mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

cargo vet regenerate imports

Browse source
This commit is contained in:
Jack Grigg 2023-08-06 14:58:36 +00:00
parent b9f4e6b4a8
commit ae14d195fd
2 changed files with 143 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

36
supply-chain/config.toml
View file

@ -215,14 +215,6 @@ criteria = "safe-to-run"
version = "0.8.16"
criteria = "safe-to-deploy"
[[exemptions.csv]]
version = "1.2.2"
criteria = "safe-to-run"
[[exemptions.csv-core]]
version = "0.1.10"
criteria = "safe-to-run"
[[exemptions.ctr]]
version = "0.9.2"
criteria = "safe-to-deploy"
@ -379,10 +371,6 @@ criteria = "safe-to-deploy"
version = "0.11.15"
criteria = "safe-to-run"
[[exemptions.instant]]
version = "0.1.12"
criteria = "safe-to-deploy"
[[exemptions.io_tee]]
version = "0.1.1"
criteria = "safe-to-deploy"
@ -443,14 +431,6 @@ criteria = "safe-to-run"
version = "0.2.1"
criteria = "safe-to-deploy"
[[exemptions.miniz_oxide]]
version = "0.5.3"
criteria = "safe-to-run"
[[exemptions.nix]]
version = "0.24.3"
criteria = "safe-to-run"
[[exemptions.nix]]
version = "0.26.1"
criteria = "safe-to-deploy"
@ -495,10 +475,6 @@ criteria = "safe-to-deploy"
version = "11.1.3"
criteria = "safe-to-run"
[[exemptions.os_str_bytes]]
version = "6.5.1"
criteria = "safe-to-run"
[[exemptions.page_size]]
version = "0.4.2"
criteria = "safe-to-deploy"
@ -623,10 +599,6 @@ criteria = "safe-to-deploy"
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.2.16"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.3.5"
criteria = "safe-to-deploy"
@ -783,14 +755,6 @@ criteria = "safe-to-run"
version = "2.2.2"
criteria = "safe-to-run"
[[exemptions.textwrap]]
version = "0.11.0"
criteria = "safe-to-run"
[[exemptions.textwrap]]
version = "0.16.0"
criteria = "safe-to-run"
[[exemptions.threadpool]]
version = "1.8.1"
criteria = "safe-to-deploy"

206
supply-chain/imports.lock
View file

@ -15,13 +15,6 @@ user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"
[[publisher.unicode-width]]
version = "0.1.10"
when = "2022-09-13"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.windows-sys]]
version = "0.45.0"
when = "2023-01-21"
@ -44,8 +37,8 @@ user-login = "kennykerr"
user-name = "Kenny Kerr"
[[publisher.windows-targets]]
version = "0.48.0"
when = "2023-03-31"
version = "0.48.1"
when = "2023-06-28"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"
@ -164,12 +157,24 @@ This is a minor update for addr2line which looks to mainly update its
dependencies and refactor existing code to expose more functionality and such.
"""
[[audits.bytecode-alliance.audits.addr2line]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.0"
notes = "This version brings support for split-dwarf which while it uses the filesystem is always done at the behest of the caller, so everything is as expected for this update."
[[audits.bytecode-alliance.audits.adler]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
[[audits.bytecode-alliance.audits.anes]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.6"
notes = "Contains no unsafe code, no IO, no build.rs."
[[audits.bytecode-alliance.audits.atty]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -202,6 +207,25 @@ criteria = "safe-to-deploy"
version = "0.21.0"
notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
[[audits.bytecode-alliance.audits.bitflags]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.2.1"
notes = """
This version adds unsafe impls of traits from the bytemuck crate when built
with that library enabled, but I believe the impls satisfy the documented
safety requirements for bytemuck. The other changes are minor.
"""
[[audits.bytecode-alliance.audits.bitflags]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.3.2 -> 2.3.3"
notes = """
Nothing outside the realm of what one would expect from a bitflags generator,
all as expected.
"""
[[audits.bytecode-alliance.audits.block-buffer]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
@ -222,6 +246,21 @@ This is a minor update that looks to add some more detected CPU features and
various other minor portability fixes such as MIRI support.
"""
[[audits.bytecode-alliance.audits.criterion]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.3.6 -> 0.4.0"
notes = """
criterion v0.3.6..v0.4.0 is mostly re-arranging the crate features and bumping dependencies. all changes
to code seem to be confined to benchmarks.
"""
[[audits.bytecode-alliance.audits.criterion-plot]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.4.5 -> 0.5.0"
notes = "Just a version bump, only change to code is to remove an allow(deprecated)"
[[audits.bytecode-alliance.audits.crypto-common]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
@ -288,23 +327,23 @@ more features, etc. Some minor `unsafe` code was added that does not appear
incorrect. Otherwise looks like someone probably ran clippy and/or rustfmt.
"""
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Dan Gohman <dev@sunfishcode.online>"
[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
notes = "I am the author of this crate."
delta = "0.27.0 -> 0.27.3"
notes = "More support for more DWARF, nothing major in this update. Some small refactorings and updates to publication of the package but otherwise everything's in order."
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Pat Hickey <phickey@fastly.com>"
[[audits.bytecode-alliance.audits.hashbrown]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "1.0.3 -> 1.0.5"
notes = "The Bytecode Alliance is the author of this crate."
delta = "0.12.3 -> 0.13.1"
notes = "The diff looks plausible. Much of it is low-level memory-layout code and I can't be 100% certain without a deeper dive into the implementation logic, but nothing looks actively malicious."
[[audits.bytecode-alliance.audits.io-lifetimes]]
who = "Dan Gohman <dev@sunfishcode.online>"
[[audits.bytecode-alliance.audits.hashbrown]]
who = "Trevor Elliott <telliott@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.5 -> 1.0.10"
notes = "I am the maintainer of this crate."
delta = "0.13.1 -> 0.13.2"
notes = "I read through the diff between v0.13.1 and v0.13.2, and verified that the changes made matched up with the changelog entries. There were very few changes between these two releases, and it was easy to verify what they did."
[[audits.bytecode-alliance.audits.is-terminal]]
who = "Dan Gohman <dev@sunfishcode.online>"
@ -315,6 +354,12 @@ The is-terminal implementation code is now sync'd up with the prototype
implementation in the Rust standard library.
"""
[[audits.bytecode-alliance.audits.libc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.146 -> 0.2.147"
notes = "Only new type definitions and updating others for some platforms, no major changes"
[[audits.bytecode-alliance.audits.libm]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -358,6 +403,15 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.51 -> 1.0.57"
[[audits.bytecode-alliance.audits.proc-macro2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.0.59 -> 1.0.63"
notes = """
This is a routine update for new nightly features and new syntax popping up on
nightly, nothing out of the ordinary.
"""
[[audits.bytecode-alliance.audits.quote]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -410,6 +464,11 @@ criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.6.2"
notes = "No notable changes"
[[audits.isrg.audits.aes]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.3"
[[audits.isrg.audits.aes-gcm]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
@ -430,6 +489,11 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"
[[audits.isrg.audits.criterion]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-run"
delta = "0.4.0 -> 0.5.1"
[[audits.isrg.audits.digest]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
@ -530,15 +594,6 @@ renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
@ -565,6 +620,25 @@ version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 2.0.2"
notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.2.1 -> 2.3.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.block-buffer]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -638,6 +712,12 @@ criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.9.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.env_logger]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -868,12 +948,6 @@ it's not exploitable.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.miniz_oxide]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.3 -> 0.6.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.nom]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -980,6 +1054,13 @@ delta = "1.0.57 -> 1.0.59"
notes = "Enabled on Wasm"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.63 -> 1.0.66"
notes = "Removed special support for some really old Rust versions"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@ -1060,18 +1141,6 @@ version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_cbor]]
who = "R. Martinho Fernandes <bugs@rmf.io>"
criteria = "safe-to-deploy"
version = "0.11.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_cbor]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.1 -> 0.11.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.serde_json]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
@ -1240,10 +1309,15 @@ criteria = "safe-to-deploy"
delta = "0.14.6 -> 0.14.7"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.gimli]]
who = "Jack Grigg <jack@z.cash>"
[[audits.zcash.audits.hashbrown]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.27.0 -> 0.27.2"
delta = "0.13.2 -> 0.14.0"
notes = """
There is some additional use of unsafe code but the changes in this crate looked plausible.
There is a new default dependency on the `allocator-api2` crate, which itself has quite a lot of unsafe code.
Many previously undocumented safety requirements have been documented.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.indexmap]]
@ -1259,12 +1333,6 @@ version = "0.1.3"
notes = "Reviewed in full."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.io-lifetimes]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.log]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
@ -1278,12 +1346,6 @@ delta = "0.26.1 -> 0.26.2"
notes = "Fixes `SockaddrIn6` endianness bug."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.proc-macro2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.59 -> 1.0.60"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.rustc-demangle]]
who = "Sean Bowe <ewillbefull@gmail.com>"
criteria = "safe-to-deploy"
@ -1302,6 +1364,18 @@ criteria = "safe-to-deploy"
delta = "1.0.95 -> 1.0.96"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.sha2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"
notes = """
The new `unsafe` assembly backend only uses aarch64 intrinsics, via their typed
Rust APIs (aside from the SHA2-specific intrinsics that are not in Rust yet). I
did not perform a cryptographic review, but the code to load from and store into
the function arguments looks correct.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.signature]]
who = "Daira Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
@ -1332,6 +1406,12 @@ delta = "0.5.1 -> 0.6.1"
notes = "Fixes a bug in parsing negative minutes in datetime string offsets."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.toml_datetime]]
who = "Jack Grigg <thestr4d@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.6.2 -> 0.6.3"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
[[audits.zcash.audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"