2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
18 [[publisher.arbitrary]]
22 user-login = "fitzgen"
23 user-name = "Nick Fitzgerald"
25 [[publisher.async-trait]]
29 user-login = "dtolnay"
30 user-name = "David Tolnay"
36 user-login = "Amanieu"
37 user-name = "Amanieu d'Antras"
39 [[publisher.audio_thread_priority]]
43 user-login = "padenot"
44 user-name = "Paul Adenot"
46 [[publisher.authenticator]]
47 version = "0.4.0-alpha.20"
50 user-login = "jschanck"
51 user-name = "John Schanck"
53 [[publisher.authenticator]]
54 version = "0.4.0-alpha.21"
57 user-login = "jschanck"
58 user-name = "John Schanck"
60 [[publisher.authenticator]]
61 version = "0.4.0-alpha.22"
64 user-login = "jschanck"
65 user-name = "John Schanck"
67 [[publisher.authenticator]]
68 version = "0.4.0-alpha.23"
71 user-login = "jschanck"
72 user-name = "John Schanck"
78 user-login = "martinthomson"
79 user-name = "Martin Thomson"
81 [[publisher.byteorder]]
85 user-login = "BurntSushi"
86 user-name = "Andrew Gallant"
92 user-login = "Darksonn"
93 user-name = "Alice Ryhl"
100 user-name = "Emilio Cobos Álvarez"
107 user-name = "Ed Page"
114 user-name = "Ed Page"
116 [[publisher.clap_builder]]
121 user-name = "Ed Page"
123 [[publisher.clap_builder]]
128 user-name = "Ed Page"
130 [[publisher.clap_derive]]
135 user-name = "Ed Page"
137 [[publisher.clap_derive]]
142 user-name = "Ed Page"
144 [[publisher.clap_lex]]
149 user-name = "Ed Page"
151 [[publisher.clap_lex]]
156 user-name = "Ed Page"
158 [[publisher.core-foundation]]
162 user-login = "jrmuizel"
163 user-name = "Jeff Muizelaar"
165 [[publisher.core-foundation-sys]]
170 user-name = "Josh Matthews"
172 [[publisher.core-graphics]]
176 user-login = "jrmuizel"
177 user-name = "Jeff Muizelaar"
179 [[publisher.core-graphics-types]]
184 user-name = "Josh Matthews"
186 [[publisher.core-text]]
190 user-login = "jrmuizel"
191 user-name = "Jeff Muizelaar"
193 [[publisher.derive_arbitrary]]
197 user-login = "fitzgen"
198 user-name = "Nick Fitzgerald"
204 user-login = "linabutler"
205 user-name = "Lina Butler"
211 user-login = "dtolnay"
212 user-name = "David Tolnay"
214 [[publisher.encoding_rs]]
218 user-login = "hsivonen"
219 user-name = "Henri Sivonen"
221 [[publisher.etagere]]
226 user-name = "Nicolas Silva"
233 user-name = "Nicolas Silva"
239 user-login = "joshtriplett"
240 user-name = "Josh Triplett"
246 user-login = "joshtriplett"
247 user-name = "Josh Triplett"
249 [[publisher.freetype]]
254 user-name = "Josh Matthews"
260 user-login = "jrmuizel"
261 user-name = "Jeff Muizelaar"
267 user-login = "badboy"
268 user-name = "Jan-Erik Rediger"
270 [[publisher.glean-core]]
274 user-login = "badboy"
275 user-name = "Jan-Erik Rediger"
277 [[publisher.glslopt]]
281 user-login = "jamienicol"
282 user-name = "Jamie Nicol"
284 [[publisher.headers]]
288 user-login = "seanmonstar"
289 user-name = "Sean McArthur"
291 [[publisher.httparse]]
295 user-login = "seanmonstar"
296 user-name = "Sean McArthur"
298 [[publisher.indexmap]]
302 user-login = "cuviper"
303 user-name = "Josh Stone"
305 [[publisher.inherent]]
309 user-login = "dtolnay"
310 user-name = "David Tolnay"
316 user-login = "carllerche"
317 user-name = "Carl Lerche"
323 user-login = "dtolnay"
324 user-name = "David Tolnay"
326 [[publisher.jobserver]]
330 user-login = "alexcrichton"
331 user-name = "Alex Crichton"
337 user-login = "Amanieu"
338 user-name = "Amanieu d'Antras"
344 user-login = "Amanieu"
345 user-name = "Amanieu d'Antras"
347 [[publisher.linux-raw-sys]]
351 user-login = "sunfishcode"
352 user-name = "Dan Gohman"
354 [[publisher.lock_api]]
358 user-login = "Amanieu"
359 user-name = "Amanieu d'Antras"
365 user-login = "BurntSushi"
366 user-name = "Andrew Gallant"
372 user-login = "seanmonstar"
373 user-name = "Sean McArthur"
379 user-login = "carllerche"
380 user-name = "Carl Lerche"
382 [[publisher.nss-gk-api]]
386 user-login = "jschanck"
387 user-name = "John Schanck"
389 [[publisher.num_cpus]]
393 user-login = "seanmonstar"
394 user-name = "Sean McArthur"
400 user-login = "martinthomson"
401 user-name = "Martin Thomson"
403 [[publisher.ordered-float]]
407 user-login = "mbrubeck"
408 user-name = "Matt Brubeck"
410 [[publisher.parking_lot]]
414 user-login = "Amanieu"
415 user-name = "Amanieu d'Antras"
417 [[publisher.parking_lot_core]]
421 user-login = "Amanieu"
422 user-name = "Amanieu d'Antras"
428 user-login = "dtolnay"
429 user-name = "David Tolnay"
435 user-login = "le-automaton"
437 [[publisher.proc-macro2]]
441 user-login = "dtolnay"
442 user-name = "David Tolnay"
448 user-login = "dtolnay"
449 user-name = "David Tolnay"
455 user-login = "BurntSushi"
456 user-name = "Andrew Gallant"
458 [[publisher.regex-syntax]]
462 user-login = "BurntSushi"
463 user-name = "Andrew Gallant"
465 [[publisher.rust_cascade]]
469 user-login = "mozkeeler"
470 user-name = "Dana Keeler"
476 user-login = "sunfishcode"
477 user-name = "Dan Gohman"
483 user-login = "dtolnay"
484 user-name = "David Tolnay"
486 [[publisher.same-file]]
490 user-login = "BurntSushi"
491 user-name = "Andrew Gallant"
493 [[publisher.scopeguard]]
497 user-login = "Amanieu"
498 user-name = "Amanieu d'Antras"
504 user-login = "dtolnay"
505 user-name = "David Tolnay"
507 [[publisher.serde_bytes]]
511 user-login = "dtolnay"
512 user-name = "David Tolnay"
514 [[publisher.serde_derive]]
518 user-login = "dtolnay"
519 user-name = "David Tolnay"
521 [[publisher.serde_json]]
525 user-login = "dtolnay"
526 user-name = "David Tolnay"
528 [[publisher.serde_repr]]
532 user-login = "dtolnay"
533 user-name = "David Tolnay"
535 [[publisher.serde_yaml]]
539 user-login = "dtolnay"
540 user-name = "David Tolnay"
542 [[publisher.smallvec]]
546 user-login = "mbrubeck"
547 user-name = "Matt Brubeck"
549 [[publisher.smallvec]]
553 user-login = "mbrubeck"
554 user-name = "Matt Brubeck"
560 user-login = "dtolnay"
561 user-name = "David Tolnay"
563 [[publisher.termcolor]]
567 user-login = "BurntSushi"
568 user-name = "Andrew Gallant"
570 [[publisher.threadbound]]
574 user-login = "dtolnay"
575 user-name = "David Tolnay"
577 [[publisher.tokio-util]]
581 user-login = "Darksonn"
582 user-name = "Alice Ryhl"
588 user-login = "alexcrichton"
589 user-name = "Alex Crichton"
591 [[publisher.unicode-ident]]
595 user-login = "dtolnay"
596 user-name = "David Tolnay"
598 [[publisher.unicode-segmentation]]
602 user-login = "Manishearth"
603 user-name = "Manish Goregaokar"
605 [[publisher.unicode-width]]
609 user-login = "Manishearth"
610 user-name = "Manish Goregaokar"
612 [[publisher.unicode-xid]]
616 user-login = "Manishearth"
617 user-name = "Manish Goregaokar"
623 user-login = "badboy"
624 user-name = "Jan-Erik Rediger"
626 [[publisher.uniffi_bindgen]]
630 user-login = "badboy"
631 user-name = "Jan-Erik Rediger"
633 [[publisher.uniffi_build]]
637 user-login = "badboy"
638 user-name = "Jan-Erik Rediger"
640 [[publisher.uniffi_checksum_derive]]
644 user-login = "badboy"
645 user-name = "Jan-Erik Rediger"
647 [[publisher.uniffi_core]]
651 user-login = "badboy"
652 user-name = "Jan-Erik Rediger"
654 [[publisher.uniffi_macros]]
658 user-login = "badboy"
659 user-name = "Jan-Erik Rediger"
661 [[publisher.uniffi_meta]]
665 user-login = "badboy"
666 user-name = "Jan-Erik Rediger"
668 [[publisher.uniffi_testing]]
672 user-login = "badboy"
673 user-name = "Jan-Erik Rediger"
675 [[publisher.utf8_iter]]
679 user-login = "hsivonen"
680 user-name = "Henri Sivonen"
682 [[publisher.walkdir]]
686 user-login = "BurntSushi"
687 user-name = "Andrew Gallant"
693 user-login = "seanmonstar"
694 user-name = "Sean McArthur"
697 version = "0.11.0+wasi-snapshot-preview1"
700 user-login = "alexcrichton"
701 user-name = "Alex Crichton"
703 [[publisher.wasm-encoder]]
707 user-login = "alexcrichton"
708 user-name = "Alex Crichton"
710 [[publisher.wasm-encoder]]
714 user-login = "alexcrichton"
715 user-name = "Alex Crichton"
717 [[publisher.wasm-smith]]
721 user-login = "alexcrichton"
722 user-name = "Alex Crichton"
724 [[publisher.wasm-smith]]
728 user-login = "alexcrichton"
729 user-name = "Alex Crichton"
731 [[publisher.wasmparser]]
735 user-login = "alexcrichton"
736 user-name = "Alex Crichton"
738 [[publisher.wasmparser]]
742 user-login = "alexcrichton"
743 user-name = "Alex Crichton"
749 user-login = "alexcrichton"
750 user-name = "Alex Crichton"
756 user-login = "alexcrichton"
757 user-name = "Alex Crichton"
759 [[publisher.winapi-util]]
763 user-login = "BurntSushi"
764 user-name = "Andrew Gallant"
766 [[publisher.windows-sys]]
770 user-login = "kennykerr"
771 user-name = "Kenny Kerr"
773 [[publisher.zeitstempel]]
777 user-login = "badboy"
778 user-name = "Jan-Erik Rediger"
780 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
781 who = "Nick Fitzgerald <fitzgen@gmail.com>"
782 criteria = "safe-to-deploy"
783 user-id = 696 # Nick Fitzgerald (fitzgen)
786 notes = "I am an author of this crate."
788 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
789 who = "Nick Fitzgerald <fitzgen@gmail.com>"
790 criteria = "safe-to-deploy"
791 user-id = 696 # Nick Fitzgerald (fitzgen)
794 notes = "I am an author of this crate"
796 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
797 who = "Alex Crichton <alex@alexcrichton.com>"
798 criteria = "safe-to-deploy"
799 user-id = 1 # Alex Crichton (alexcrichton)
803 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
804 repository of which I'm one of the primary maintainers and publishers for.
805 I am employed by a member of the Bytecode Alliance and plan to continue doing
806 so and will actively maintain this crate over time.
809 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
810 who = "Alex Crichton <alex@alexcrichton.com>"
811 criteria = "safe-to-deploy"
812 user-id = 1 # Alex Crichton (alexcrichton)
816 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
817 repository of which I'm one of the primary maintainers and publishers for.
818 I am employed by a member of the Bytecode Alliance and plan to continue doing
819 so and will actively maintain this crate over time.
822 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
823 who = "Alex Crichton <alex@alexcrichton.com>"
824 criteria = "safe-to-deploy"
825 user-id = 1 # Alex Crichton (alexcrichton)
829 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
830 repository of which I'm one of the primary maintainers and publishers for.
831 I am employed by a member of the Bytecode Alliance and plan to continue doing
832 so and will actively maintain this crate over time.
835 [[audits.bytecode-alliance.wildcard-audits.wast]]
836 who = "Alex Crichton <alex@alexcrichton.com>"
837 criteria = "safe-to-deploy"
838 user-id = 1 # Alex Crichton (alexcrichton)
842 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
843 repository of which I'm one of the primary maintainers and publishers for.
844 I am employed by a member of the Bytecode Alliance and plan to continue doing
845 so and will actively maintain this crate over time.
848 [[audits.bytecode-alliance.audits.adler]]
849 who = "Alex Crichton <alex@alexcrichton.com>"
850 criteria = "safe-to-deploy"
852 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
854 [[audits.bytecode-alliance.audits.arrayref]]
855 who = "Nick Fitzgerald <fitzgen@gmail.com>"
856 criteria = "safe-to-deploy"
859 Unsafe code, but its logic looks good to me. Necessary given what it is
860 doing. Well tested, has quickchecks.
863 [[audits.bytecode-alliance.audits.arrayvec]]
864 who = "Nick Fitzgerald <fitzgen@gmail.com>"
865 criteria = "safe-to-deploy"
868 Well documented invariants, good assertions for those invariants in unsafe code,
869 and tested with MIRI to boot. LGTM.
872 [[audits.bytecode-alliance.audits.base64]]
873 who = "Pat Hickey <phickey@fastly.com>"
874 criteria = "safe-to-deploy"
876 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
878 [[audits.bytecode-alliance.audits.bitflags]]
879 who = "Jamey Sharp <jsharp@fastly.com>"
880 criteria = "safe-to-deploy"
881 delta = "2.1.0 -> 2.2.1"
883 This version adds unsafe impls of traits from the bytemuck crate when built
884 with that library enabled, but I believe the impls satisfy the documented
885 safety requirements for bytemuck. The other changes are minor.
888 [[audits.bytecode-alliance.audits.bitflags]]
889 who = "Alex Crichton <alex@alexcrichton.com>"
890 criteria = "safe-to-deploy"
891 delta = "2.3.2 -> 2.3.3"
893 Nothing outside the realm of what one would expect from a bitflags generator,
897 [[audits.bytecode-alliance.audits.block-buffer]]
898 who = "Benjamin Bouvier <public@benj.me>"
899 criteria = "safe-to-deploy"
900 delta = "0.9.0 -> 0.10.2"
902 [[audits.bytecode-alliance.audits.bumpalo]]
903 who = "Nick Fitzgerald <fitzgen@gmail.com>"
904 criteria = "safe-to-deploy"
906 notes = "I am the author of this crate."
908 [[audits.bytecode-alliance.audits.cargo-platform]]
909 who = "Pat Hickey <phickey@fastly.com>"
910 criteria = "safe-to-deploy"
912 notes = "no build, no ambient capabilities, no unsafe"
914 [[audits.bytecode-alliance.audits.cc]]
915 who = "Alex Crichton <alex@alexcrichton.com>"
916 criteria = "safe-to-deploy"
918 notes = "I am the author of this crate."
920 [[audits.bytecode-alliance.audits.cfg-if]]
921 who = "Alex Crichton <alex@alexcrichton.com>"
922 criteria = "safe-to-deploy"
924 notes = "I am the author of this crate."
926 [[audits.bytecode-alliance.audits.codespan-reporting]]
927 who = "Jamey Sharp <jsharp@fastly.com>"
928 criteria = "safe-to-deploy"
930 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
932 [[audits.bytecode-alliance.audits.cpufeatures]]
933 who = "Alex Crichton <alex@alexcrichton.com>"
934 criteria = "safe-to-deploy"
935 delta = "0.2.2 -> 0.2.7"
937 This is a minor update that looks to add some more detected CPU features and
938 various other minor portability fixes such as MIRI support.
941 [[audits.bytecode-alliance.audits.crypto-common]]
942 who = "Benjamin Bouvier <public@benj.me>"
943 criteria = "safe-to-deploy"
946 [[audits.bytecode-alliance.audits.errno]]
947 who = "Dan Gohman <dev@sunfishcode.online>"
948 criteria = "safe-to-deploy"
950 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
952 [[audits.bytecode-alliance.audits.errno]]
953 who = "Dan Gohman <dev@sunfishcode.online>"
954 criteria = "safe-to-deploy"
955 delta = "0.3.0 -> 0.3.1"
956 notes = "Just a dependency version bump and a bug fix for redox"
958 [[audits.bytecode-alliance.audits.errno-dragonfly]]
959 who = "Jamey Sharp <jsharp@fastly.com>"
960 criteria = "safe-to-deploy"
962 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
964 [[audits.bytecode-alliance.audits.foreign-types]]
965 who = "Pat Hickey <phickey@fastly.com>"
966 criteria = "safe-to-deploy"
968 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
970 [[audits.bytecode-alliance.audits.foreign-types-shared]]
971 who = "Pat Hickey <phickey@fastly.com>"
972 criteria = "safe-to-deploy"
975 [[audits.bytecode-alliance.audits.form_urlencoded]]
976 who = "Alex Crichton <alex@alexcrichton.com>"
977 criteria = "safe-to-deploy"
980 This is a small crate for working with url-encoded forms which doesn't have any
981 more than what it says on the tin. Contains one `unsafe` block related to
982 performance around utf-8 validation which is fairly easy to verify as correct.
985 [[audits.bytecode-alliance.audits.futures-channel]]
986 who = "Pat Hickey <phickey@fastly.com>"
987 criteria = "safe-to-deploy"
989 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
991 [[audits.bytecode-alliance.audits.futures-core]]
992 who = "Pat Hickey <phickey@fastly.com>"
993 criteria = "safe-to-deploy"
995 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
997 [[audits.bytecode-alliance.audits.futures-executor]]
998 who = "Pat Hickey <phickey@fastly.com>"
999 criteria = "safe-to-deploy"
1001 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
1003 [[audits.bytecode-alliance.audits.futures-io]]
1004 who = "Pat Hickey <phickey@fastly.com>"
1005 criteria = "safe-to-deploy"
1008 [[audits.bytecode-alliance.audits.futures-sink]]
1009 who = "Pat Hickey <phickey@fastly.com>"
1010 criteria = "safe-to-deploy"
1013 [[audits.bytecode-alliance.audits.heck]]
1014 who = "Alex Crichton <alex@alexcrichton.com>"
1015 criteria = "safe-to-deploy"
1017 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1019 [[audits.bytecode-alliance.audits.id-arena]]
1020 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1021 criteria = "safe-to-deploy"
1023 notes = "I am the author of this crate."
1025 [[audits.bytecode-alliance.audits.idna]]
1026 who = "Alex Crichton <alex@alexcrichton.com>"
1027 criteria = "safe-to-deploy"
1030 This is a crate without unsafe code or usage of the standard library. The large
1031 size of this crate comes from the large generated unicode tables file. This
1032 crate is broadly used throughout the ecosystem and does not contain anything
1036 [[audits.bytecode-alliance.audits.leb128]]
1037 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1038 criteria = "safe-to-deploy"
1040 notes = "I am the author of this crate."
1042 [[audits.bytecode-alliance.audits.libc]]
1043 who = "Alex Crichton <alex@alexcrichton.com>"
1044 criteria = "safe-to-deploy"
1045 delta = "0.2.146 -> 0.2.147"
1046 notes = "Only new type definitions and updating others for some platforms, no major changes"
1048 [[audits.bytecode-alliance.audits.memoffset]]
1049 who = "Alex Crichton <alex@alexcrichton.com>"
1050 criteria = "safe-to-deploy"
1051 delta = "0.7.1 -> 0.8.0"
1052 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1054 [[audits.bytecode-alliance.audits.miniz_oxide]]
1055 who = "Alex Crichton <alex@alexcrichton.com>"
1056 criteria = "safe-to-deploy"
1059 This crate is a Rust implementation of zlib compression/decompression and has
1060 been used by default by the Rust standard library for quite some time. It's also
1061 a default dependency of the popular `backtrace` crate for decompressing debug
1062 information. This crate forbids unsafe code and does not otherwise access system
1063 resources. It's originally a port of the `miniz.c` library as well, and given
1064 its own longevity should be relatively hardened against some of the more common
1065 compression-related issues.
1068 [[audits.bytecode-alliance.audits.mio]]
1069 who = "Alex Crichton <alex@alexcrichton.com>"
1070 criteria = "safe-to-deploy"
1071 delta = "0.8.6 -> 0.8.8"
1072 notes = "Mostly OS portability updates along with some minor bugfixes."
1074 [[audits.bytecode-alliance.audits.object]]
1075 who = "Alex Crichton <alex@alexcrichton.com>"
1076 criteria = "safe-to-deploy"
1077 delta = "0.30.3 -> 0.31.1"
1078 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1080 [[audits.bytecode-alliance.audits.object]]
1081 who = "Alex Crichton <alex@alexcrichton.com>"
1082 criteria = "safe-to-deploy"
1083 delta = "0.31.1 -> 0.32.0"
1084 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1086 [[audits.bytecode-alliance.audits.peeking_take_while]]
1087 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1088 criteria = "safe-to-deploy"
1090 notes = "I am the author of this crate."
1092 [[audits.bytecode-alliance.audits.percent-encoding]]
1093 who = "Alex Crichton <alex@alexcrichton.com>"
1094 criteria = "safe-to-deploy"
1097 This crate is a single-file crate that does what it says on the tin. There are
1098 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1099 as correct and otherwise this crate is good to go.
1102 [[audits.bytecode-alliance.audits.pin-utils]]
1103 who = "Pat Hickey <phickey@fastly.com>"
1104 criteria = "safe-to-deploy"
1107 [[audits.bytecode-alliance.audits.pkg-config]]
1108 who = "Pat Hickey <phickey@fastly.com>"
1109 criteria = "safe-to-deploy"
1111 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1113 [[audits.bytecode-alliance.audits.rustc-demangle]]
1114 who = "Alex Crichton <alex@alexcrichton.com>"
1115 criteria = "safe-to-deploy"
1117 notes = "I am the author of this crate."
1119 [[audits.bytecode-alliance.audits.semver]]
1120 who = "Pat Hickey <phickey@fastly.com>"
1121 criteria = "safe-to-deploy"
1123 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1125 [[audits.bytecode-alliance.audits.slab]]
1126 who = "Pat Hickey <phickey@fastly.com>"
1127 criteria = "safe-to-deploy"
1129 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1131 [[audits.bytecode-alliance.audits.socket2]]
1132 who = "Alex Crichton <alex@alexcrichton.com>"
1133 criteria = "safe-to-deploy"
1134 delta = "0.4.7 -> 0.4.9"
1135 notes = "Minor OS compat updates but otherwise nothing major here."
1137 [[audits.bytecode-alliance.audits.tempfile]]
1138 who = "Pat Hickey <phickey@fastly.com>"
1139 criteria = "safe-to-deploy"
1140 delta = "3.3.0 -> 3.5.0"
1142 [[audits.bytecode-alliance.audits.tempfile]]
1143 who = "Alex Crichton <alex@alexcrichton.com>"
1144 criteria = "safe-to-deploy"
1145 delta = "3.5.0 -> 3.6.0"
1146 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1148 [[audits.bytecode-alliance.audits.unicase]]
1149 who = "Alex Crichton <alex@alexcrichton.com>"
1150 criteria = "safe-to-deploy"
1153 This crate contains no `unsafe` code and no unnecessary use of the standard
1157 [[audits.bytecode-alliance.audits.unicode-bidi]]
1158 who = "Alex Crichton <alex@alexcrichton.com>"
1159 criteria = "safe-to-deploy"
1162 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1163 does not attempt to out of the bounds of what it's already supposed to be doing.
1166 [[audits.bytecode-alliance.audits.unicode-normalization]]
1167 who = "Alex Crichton <alex@alexcrichton.com>"
1168 criteria = "safe-to-deploy"
1171 This crate contains one usage of `unsafe` which I have manually checked to see
1172 it as correct. This crate's size comes in large part due to the generated
1173 unicode tables that it contains. This crate is additionally widely used
1174 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1175 and nothing suspicious.
1178 [[audits.embark-studios.audits.anyhow]]
1179 who = "Johan Andersson <opensource@embark-studios.com>"
1180 criteria = "safe-to-deploy"
1183 [[audits.embark-studios.audits.derive_more]]
1184 who = "Johan Andersson <opensource@embark-studios.com>"
1185 criteria = "safe-to-deploy"
1187 notes = "No unsafe usage or ambient capabilities"
1189 [[audits.embark-studios.audits.ident_case]]
1190 who = "Johan Andersson <opensource@embark-studios.com>"
1191 criteria = "safe-to-deploy"
1193 notes = "No unsafe usage or ambient capabilities"
1195 [[audits.embark-studios.audits.line-wrap]]
1196 who = "Johan Andersson <opensource@embark-studios.com>"
1197 criteria = "safe-to-deploy"
1199 notes = "No unsafe usage or ambient capabilities"
1201 [[audits.embark-studios.audits.thiserror]]
1202 who = "Johan Andersson <opensource@embark-studios.com>"
1203 criteria = "safe-to-deploy"
1205 notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
1207 [[audits.embark-studios.audits.thiserror-impl]]
1208 who = "Johan Andersson <opensource@embark-studios.com>"
1209 criteria = "safe-to-deploy"
1211 notes = "Found no unsafe or ambient capabilities used"
1213 [[audits.embark-studios.audits.yaml-rust]]
1214 who = "Johan Andersson <opensource@embark-studios.com>"
1215 criteria = "safe-to-deploy"
1217 notes = "No unsafe usage or ambient capabilities"
1219 [[audits.google.audits.ash]]
1220 who = "David Koloski <dkoloski@google.com>"
1221 criteria = "safe-to-deploy"
1222 version = "0.37.0+1.3.209"
1223 notes = "Reviewed on https://fxrev.dev/694269"
1224 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1226 [[audits.google.audits.fastrand]]
1227 who = "George Burgess IV <gbiv@google.com>"
1228 criteria = "safe-to-deploy"
1231 `does-not-implement-crypto` is certified because this crate explicitly says
1232 that the RNG here is not cryptographically secure.
1234 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1236 [[audits.google.audits.futures]]
1237 who = "George Burgess IV <gbiv@google.com>"
1238 criteria = "safe-to-deploy"
1241 `futures` has no logic other than tests - it simply `pub use`s things from
1244 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1246 [[audits.google.audits.glob]]
1247 who = "George Burgess IV <gbiv@google.com>"
1248 criteria = "safe-to-deploy"
1250 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1252 [[audits.google.audits.h2]]
1254 criteria = "safe-to-run"
1256 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1258 [[audits.google.audits.http]]
1260 criteria = "safe-to-run"
1262 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1264 [[audits.google.audits.http-body]]
1266 criteria = "safe-to-run"
1268 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1270 [[audits.google.audits.httpdate]]
1272 criteria = "safe-to-run"
1274 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1276 [[audits.google.audits.hyper]]
1278 criteria = "safe-to-run"
1280 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1282 [[audits.google.audits.pin-project]]
1284 criteria = "safe-to-run"
1286 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1288 [[audits.google.audits.pin-project-internal]]
1290 criteria = "safe-to-run"
1292 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1294 [[audits.google.audits.pin-project-lite]]
1295 who = "David Koloski <dkoloski@google.com>"
1296 criteria = "safe-to-deploy"
1298 notes = "Reviewed on https://fxrev.dev/824504"
1299 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1301 [[audits.google.audits.scoped-tls]]
1302 who = "George Burgess IV <gbiv@google.com>"
1303 criteria = "safe-to-run"
1305 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1307 [[audits.google.audits.serde_urlencoded]]
1309 criteria = "safe-to-run"
1311 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1313 [[audits.google.audits.tokio]]
1314 who = "Vovo Yang <vovoy@google.com>"
1315 criteria = "safe-to-run"
1317 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1319 [[audits.google.audits.tokio-stream]]
1320 who = "David Koloski <dkoloski@google.com>"
1321 criteria = "safe-to-deploy"
1323 notes = "Reviewed on https://fxrev.dev/804724"
1324 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1326 [[audits.google.audits.tower-service]]
1328 criteria = "safe-to-run"
1330 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1332 [[audits.google.audits.tracing]]
1334 criteria = "safe-to-run"
1336 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1338 [[audits.google.audits.tracing-attributes]]
1340 criteria = "safe-to-run"
1342 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1344 [[audits.google.audits.tracing-core]]
1346 criteria = "safe-to-run"
1348 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1350 [[audits.google.audits.try-lock]]
1352 criteria = "safe-to-run"
1354 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1356 [[audits.google.audits.version_check]]
1357 who = "George Burgess IV <gbiv@google.com>"
1358 criteria = "safe-to-deploy"
1360 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1362 [[audits.google.audits.want]]
1364 criteria = "safe-to-run"
1366 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1368 [[audits.isrg.wildcard-audits.prio]]
1369 who = "David Cook <dcook@divviup.org>"
1370 criteria = "safe-to-deploy"
1371 user-id = 101233 # le-automaton
1372 start = "2020-09-28"
1375 [[audits.isrg.audits.base64]]
1376 who = "Tim Geoghegan <timg@letsencrypt.org>"
1377 criteria = "safe-to-deploy"
1378 delta = "0.21.0 -> 0.21.1"
1380 [[audits.isrg.audits.base64]]
1381 who = "Brandon Pitman <bran@bran.land>"
1382 criteria = "safe-to-deploy"
1383 delta = "0.21.1 -> 0.21.2"
1385 [[audits.isrg.audits.base64]]
1386 who = "David Cook <dcook@divviup.org>"
1387 criteria = "safe-to-deploy"
1388 delta = "0.21.2 -> 0.21.3"
1390 [[audits.isrg.audits.block-buffer]]
1391 who = "David Cook <dcook@divviup.org>"
1392 criteria = "safe-to-deploy"
1395 [[audits.isrg.audits.keccak]]
1396 who = "David Cook <dcook@divviup.org>"
1397 criteria = "safe-to-deploy"
1400 [[audits.isrg.audits.once_cell]]
1401 who = "Brandon Pitman <bran@bran.land>"
1402 criteria = "safe-to-deploy"
1403 delta = "1.17.1 -> 1.17.2"
1405 [[audits.isrg.audits.once_cell]]
1406 who = "David Cook <dcook@divviup.org>"
1407 criteria = "safe-to-deploy"
1408 delta = "1.17.2 -> 1.18.0"
1410 [[audits.isrg.audits.rand_chacha]]
1411 who = "David Cook <dcook@divviup.org>"
1412 criteria = "safe-to-deploy"
1415 [[audits.isrg.audits.rand_core]]
1416 who = "David Cook <dcook@divviup.org>"
1417 criteria = "safe-to-deploy"
1420 [[audits.isrg.audits.rayon-core]]
1421 who = "Brandon Pitman <bran@bran.land>"
1422 criteria = "safe-to-deploy"
1423 delta = "1.10.2 -> 1.11.0"
1425 [[audits.isrg.audits.rayon-core]]
1426 who = "David Cook <dcook@divviup.org>"
1427 criteria = "safe-to-deploy"
1428 delta = "1.11.0 -> 1.12.0"
1430 [[audits.isrg.audits.sha2]]
1431 who = "David Cook <dcook@divviup.org>"
1432 criteria = "safe-to-deploy"
1435 [[audits.isrg.audits.sha3]]
1436 who = "David Cook <dcook@divviup.org>"
1437 criteria = "safe-to-deploy"
1440 [[audits.mozilla.wildcard-audits.zeitstempel]]
1441 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1442 criteria = "safe-to-deploy"
1443 user-id = 48 # Jan-Erik Rediger (badboy)
1444 start = "2021-03-03"
1446 notes = "Maintained by me"
1447 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1449 [[audits.mozilla.audits.askama]]
1450 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1451 criteria = "safe-to-deploy"
1452 delta = "0.11.1 -> 0.12.0"
1453 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1454 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1456 [[audits.mozilla.audits.askama_derive]]
1457 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1458 criteria = "safe-to-deploy"
1459 delta = "0.11.2 -> 0.12.1"
1460 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1461 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1463 [[audits.mozilla.audits.basic-toml]]
1464 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1465 criteria = "safe-to-deploy"
1467 notes = "TOML parser, forked from toml 0.5"
1468 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1470 [[audits.mozilla.audits.either]]
1471 who = "Nika Layzell <nika@thelayzells.com>"
1472 criteria = "safe-to-deploy"
1475 Straightforward crate providing the Either enum and trait implementations with
1478 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1480 [[audits.mozilla.audits.lazy_static]]
1481 who = "Nika Layzell <nika@thelayzells.com>"
1482 criteria = "safe-to-deploy"
1484 notes = "I have read over the macros, and audited the unsafe code."
1485 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"