mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

Import cargo-vet audits from Google

Browse source
This commit is contained in:
Jack Grigg 2023-08-06 14:58:57 +00:00
parent ae14d195fd
commit 2e11dd37cf
2 changed files with 141 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

71
supply-chain/config.toml
View file

@ -10,6 +10,9 @@ url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-c
[imports.embark-studios]
url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
[imports.google]
url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml"
[imports.isrg]
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml"
@ -35,10 +38,6 @@ audit-as-crates-io = false
[policy.rage]
audit-as-crates-io = false
[[exemptions.addr2line]]
version = "0.17.0"
criteria = "safe-to-run"
[[exemptions.aead]]
version = "0.5.1"
criteria = "safe-to-deploy"
@ -99,10 +98,6 @@ criteria = "safe-to-deploy"
version = "0.9.1"
criteria = "safe-to-deploy"
[[exemptions.bytemuck]]
version = "1.13.1"
criteria = "safe-to-run"
[[exemptions.byteorder]]
version = "1.4.3"
criteria = "safe-to-deploy"
@ -155,10 +150,6 @@ criteria = "safe-to-run"
version = "3.2.5"
criteria = "safe-to-run"
[[exemptions.clap_lex]]
version = "0.2.4"
criteria = "safe-to-run"
[[exemptions.console]]
version = "0.15.7"
criteria = "safe-to-deploy"
@ -199,18 +190,6 @@ criteria = "safe-to-run"
version = "0.4.5"
criteria = "safe-to-run"
[[exemptions.crossbeam-channel]]
version = "0.5.7"
criteria = "safe-to-run"
[[exemptions.crossbeam-deque]]
version = "0.8.3"
criteria = "safe-to-run"
[[exemptions.crossbeam-epoch]]
version = "0.9.15"
criteria = "safe-to-run"
[[exemptions.crossbeam-utils]]
version = "0.8.16"
criteria = "safe-to-deploy"
@ -243,10 +222,6 @@ criteria = "safe-to-deploy"
version = "0.3.6"
criteria = "safe-to-deploy"
[[exemptions.env_logger]]
version = "0.8.4"
criteria = "safe-to-run"
[[exemptions.env_logger]]
version = "0.9.0"
criteria = "safe-to-deploy"
@ -279,10 +254,6 @@ criteria = "safe-to-deploy"
version = "0.11.1"
criteria = "safe-to-deploy"
[[exemptions.futures]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-macro]]
version = "0.3.21"
criteria = "safe-to-deploy"
@ -311,10 +282,6 @@ criteria = "safe-to-deploy"
version = "0.2.10"
criteria = "safe-to-deploy"
[[exemptions.gimli]]
version = "0.26.1"
criteria = "safe-to-run"
[[exemptions.gumdrop]]
version = "0.8.1"
criteria = "safe-to-deploy"
@ -375,10 +342,6 @@ criteria = "safe-to-run"
version = "0.1.1"
criteria = "safe-to-deploy"
[[exemptions.itertools]]
version = "0.10.5"
criteria = "safe-to-run"
[[exemptions.itoa]]
version = "1.0.6"
criteria = "safe-to-run"
@ -463,10 +426,6 @@ criteria = "safe-to-deploy"
version = "0.1.1"
criteria = "safe-to-deploy"
[[exemptions.object]]
version = "0.30.4"
criteria = "safe-to-run"
[[exemptions.once_cell]]
version = "1.15.0"
criteria = "safe-to-deploy"
@ -563,10 +522,6 @@ criteria = "safe-to-deploy"
version = "1.0.4"
criteria = "safe-to-deploy"
[[exemptions.proc-macro-error-attr]]
version = "1.0.4"
criteria = "safe-to-deploy"
[[exemptions.quick-xml]]
version = "0.26.0"
criteria = "safe-to-run"
@ -703,10 +658,6 @@ criteria = "safe-to-deploy"
version = "0.7.2"
criteria = "safe-to-deploy"
[[exemptions.stable_deref_trait]]
version = "1.2.0"
criteria = "safe-to-run"
[[exemptions.static_assertions]]
version = "1.1.0"
criteria = "safe-to-deploy"
@ -771,14 +722,6 @@ criteria = "safe-to-deploy"
version = "1.2.1"
criteria = "safe-to-run"
[[exemptions.tokio]]
version = "1.28.2"
criteria = "safe-to-run"
[[exemptions.tokio-macros]]
version = "2.1.0"
criteria = "safe-to-run"
[[exemptions.toml]]
version = "0.5.9"
criteria = "safe-to-deploy"
@ -799,14 +742,6 @@ criteria = "safe-to-deploy"
version = "0.11.0"
criteria = "safe-to-deploy"
[[exemptions.uuid]]
version = "1.3.4"
criteria = "safe-to-run"
[[exemptions.version_check]]
version = "0.9.4"
criteria = "safe-to-deploy"
[[exemptions.walkdir]]
version = "2.3.3"
criteria = "safe-to-deploy"

187
supply-chain/imports.lock
View file

@ -148,15 +148,6 @@ user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2024-03-10"
[[audits.bytecode-alliance.audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.19.0"
notes = """
This is a minor update for addr2line which looks to mainly update its
dependencies and refactor existing code to expose more functionality and such.
"""
[[audits.bytecode-alliance.audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -317,22 +308,6 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.26.1 -> 0.27.0"
notes = """
This is a standard update to gimli for more DWARF support for more platforms,
more features, etc. Some minor `unsafe` code was added that does not appear
incorrect. Otherwise looks like someone probably ran clippy and/or rustfmt.
"""
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.27.0 -> 0.27.3"
notes = "More support for more DWARF, nothing major in this update. Some small refactorings and updates to publication of the package but otherwise everything's in order."
[[audits.bytecode-alliance.audits.hashbrown]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
@ -393,6 +368,12 @@ its own longevity should be relatively hardened against some of the more common
compression-related issues.
"""
[[audits.bytecode-alliance.audits.object]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.30.3 -> 0.31.1"
notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -464,6 +445,126 @@ criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.6.2"
notes = "No notable changes"
[[audits.google.audits.addr2line]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.19.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.bytemuck]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "1.13.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.clap_lex]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.4.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-channel]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.5.7"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-deque]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.8.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-epoch]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.9.14"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.crossbeam-epoch]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.9.14 -> 0.9.15"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.env_logger]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.9.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.env_logger]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.9.3 -> 0.8.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.futures]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.28"
notes = """
`futures` has no logic other than tests - it simply `pub use`s things from
other crates.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.gimli]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.27.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.itertools]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.10.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.object]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.30.3"
notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review."
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.stable_deref_trait]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "1.2.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tokio]]
who = "Vovo Yang <vovoy@google.com>"
criteria = "safe-to-run"
version = "1.29.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tokio-macros]]
who = "Vovo Yang <vovoy@google.com>"
criteria = "safe-to-run"
version = "2.1.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.uuid]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "1.3.0"
notes = "Randomness and hashing involved in UUID generation is sourced from other crates."
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.isrg.audits.aes]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
@ -489,6 +590,11 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"
[[audits.isrg.audits.clap_lex]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-run"
delta = "0.4.1 -> 0.5.0"
[[audits.isrg.audits.criterion]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-run"
@ -748,30 +854,6 @@ criteria = "safe-to-deploy"
version = "0.11.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.28"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1276,6 +1358,13 @@ delta = "1.0.8 -> 1.0.9"
notes = "Dependency updates only"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.uuid]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.0 -> 1.4.1"
notes = "Internal refactoring, new target support"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.zcash.audits.aead]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"