cargo-vet - - name: Invoke cargo-vet - run: cargo vet --locked diff --git a/Makefile b/Makefile index e9d14ce0..dbab1500 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ test-wasi-targets test-wasip1-targets test-wasip2-targets wasi-targets \ lint-native-targets test-native-targets test-native-targets-ci native-targets \ test-wpt test-wpt-ci test-all clean cli build-default-plugin build-test-plugins \ - vet ci + ci .DEFAULT_GOAL := cli # === Format checks === @@ -112,14 +112,11 @@ test-all: wasi-targets native-targets test-wpt clean: cargo clean -vet: - cargo vet --locked - # Intended to simulate what the GitHub Actions CI workflow will run. # We don't invoke this directly because we often run out of disk space in # GitHub Actions if we try to compile native targets in the same workflow as # WASI targets so we have to use a multi-step process in GitHub to avoid that. -ci: lint-wasi-targets lint-native-targets vet test-all +ci: lint-wasi-targets lint-native-targets test-all # First, build the default plugin, which is a dependency to the CLI. # No need to run `javy_plugin_processing`, the CLI build.rs will take diff --git a/docs/docs-contributing-developing.md b/docs/docs-contributing-developing.md index f1b166f4..efc5a333 100644 --- a/docs/docs-contributing-developing.md +++ b/docs/docs-contributing-developing.md @@ -2,4 +2,3 @@ - `wasmtime-cli`, can be installed via `cargo install wasmtime-cli` - `cargo-hack`, can be installed via `cargo +stable install cargo-hack --locked` -- `cargo-vet`, can be installed via `cargo install --version 0.9.0 cargo-vet --locked` diff --git a/docs/docs-contributing-testing-locally.md b/docs/docs-contributing-testing-locally.md index 940062c3..469b7f39 100644 --- a/docs/docs-contributing-testing-locally.md +++ b/docs/docs-contributing-testing-locally.md @@ -17,15 +17,3 @@ cargo +stable install cargo-hack --locked ``` make fmt tests ``` - -4. If adding new dependencies, vet the dependencies - -``` -cargo vet -``` - -If this fails, follow on-screen instructions to trust any dependencies it suggests trusting. If `cargo vet` still fails after trusting those dependencies, then run: - -``` -cargo vet regenerate exemptions -``` diff --git a/docs/docs-contributing.md b/docs/docs-contributing.md index 3cf32568..435b4787 100644 --- a/docs/docs-contributing.md +++ b/docs/docs-contributing.md @@ -54,15 +54,6 @@ version `3.0.0` has not been published yet so version `3.0.0` can contain a mixture of additive and breaking changes from the last `2.x.x` version published. -## cargo vet - -We use [cargo vet](https://mozilla.github.io/cargo-vet/) to audit dependencies -for the project. If you need to change or add dependencies, please try to use -a dependency that has been audited by one one of the audits we import or is -published by one of the authors we trust (sunfishcode, dtolnay, Amanieu, -cuviper). This is preferable to adding new exemptions for the project. Do not -add new audits for crates that are not in this project. - ## Web platform tests (WPT) We run a subset of the web platform test suite during continuous integration. We diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml deleted file mode 100644 index c2b61a08..00000000 --- a/supply-chain/audits.toml +++ /dev/null @@ -1,919 +0,0 @@ - -# cargo-vet audits file - -[[audits.javy]] -who = "Jeff Charles " -criteria = "safe-to-deploy" -version = "1.0.0" - -[[trusted.aho-corasick]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-03-28" -end = "2027-03-02" - -[[trusted.ambient-authority]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2021-04-14" -end = "2024-07-25" - -[[trusted.anstream]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-03-16" -end = "2026-12-02" - -[[trusted.anstyle]] -criteria = "safe-to-run" -user-id = 6743 # Ed Page (epage) -start = "2022-05-18" -end = "2024-10-26" - -[[trusted.anstyle]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2022-05-18" -end = "2026-12-02" - -[[trusted.anstyle-parse]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-03-08" -end = "2025-07-02" - -[[trusted.anstyle-query]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-04-13" -end = "2026-12-02" - -[[trusted.anstyle-wincon]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-03-08" -end = "2026-12-02" - -[[trusted.anyhow]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-10-05" -end = "2027-02-09" - -[[trusted.async-trait]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-07-23" -end = "2026-12-02" - -[[trusted.bstr]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-04-02" -end = "2024-10-03" - -[[trusted.byteorder]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-06-09" -end = "2024-10-03" - -[[trusted.bytes]] -criteria = "safe-to-deploy" -user-id = 6741 # Alice Ryhl (Darksonn) -start = "2021-01-11" -end = "2026-10-06" - -[[trusted.cap-fs-ext]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-12-11" -end = "2026-03-03" - -[[trusted.cap-net-ext]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2023-04-07" -end = "2025-01-03" - -[[trusted.cap-primitives]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-08-07" -end = "2026-03-03" - -[[trusted.cap-rand]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-09-24" -end = "2025-01-03" - -[[trusted.cap-std]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-06-25" -end = "2026-03-03" - -[[trusted.cap-time-ext]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-09-21" -end = "2026-03-03" - -[[trusted.cc]] -criteria = "safe-to-deploy" -user-id = 2915 # Amanieu d'Antras (Amanieu) -start = "2024-02-20" -end = "2025-03-01" - -[[trusted.clap]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2021-12-08" -end = "2026-08-05" - -[[trusted.clap_builder]] -criteria = "safe-to-run" -user-id = 6743 # Ed Page (epage) -start = "2023-03-28" -end = "2024-10-26" - -[[trusted.clap_builder]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-03-28" -end = "2026-08-05" - -[[trusted.clap_derive]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2021-12-08" -end = "2026-08-05" - -[[trusted.clap_lex]] -criteria = "safe-to-run" -user-id = 6743 # Ed Page (epage) -start = "2022-04-15" -end = "2024-10-26" - -[[trusted.clap_lex]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2022-04-15" -end = "2026-12-02" - -[[trusted.colorchoice]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-04-13" -end = "2025-07-02" - -[[trusted.cranelift-bitset]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-07-22" -end = "2025-10-31" - -[[trusted.csv]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-04-05" -end = "2024-10-03" - -[[trusted.csv-core]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-06-26" -end = "2024-10-03" - -[[trusted.cxx]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-12-28" -end = "2026-12-02" - -[[trusted.cxx-build]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2020-04-30" -end = "2026-12-02" - -[[trusted.cxxbridge-flags]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2020-08-30" -end = "2026-12-02" - -[[trusted.cxxbridge-macro]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2020-01-08" -end = "2026-12-02" - -[[trusted.env_filter]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2024-01-19" -end = "2027-03-02" - -[[trusted.env_logger]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2022-11-24" -end = "2027-03-02" - -[[trusted.equivalent]] -criteria = "safe-to-deploy" -user-id = 539 # Josh Stone (cuviper) -start = "2023-02-05" -end = "2024-10-03" - -[[trusted.errno]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2023-08-29" -end = "2026-04-08" - -[[trusted.fd-lock]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2022-01-21" -end = "2025-01-03" - -[[trusted.fs-set-times]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-09-15" -end = "2027-01-06" - -[[trusted.gimli]] -criteria = "safe-to-deploy" -user-id = 4415 # Philip Craig (philipc) -start = "2019-04-25" -end = "2027-03-02" - -[[trusted.glob]] -criteria = "safe-to-deploy" -user-id = 55123 # rust-lang-owner -start = "2023-01-06" -end = "2026-10-28" - -[[trusted.hashbrown]] -criteria = "safe-to-deploy" -user-id = 2915 # Amanieu d'Antras (Amanieu) -start = "2019-04-02" -end = "2024-10-03" - -[[trusted.http]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2019-04-05" -end = "2024-10-26" - -[[trusted.http-body-util]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2022-10-25" -end = "2024-10-26" - -[[trusted.httparse]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2019-07-03" -end = "2024-10-26" - -[[trusted.hyper]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2019-03-01" -end = "2024-10-26" - -[[trusted.hyper-tls]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2019-03-19" -end = "2024-10-27" - -[[trusted.hyper-util]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2022-01-15" -end = "2024-12-01" - -[[trusted.indexmap]] -criteria = "safe-to-deploy" -user-id = 539 # Josh Stone (cuviper) -start = "2020-01-15" -end = "2026-01-07" - -[[trusted.io-extras]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2021-11-09" -end = "2026-03-03" - -[[trusted.io-lifetimes]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2021-06-12" -end = "2027-01-06" - -[[trusted.is-terminal]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2022-01-22" -end = "2025-04-16" - -[[trusted.is_terminal_polyfill]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2024-05-02" -end = "2026-12-02" - -[[trusted.itoa]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-05-02" -end = "2024-07-12" - -[[trusted.js-sys]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2025-01-03" - -[[trusted.libc]] -criteria = "safe-to-deploy" -user-id = 2915 # Amanieu d'Antras (Amanieu) -start = "2021-01-27" -end = "2024-07-25" - -[[trusted.libc]] -criteria = "safe-to-deploy" -user-id = 51017 -start = "2020-03-17" -end = "2024-10-30" - -[[trusted.libc]] -criteria = "safe-to-deploy" -user-id = 55123 # rust-lang-owner -start = "2024-08-15" -end = "2027-03-02" - -[[trusted.libfuzzer-sys]] -criteria = "safe-to-deploy" -user-id = 696 # Nick Fitzgerald (fitzgen) -start = "2020-01-14" -end = "2027-03-02" - -[[trusted.libm]] -criteria = "safe-to-deploy" -user-id = 55123 # rust-lang-owner -start = "2024-10-26" -end = "2027-03-02" - -[[trusted.link-cplusplus]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2020-01-24" -end = "2026-12-02" - -[[trusted.linux-raw-sys]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2021-06-12" -end = "2026-04-08" - -[[trusted.memchr]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-07-07" -end = "2027-03-02" - -[[trusted.num-traits]] -criteria = "safe-to-deploy" -user-id = 539 # Josh Stone (cuviper) -start = "2019-05-20" -end = "2024-07-12" - -[[trusted.num_cpus]] -criteria = "safe-to-deploy" -user-id = 359 -start = "2019-06-10" -end = "2024-10-26" - -[[trusted.once_cell_polyfill]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2025-05-22" -end = "2026-12-02" - -[[trusted.paste]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-03-19" -end = "2024-07-12" - -[[trusted.prettyplease]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2022-01-04" -end = "2026-12-02" - -[[trusted.proc-macro-hack]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-04-16" -end = "2024-07-12" - -[[trusted.proc-macro2]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-04-23" -end = "2026-03-03" - -[[trusted.quickcheck]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-05-13" -end = "2027-03-02" - -[[trusted.quote]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-04-09" -end = "2026-03-03" - -[[trusted.rayon]] -criteria = "safe-to-deploy" -user-id = 539 # Josh Stone (cuviper) -start = "2019-06-13" -end = "2024-07-12" - -[[trusted.rayon-core]] -criteria = "safe-to-deploy" -user-id = 539 # Josh Stone (cuviper) -start = "2019-06-13" -end = "2024-07-12" - -[[trusted.ref-cast]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-05-05" -end = "2026-12-02" - -[[trusted.ref-cast-impl]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-05-05" -end = "2026-12-02" - -[[trusted.regex]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-02-27" -end = "2027-03-02" - -[[trusted.regex-automata]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-02-25" -end = "2027-03-02" - -[[trusted.regex-syntax]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-03-30" -end = "2027-03-02" - -[[trusted.rustix]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2021-10-29" -end = "2027-01-06" - -[[trusted.rustversion]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-07-08" -end = "2026-12-02" - -[[trusted.ryu]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-05-02" -end = "2026-12-02" - -[[trusted.same-file]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-07-16" -end = "2024-10-03" - -[[trusted.scopeguard]] -criteria = "safe-to-deploy" -user-id = 2915 # Amanieu d'Antras (Amanieu) -start = "2020-02-16" -end = "2024-07-12" - -[[trusted.scratch]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2020-09-17" -end = "2026-12-02" - -[[trusted.seq-macro]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-03-01" -end = "2026-10-06" - -[[trusted.serde]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-03-01" -end = "2026-01-07" - -[[trusted.serde_bytes]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-02-25" -end = "2024-07-12" - -[[trusted.serde_core]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2025-09-13" -end = "2026-10-06" - -[[trusted.serde_derive]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-03-01" -end = "2026-01-07" - -[[trusted.serde_json]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-02-28" -end = "2027-01-06" - -[[trusted.serde_spanned]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-01-20" -end = "2025-05-02" - -[[trusted.serde_yaml]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-05-02" -end = "2026-12-02" - -[[trusted.slab]] -criteria = "safe-to-deploy" -user-id = 6741 # Alice Ryhl (Darksonn) -start = "2021-10-13" -end = "2026-07-18" - -[[trusted.smallvec]] -criteria = "safe-to-deploy" -user-id = 2017 -start = "2019-10-28" -end = "2025-01-03" - -[[trusted.syn]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-03-01" -end = "2026-09-04" - -[[trusted.system-interface]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2020-10-27" -end = "2025-01-03" - -[[trusted.target-lexicon]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2019-03-06" -end = "2026-03-03" - -[[trusted.termcolor]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-06-04" -end = "2024-10-03" - -[[trusted.thiserror]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-10-09" -end = "2026-09-02" - -[[trusted.thiserror-impl]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2019-10-09" -end = "2026-09-02" - -[[trusted.tokio]] -criteria = "safe-to-deploy" -user-id = 10 -start = "2019-03-02" -end = "2026-04-09" - -[[trusted.tokio]] -criteria = "safe-to-deploy" -user-id = 6741 # Alice Ryhl (Darksonn) -start = "2020-12-25" -end = "2027-01-06" - -[[trusted.tokio-macros]] -criteria = "safe-to-deploy" -user-id = 10 -start = "2019-04-24" -end = "2024-12-04" - -[[trusted.tokio-macros]] -criteria = "safe-to-deploy" -user-id = 6741 # Alice Ryhl (Darksonn) -start = "2020-10-26" -end = "2026-12-02" - -[[trusted.toml]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2022-12-14" -end = "2026-12-02" - -[[trusted.toml_datetime]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2022-10-21" -end = "2026-10-28" - -[[trusted.toml_edit]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2021-09-13" -end = "2026-10-28" - -[[trusted.toml_parser]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2025-07-08" -end = "2026-10-28" - -[[trusted.toml_writer]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2025-07-08" -end = "2026-12-02" - -[[trusted.unicode-ident]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2021-10-02" -end = "2026-12-02" - -[[trusted.unsafe-libyaml]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2022-07-03" -end = "2026-12-02" - -[[trusted.walkdir]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2019-06-09" -end = "2024-10-03" - -[[trusted.wasi]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2020-06-03" -end = "2026-02-03" - -[[trusted.wasi-common]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2020-07-16" -end = "2025-10-31" - -[[trusted.wasm-bindgen]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2025-01-03" - -[[trusted.wasm-bindgen-backend]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2026-04-08" - -[[trusted.wasm-bindgen-macro]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2025-01-03" - -[[trusted.wasm-bindgen-macro-support]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2026-04-08" - -[[trusted.wasm-bindgen-shared]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2026-04-08" - -[[trusted.wasm-encoder]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2025-05-02" - -[[trusted.wasm-metadata]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2026-08-21" - -[[trusted.wasmparser]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2026-06-02" - -[[trusted.wasmprinter]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2025-03-01" - -[[trusted.wasmtime-component-macro]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2024-10-09" -end = "2025-10-31" - -[[trusted.wasmtime-environ]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2020-07-16" -end = "2025-10-31" - -[[trusted.wasmtime-fiber]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2021-06-09" -end = "2025-10-31" - -[[trusted.wasmtime-jit-debug]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2024-10-09" -end = "2025-10-31" - -[[trusted.wasmtime-slab]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-03-20" -end = "2025-05-02" - -[[trusted.wasmtime-versioned-export-macros]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-08-21" -end = "2026-03-03" - -[[trusted.web-sys]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2019-03-04" -end = "2025-04-16" - -[[trusted.wiggle]] -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2020-07-16" -end = "2025-10-31" - -[[trusted.winapi-util]] -criteria = "safe-to-deploy" -user-id = 189 # Andrew Gallant (BurntSushi) -start = "2020-01-11" -end = "2027-03-02" - -[[trusted.windows-core]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-11-15" -end = "2025-01-03" - -[[trusted.windows-link]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2024-07-17" -end = "2026-09-02" - -[[trusted.windows-sys]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-11-15" -end = "2026-09-02" - -[[trusted.windows-targets]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-09" -end = "2026-09-02" - -[[trusted.windows_aarch64_gnullvm]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-01" -end = "2026-09-02" - -[[trusted.windows_aarch64_msvc]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-11-05" -end = "2026-09-02" - -[[trusted.windows_i686_gnu]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-10-28" -end = "2026-09-02" - -[[trusted.windows_i686_gnullvm]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2024-04-02" -end = "2026-09-02" - -[[trusted.windows_i686_msvc]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-10-27" -end = "2026-09-02" - -[[trusted.windows_x86_64_gnu]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-10-28" -end = "2026-09-02" - -[[trusted.windows_x86_64_gnullvm]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-01" -end = "2026-09-02" - -[[trusted.windows_x86_64_msvc]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2021-10-27" -end = "2026-09-02" - -[[trusted.winnow]] -criteria = "safe-to-deploy" -user-id = 6743 # Ed Page (epage) -start = "2023-02-22" -end = "2026-10-28" - -[[trusted.winx]] -criteria = "safe-to-deploy" -user-id = 6825 # Dan Gohman (sunfishcode) -start = "2019-08-20" -end = "2025-01-02" - -[[trusted.wit-component]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2026-08-21" - -[[trusted.wit-parser]] -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2025-03-01" - -[[trusted.wizer]] -criteria = "safe-to-deploy" -user-id = 696 # Nick Fitzgerald (fitzgen) -start = "2021-01-07" -end = "2026-03-03" - -[[trusted.zmij]] -criteria = "safe-to-deploy" -user-id = 3618 # David Tolnay (dtolnay) -start = "2025-12-18" -end = "2027-01-06" diff --git a/supply-chain/config.toml b/supply-chain/config.toml deleted file mode 100644 index 1856d540..00000000 --- a/supply-chain/config.toml +++ /dev/null @@ -1,870 +0,0 @@ - -# cargo-vet config file - -[cargo-vet] -version = "0.9" - -[imports.bytecode-alliance] -url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" - -[imports.embark-studios] -url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml" - -[imports.fermyon] -url = "https://raw.githubusercontent.com/fermyon/spin/main/supply-chain/audits.toml" - -[imports.google] -url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml" - -[imports.isrg] -url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" - -[imports.mozilla] -url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" - -[policy.javy] -audit-as-crates-io = false - -[policy.javy-codegen] -audit-as-crates-io = false - -[policy.javy-plugin] -audit-as-crates-io = false - -[policy.javy-plugin-api] -audit-as-crates-io = false - -[policy.javy-plugin-processing] -audit-as-crates-io = false - -[[exemptions.addr2line]] -version = "0.19.0" -criteria = "safe-to-deploy" - -[[exemptions.ahash]] -version = "0.8.12" -criteria = "safe-to-deploy" - -[[exemptions.alloc-no-stdlib]] -version = "2.0.4" -criteria = "safe-to-deploy" - -[[exemptions.alloc-stdlib]] -version = "0.2.2" -criteria = "safe-to-deploy" - -[[exemptions.arbitrary-json]] -version = "0.1.1" -criteria = "safe-to-deploy" - -[[exemptions.ast_node]] -version = "5.0.0" -criteria = "safe-to-deploy" - -[[exemptions.autocfg]] -version = "1.5.0" -criteria = "safe-to-deploy" - -[[exemptions.base64-simd]] -version = "0.8.0" -criteria = "safe-to-deploy" - -[[exemptions.better_scoped_tls]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.bindgen]] -version = "0.72.1" -criteria = "safe-to-deploy" - -[[exemptions.bitflags]] -version = "2.11.0" -criteria = "safe-to-deploy" - -[[exemptions.bitvec]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.block-buffer]] -version = "0.10.4" -criteria = "safe-to-deploy" - -[[exemptions.brotli]] -version = "8.0.2" -criteria = "safe-to-deploy" - -[[exemptions.brotli-decompressor]] -version = "5.0.0" -criteria = "safe-to-deploy" - -[[exemptions.bytes-str]] -version = "0.2.7" -criteria = "safe-to-deploy" - -[[exemptions.camino]] -version = "1.2.1" -criteria = "safe-to-deploy" - -[[exemptions.cargo-platform]] -version = "0.1.9" -criteria = "safe-to-deploy" - -[[exemptions.cc]] -version = "1.2.44" -criteria = "safe-to-deploy" - -[[exemptions.clang-sys]] -version = "1.8.1" -criteria = "safe-to-deploy" - -[[exemptions.codespan-reporting]] -version = "0.13.1" -criteria = "safe-to-deploy" - -[[exemptions.console]] -version = "0.15.11" -criteria = "safe-to-run" - -[[exemptions.convert_case]] -version = "0.10.0" -criteria = "safe-to-deploy" - -[[exemptions.cpp_demangle]] -version = "0.4.5" -criteria = "safe-to-deploy" - -[[exemptions.cpufeatures]] -version = "0.2.17" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-assembler-x64]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-assembler-x64-meta]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-bforest]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-bitset]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-codegen]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-codegen-meta]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-codegen-shared]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-control]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-entity]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-frontend]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-isle]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-native]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.cranelift-srcgen]] -version = "0.129.1" -criteria = "safe-to-deploy" - -[[exemptions.crc32fast]] -version = "1.5.0" -criteria = "safe-to-deploy" - -[[exemptions.crossbeam-deque]] -version = "0.8.6" -criteria = "safe-to-deploy" - -[[exemptions.crossbeam-epoch]] -version = "0.9.18" -criteria = "safe-to-deploy" - -[[exemptions.crossbeam-utils]] -version = "0.8.20" -criteria = "safe-to-deploy" - -[[exemptions.darling]] -version = "0.20.11" -criteria = "safe-to-deploy" - -[[exemptions.darling_core]] -version = "0.20.11" -criteria = "safe-to-deploy" - -[[exemptions.darling_macro]] -version = "0.20.11" -criteria = "safe-to-deploy" - -[[exemptions.data-encoding]] -version = "2.9.0" -criteria = "safe-to-deploy" - -[[exemptions.derive_builder]] -version = "0.20.2" -criteria = "safe-to-deploy" - -[[exemptions.derive_builder_core]] -version = "0.20.2" -criteria = "safe-to-deploy" - -[[exemptions.derive_builder_macro]] -version = "0.20.2" -criteria = "safe-to-deploy" - -[[exemptions.digest]] -version = "0.10.6" -criteria = "safe-to-deploy" - -[[exemptions.directories-next]] -version = "2.0.0" -criteria = "safe-to-deploy" - -[[exemptions.dirs-sys-next]] -version = "0.1.2" -criteria = "safe-to-deploy" - -[[exemptions.dragonbox_ecma]] -version = "0.1.0" -criteria = "safe-to-deploy" - -[[exemptions.encode_unicode]] -version = "1.0.0" -criteria = "safe-to-run" - -[[exemptions.fallible-iterator]] -version = "0.2.0" -criteria = "safe-to-deploy" - -[[exemptions.fd-lock]] -version = "4.0.4" -criteria = "safe-to-deploy" - -[[exemptions.find-msvc-tools]] -version = "0.1.0" -criteria = "safe-to-deploy" - -[[exemptions.float-cmp]] -version = "0.10.0" -criteria = "safe-to-deploy" - -[[exemptions.from_variant]] -version = "3.0.0" -criteria = "safe-to-deploy" - -[[exemptions.funty]] -version = "2.0.0" -criteria = "safe-to-deploy" - -[[exemptions.futures-task]] -version = "0.3.21" -criteria = "safe-to-deploy" - -[[exemptions.futures-util]] -version = "0.3.21" -criteria = "safe-to-deploy" - -[[exemptions.generic-array]] -version = "0.14.9" -criteria = "safe-to-deploy" - -[[exemptions.getrandom]] -version = "0.2.16" -criteria = "safe-to-deploy" - -[[exemptions.getrandom]] -version = "0.3.4" -criteria = "safe-to-deploy" - -[[exemptions.getrandom]] -version = "0.4.1" -criteria = "safe-to-deploy" - -[[exemptions.halfbrown]] -version = "0.4.0" -criteria = "safe-to-deploy" - -[[exemptions.hermit-abi]] -version = "0.3.9" -criteria = "safe-to-deploy" - -[[exemptions.hstr]] -version = "3.0.3" -criteria = "safe-to-deploy" - -[[exemptions.icu_properties]] -version = "2.1.1" -criteria = "safe-to-deploy" - -[[exemptions.icu_properties_data]] -version = "2.1.1" -criteria = "safe-to-deploy" - -[[exemptions.if_chain]] -version = "1.0.3" -criteria = "safe-to-deploy" - -[[exemptions.im-rc]] -version = "15.1.0" -criteria = "safe-to-deploy" - -[[exemptions.insta]] -version = "1.46.3" -criteria = "safe-to-run" - -[[exemptions.ipnet]] -version = "2.11.0" -criteria = "safe-to-deploy" - -[[exemptions.is-macro]] -version = "0.3.7" -criteria = "safe-to-deploy" - -[[exemptions.itertools]] -version = "0.10.3" -criteria = "safe-to-deploy" - -[[exemptions.itertools]] -version = "0.13.0" -criteria = "safe-to-deploy" - -[[exemptions.jobserver]] -version = "0.1.34" -criteria = "safe-to-deploy" - -[[exemptions.js-sys]] -version = "0.3.82" -criteria = "safe-to-deploy" - -[[exemptions.libloading]] -version = "0.8.9" -criteria = "safe-to-deploy" - -[[exemptions.libredox]] -version = "0.1.10" -criteria = "safe-to-deploy" - -[[exemptions.litemap]] -version = "0.8.1" -criteria = "safe-to-deploy" - -[[exemptions.mach2]] -version = "0.4.3" -criteria = "safe-to-deploy" - -[[exemptions.maybe-owned]] -version = "0.3.4" -criteria = "safe-to-deploy" - -[[exemptions.minimal-lexical]] -version = "0.2.1" -criteria = "safe-to-deploy" - -[[exemptions.mio]] -version = "1.1.0" -criteria = "safe-to-deploy" - -[[exemptions.new_debug_unreachable]] -version = "1.0.6" -criteria = "safe-to-deploy" - -[[exemptions.num-bigint]] -version = "0.4.6" -criteria = "safe-to-deploy" - -[[exemptions.num_cpus]] -version = "1.17.0" -criteria = "safe-to-deploy" - -[[exemptions.object]] -version = "0.36.0" -criteria = "safe-to-deploy" - -[[exemptions.once_cell]] -version = "1.16.0" -criteria = "safe-to-deploy" - -[[exemptions.outref]] -version = "0.5.2" -criteria = "safe-to-deploy" - -[[exemptions.par-core]] -version = "2.0.0" -criteria = "safe-to-deploy" - -[[exemptions.petgraph]] -version = "0.6.5" -criteria = "safe-to-deploy" - -[[exemptions.phf]] -version = "0.11.3" -criteria = "safe-to-deploy" - -[[exemptions.phf_generator]] -version = "0.11.3" -criteria = "safe-to-deploy" - -[[exemptions.phf_macros]] -version = "0.11.3" -criteria = "safe-to-deploy" - -[[exemptions.phf_shared]] -version = "0.11.3" -criteria = "safe-to-deploy" - -[[exemptions.ppv-lite86]] -version = "0.2.21" -criteria = "safe-to-deploy" - -[[exemptions.proc-macro-crate]] -version = "3.4.0" -criteria = "safe-to-deploy" - -[[exemptions.pulley-interpreter]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.pulley-macros]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.r-efi]] -version = "5.3.0" -criteria = "safe-to-deploy" - -[[exemptions.radium]] -version = "0.7.0" -criteria = "safe-to-deploy" - -[[exemptions.rand]] -version = "0.10.0" -criteria = "safe-to-deploy" - -[[exemptions.rand_core]] -version = "0.10.0" -criteria = "safe-to-deploy" - -[[exemptions.rand_xoshiro]] -version = "0.6.0" -criteria = "safe-to-deploy" - -[[exemptions.redox_users]] -version = "0.4.6" -criteria = "safe-to-deploy" - -[[exemptions.relative-path]] -version = "2.0.1" -criteria = "safe-to-deploy" - -[[exemptions.rmp-serde]] -version = "1.3.1" -criteria = "safe-to-deploy" - -[[exemptions.rquickjs]] -version = "0.11.0" -criteria = "safe-to-deploy" - -[[exemptions.rquickjs-core]] -version = "0.11.0" -criteria = "safe-to-deploy" - -[[exemptions.rquickjs-macro]] -version = "0.11.0" -criteria = "safe-to-deploy" - -[[exemptions.rquickjs-serde]] -version = "0.5.0" -criteria = "safe-to-deploy" - -[[exemptions.rquickjs-sys]] -version = "0.11.0" -criteria = "safe-to-deploy" - -[[exemptions.rustc-demangle]] -version = "0.1.26" -criteria = "safe-to-deploy" - -[[exemptions.scoped-tls]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.semver]] -version = "1.0.27" -criteria = "safe-to-deploy" - -[[exemptions.serde-transcode]] -version = "1.1.1" -criteria = "safe-to-deploy" - -[[exemptions.simd-json]] -version = "0.17.0" -criteria = "safe-to-deploy" - -[[exemptions.simdutf8]] -version = "0.1.5" -criteria = "safe-to-deploy" - -[[exemptions.siphasher]] -version = "0.3.11" -criteria = "safe-to-deploy" - -[[exemptions.sized-chunks]] -version = "0.6.5" -criteria = "safe-to-deploy" - -[[exemptions.smartstring]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.socket2]] -version = "0.6.1" -criteria = "safe-to-deploy" - -[[exemptions.stable_deref_trait]] -version = "1.2.1" -criteria = "safe-to-deploy" - -[[exemptions.string_enum]] -version = "1.0.2" -criteria = "safe-to-deploy" - -[[exemptions.swc_allocator]] -version = "4.0.1" -criteria = "safe-to-deploy" - -[[exemptions.swc_atoms]] -version = "9.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_common]] -version = "19.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_core]] -version = "58.0.4" -criteria = "safe-to-deploy" - -[[exemptions.swc_ecma_ast]] -version = "21.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_ecma_parser]] -version = "35.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_ecma_transforms_base]] -version = "38.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_ecma_utils]] -version = "27.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_ecma_visit]] -version = "21.0.0" -criteria = "safe-to-deploy" - -[[exemptions.swc_eq_ignore_macros]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.swc_macros_common]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.swc_sourcemap]] -version = "10.0.2" -criteria = "safe-to-deploy" - -[[exemptions.swc_visit]] -version = "2.0.1" -criteria = "safe-to-deploy" - -[[exemptions.tempfile]] -version = "3.26.0" -criteria = "safe-to-deploy" - -[[exemptions.tinystr]] -version = "0.8.2" -criteria = "safe-to-deploy" - -[[exemptions.triomphe]] -version = "0.1.15" -criteria = "safe-to-deploy" - -[[exemptions.typenum]] -version = "1.19.0" -criteria = "safe-to-deploy" - -[[exemptions.unicode-id-start]] -version = "1.4.0" -criteria = "safe-to-deploy" - -[[exemptions.uuid]] -version = "1.21.0" -criteria = "safe-to-deploy" - -[[exemptions.value-trait]] -version = "0.12.1" -criteria = "safe-to-deploy" - -[[exemptions.vergen]] -version = "9.0.6" -criteria = "safe-to-deploy" - -[[exemptions.vergen-lib]] -version = "0.1.6" -criteria = "safe-to-deploy" - -[[exemptions.version_check]] -version = "0.9.5" -criteria = "safe-to-deploy" - -[[exemptions.vsimd]] -version = "0.8.0" -criteria = "safe-to-deploy" - -[[exemptions.walrus]] -version = "0.24.5" -criteria = "safe-to-deploy" - -[[exemptions.walrus-macro]] -version = "0.24.0" -criteria = "safe-to-deploy" - -[[exemptions.wasm-bindgen]] -version = "0.2.105" -criteria = "safe-to-deploy" - -[[exemptions.wasm-bindgen-macro]] -version = "0.2.105" -criteria = "safe-to-deploy" - -[[exemptions.wasm-bindgen-macro-support]] -version = "0.2.105" -criteria = "safe-to-deploy" - -[[exemptions.wasm-bindgen-shared]] -version = "0.2.105" -criteria = "safe-to-deploy" - -[[exemptions.wasm-opt]] -version = "0.116.1" -criteria = "safe-to-deploy" - -[[exemptions.wasm-opt-cxx-sys]] -version = "0.116.0" -criteria = "safe-to-deploy" - -[[exemptions.wasm-opt-sys]] -version = "0.116.0" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-environ]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-cache]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-component-macro]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-component-util]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-core]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-cranelift]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-fiber]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-jit-debug]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-jit-icache-coherence]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-unwinder]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-versioned-export-macros]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-winch]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-internal-wit-bindgen]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-wasi]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-wasi-io]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wasmtime-wizer]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wiggle]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wiggle-generate]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.wiggle-macro]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.winapi]] -version = "0.3.9" -criteria = "safe-to-deploy" - -[[exemptions.winapi-i686-pc-windows-gnu]] -version = "0.4.0" -criteria = "safe-to-deploy" - -[[exemptions.winapi-x86_64-pc-windows-gnu]] -version = "0.4.0" -criteria = "safe-to-deploy" - -[[exemptions.winch-codegen]] -version = "42.0.1" -criteria = "safe-to-deploy" - -[[exemptions.windows-core]] -version = "0.62.2" -criteria = "safe-to-deploy" - -[[exemptions.windows-implement]] -version = "0.60.2" -criteria = "safe-to-deploy" - -[[exemptions.windows-interface]] -version = "0.59.3" -criteria = "safe-to-deploy" - -[[exemptions.windows-result]] -version = "0.4.1" -criteria = "safe-to-deploy" - -[[exemptions.windows-strings]] -version = "0.5.1" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen]] -version = "0.51.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen]] -version = "0.52.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-core]] -version = "0.51.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-core]] -version = "0.52.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-rust]] -version = "0.51.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-rust]] -version = "0.52.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-rust-macro]] -version = "0.51.0" -criteria = "safe-to-deploy" - -[[exemptions.wit-bindgen-rust-macro]] -version = "0.52.0" -criteria = "safe-to-deploy" - -[[exemptions.witx]] -version = "0.9.1" -criteria = "safe-to-deploy" - -[[exemptions.wyz]] -version = "0.5.1" -criteria = "safe-to-deploy" - -[[exemptions.yoke]] -version = "0.8.1" -criteria = "safe-to-deploy" - -[[exemptions.yoke-derive]] -version = "0.8.1" -criteria = "safe-to-deploy" - -[[exemptions.zerotrie]] -version = "0.2.3" -criteria = "safe-to-deploy" - -[[exemptions.zerovec]] -version = "0.11.5" -criteria = "safe-to-deploy" - -[[exemptions.zerovec-derive]] -version = "0.11.2" -criteria = "safe-to-deploy" - -[[exemptions.zstd]] -version = "0.13.3" -criteria = "safe-to-deploy" - -[[exemptions.zstd-safe]] -version = "7.2.4" -criteria = "safe-to-deploy" - -[[exemptions.zstd-sys]] -version = "2.0.16+zstd.1.5.7" -criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock deleted file mode 100644 index 6f23d79b..00000000 --- a/supply-chain/imports.lock +++ /dev/null @@ -1,3154 +0,0 @@ - -# cargo-vet imports lock - -[[publisher.aho-corasick]] -version = "1.1.4" -when = "2025-10-28" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.anstream]] -version = "0.6.21" -when = "2025-10-02" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.anstyle]] -version = "1.0.13" -when = "2025-09-29" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.anstyle-parse]] -version = "0.2.7" -when = "2025-06-04" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.anstyle-query]] -version = "1.1.4" -when = "2025-08-05" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.anstyle-wincon]] -version = "3.0.10" -when = "2025-08-05" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.anyhow]] -version = "1.0.102" -when = "2026-02-20" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.arbitrary]] -version = "1.4.2" -when = "2025-08-14" -user-id = 696 -user-login = "fitzgen" -user-name = "Nick Fitzgerald" - -[[publisher.async-trait]] -version = "0.1.89" -when = "2025-08-14" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.bumpalo]] -version = "3.19.0" -when = "2025-06-24" -user-id = 696 -user-login = "fitzgen" -user-name = "Nick Fitzgerald" - -[[publisher.byteorder]] -version = "1.5.0" -when = "2023-10-06" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.bytes]] -version = "1.11.1" -when = "2026-02-03" -user-id = 6741 -user-login = "Darksonn" -user-name = "Alice Ryhl" - -[[publisher.cap-fs-ext]] -version = "3.4.5" -when = "2025-10-24" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cap-net-ext]] -version = "3.4.1" -when = "2024-11-05" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cap-primitives]] -version = "3.4.5" -when = "2025-10-24" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cap-rand]] -version = "3.4.1" -when = "2024-11-05" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cap-std]] -version = "3.4.5" -when = "2025-10-24" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cap-time-ext]] -version = "3.4.5" -when = "2025-10-24" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.cexpr]] -version = "0.6.0" -when = "2021-10-11" -user-id = 3788 -user-login = "emilio" -user-name = "Emilio Cobos Álvarez" - -[[publisher.clap]] -version = "4.5.60" -when = "2026-02-19" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.clap_builder]] -version = "4.5.60" -when = "2026-02-19" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.clap_derive]] -version = "4.5.55" -when = "2026-01-27" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.clap_lex]] -version = "1.0.0" -when = "2026-02-11" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.colorchoice]] -version = "1.0.4" -when = "2025-06-04" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.cxx]] -version = "1.0.187" -when = "2025-10-15" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxx-build]] -version = "1.0.187" -when = "2025-10-15" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxxbridge-flags]] -version = "1.0.187" -when = "2025-10-15" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.cxxbridge-macro]] -version = "1.0.187" -when = "2025-10-15" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.encoding_rs]] -version = "0.8.35" -when = "2024-10-24" -user-id = 4484 -user-login = "hsivonen" -user-name = "Henri Sivonen" - -[[publisher.env_filter]] -version = "1.0.0" -when = "2026-02-11" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.env_logger]] -version = "0.11.9" -when = "2026-02-11" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.errno]] -version = "0.3.14" -when = "2025-09-09" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.fs-set-times]] -version = "0.20.3" -when = "2025-03-10" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.gimli]] -version = "0.26.2" -when = "2022-07-17" -user-id = 4415 -user-login = "philipc" -user-name = "Philip Craig" - -[[publisher.gimli]] -version = "0.33.0" -when = "2026-01-24" -user-id = 4415 -user-login = "philipc" -user-name = "Philip Craig" - -[[publisher.glob]] -version = "0.3.3" -when = "2025-08-11" -user-id = 55123 -user-login = "rust-lang-owner" - -[[publisher.hashbrown]] -version = "0.14.5" -when = "2024-04-28" -user-id = 2915 -user-login = "Amanieu" -user-name = "Amanieu d'Antras" - -[[publisher.indexmap]] -version = "1.9.3" -when = "2023-03-24" -user-id = 539 -user-login = "cuviper" -user-name = "Josh Stone" - -[[publisher.indexmap]] -version = "2.12.0" -when = "2025-10-17" -user-id = 539 -user-login = "cuviper" -user-name = "Josh Stone" - -[[publisher.io-extras]] -version = "0.18.4" -when = "2024-12-04" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.io-lifetimes]] -version = "2.0.4" -when = "2024-12-04" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.is_terminal_polyfill]] -version = "1.70.2" -when = "2025-10-21" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.itoa]] -version = "1.0.11" -when = "2024-03-26" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.libc]] -version = "0.2.182" -when = "2026-02-13" -user-id = 55123 -user-login = "rust-lang-owner" - -[[publisher.libfuzzer-sys]] -version = "0.4.12" -when = "2026-02-10" -user-id = 696 -user-login = "fitzgen" -user-name = "Nick Fitzgerald" - -[[publisher.libm]] -version = "0.2.16" -when = "2026-01-24" -user-id = 55123 -user-login = "rust-lang-owner" - -[[publisher.link-cplusplus]] -version = "1.0.12" -when = "2025-09-06" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.linux-raw-sys]] -version = "0.4.15" -when = "2025-01-08" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.linux-raw-sys]] -version = "0.12.1" -when = "2025-12-23" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.memchr]] -version = "2.7.6" -when = "2025-09-25" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.num-traits]] -version = "0.2.19" -when = "2024-05-03" -user-id = 539 -user-login = "cuviper" -user-name = "Josh Stone" - -[[publisher.once_cell_polyfill]] -version = "1.70.2" -when = "2025-10-21" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.paste]] -version = "1.0.15" -when = "2024-05-07" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.prettyplease]] -version = "0.2.37" -when = "2025-08-19" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.proc-macro2]] -version = "1.0.106" -when = "2026-01-21" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.quickcheck]] -version = "1.1.0" -when = "2026-02-10" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.quote]] -version = "1.0.44" -when = "2026-01-23" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.rayon]] -version = "1.10.0" -when = "2024-03-24" -user-id = 539 -user-login = "cuviper" -user-name = "Josh Stone" - -[[publisher.ref-cast]] -version = "1.0.25" -when = "2025-09-28" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.ref-cast-impl]] -version = "1.0.25" -when = "2025-09-28" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.regalloc2]] -version = "0.13.5" -when = "2026-01-09" -user-id = 3726 -user-login = "cfallin" -user-name = "Chris Fallin" - -[[publisher.regex]] -version = "1.12.2" -when = "2025-10-13" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.regex-automata]] -version = "0.4.13" -when = "2025-10-13" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.regex-syntax]] -version = "0.8.8" -when = "2025-10-13" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.rustix]] -version = "0.38.44" -when = "2025-01-21" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.rustix]] -version = "1.1.4" -when = "2026-02-22" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.rustversion]] -version = "1.0.22" -when = "2025-08-08" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.ryu]] -version = "1.0.20" -when = "2025-03-04" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.scratch]] -version = "1.0.9" -when = "2025-08-07" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.seq-macro]] -version = "0.3.6" -when = "2025-03-04" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.serde]] -version = "1.0.228" -when = "2025-09-27" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.serde_core]] -version = "1.0.228" -when = "2025-09-27" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.serde_derive]] -version = "1.0.228" -when = "2025-09-27" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.serde_json]] -version = "1.0.149" -when = "2026-01-06" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.serde_yaml]] -version = "0.9.34+deprecated" -when = "2024-03-25" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.slab]] -version = "0.4.11" -when = "2025-08-08" -user-id = 6741 -user-login = "Darksonn" -user-name = "Alice Ryhl" - -[[publisher.syn]] -version = "1.0.109" -when = "2023-02-24" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.syn]] -version = "2.0.117" -when = "2026-02-20" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.system-interface]] -version = "0.27.3" -when = "2024-12-04" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.target-lexicon]] -version = "0.13.3" -when = "2025-09-09" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.termcolor]] -version = "1.4.1" -when = "2024-01-10" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.thiserror]] -version = "1.0.69" -when = "2024-11-10" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.thiserror]] -version = "2.0.17" -when = "2025-09-28" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.thiserror-impl]] -version = "1.0.69" -when = "2024-11-10" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.thiserror-impl]] -version = "2.0.17" -when = "2025-09-28" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.tokio]] -version = "1.50.0" -when = "2026-03-03" -user-id = 6741 -user-login = "Darksonn" -user-name = "Alice Ryhl" - -[[publisher.tokio-macros]] -version = "2.6.0" -when = "2025-10-14" -user-id = 6741 -user-login = "Darksonn" -user-name = "Alice Ryhl" - -[[publisher.toml]] -version = "0.9.8" -when = "2025-10-09" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.toml_datetime]] -version = "0.7.3" -when = "2025-10-09" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.toml_edit]] -version = "0.23.7" -when = "2025-10-09" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.toml_parser]] -version = "1.0.4" -when = "2025-10-09" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.toml_writer]] -version = "1.0.4" -when = "2025-10-09" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.unicode-ident]] -version = "1.0.22" -when = "2025-10-30" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.unicode-segmentation]] -version = "1.12.0" -when = "2024-09-13" -user-id = 1139 -user-login = "Manishearth" -user-name = "Manish Goregaokar" - -[[publisher.unicode-width]] -version = "0.2.2" -when = "2025-10-06" -user-id = 1139 -user-login = "Manishearth" -user-name = "Manish Goregaokar" - -[[publisher.unicode-xid]] -version = "0.2.6" -when = "2024-09-19" -user-id = 1139 -user-login = "Manishearth" -user-name = "Manish Goregaokar" - -[[publisher.unsafe-libyaml]] -version = "0.2.11" -when = "2024-03-17" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[publisher.utf8_iter]] -version = "1.0.4" -when = "2023-12-01" -user-id = 4484 -user-login = "hsivonen" -user-name = "Henri Sivonen" - -[[publisher.wasi]] -version = "0.11.1+wasi-snapshot-preview1" -when = "2025-06-10" -user-id = 1 -user-login = "alexcrichton" -user-name = "Alex Crichton" - -[[publisher.wasip2]] -version = "1.0.1+wasi-0.2.4" -when = "2025-09-15" -user-id = 1 -user-login = "alexcrichton" -user-name = "Alex Crichton" - -[[publisher.wasip3]] -version = "0.4.0+wasi-0.3.0-rc-2026-01-06" -when = "2026-01-15" -user-id = 1 -user-login = "alexcrichton" -user-name = "Alex Crichton" - -[[publisher.wasm-compose]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wasm-encoder]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wasm-metadata]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wasmparser]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wasmprinter]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wast]] -version = "236.0.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wat]] -version = "1.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.winapi-util]] -version = "0.1.11" -when = "2025-09-07" -user-id = 189 -user-login = "BurntSushi" -user-name = "Andrew Gallant" - -[[publisher.windows-link]] -version = "0.2.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-sys]] -version = "0.59.0" -when = "2024-07-30" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-sys]] -version = "0.60.2" -when = "2025-06-12" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-sys]] -version = "0.61.2" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-targets]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-targets]] -version = "0.53.5" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_gnullvm]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_gnullvm]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_msvc]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_msvc]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_gnu]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_gnu]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_gnullvm]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_gnullvm]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_msvc]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_i686_msvc]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnu]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnu]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnullvm]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnullvm]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_msvc]] -version = "0.52.6" -when = "2024-07-03" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_msvc]] -version = "0.53.1" -when = "2025-10-06" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.winnow]] -version = "0.7.13" -when = "2025-08-22" -user-id = 6743 -user-login = "epage" -user-name = "Ed Page" - -[[publisher.winx]] -version = "0.36.4" -when = "2024-12-04" -user-id = 6825 -user-login = "sunfishcode" -user-name = "Dan Gohman" - -[[publisher.wit-bindgen]] -version = "0.43.0" -when = "2025-06-24" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wit-component]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.wit-parser]] -version = "0.236.0" -when = "2025-07-28" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.zmij]] -version = "1.0.12" -when = "2026-01-06" -user-id = 3618 -user-login = "dtolnay" -user-name = "David Tolnay" - -[[audits.bytecode-alliance.wildcard-audits.arbitrary]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -user-id = 696 # Nick Fitzgerald (fitzgen) -start = "2020-01-14" -end = "2026-08-21" -notes = "I am an author of this crate." - -[[audits.bytecode-alliance.wildcard-audits.bumpalo]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -user-id = 696 # Nick Fitzgerald (fitzgen) -start = "2019-03-16" -end = "2026-08-21" - -[[audits.bytecode-alliance.wildcard-audits.regalloc2]] -who = "Chris Fallin " -criteria = "safe-to-deploy" -user-id = 3726 # Chris Fallin (cfallin) -start = "2021-12-03" -end = "2026-08-21" -notes = "We (Bytecode Alliance) are the primary authors of regalloc2 and co-develop it with Cranelift/Wasmtime, with the same code-review, testing/fuzzing, and security standards." - -[[audits.bytecode-alliance.wildcard-audits.wasip2]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2025-08-10" -end = "2026-08-21" -notes = """ -This is a Bytecode Alliance authored crate. -""" - -[[audits.bytecode-alliance.wildcard-audits.wasip3]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 1 # Alex Crichton (alexcrichton) -start = "2025-09-10" -end = "2026-08-21" -notes = """ -This is a Bytecode Alliance authored crate. -""" - -[[audits.bytecode-alliance.wildcard-audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2024-02-15" -end = "2026-08-21" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecode-alliance.wildcard-audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wit-bindgen]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.wildcard-audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2023-01-01" -end = "2026-06-03" -notes = """ -The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate -publication of this crate from CI. This repository requires all PRs are reviewed -by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself. -""" - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.19.0 -> 0.20.0" -notes = "This version brings support for split-dwarf which while it uses the filesystem is always done at the behest of the caller, so everything is as expected for this update." - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.20.0 -> 0.21.0" -notes = "This version bump updated some dependencies and optimized some internals. All looks good." - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.21.0 -> 0.22.0" - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.22.0 -> 0.24.1" -notes = "Lots of internal code refactorings and code movement. Nothing out of place however." - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.24.1 -> 0.25.0" -notes = "All minor changes, even a net reduction of `unsafe`." - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.25.0 -> 0.25.1" -notes = "Minor updates, looks like a minor bug fix, nothing awry." - -[[audits.bytecode-alliance.audits.addr2line]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.25.1 -> 0.26.0" -notes = "Nothing out of the ordinary for this update, all DWARF all the time." - -[[audits.bytecode-alliance.audits.allocator-api2]] -who = "Chris Fallin " -criteria = "safe-to-deploy" -delta = "0.2.18 -> 0.2.20" -notes = """ -The changes appear to be reasonable updates from Rust's stdlib imported into -`allocator-api2`'s copy of this code. -""" - -[[audits.bytecode-alliance.audits.ambient-authority]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.0.2" -notes = "Contains no unsafe code, no IO, no build.rs." - -[[audits.bytecode-alliance.audits.bitmaps]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "2.1.0" -notes = """ -No ambient I/O. Minimal unsafe, purely related to simd ISA extensions and -obviously correct with only local reasoning. -""" - -[[audits.bytecode-alliance.audits.cap-net-ext]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "3.4.1 -> 3.4.4" - -[[audits.bytecode-alliance.audits.cap-net-ext]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "3.4.4 -> 3.4.5" - -[[audits.bytecode-alliance.audits.cap-rand]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "3.4.1 -> 3.4.4" - -[[audits.bytecode-alliance.audits.cap-rand]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "3.4.4 -> 3.4.5" - -[[audits.bytecode-alliance.audits.cargo_metadata]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.15.3" -notes = "no build, no unsafe, inputs to cargo command are reasonably sanitized" - -[[audits.bytecode-alliance.audits.cargo_metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.17.0 -> 0.18.1" -notes = "No major changes, no unsafe code here." - -[[audits.bytecode-alliance.audits.cargo_metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.18.1 -> 0.19.2" -notes = "Dependency updates and minor changes, nothing suspicious." - -[[audits.bytecode-alliance.audits.cfg-if]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.0" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.cobs]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.2.3" -notes = "No `unsafe` code in the crate and no usage of `std`" - -[[audits.bytecode-alliance.audits.cobs]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.2.3 -> 0.3.0" -notes = "Nothing out of the ordinary, virtually no unsafe code." - -[[audits.bytecode-alliance.audits.crypto-common]] -who = "Benjamin Bouvier " -criteria = "safe-to-deploy" -version = "0.1.3" - -[[audits.bytecode-alliance.audits.embedded-io]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.4.0" -notes = "No `unsafe` code and only uses `std` in ways one would expect the crate to do so." - -[[audits.bytecode-alliance.audits.embedded-io]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.4.0 -> 0.6.1" -notes = "Major updates, but almost all safe code. Lots of pruning/deletions, nothing out of the ordrinary." - -[[audits.bytecode-alliance.audits.fastrand]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.0.1" -notes = """ -This update had a few doc updates but no otherwise-substantial source code -updates. -""" - -[[audits.bytecode-alliance.audits.fastrand]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.1.1 -> 2.3.0" -notes = "Minor refactoring, nothing new." - -[[audits.bytecode-alliance.audits.find-msvc-tools]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.1.0 -> 0.1.4" -notes = "Nothing out of the ordinary for a crate finding MSVC tooling." - -[[audits.bytecode-alliance.audits.fixedbitset]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "0.4.2" -notes = """ -No ambient I/O. Uses some `unsafe`, but the uses look good and are guarded by -relevant assertions, although could use some comments and some slight -refactoring into helpers to dedupe unsafe blocks in my personal opinion. -""" - -[[audits.bytecode-alliance.audits.foldhash]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.1.3" -notes = """ -Only a minor amount of `unsafe` code in this crate related to global per-process -initialization which looks correct to me. -""" - -[[audits.bytecode-alliance.audits.futures]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-channel]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-core]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" -notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." - -[[audits.bytecode-alliance.audits.futures-core]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.28 -> 0.3.31" - -[[audits.bytecode-alliance.audits.futures-io]] -who = "Joel Dice " -criteria = "safe-to-deploy" -version = "0.3.31" - -[[audits.bytecode-alliance.audits.futures-sink]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.27" - -[[audits.bytecode-alliance.audits.futures-sink]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.28 -> 0.3.31" - -[[audits.bytecode-alliance.audits.futures-task]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.31" - -[[audits.bytecode-alliance.audits.futures-util]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.31" -notes = "New waker_ref module contains \"FIXME: panics on Arc::clone / refcount changes could wreak havoc...\" comment, but this corner case feels low risk." - -[[audits.bytecode-alliance.audits.fxprof-processed-profile]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -version = "0.6.0" -notes = """ -No unsafe code, I/O, or powerful imports. This is a straightforward set of data -structures representing the Firefox \"processed\" profile format, with serde -serialization support. All logic is trivial: either unit conversion, or -hash-consing to support de-duplication required by the format. -""" - -[[audits.bytecode-alliance.audits.fxprof-processed-profile]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "0.6.0 -> 0.8.1" - -[[audits.bytecode-alliance.audits.hashbrown]] -who = "Chris Fallin " -criteria = "safe-to-deploy" -delta = "0.14.5 -> 0.15.2" - -[[audits.bytecode-alliance.audits.heck]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.4.1 -> 0.5.0" -notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected." - -[[audits.bytecode-alliance.audits.hermit-abi]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.3.9 -> 0.5.2" -notes = "API updates and looks like libc, nothing new here." - -[[audits.bytecode-alliance.audits.iana-time-zone-haiku]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.1.2" - -[[audits.bytecode-alliance.audits.id-arena]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "2.2.1" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.idna]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.3.0" -notes = """ -This is a crate without unsafe code or usage of the standard library. The large -size of this crate comes from the large generated unicode tables file. This -crate is broadly used throughout the ecosystem and does not contain anything -suspicious. -""" - -[[audits.bytecode-alliance.audits.itertools]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -delta = "0.10.5 -> 0.12.1" -notes = """ -Minimal `unsafe` usage. Few blocks that existed looked reasonable. Does what it -says on the tin: lots of iterators. -""" - -[[audits.bytecode-alliance.audits.itertools]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.12.1 -> 0.14.0" -notes = """ -Lots of new iterators and shuffling some things around. Some new unsafe code but -it's well-documented and well-tested. Nothing suspicious. -""" - -[[audits.bytecode-alliance.audits.itoa]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "1.0.11 -> 1.0.14" - -[[audits.bytecode-alliance.audits.ittapi]] -who = "Andrew Brown " -criteria = "safe-to-deploy" -version = "0.3.4" - -[[audits.bytecode-alliance.audits.ittapi]] -who = "rahulchaphalkar " -criteria = "safe-to-deploy" -delta = "0.3.4 -> 0.4.0" - -[[audits.bytecode-alliance.audits.ittapi-sys]] -who = "Andrew Brown " -criteria = "safe-to-deploy" -version = "0.3.4" - -[[audits.bytecode-alliance.audits.ittapi-sys]] -who = "rahulchaphalkar " -criteria = "safe-to-deploy" -delta = "0.3.4 -> 0.4.0" - -[[audits.bytecode-alliance.audits.leb128]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -version = "0.2.5" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.leb128fmt]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.1.0" -notes = "Well-scoped crate do doing LEB encoding with no `unsafe` code and does what it says on the tin." - -[[audits.bytecode-alliance.audits.log]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.4.22 -> 0.4.27" -notes = "Lots of minor updates to macros and such, nothing touching `unsafe`" - -[[audits.bytecode-alliance.audits.log]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.4.27 -> 0.4.28" -notes = "Minor doc updates and lots new tests, nothing out of the ordinary." - -[[audits.bytecode-alliance.audits.memfd]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.6.2" -notes = """ -The only changes from 0.6.1 were from my own PR which updated memfd to newer -dependencies. -""" - -[[audits.bytecode-alliance.audits.memfd]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -delta = "0.6.2 -> 0.6.3" -notes = "Just a dependency version bump and documentation update" - -[[audits.bytecode-alliance.audits.memfd]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.6.3 -> 0.6.4" -notes = "This commit only updated the dependency `rustix`, so same as before." - -[[audits.bytecode-alliance.audits.memfd]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.6.4 -> 0.6.5" -notes = "Just updating dependencies" - -[[audits.bytecode-alliance.audits.object]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.36.0 -> 0.36.5" -notes = "No new unsafe code, lots of new relocations/objects support, everything looks nominal" - -[[audits.bytecode-alliance.audits.object]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.36.5 -> 0.37.1" -notes = "New object file formats, new formatting, new other minor changes, no new `unsafe`." - -[[audits.bytecode-alliance.audits.object]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.37.1 -> 0.37.3" -notes = "Lots of new support for new object features, no new unsafe or anything suspicious." - -[[audits.bytecode-alliance.audits.percent-encoding]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "2.2.0" -notes = """ -This crate is a single-file crate that does what it says on the tin. There are -a few `unsafe` blocks related to utf-8 validation which are locally verifiable -as correct and otherwise this crate is good to go. -""" - -[[audits.bytecode-alliance.audits.pin-project-lite]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.2.13 -> 0.2.14" -notes = "No substantive changes in this update" - -[[audits.bytecode-alliance.audits.pin-utils]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.1.0" - -[[audits.bytecode-alliance.audits.pkg-config]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.3.25" -notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." - -[[audits.bytecode-alliance.audits.pkg-config]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.3.26 -> 0.3.29" -notes = """ -No `unsafe` additions or anything outside of the purview of the crate in this -change. -""" - -[[audits.bytecode-alliance.audits.pkg-config]] -who = "Chris Fallin " -criteria = "safe-to-deploy" -delta = "0.3.29 -> 0.3.32" - -[[audits.bytecode-alliance.audits.postcard]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.8" -notes = """ -I've audited the unsafe code to do what it looks like it's doing. Otherwise the -crate is a standard serializer/deserializer crate. -""" - -[[audits.bytecode-alliance.audits.postcard]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.8 -> 1.1.3" -notes = "Substantial updates, but nothing out of the ordinary one would expect from a serialization crate. Minor `unsafe` updates, but nothing major from what was already there." - -[[audits.bytecode-alliance.audits.rustix-linux-procfs]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.1.1" - -[[audits.bytecode-alliance.audits.shlex]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin." - -[[audits.bytecode-alliance.audits.smallvec]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.13.2 -> 1.14.0" -notes = "Minor new feature, nothing out of the ordinary." - -[[audits.bytecode-alliance.audits.static_assertions]] -who = "Andrew Brown " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "No dependencies and completely a compile-time crate as advertised. Uses `unsafe` in one module as a compile-time check only: `mem::transmute` and `ptr::write` are wrapped in an impossible-to-run closure." - -[[audits.bytecode-alliance.audits.tracing-attributes]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.1.28 -> 0.1.30" -notes = "Few code changes, a pretty minor update." - -[[audits.bytecode-alliance.audits.tracing-core]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.1.33 -> 0.1.34" -notes = "Mostly just an update with Rust stylistic conventions changing. Nothing awry." - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Nick Fitzgerald " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.238.1" -notes = "Don't know why I have to do this certification even though we have a wildcard audit for this crate because it is authored by the Bytecode Alliance..." - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-compose]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-encoder]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasm-metadata]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmparser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wasmprinter]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "35.0.2" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "236.0.0 -> 237.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "237.0.0 -> 238.0.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "238.0.1 -> 239.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "239.0.0 -> 240.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "240.0.0 -> 241.0.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "241.0.2 -> 242.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "242.0.0 -> 243.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wast]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "243.0.0 -> 244.0.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.236.0 -> 1.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.237.0 -> 1.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.238.1 -> 1.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.239.0 -> 1.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.240.0 -> 1.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.241.2 -> 1.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.242.0 -> 1.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wat]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.243.0 -> 1.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-bindgen]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.43.0 -> 0.45.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-bindgen]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.45.0 -> 0.45.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-bindgen]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.45.1 -> 0.46.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-component]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.236.0 -> 0.237.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.237.0 -> 0.238.1" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.238.1 -> 0.239.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.239.0 -> 0.240.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.240.0 -> 0.241.2" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.241.2 -> 0.242.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.242.0 -> 0.243.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.bytecode-alliance.audits.wit-parser]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.243.0 -> 0.244.0" -notes = "The Bytecode Alliance is the author of this crate" - -[[audits.embark-studios.audits.cargo_metadata]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.15.3 -> 0.15.4" -notes = "No notable changes" - -[[audits.embark-studios.audits.cargo_metadata]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.15.4 -> 0.17.0" -notes = "No notable changes" - -[[audits.embark-studios.audits.ident_case]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "1.0.1" -notes = "No unsafe usage or ambient capabilities" - -[[audits.embark-studios.audits.idna]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -delta = "0.3.0 -> 0.4.0" -notes = "No unsafe usage or ambient capabilities" - -[[audits.embark-studios.audits.similar]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "2.2.1" -notes = "No unsafe usage or ambient capabilities" - -[[audits.embark-studios.audits.strum]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.24.1" -notes = "Tiny layer on top of the proc macro crate, found no unsafe or system usage" - -[[audits.embark-studios.audits.strum_macros]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.24.3" -notes = "Proc macro. No unsafe or added ambient capabilities" - -[[audits.embark-studios.audits.tap]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "1.0.1" -notes = "No unsafe usage or ambient capabilities" - -[[audits.embark-studios.audits.utf8parse]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.2.1" -notes = "Single unsafe usage that looks sound, no ambient capabilities" - -[audits.fermyon.audits] - -[[audits.google.audits.base64]] -who = "amarjotgill " -criteria = "safe-to-deploy" -version = "0.22.1" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.core-foundation-sys]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.8.7" -notes = "OSX system APIs" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.displaydoc]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.2.5" -notes = "No unsafe code" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.either]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "1.13.0" -notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.either]] -who = "Daniel Cheng " -criteria = "safe-to-deploy" -delta = "1.13.0 -> 1.14.0" -notes = """ -Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either: -- migrating code to use helper macros -- migrating match patterns to take advantage of default bindings mode from RFC 2005 -Either way, the result is code that does exactly the same thing and does not change the risk of UB. - -See https://crrev.com/c/6323164 for more audit details. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.either]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -delta = "1.14.0 -> 1.15.0" -notes = "The delta in `lib.rs` only tweaks doc comments and `#[cfg(feature = \"std\")]`." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.equivalent]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "1.0.1" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.equivalent]] -who = "Jonathan Hao " -criteria = "safe-to-deploy" -delta = "1.0.1 -> 1.0.2" -notes = "No changes to any .rs files or Rust code." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.fastrand]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "1.9.0" -notes = """ -`does-not-implement-crypto` is certified because this crate explicitly says -that the RNG here is not cryptographically secure. -""" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.foldhash]] -who = "Adrian Taylor " -criteria = "safe-to-deploy" -delta = "0.1.3 -> 0.1.4" -notes = "No changes to safety-relevant code" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.foldhash]] -who = "Chris Palmer " -criteria = "safe-to-deploy" -delta = "0.1.4 -> 0.1.5" -notes = "No new `unsafe`." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.heck]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "0.4.1" -notes = """ -Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` -and there were no hits. - -`heck` (version `0.3.3`) has been added to Chromium in -https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.iana-time-zone]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.1.61" -notes = "Some unsafe: interfacing with system timezone APIs" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_collections]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "2.0.0-beta1" -notes = """ -Two instances of unsafe : - - Non-safety related unsafe API that imposes additional invariants - - `from_utf8` for known-UTF8 integer - -Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_collections]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -delta = "2.0.0-beta1 -> 2.0.0-beta2" -notes = "from_utf8 unsafe removed. no new unsafe added" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_locale_core]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "2.0.0-beta2" -notes = """ -All unsafe code commented (and improved from prior version): - - A checklisted ULE impl - - from-utf8 code on known-ASCII - - Some unchecked indexing around maintained invariants -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_normalizer]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "2.0.0-beta2" -notes = """ -All unsafe is unchecked `char` and `str` conversion, mostly well-commented. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_normalizer_data]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "2.0.0-beta1" -notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_normalizer_data]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -delta = "2.0.0-beta1 -> 2.0.0-beta2" -notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_provider]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "2.0.0-beta1" -notes = """ -All unsafe code commented: - - Minor unsafe transmutes between types which are identical but not type-system-provably so. - - One unsafe EqULE impl - - Some repr(transparent) transmutes - - A from_utf8_unchecked for an ascii-validated string - -Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056 -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.icu_provider]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -delta = "2.0.0-beta1 -> 2.0.0-beta2" -notes = "from_utf8_unchecked unsafe remove, all other unsafe not meaningfully changed" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.itoa]] -who = "Daniel Cheng " -criteria = "safe-to-deploy" -delta = "1.0.14 -> 1.0.15" -notes = "Only minor rustdoc changes." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.log]] -who = "danakj " -criteria = "safe-to-deploy" -version = "0.4.22" -notes = """ -Unsafe review in https://docs.google.com/document/d/1IXQbD1GhTRqNHIGxq6yy7qHqxeO4CwN5noMFXnqyDIM/edit?usp=sharing - -Unsafety is generally very well-documented, with one exception, which we -describe in the review doc. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.nom]] -who = "danakj@chromium.org" -criteria = "safe-to-deploy" -version = "7.1.3" -notes = """ -Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.pin-project-lite]] -who = "David Koloski " -criteria = "safe-to-deploy" -version = "0.2.9" -notes = "Reviewed on https://fxrev.dev/824504" -aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.pin-project-lite]] -who = "David Koloski " -criteria = "safe-to-deploy" -delta = "0.2.9 -> 0.2.13" -notes = "Audited at https://fxrev.dev/946396" -aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.potential_utf]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.1.0" -notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.potential_utf]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -delta = "0.1.0 -> 0.1.2" -notes = "Addition of safe comparison APIs since last audit" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.rand]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "0.8.5" -notes = """ -For more detailed unsafe review notes please see https://crrev.com/c/6362797 -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.smallvec]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "1.13.2" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.strsim]] -who = "danakj@chromium.org" -criteria = "safe-to-deploy" -version = "0.10.0" -notes = """ -Reviewed in https://crrev.com/c/5171063 - -Previously reviewed during security review and the audit is grandparented in. -""" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.synstructure]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.13.1" -notes = "Exposes unsafe codegen APIs but does not itself contain unsafe" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.writeable]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.6.0" -notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.writeable]] -who = "Daniel Cheng " -criteria = "safe-to-deploy" -delta = "0.6.0 -> 0.6.1" -notes = "Minor comment/documentation updates and switch to a non-panicking alternative to split_at()." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.zerofrom]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.1.5" -notes = "Contains no unsafe" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.zerofrom]] -who = "Daniel Cheng " -criteria = "safe-to-deploy" -delta = "0.1.5 -> 0.1.6" -notes = "Only minor cfg tweaks." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.zerofrom-derive]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -version = "0.1.5" -notes = "Contains no unsafe" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.zerofrom-derive]] -who = "Daniel Cheng " -criteria = "safe-to-deploy" -delta = "0.1.5 -> 0.1.6" -notes = "Only a minor clippy adjustment." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.isrg.audits.cfg-if]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.0 -> 1.0.1" - -[[audits.isrg.audits.cfg-if]] -who = "J.C. Jones " -criteria = "safe-to-deploy" -delta = "1.0.1 -> 1.0.3" - -[[audits.isrg.audits.cfg-if]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.3 -> 1.0.4" - -[[audits.isrg.audits.digest]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "0.10.6 -> 0.10.7" - -[[audits.isrg.audits.num-integer]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "0.1.45 -> 0.1.46" - -[[audits.isrg.audits.once_cell]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.17.1 -> 1.17.2" - -[[audits.isrg.audits.once_cell]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.17.2 -> 1.18.0" - -[[audits.isrg.audits.once_cell]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.18.0 -> 1.19.0" - -[[audits.isrg.audits.once_cell]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.19.0 -> 1.20.1" - -[[audits.isrg.audits.once_cell]] -who = "J.C. Jones " -criteria = "safe-to-deploy" -delta = "1.21.1 -> 1.21.3" -notes = "The unsafe code has moved from `compare_exchange` to a new `init` function, which makes it easier to reason about." - -[[audits.isrg.audits.rand_chacha]] -who = "David Cook " -criteria = "safe-to-deploy" -version = "0.3.1" - -[[audits.isrg.audits.rand_core]] -who = "David Cook " -criteria = "safe-to-deploy" -version = "0.6.3" - -[[audits.isrg.audits.rayon]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.10.0 -> 1.11.0" -notes = """ -I compared src/slice/sort.rs against the file library/core/src/slice/sort.rs -from the standard library, as of commit e501add. -""" - -[[audits.isrg.audits.rayon-core]] -who = "Ameer Ghani " -criteria = "safe-to-deploy" -version = "1.12.1" - -[[audits.isrg.audits.rayon-core]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.12.1 -> 1.13.0" - -[[audits.isrg.audits.sha2]] -who = "David Cook " -criteria = "safe-to-deploy" -version = "0.10.2" - -[[audits.isrg.audits.sha2]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "0.10.8 -> 0.10.9" - -[[audits.mozilla.wildcard-audits.cexpr]] -who = "Emilio Cobos Álvarez " -criteria = "safe-to-deploy" -user-id = 3788 # Emilio Cobos Álvarez (emilio) -start = "2021-06-21" -end = "2024-04-21" -notes = "No unsafe code, rather straight-forward parser." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.wildcard-audits.encoding_rs]] -who = "Henri Sivonen " -criteria = "safe-to-deploy" -user-id = 4484 # Henri Sivonen (hsivonen) -start = "2019-02-26" -end = "2025-10-23" -notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.wildcard-audits.unicode-segmentation]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) -start = "2019-05-15" -end = "2026-02-01" -notes = "All code written or reviewed by Manish" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.wildcard-audits.unicode-width]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) -start = "2019-12-05" -end = "2026-02-01" -notes = "All code written or reviewed by Manish" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.wildcard-audits.unicode-xid]] -who = "Manish Goregaokar " -criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) -start = "2019-07-25" -end = "2026-02-01" -notes = "All code written or reviewed by Manish" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.wildcard-audits.utf8_iter]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -user-id = 4484 # Henri Sivonen (hsivonen) -start = "2022-04-19" -end = "2024-06-16" -notes = "Maintained by Henri Sivonen who works at Mozilla." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.allocator-api2]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -version = "0.2.18" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.allocator-api2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.20 -> 0.2.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.android_system_properties]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -version = "0.1.2" -notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.android_system_properties]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.2 -> 0.1.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.android_system_properties]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.4 -> 0.1.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.crossbeam-utils]] -who = "Lars Eggert " -criteria = "safe-to-deploy" -delta = "0.8.20 -> 0.8.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.crypto-common]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.1.3 -> 0.1.6" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.debugid]] -who = "Gabriele Svelto " -criteria = "safe-to-deploy" -version = "0.8.0" -notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fastrand]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.9.0 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fastrand]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "2.0.1 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fastrand]] -who = "Chris Martin " -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.1.1" -notes = "Fairly trivial changes, no chance of security regression." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fnv]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -version = "1.0.7" -notes = "Simple hasher implementation with no unsafe code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.foldhash]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "0.1.5 -> 0.2.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.form_urlencoded]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -version = "1.2.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.form_urlencoded]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.2.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.form_urlencoded]] -who = "edgul " -criteria = "safe-to-deploy" -delta = "1.2.1 -> 1.2.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-sink]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.27 -> 0.3.28" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-task]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.21 -> 0.3.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-task]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-task]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.25 -> 0.3.26" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-task]] -who = "Lars Eggert " -criteria = "safe-to-deploy" -delta = "0.3.26 -> 0.3.27" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.21 -> 0.3.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.23 -> 0.3.25" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.25 -> 0.3.26" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.26 -> 0.3.28" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.futures-util]] -who = "Lars Eggert " -criteria = "safe-to-deploy" -delta = "0.3.28 -> 0.3.27" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.hashbrown]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -version = "0.12.3" -notes = "This version is used in rust's libstd, so effectively we're already trusting it" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.hashbrown]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "0.15.2 -> 0.15.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.hashbrown]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "0.15.5 -> 0.16.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.iana-time-zone]] -who = "Mark Hammond " -criteria = "safe-to-deploy" -delta = "0.1.61 -> 0.1.63" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.iana-time-zone]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "0.1.63 -> 0.1.64" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_collections]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0-beta2 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_collections]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.1" -notes = "Adding methods have unsafe code for faster, but these have the commnet why this is safe." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locale_core]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0-beta2 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locale_core]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_normalizer]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0-beta2 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_normalizer]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_normalizer_data]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0-beta2 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_normalizer_data]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0-beta2 -> 2.0.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "0.4.0 -> 0.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna]] -who = "Henri Sivonen " -criteria = "safe-to-deploy" -delta = "0.5.0 -> 1.0.2" -notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "1.0.2 -> 1.0.3" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna]] -who = "edgul " -criteria = "safe-to-deploy" -delta = "1.0.3 -> 1.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna_adapter]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -version = "1.2.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.idna_adapter]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.2.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.itertools]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.10.3 -> 0.10.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.num-integer]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.1.45" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.once_cell]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.17.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.once_cell]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "1.20.1 -> 1.20.2" -notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.once_cell]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "1.20.2 -> 1.20.3" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.once_cell]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "1.20.3 -> 1.21.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.percent-encoding]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "2.2.0 -> 2.3.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.percent-encoding]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "2.3.0 -> 2.3.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.percent-encoding]] -who = "edgul " -criteria = "safe-to-deploy" -delta = "2.3.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.pin-project-lite]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -delta = "0.2.14 -> 0.2.16" -notes = """ -Only functional change is to work around a bug in the negative_impls feature -(https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009) -""" -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.pkg-config]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.3.25 -> 0.3.26" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.potential_utf]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.1.2 -> 0.1.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rand_core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.6.3 -> 0.6.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rmp]] -who = "Ben Dean-Kawamura " -criteria = "safe-to-deploy" -version = "0.8.14" -notes = """ -Very popular crate. 1 instance of unsafe code, which is used to adjust a slice to work around -lifetime issues. No network or file access. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rustc-hash]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "Straightforward crate with no unsafe code, does what it says on the tin." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rustc-hash]] -who = "Ben Dean-Kawamura " -criteria = "safe-to-deploy" -delta = "1.1.0 -> 2.1.1" -notes = "Simple hashing crate, no unsafe code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_spanned]] -who = "Ben Dean-Kawamura " -criteria = "safe-to-deploy" -version = "1.0.3" -notes = "Relatively simple Serde trait implementations. No IO or unsafe code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.sha2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.10.2 -> 0.10.6" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.sha2]] -who = "Jeff Muizelaar " -criteria = "safe-to-deploy" -delta = "0.10.6 -> 0.10.8" -notes = """ -The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson. -I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year -which suggests no one else has found anything either. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.shlex]] -who = "Max Inden " -criteria = "safe-to-deploy" -delta = "1.1.0 -> 1.3.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.similar]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.7.0" -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.siphasher]] -who = "Emilio Cobos Álvarez " -criteria = "safe-to-deploy" -delta = "0.3.11 -> 1.0.1" -notes = "Only change to the crate source is adding documentation." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.smallvec]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "1.14.0 -> 1.15.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.strsim]] -who = "Ben Dean-Kawamura " -criteria = "safe-to-deploy" -delta = "0.10.0 -> 0.11.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.synstructure]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -delta = "0.13.1 -> 0.13.2" -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -version = "0.1.37" -notes = """ -There's only one unsafe impl, and its purpose is to ensure correct behavior by -creating a non-Send marker type (it has nothing to do with soundness). All -dependencies make sense, and no side-effectful std functions are used. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing]] -who = "Mark Hammond " -criteria = "safe-to-deploy" -delta = "0.1.37 -> 0.1.41" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing-attributes]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -version = "0.1.24" -notes = "No unsafe code, macros extensively tested and produce reasonable code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing-attributes]] -who = "Mark Hammond " -criteria = "safe-to-deploy" -delta = "0.1.24 -> 0.1.28" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing-core]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -version = "0.1.30" -notes = """ -Most unsafe code is in implementing non-std sync primitives. Unsafe impls are -logically correct and justified in comments, and unsafe code is sound and -justified in comments. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.tracing-core]] -who = "Mark Hammond " -criteria = "safe-to-deploy" -delta = "0.1.30 -> 0.1.33" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -version = "2.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "2.4.0 -> 2.4.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "2.4.1 -> 2.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "Henri Sivonen " -criteria = "safe-to-deploy" -delta = "2.5.0 -> 2.5.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "Valentin Gosu " -criteria = "safe-to-deploy" -delta = "2.5.1 -> 2.5.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.url]] -who = "edgul " -criteria = "safe-to-deploy" -delta = "2.5.4 -> 2.5.7" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.utf8parse]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -delta = "0.2.1 -> 0.2.2" -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.writeable]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.6.1 -> 0.6.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerocopy]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -version = "0.7.32" -notes = """ -This crate is `no_std` so doesn't use any side-effectful std functions. It -contains quite a lot of `unsafe` code, however. I verified portions of this. It -also has a large, thorough test suite. The project claims to run tests with -Miri to have stronger soundness checks, and also claims to use formal -verification tools to prove correctness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerocopy]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "0.7.32 -> 0.8.27" -notes = """ -These changes are enormous, however unsafe code is kept somewhat minimal in -comparison. The safety properties of unsafe code blocks, traits, and other -types are thoroughly documented. The new build script is safe. All code is very -thoroughly tested. I expect their test coverage is quite high. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerocopy-derive]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -version = "0.7.32" -notes = "Clean, safe macros for zerocopy." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.zerocopy-derive]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "0.7.32 -> 0.8.27" -notes = """ -There are a lot of changes here, however they look reasonable. Unsafe code is -heavily documented, and there are extensive tests for the changes. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"