mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

cargo vet prune

Browse source
This commit is contained in:
Jack Grigg 2023-06-12 01:26:31 +00:00
parent 4491f62132
commit 3a6ece4bdc
2 changed files with 150 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

60
supply-chain/config.toml
View file

@ -183,10 +183,6 @@ criteria = "safe-to-deploy"
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.core-foundation-sys]]
version = "0.8.3"
criteria = "safe-to-deploy"
[[exemptions.cpp_demangle]]
version = "0.3.5"
criteria = "safe-to-run"
@ -291,10 +287,6 @@ criteria = "safe-to-deploy"
version = "0.2.8"
criteria = "safe-to-deploy"
[[exemptions.errno-dragonfly]]
version = "0.1.2"
criteria = "safe-to-deploy"
[[exemptions.fastrand]]
version = "1.8.0"
criteria = "safe-to-deploy"
@ -327,30 +319,10 @@ criteria = "safe-to-deploy"
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-channel]]
version = "0.3.25"
criteria = "safe-to-deploy"
[[exemptions.futures-core]]
version = "0.3.25"
criteria = "safe-to-deploy"
[[exemptions.futures-executor]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-io]]
version = "0.3.27"
criteria = "safe-to-deploy"
[[exemptions.futures-macro]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-sink]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-task]]
version = "0.3.25"
criteria = "safe-to-deploy"
@ -495,10 +467,6 @@ criteria = "safe-to-deploy"
version = "0.4.9"
criteria = "safe-to-deploy"
[[exemptions.malloc_buf]]
version = "0.0.6"
criteria = "safe-to-deploy"
[[exemptions.man]]
version = "0.3.0"
criteria = "safe-to-run"
@ -611,10 +579,6 @@ criteria = "safe-to-deploy"
version = "0.2.9"
criteria = "safe-to-deploy"
[[exemptions.pin-utils]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.pinentry]]
version = "0.5.0"
criteria = "safe-to-deploy"
@ -627,10 +591,6 @@ criteria = "safe-to-deploy"
version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.pkg-config]]
version = "0.3.26"
criteria = "safe-to-deploy"
[[exemptions.plotters]]
version = "0.3.4"
criteria = "safe-to-run"
@ -675,10 +635,6 @@ criteria = "safe-to-run"
version = "1.0.3"
criteria = "safe-to-run"
[[exemptions.quickcheck_macros]]
version = "1.0.0"
criteria = "safe-to-run"
[[exemptions.rand]]
version = "0.7.3"
criteria = "safe-to-deploy"
@ -799,10 +755,6 @@ criteria = "safe-to-deploy"
version = "1.0.81"
criteria = "safe-to-deploy"
[[exemptions.sha1]]
version = "0.10.5"
criteria = "safe-to-deploy"
[[exemptions.sha2]]
version = "0.10.6"
criteria = "safe-to-deploy"
@ -811,10 +763,6 @@ criteria = "safe-to-deploy"
version = "1.6.4"
criteria = "safe-to-deploy"
[[exemptions.slab]]
version = "0.4.7"
criteria = "safe-to-deploy"
[[exemptions.smallvec]]
version = "1.10.0"
criteria = "safe-to-deploy"
@ -931,14 +879,6 @@ criteria = "safe-to-deploy"
version = "1.15.0"
criteria = "safe-to-deploy"
[[exemptions.unicode-width]]
version = "0.1.10"
criteria = "safe-to-deploy"
[[exemptions.unicode-xid]]
version = "0.2.4"
criteria = "safe-to-deploy"
[[exemptions.users]]
version = "0.11.0"
criteria = "safe-to-deploy"

176
supply-chain/imports.lock
View file

@ -1,6 +1,27 @@
# cargo-vet imports lock
[[publisher.core-foundation-sys]]
version = "0.8.3"
when = "2021-10-12"
user-id = 2396
user-login = "jdm"
user-name = "Josh Matthews"
[[publisher.unicode-width]]
version = "0.1.10"
when = "2022-09-13"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.unicode-xid]]
version = "0.2.4"
when = "2022-09-15"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[audits.bytecode-alliance.audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -78,6 +99,40 @@ who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.3"
[[audits.bytecode-alliance.audits.errno-dragonfly]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
[[audits.bytecode-alliance.audits.futures-channel]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
[[audits.bytecode-alliance.audits.futures-core]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
[[audits.bytecode-alliance.audits.futures-executor]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
[[audits.bytecode-alliance.audits.futures-io]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
[[audits.bytecode-alliance.audits.futures-sink]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -118,12 +173,29 @@ a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.pkg-config]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.21"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.4.6"
notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
[[audits.bytecode-alliance.audits.windows-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
@ -232,6 +304,12 @@ criteria = "safe-to-deploy"
violation = "<0.20.0"
notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321"
[[audits.embark-studios.audits.quickcheck_macros]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "Proc macro. No unsafe usage or ambient capabilities"
[[audits.isrg.audits.block-buffer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -302,6 +380,34 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.83"
[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-11-12"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-xid]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-07-25"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.aho-corasick]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -449,21 +555,9 @@ delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-executor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
delta = "0.3.27 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-executor]]
@ -478,6 +572,12 @@ criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-executor]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -496,12 +596,6 @@ criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-sink]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-sink]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -514,6 +608,12 @@ criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-sink]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.futures-task]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -623,6 +723,18 @@ criteria = "safe-to-deploy"
version = "0.4.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.malloc_buf]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.0.6"
notes = """
Very small crate for managing malloc-ed buffers, primarily for use in the objc crate.
There is an edge-case condition that passes slice::from_raw_parts(0x1, 0) which I'm
not entirely certain is technically sound, but in either case I am reasonably confident
it's not exploitable.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.memoffset]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
@ -692,6 +804,12 @@ criteria = "safe-to-deploy"
delta = "6.3.0 -> 6.4.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.pkg-config]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.ppv-lite86]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -915,6 +1033,18 @@ criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.93"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.sha1]]
who = "Dana Keeler <dkeeler@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.10.5"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.slab]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.6 -> 0.4.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.slab]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1200,12 +1330,6 @@ criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.92"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.futures-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.27"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.futures-task]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"