mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #436 from str4d/cargo-vet-0.9

Browse source 
Bump `cargo-vet` to 0.9
This commit is contained in:
str4d 2024-01-07 01:11:55 +00:00 committed by GitHub
commit dd14a4efec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
supply-chain/config.toml
View file

@ -2,7 +2,7 @@
# cargo-vet config file
[cargo-vet]
version = "0.8"
version = "0.9"
[imports.bytecode-alliance]
url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
@ -181,10 +181,6 @@ criteria = "safe-to-deploy"
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.core-foundation-sys]]
version = "0.8.6"
criteria = "safe-to-deploy"
[[exemptions.cpp_demangle]]
version = "0.4.3"
criteria = "safe-to-run"
@ -365,14 +361,6 @@ criteria = "safe-to-deploy"
version = "0.8.3"
criteria = "safe-to-deploy"
[[exemptions.iana-time-zone]]
version = "0.1.59"
criteria = "safe-to-deploy"
[[exemptions.iana-time-zone-haiku]]
version = "0.1.2"
criteria = "safe-to-deploy"
[[exemptions.indexmap]]
version = "2.0.0"
criteria = "safe-to-deploy"

40
supply-chain/imports.lock
View file

@ -8,6 +8,13 @@ user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
[[publisher.core-foundation-sys]]
version = "0.8.4"
when = "2023-04-03"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"
[[publisher.windows-sys]]
version = "0.45.0"
when = "2023-01-21"
@ -270,6 +277,15 @@ criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.core-foundation-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.6"
notes = """
The changes here are all typical bindings updates: new functions, types, and
constants. I have not audited all the bindings for ABI conformance.
"""
[[audits.bytecode-alliance.audits.criterion]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -328,6 +344,20 @@ criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
[[audits.bytecode-alliance.audits.iana-time-zone]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.59"
notes = """
I also manually ran windows-bindgen and confirmed that the output matches
the bindings checked into the repo.
"""
[[audits.bytecode-alliance.audits.iana-time-zone-haiku]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.2"
[[audits.bytecode-alliance.audits.libm]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -900,6 +930,16 @@ who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.83"
[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-10-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"