mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

cargo update

Browse source
This commit is contained in:
Jack Grigg 2023-06-13 21:06:25 +00:00
parent 5b2ade12a4
commit 4e5e0eeb34
6 changed files with 723 additions and 491 deletions
Download patch file Download diff file Expand all files Collapse all files

54
supply-chain/audits.toml
View file

@ -5,3 +5,57 @@
description = "The cryptographic code in this crate has been reviewed for correctness by a member of a designated set of cryptography experts within the project."
[audits]
[[trusted.windows-sys]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-15"
end = "2024-08-06"
[[trusted.windows-targets]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2022-09-09"
end = "2024-08-06"
[[trusted.windows_aarch64_gnullvm]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2022-09-01"
end = "2024-08-06"
[[trusted.windows_aarch64_msvc]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-05"
end = "2024-08-06"
[[trusted.windows_i686_gnu]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-28"
end = "2024-08-06"
[[trusted.windows_i686_msvc]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "2024-08-06"
[[trusted.windows_x86_64_gnu]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-28"
end = "2024-08-06"
[[trusted.windows_x86_64_gnullvm]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2022-09-01"
end = "2024-08-06"
[[trusted.windows_x86_64_msvc]]
criteria = "safe-to-deploy"
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "2024-08-06"

114
supply-chain/config.toml
View file

@ -2,7 +2,7 @@
# cargo-vet config file
[cargo-vet]
version = "0.7"
version = "0.8"
[imports.bytecode-alliance]
url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
@ -39,10 +39,6 @@ audit-as-crates-io = false
version = "0.17.0"
criteria = "safe-to-run"
[[exemptions.adler]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.aead]]
version = "0.5.1"
criteria = "safe-to-deploy"
@ -56,11 +52,11 @@ version = "0.10.1"
criteria = "safe-to-deploy"
[[exemptions.ahash]]
version = "0.8.0"
version = "0.8.3"
criteria = "safe-to-run"
[[exemptions.aho-corasick]]
version = "0.7.18"
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.android-tzdata]]
@ -71,12 +67,16 @@ criteria = "safe-to-deploy"
version = "1.6.0"
criteria = "safe-to-deploy"
[[exemptions.arrayvec]]
version = "0.7.3"
criteria = "safe-to-run"
[[exemptions.base64]]
version = "0.13.1"
criteria = "safe-to-deploy"
[[exemptions.base64ct]]
version = "1.5.3"
version = "1.6.0"
criteria = "safe-to-deploy"
[[exemptions.bcrypt-pbkdf]]
@ -103,10 +103,6 @@ criteria = "safe-to-deploy"
version = "0.9.1"
criteria = "safe-to-deploy"
[[exemptions.bstr]]
version = "0.2.17"
criteria = "safe-to-run"
[[exemptions.bytemuck]]
version = "1.13.1"
criteria = "safe-to-run"
@ -216,15 +212,15 @@ version = "0.8.3"
criteria = "safe-to-run"
[[exemptions.crossbeam-epoch]]
version = "0.9.14"
version = "0.9.15"
criteria = "safe-to-run"
[[exemptions.crossbeam-utils]]
version = "0.8.15"
version = "0.8.16"
criteria = "safe-to-deploy"
[[exemptions.csv]]
version = "1.1.6"
version = "1.2.2"
criteria = "safe-to-run"
[[exemptions.csv-core]]
@ -236,7 +232,7 @@ version = "0.9.2"
criteria = "safe-to-deploy"
[[exemptions.ctrlc]]
version = "3.3.1"
version = "3.4.0"
criteria = "safe-to-deploy"
[[exemptions.curve25519-dalek]]
@ -351,20 +347,16 @@ criteria = "safe-to-deploy"
version = "0.12.3"
criteria = "safe-to-deploy"
[[exemptions.hmac]]
version = "0.12.1"
criteria = "safe-to-deploy"
[[exemptions.humantime]]
version = "2.1.0"
criteria = "safe-to-deploy"
[[exemptions.i18n-config]]
version = "0.4.3"
version = "0.4.4"
criteria = "safe-to-deploy"
[[exemptions.i18n-embed]]
version = "0.13.8"
version = "0.13.9"
criteria = "safe-to-deploy"
[[exemptions.i18n-embed-fl]]
@ -372,7 +364,7 @@ version = "0.6.7"
criteria = "safe-to-deploy"
[[exemptions.i18n-embed-impl]]
version = "0.8.0"
version = "0.8.1"
criteria = "safe-to-deploy"
[[exemptions.iana-time-zone]]
@ -385,20 +377,16 @@ criteria = "safe-to-deploy"
[[exemptions.indexmap]]
version = "1.9.1"
criteria = "safe-to-run"
criteria = "safe-to-deploy"
[[exemptions.inferno]]
version = "0.11.14"
version = "0.11.15"
criteria = "safe-to-run"
[[exemptions.instant]]
version = "0.1.12"
criteria = "safe-to-deploy"
[[exemptions.io-lifetimes]]
version = "1.0.11"
criteria = "safe-to-deploy"
[[exemptions.io_tee]]
version = "0.1.1"
criteria = "safe-to-deploy"
@ -407,10 +395,6 @@ criteria = "safe-to-deploy"
version = "0.10.5"
criteria = "safe-to-run"
[[exemptions.itoa]]
version = "0.4.8"
criteria = "safe-to-run"
[[exemptions.itoa]]
version = "1.0.6"
criteria = "safe-to-deploy"
@ -420,7 +404,7 @@ version = "0.1.26"
criteria = "safe-to-deploy"
[[exemptions.js-sys]]
version = "0.3.63"
version = "0.3.64"
criteria = "safe-to-deploy"
[[exemptions.libc]]
@ -456,7 +440,7 @@ version = "0.5.10"
criteria = "safe-to-run"
[[exemptions.memoffset]]
version = "0.6.5"
version = "0.9.0"
criteria = "safe-to-run"
[[exemptions.minimal-lexical]]
@ -467,10 +451,6 @@ criteria = "safe-to-deploy"
version = "0.5.3"
criteria = "safe-to-run"
[[exemptions.miniz_oxide]]
version = "0.7.1"
criteria = "safe-to-deploy"
[[exemptions.nix]]
version = "0.24.3"
criteria = "safe-to-run"
@ -495,10 +475,6 @@ criteria = "safe-to-run"
version = "1.13.1"
criteria = "safe-to-deploy"
[[exemptions.num_threads]]
version = "0.1.6"
criteria = "safe-to-deploy"
[[exemptions.objc]]
version = "0.2.7"
criteria = "safe-to-deploy"
@ -615,10 +591,6 @@ criteria = "safe-to-deploy"
version = "1.0.4"
criteria = "safe-to-deploy"
[[exemptions.proc-macro2]]
version = "1.0.60"
criteria = "safe-to-deploy"
[[exemptions.quick-xml]]
version = "0.26.0"
criteria = "safe-to-run"
@ -647,10 +619,6 @@ criteria = "safe-to-deploy"
version = "0.5.1"
criteria = "safe-to-deploy"
[[exemptions.rand_core]]
version = "0.6.4"
criteria = "safe-to-deploy"
[[exemptions.rand_hc]]
version = "0.2.0"
criteria = "safe-to-deploy"
@ -664,15 +632,11 @@ version = "0.3.5"
criteria = "safe-to-deploy"
[[exemptions.regex]]
version = "1.5.6"
version = "1.8.4"
criteria = "safe-to-deploy"
[[exemptions.regex-automata]]
version = "0.1.10"
criteria = "safe-to-run"
[[exemptions.regex-syntax]]
version = "0.6.26"
version = "0.7.2"
criteria = "safe-to-deploy"
[[exemptions.rgb]]
@ -747,8 +711,8 @@ criteria = "safe-to-deploy"
version = "1.0.81"
criteria = "safe-to-deploy"
[[exemptions.sha2]]
version = "0.10.6"
[[exemptions.serde_spanned]]
version = "0.6.2"
criteria = "safe-to-deploy"
[[exemptions.signature]]
@ -783,10 +747,6 @@ criteria = "safe-to-run"
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.subtle]]
version = "2.4.1"
criteria = "safe-to-deploy"
[[exemptions.symbolic-common]]
version = "9.2.1"
criteria = "safe-to-run"
@ -840,7 +800,7 @@ version = "0.1.44"
criteria = "safe-to-deploy"
[[exemptions.time]]
version = "0.3.15"
version = "0.3.22"
criteria = "safe-to-deploy"
[[exemptions.tinytemplate]]
@ -859,6 +819,10 @@ criteria = "safe-to-run"
version = "0.5.9"
criteria = "safe-to-deploy"
[[exemptions.toml_edit]]
version = "0.19.10"
criteria = "safe-to-deploy"
[[exemptions.type-map]]
version = "0.4.0"
criteria = "safe-to-deploy"
@ -872,7 +836,7 @@ version = "0.11.0"
criteria = "safe-to-deploy"
[[exemptions.uuid]]
version = "1.3.3"
version = "1.3.4"
criteria = "safe-to-run"
[[exemptions.version_check]]
@ -896,27 +860,23 @@ version = "0.11.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen]]
version = "0.2.86"
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-backend]]
version = "0.2.86"
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro]]
version = "0.2.86"
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-macro-support]]
version = "0.2.86"
criteria = "safe-to-deploy"
[[exemptions.wasm-bindgen-shared]]
version = "0.2.86"
version = "0.2.87"
criteria = "safe-to-deploy"
[[exemptions.web-sys]]
version = "0.3.63"
version = "0.3.64"
criteria = "safe-to-deploy"
[[exemptions.which]]
@ -943,6 +903,10 @@ criteria = "safe-to-deploy"
version = "0.48.0"
criteria = "safe-to-deploy"
[[exemptions.winnow]]
version = "0.4.6"
criteria = "safe-to-deploy"
[[exemptions.wsl]]
version = "0.1.0"
criteria = "safe-to-deploy"
@ -984,5 +948,5 @@ version = "5.0.2+zstd.1.5.2"
criteria = "safe-to-deploy"
[[exemptions.zstd-sys]]
version = "2.0.4+zstd.1.5.2"
version = "2.0.8+zstd.1.5.5"
criteria = "safe-to-deploy"

626
supply-chain/imports.lock
View file

@ -2,8 +2,8 @@
# cargo-vet imports lock
[[publisher.bumpalo]]
version = "3.12.0"
when = "2023-01-17"
version = "3.13.0"
when = "2023-05-22"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
@ -22,6 +22,132 @@ user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.windows-sys]]
version = "0.45.0"
when = "2023-01-21"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-sys]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_gnullvm]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_gnullvm]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_msvc]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_aarch64_msvc]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_gnu]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_gnu]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_msvc]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_i686_msvc]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnu]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnu]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnullvm]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_gnullvm]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_msvc]]
version = "0.42.2"
when = "2023-03-13"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows_x86_64_msvc]]
version = "0.48.0"
when = "2023-03-31"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
@ -38,14 +164,11 @@ This is a minor update for addr2line which looks to mainly update its
dependencies and refactor existing code to expose more functionality and such.
"""
[[audits.bytecode-alliance.audits.arrayvec]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
[[audits.bytecode-alliance.audits.adler]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.7.2"
notes = """
Well documented invariants, good assertions for those invariants in unsafe code,
and tested with MIRI to boot. LGTM.
"""
version = "1.0.2"
notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
[[audits.bytecode-alliance.audits.atty]]
who = "Alex Crichton <alex@alexcrichton.com>"
@ -159,6 +282,33 @@ more features, etc. Some minor `unsafe` code was added that does not appear
incorrect. Otherwise looks like someone probably ran clippy and/or rustfmt.
"""
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "1.0.3"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.5"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "1.0.5 -> 1.0.10"
notes = "I am the maintainer of this crate."
[[audits.bytecode-alliance.audits.is-terminal]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.4.7"
notes = """
The is-terminal implementation code is now sync'd up with the prototype
implementation in the Rust standard library.
"""
[[audits.bytecode-alliance.audits.libm]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -178,17 +328,30 @@ This is a minor update which has some testing affordances as well as some
updated math algorithms.
"""
[[audits.bytecode-alliance.audits.memoffset]]
[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
version = "0.7.1"
notes = """
This crate is a Rust implementation of zlib compression/decompression and has
been used by default by the Rust standard library for quite some time. It's also
a default dependency of the popular `backtrace` crate for decompressing debug
information. This crate forbids unsafe code and does not otherwise access system
resources. It's originally a port of the `miniz.c` library as well, and given
its own longevity should be relatively hardened against some of the more common
compression-related issues.
"""
[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.proc-macro2]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.51 -> 1.0.57"
[[audits.bytecode-alliance.audits.quote]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -211,168 +374,6 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.8"
[[audits.bytecode-alliance.audits.windows-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows-sys]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.45.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows-targets]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. Additionally, this particular crate is empty and just collects a bunch of dependencies, which are not exported, so I don't understand why it exists at all."
[[audits.bytecode-alliance.audits.windows-targets]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. It just provides the import libs needed by windows-sys."
[[audits.bytecode-alliance.audits.windows_aarch64_gnullvm]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_aarch64_gnullvm]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_aarch64_gnullvm]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_aarch64_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_aarch64_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_aarch64_msvc]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_i686_gnu]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_i686_gnu]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_i686_gnu]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_i686_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_i686_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_i686_msvc]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_x86_64_gnu]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_gnu]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_gnu]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_x86_64_gnullvm]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_gnullvm]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_gnullvm]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.bytecode-alliance.audits.windows_x86_64_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.42.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_msvc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.48.0"
notes = "This is a Windows API bindings library maintained by Microsoft themselves."
[[audits.bytecode-alliance.audits.windows_x86_64_msvc]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.42.0 -> 0.42.1"
notes = "This is a Windows API bindings library maintained by Microsoft themselves. The diff is just adding license files."
[[audits.embark-studios.audits.epaint]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
violation = "<0.20.0"
notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321"
[[audits.embark-studios.audits.quickcheck_macros]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
@ -391,6 +392,18 @@ criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Found no unsafe or ambient capabilities used"
[[audits.embark-studios.audits.toml]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.7.4"
notes = "No unsafe usage or ambient capabilities"
[[audits.embark-studios.audits.toml_datetime]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.6.2"
notes = "No notable changes"
[[audits.isrg.audits.aes-gcm]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
@ -416,6 +429,11 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.5.0"
[[audits.isrg.audits.hmac]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.12.1"
[[audits.isrg.audits.once_cell]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -431,11 +449,21 @@ who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.17.1 -> 1.17.2"
[[audits.isrg.audits.once_cell]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.17.2 -> 1.18.0"
[[audits.isrg.audits.opaque-debug]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.isrg.audits.rand_core]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.6.3"
[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
@ -456,10 +484,10 @@ who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.0.94 -> 1.0.95"
[[audits.isrg.audits.subtle]]
[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "2.4.1 -> 2.5.0"
version = "0.10.2"
[[audits.isrg.audits.universal-hash]]
who = "David Cook <dcook@divviup.org>"
@ -471,6 +499,11 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.5.1"
[[audits.isrg.audits.wasm-bindgen-shared]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.83"
[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@ -490,12 +523,6 @@ end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.aho-corasick]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.7.18 -> 0.7.20"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
@ -806,6 +833,13 @@ criteria = "safe-to-deploy"
version = "0.4.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.log]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.4.17 -> 0.4.18"
notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.malloc_buf]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@ -818,12 +852,6 @@ it's not exploitable.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.memoffset]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.5 -> 0.7.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.miniz_oxide]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -881,6 +909,61 @@ criteria = "safe-to-deploy"
delta = "0.2.16 -> 0.2.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.39"
notes = """
`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
`proc_macro` crate, or as a fallback implementation of the crate, depending on
where it is used.
If using this crate on older versions of rustc (1.56 and earlier), it will
temporarily replace the panic handler while initializing in order to detect if
it is running within a `proc_macro`, which could lead to surprising behaviour.
This should not be an issue for more recent compiler versions, which support
`proc_macro::is_available()`.
The `proc-macro2` crate's fallback behaviour is not identical to the complex
behaviour of the rustc compiler (e.g. it does not perform unicode normalization
for identifiers), however it behaves well enough for its intended use-case
(tests and scripts processing rust code).
`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
allow bypassing checks in the fallback implementation when constructing
`Literal` using `from_str_unchecked`. This was intended to only be used by the
`quote!` macro, however it has been removed
(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
and is likely completely unused. Even when used, this API shouldn't be able to
cause unsoundness.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.39 -> 1.0.43"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.43 -> 1.0.49"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.49 -> 1.0.51"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.57 -> 1.0.59"
notes = "Enabled on Wasm"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@ -916,6 +999,12 @@ delta = "1.0.27 -> 1.0.28"
notes = "Enabled on wasm targets"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.rand_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.3 -> 0.6.4"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rayon]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
@ -948,36 +1037,6 @@ criteria = "safe-to-deploy"
delta = "1.10.1 -> 1.10.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.5.6 -> 1.6.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.6.0 -> 1.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.7.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex-syntax]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.26 -> 0.6.27"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.regex-syntax]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.27 -> 0.6.28"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rustc-hash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@ -1027,6 +1086,12 @@ criteria = "safe-to-deploy"
version = "0.10.5"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.sha2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.slab]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1039,6 +1104,13 @@ criteria = "safe-to-deploy"
delta = "0.4.7 -> 0.4.8"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.subtle]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "2.5.0"
notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.termcolor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1051,6 +1123,12 @@ criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.time-core]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.tinystr]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
@ -1165,6 +1243,18 @@ version = "0.1.3"
notes = "Reviewed in full."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.io-lifetimes]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.log]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.4.18 -> 0.4.19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.nix]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1172,16 +1262,10 @@ delta = "0.26.1 -> 0.26.2"
notes = "Fixes `SockaddrIn6` endianness bug."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.regex]]
who = "Sean Bowe <ewillbefull@gmail.com>"
[[audits.zcash.audits.proc-macro2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.7.1 -> 1.7.3"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.regex-syntax]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.6.28 -> 0.6.29"
delta = "1.0.59 -> 1.0.60"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.rustc-demangle]]
@ -1202,6 +1286,26 @@ criteria = "safe-to-deploy"
delta = "1.0.95 -> 1.0.96"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.time-core]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.toml_datetime]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.5.1"
notes = "Crate has `#![forbid(unsafe_code)]`, no `unwrap / expect / panic`, no ambient capabilities."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.toml_datetime]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.1"
notes = "Fixes a bug in parsing negative minutes in datetime string offsets."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1209,6 +1313,19 @@ delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.wasm-bindgen-shared]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.83 -> 0.2.84"
notes = "Bumps the schema version to add `linked_modules`."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.wasm-bindgen-shared]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.2.84 -> 0.2.87"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.which]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
@ -1216,61 +1333,6 @@ delta = "4.3.0 -> 4.4.0"
notes = "New APIs are remixes of existing code."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows-targets]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_aarch64_gnullvm]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_aarch64_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_i686_gnu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_i686_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_x86_64_gnu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_x86_64_gnullvm]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.windows_x86_64_msvc]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.42.1 -> 0.42.2"
notes = "This is an opaque Windows API bindings library maintained by Microsoft."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.zeroize]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"