mirror of
https://github.com/str4d/rage.git
synced 2025-04-03 19:07:42 +03:00
Import cargo-vet audits from Google
This commit is contained in:
parent
ae14d195fd
commit
2e11dd37cf
2 changed files with 141 additions and 117 deletions
|
@ -10,6 +10,9 @@ url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-c
|
|||
[imports.embark-studios]
|
||||
url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
|
||||
|
||||
[imports.google]
|
||||
url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml"
|
||||
|
||||
[imports.isrg]
|
||||
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml"
|
||||
|
||||
|
@ -35,10 +38,6 @@ audit-as-crates-io = false
|
|||
[policy.rage]
|
||||
audit-as-crates-io = false
|
||||
|
||||
[[exemptions.addr2line]]
|
||||
version = "0.17.0"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.aead]]
|
||||
version = "0.5.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -99,10 +98,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.9.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.bytemuck]]
|
||||
version = "1.13.1"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.byteorder]]
|
||||
version = "1.4.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -155,10 +150,6 @@ criteria = "safe-to-run"
|
|||
version = "3.2.5"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.clap_lex]]
|
||||
version = "0.2.4"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.console]]
|
||||
version = "0.15.7"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -199,18 +190,6 @@ criteria = "safe-to-run"
|
|||
version = "0.4.5"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.crossbeam-channel]]
|
||||
version = "0.5.7"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.crossbeam-deque]]
|
||||
version = "0.8.3"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.crossbeam-epoch]]
|
||||
version = "0.9.15"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.crossbeam-utils]]
|
||||
version = "0.8.16"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -243,10 +222,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.3.6"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.env_logger]]
|
||||
version = "0.8.4"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.env_logger]]
|
||||
version = "0.9.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -279,10 +254,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.11.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.futures]]
|
||||
version = "0.3.21"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.futures-macro]]
|
||||
version = "0.3.21"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -311,10 +282,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.2.10"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.gimli]]
|
||||
version = "0.26.1"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.gumdrop]]
|
||||
version = "0.8.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -375,10 +342,6 @@ criteria = "safe-to-run"
|
|||
version = "0.1.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.itertools]]
|
||||
version = "0.10.5"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.itoa]]
|
||||
version = "1.0.6"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -463,10 +426,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.1.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.object]]
|
||||
version = "0.30.4"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.once_cell]]
|
||||
version = "1.15.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -563,10 +522,6 @@ criteria = "safe-to-deploy"
|
|||
version = "1.0.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.proc-macro-error-attr]]
|
||||
version = "1.0.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.quick-xml]]
|
||||
version = "0.26.0"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -703,10 +658,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.7.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.stable_deref_trait]]
|
||||
version = "1.2.0"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.static_assertions]]
|
||||
version = "1.1.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -771,14 +722,6 @@ criteria = "safe-to-deploy"
|
|||
version = "1.2.1"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.tokio]]
|
||||
version = "1.28.2"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.tokio-macros]]
|
||||
version = "2.1.0"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.toml]]
|
||||
version = "0.5.9"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -799,14 +742,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.11.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.uuid]]
|
||||
version = "1.3.4"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.version_check]]
|
||||
version = "0.9.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.walkdir]]
|
||||
version = "2.3.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -148,15 +148,6 @@ user-id = 696 # Nick Fitzgerald (fitzgen)
|
|||
start = "2019-03-16"
|
||||
end = "2024-03-10"
|
||||
|
||||
[[audits.bytecode-alliance.audits.addr2line]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.17.0 -> 0.19.0"
|
||||
notes = """
|
||||
This is a minor update for addr2line which looks to mainly update its
|
||||
dependencies and refactor existing code to expose more functionality and such.
|
||||
"""
|
||||
|
||||
[[audits.bytecode-alliance.audits.addr2line]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -317,22 +308,6 @@ who = "Pat Hickey <phickey@fastly.com>"
|
|||
criteria = "safe-to-deploy"
|
||||
version = "0.3.27"
|
||||
|
||||
[[audits.bytecode-alliance.audits.gimli]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.26.1 -> 0.27.0"
|
||||
notes = """
|
||||
This is a standard update to gimli for more DWARF support for more platforms,
|
||||
more features, etc. Some minor `unsafe` code was added that does not appear
|
||||
incorrect. Otherwise looks like someone probably ran clippy and/or rustfmt.
|
||||
"""
|
||||
|
||||
[[audits.bytecode-alliance.audits.gimli]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.27.0 -> 0.27.3"
|
||||
notes = "More support for more DWARF, nothing major in this update. Some small refactorings and updates to publication of the package but otherwise everything's in order."
|
||||
|
||||
[[audits.bytecode-alliance.audits.hashbrown]]
|
||||
who = "Chris Fallin <chris@cfallin.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -393,6 +368,12 @@ its own longevity should be relatively hardened against some of the more common
|
|||
compression-related issues.
|
||||
"""
|
||||
|
||||
[[audits.bytecode-alliance.audits.object]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.30.3 -> 0.31.1"
|
||||
notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
|
||||
|
||||
[[audits.bytecode-alliance.audits.pin-utils]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -464,6 +445,126 @@ criteria = "safe-to-deploy"
|
|||
delta = "0.6.1 -> 0.6.2"
|
||||
notes = "No notable changes"
|
||||
|
||||
[[audits.google.audits.addr2line]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.19.0"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.bytemuck]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "1.13.1"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.clap_lex]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.4.1"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.crossbeam-channel]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.5.7"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.crossbeam-deque]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.8.3"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.crossbeam-epoch]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.9.14"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.crossbeam-epoch]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
delta = "0.9.14 -> 0.9.15"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.env_logger]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.9.3"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.env_logger]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
delta = "0.9.3 -> 0.8.4"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.futures]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.3.28"
|
||||
notes = """
|
||||
`futures` has no logic other than tests - it simply `pub use`s things from
|
||||
other crates.
|
||||
"""
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.gimli]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.27.3"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.itertools]]
|
||||
who = "ChromeOS"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.10.5"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.object]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "0.30.3"
|
||||
notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review."
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.proc-macro-error-attr]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.4"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.stable_deref_trait]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "1.2.0"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.tokio]]
|
||||
who = "Vovo Yang <vovoy@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "1.29.1"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.tokio-macros]]
|
||||
who = "Vovo Yang <vovoy@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "2.1.0"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.uuid]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-run"
|
||||
version = "1.3.0"
|
||||
notes = "Randomness and hashing involved in UUID generation is sourced from other crates."
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.google.audits.version_check]]
|
||||
who = "George Burgess IV <gbiv@google.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.9.4"
|
||||
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
||||
|
||||
[[audits.isrg.audits.aes]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -489,6 +590,11 @@ who = "David Cook <dcook@divviup.org>"
|
|||
criteria = "safe-to-deploy"
|
||||
version = "0.9.0"
|
||||
|
||||
[[audits.isrg.audits.clap_lex]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-run"
|
||||
delta = "0.4.1 -> 0.5.0"
|
||||
|
||||
[[audits.isrg.audits.criterion]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -748,30 +854,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.11.0"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.21 -> 0.3.23"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.23 -> 0.3.25"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.25 -> 0.3.26"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.3.26 -> 0.3.28"
|
||||
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.futures-channel]]
|
||||
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -1276,6 +1358,13 @@ delta = "1.0.8 -> 1.0.9"
|
|||
notes = "Dependency updates only"
|
||||
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
||||
|
||||
[[audits.mozilla.audits.uuid]]
|
||||
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "1.3.0 -> 1.4.1"
|
||||
notes = "Internal refactoring, new target support"
|
||||
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.aead]]
|
||||
who = "Jack Grigg <jack@electriccoin.co>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue