2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
11 [[publisher.aho-corasick]]
15 user-login = "BurntSushi"
16 user-name = "Andrew Gallant"
25 [[publisher.arbitrary]]
29 user-login = "fitzgen"
30 user-name = "Nick Fitzgerald"
32 [[publisher.async-trait]]
36 user-login = "dtolnay"
37 user-name = "David Tolnay"
43 user-login = "Amanieu"
44 user-name = "Amanieu d'Antras"
46 [[publisher.audio_thread_priority]]
50 user-login = "padenot"
51 user-name = "Paul Adenot"
53 [[publisher.authenticator]]
54 version = "0.4.0-alpha.23"
57 user-login = "jschanck"
58 user-name = "John Schanck"
60 [[publisher.authenticator]]
61 version = "0.4.0-alpha.24"
64 user-login = "jschanck"
65 user-name = "John Schanck"
71 user-login = "martinthomson"
72 user-name = "Martin Thomson"
74 [[publisher.byteorder]]
78 user-login = "BurntSushi"
79 user-name = "Andrew Gallant"
85 user-login = "Darksonn"
86 user-name = "Alice Ryhl"
93 user-name = "Emilio Cobos Álvarez"
100 user-name = "Ed Page"
102 [[publisher.clap_builder]]
107 user-name = "Ed Page"
109 [[publisher.clap_derive]]
114 user-name = "Ed Page"
116 [[publisher.clap_lex]]
121 user-name = "Ed Page"
123 [[publisher.core-foundation]]
127 user-login = "jrmuizel"
128 user-name = "Jeff Muizelaar"
130 [[publisher.core-foundation-sys]]
135 user-name = "Josh Matthews"
137 [[publisher.core-graphics]]
141 user-login = "jrmuizel"
142 user-name = "Jeff Muizelaar"
144 [[publisher.core-graphics-types]]
149 user-name = "Josh Matthews"
151 [[publisher.core-text]]
155 user-login = "jrmuizel"
156 user-name = "Jeff Muizelaar"
158 [[publisher.derive_arbitrary]]
162 user-login = "fitzgen"
163 user-name = "Nick Fitzgerald"
169 user-login = "linabutler"
170 user-name = "Lina Butler"
176 user-login = "dtolnay"
177 user-name = "David Tolnay"
179 [[publisher.encoding_rs]]
183 user-login = "hsivonen"
184 user-name = "Henri Sivonen"
186 [[publisher.etagere]]
191 user-name = "Nicolas Silva"
198 user-name = "Nicolas Silva"
204 user-login = "joshtriplett"
205 user-name = "Josh Triplett"
207 [[publisher.freetype]]
212 user-name = "Josh Matthews"
218 user-login = "jrmuizel"
219 user-name = "Jeff Muizelaar"
225 user-login = "badboy"
226 user-name = "Jan-Erik Rediger"
228 [[publisher.glean-core]]
232 user-login = "badboy"
233 user-name = "Jan-Erik Rediger"
235 [[publisher.glslopt]]
239 user-login = "jamienicol"
240 user-name = "Jamie Nicol"
242 [[publisher.headers]]
246 user-login = "seanmonstar"
247 user-name = "Sean McArthur"
249 [[publisher.httparse]]
253 user-login = "seanmonstar"
254 user-name = "Sean McArthur"
256 [[publisher.indexmap]]
260 user-login = "cuviper"
261 user-name = "Josh Stone"
263 [[publisher.inherent]]
267 user-login = "dtolnay"
268 user-name = "David Tolnay"
274 user-login = "carllerche"
275 user-name = "Carl Lerche"
281 user-login = "dtolnay"
282 user-name = "David Tolnay"
284 [[publisher.jobserver]]
288 user-login = "alexcrichton"
289 user-name = "Alex Crichton"
295 user-login = "Amanieu"
296 user-name = "Amanieu d'Antras"
302 user-login = "JohnTitor"
303 user-name = "Yuki Okushi"
305 [[publisher.linux-raw-sys]]
309 user-login = "sunfishcode"
310 user-name = "Dan Gohman"
312 [[publisher.lock_api]]
316 user-login = "Amanieu"
317 user-name = "Amanieu d'Antras"
323 user-login = "BurntSushi"
324 user-name = "Andrew Gallant"
330 user-login = "seanmonstar"
331 user-name = "Sean McArthur"
337 user-login = "carllerche"
338 user-name = "Carl Lerche"
340 [[publisher.nss-gk-api]]
344 user-login = "jschanck"
345 user-name = "John Schanck"
347 [[publisher.num_cpus]]
351 user-login = "seanmonstar"
352 user-name = "Sean McArthur"
358 user-login = "martinthomson"
359 user-name = "Martin Thomson"
361 [[publisher.ordered-float]]
365 user-login = "mbrubeck"
366 user-name = "Matt Brubeck"
368 [[publisher.parking_lot]]
372 user-login = "Amanieu"
373 user-name = "Amanieu d'Antras"
375 [[publisher.parking_lot_core]]
379 user-login = "Amanieu"
380 user-name = "Amanieu d'Antras"
386 user-login = "dtolnay"
387 user-name = "David Tolnay"
393 user-login = "le-automaton"
399 user-login = "divviup-github-automation"
401 [[publisher.proc-macro2]]
405 user-login = "dtolnay"
406 user-name = "David Tolnay"
408 [[publisher.proc-macro2]]
412 user-login = "dtolnay"
413 user-name = "David Tolnay"
419 user-login = "dtolnay"
420 user-name = "David Tolnay"
426 user-login = "BurntSushi"
427 user-name = "Andrew Gallant"
433 user-login = "BurntSushi"
434 user-name = "Andrew Gallant"
436 [[publisher.regex-automata]]
440 user-login = "BurntSushi"
441 user-name = "Andrew Gallant"
443 [[publisher.regex-syntax]]
447 user-login = "BurntSushi"
448 user-name = "Andrew Gallant"
450 [[publisher.regex-syntax]]
454 user-login = "BurntSushi"
455 user-name = "Andrew Gallant"
457 [[publisher.rust_cascade]]
461 user-login = "mozkeeler"
462 user-name = "Dana Keeler"
468 user-login = "sunfishcode"
469 user-name = "Dan Gohman"
475 user-login = "dtolnay"
476 user-name = "David Tolnay"
478 [[publisher.same-file]]
482 user-login = "BurntSushi"
483 user-name = "Andrew Gallant"
485 [[publisher.scopeguard]]
489 user-login = "Amanieu"
490 user-name = "Amanieu d'Antras"
496 user-login = "dtolnay"
497 user-name = "David Tolnay"
503 user-login = "dtolnay"
504 user-name = "David Tolnay"
510 user-login = "dtolnay"
511 user-name = "David Tolnay"
513 [[publisher.serde_bytes]]
517 user-login = "dtolnay"
518 user-name = "David Tolnay"
520 [[publisher.serde_derive]]
524 user-login = "dtolnay"
525 user-name = "David Tolnay"
527 [[publisher.serde_derive]]
531 user-login = "dtolnay"
532 user-name = "David Tolnay"
534 [[publisher.serde_derive]]
538 user-login = "dtolnay"
539 user-name = "David Tolnay"
541 [[publisher.serde_json]]
545 user-login = "dtolnay"
546 user-name = "David Tolnay"
548 [[publisher.serde_repr]]
552 user-login = "dtolnay"
553 user-name = "David Tolnay"
555 [[publisher.serde_yaml]]
559 user-login = "dtolnay"
560 user-name = "David Tolnay"
562 [[publisher.smallvec]]
566 user-login = "mbrubeck"
567 user-name = "Matt Brubeck"
573 user-login = "dtolnay"
574 user-name = "David Tolnay"
580 user-login = "dtolnay"
581 user-name = "David Tolnay"
583 [[publisher.termcolor]]
587 user-login = "BurntSushi"
588 user-name = "Andrew Gallant"
590 [[publisher.termcolor]]
594 user-login = "BurntSushi"
595 user-name = "Andrew Gallant"
597 [[publisher.threadbound]]
601 user-login = "dtolnay"
602 user-name = "David Tolnay"
604 [[publisher.tokio-util]]
608 user-login = "Darksonn"
609 user-name = "Alice Ryhl"
615 user-login = "alexcrichton"
616 user-name = "Alex Crichton"
618 [[publisher.unicode-ident]]
622 user-login = "dtolnay"
623 user-name = "David Tolnay"
625 [[publisher.unicode-segmentation]]
629 user-login = "Manishearth"
630 user-name = "Manish Goregaokar"
632 [[publisher.unicode-width]]
636 user-login = "Manishearth"
637 user-name = "Manish Goregaokar"
639 [[publisher.unicode-xid]]
643 user-login = "Manishearth"
644 user-name = "Manish Goregaokar"
650 user-login = "badboy"
651 user-name = "Jan-Erik Rediger"
653 [[publisher.uniffi_bindgen]]
657 user-login = "badboy"
658 user-name = "Jan-Erik Rediger"
660 [[publisher.uniffi_build]]
664 user-login = "badboy"
665 user-name = "Jan-Erik Rediger"
667 [[publisher.uniffi_checksum_derive]]
671 user-login = "badboy"
672 user-name = "Jan-Erik Rediger"
674 [[publisher.uniffi_core]]
678 user-login = "badboy"
679 user-name = "Jan-Erik Rediger"
681 [[publisher.uniffi_macros]]
685 user-login = "badboy"
686 user-name = "Jan-Erik Rediger"
688 [[publisher.uniffi_meta]]
692 user-login = "badboy"
693 user-name = "Jan-Erik Rediger"
695 [[publisher.uniffi_testing]]
699 user-login = "badboy"
700 user-name = "Jan-Erik Rediger"
702 [[publisher.utf8_iter]]
706 user-login = "hsivonen"
707 user-name = "Henri Sivonen"
709 [[publisher.walkdir]]
713 user-login = "BurntSushi"
714 user-name = "Andrew Gallant"
720 user-login = "seanmonstar"
721 user-name = "Sean McArthur"
724 version = "0.11.0+wasi-snapshot-preview1"
727 user-login = "alexcrichton"
728 user-name = "Alex Crichton"
730 [[publisher.wasm-encoder]]
734 user-login = "alexcrichton"
735 user-name = "Alex Crichton"
737 [[publisher.wasm-encoder]]
741 user-login = "alexcrichton"
742 user-name = "Alex Crichton"
744 [[publisher.wasm-smith]]
748 user-login = "alexcrichton"
749 user-name = "Alex Crichton"
751 [[publisher.wasm-smith]]
755 user-login = "alexcrichton"
756 user-name = "Alex Crichton"
762 user-login = "alexcrichton"
763 user-name = "Alex Crichton"
769 user-login = "alexcrichton"
770 user-name = "Alex Crichton"
772 [[publisher.winapi-util]]
776 user-login = "BurntSushi"
777 user-name = "Andrew Gallant"
779 [[publisher.windows-sys]]
783 user-login = "kennykerr"
784 user-name = "Kenny Kerr"
786 [[publisher.zeitstempel]]
790 user-login = "badboy"
791 user-name = "Jan-Erik Rediger"
793 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
794 who = "Nick Fitzgerald <fitzgen@gmail.com>"
795 criteria = "safe-to-deploy"
796 user-id = 696 # Nick Fitzgerald (fitzgen)
799 notes = "I am an author of this crate."
801 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
802 who = "Nick Fitzgerald <fitzgen@gmail.com>"
803 criteria = "safe-to-deploy"
804 user-id = 696 # Nick Fitzgerald (fitzgen)
807 notes = "I am an author of this crate"
809 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
810 who = "Alex Crichton <alex@alexcrichton.com>"
811 criteria = "safe-to-deploy"
812 user-id = 1 # Alex Crichton (alexcrichton)
816 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
817 repository of which I'm one of the primary maintainers and publishers for.
818 I am employed by a member of the Bytecode Alliance and plan to continue doing
819 so and will actively maintain this crate over time.
822 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
823 who = "Alex Crichton <alex@alexcrichton.com>"
824 criteria = "safe-to-deploy"
825 user-id = 1 # Alex Crichton (alexcrichton)
829 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
830 repository of which I'm one of the primary maintainers and publishers for.
831 I am employed by a member of the Bytecode Alliance and plan to continue doing
832 so and will actively maintain this crate over time.
835 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
836 who = "Alex Crichton <alex@alexcrichton.com>"
837 criteria = "safe-to-deploy"
838 user-id = 1 # Alex Crichton (alexcrichton)
842 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
843 repository of which I'm one of the primary maintainers and publishers for.
844 I am employed by a member of the Bytecode Alliance and plan to continue doing
845 so and will actively maintain this crate over time.
848 [[audits.bytecode-alliance.wildcard-audits.wast]]
849 who = "Alex Crichton <alex@alexcrichton.com>"
850 criteria = "safe-to-deploy"
851 user-id = 1 # Alex Crichton (alexcrichton)
855 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
856 repository of which I'm one of the primary maintainers and publishers for.
857 I am employed by a member of the Bytecode Alliance and plan to continue doing
858 so and will actively maintain this crate over time.
861 [[audits.bytecode-alliance.audits.adler]]
862 who = "Alex Crichton <alex@alexcrichton.com>"
863 criteria = "safe-to-deploy"
865 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
867 [[audits.bytecode-alliance.audits.arrayref]]
868 who = "Nick Fitzgerald <fitzgen@gmail.com>"
869 criteria = "safe-to-deploy"
872 Unsafe code, but its logic looks good to me. Necessary given what it is
873 doing. Well tested, has quickchecks.
876 [[audits.bytecode-alliance.audits.arrayvec]]
877 who = "Nick Fitzgerald <fitzgen@gmail.com>"
878 criteria = "safe-to-deploy"
881 Well documented invariants, good assertions for those invariants in unsafe code,
882 and tested with MIRI to boot. LGTM.
885 [[audits.bytecode-alliance.audits.base64]]
886 who = "Pat Hickey <phickey@fastly.com>"
887 criteria = "safe-to-deploy"
889 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
891 [[audits.bytecode-alliance.audits.bitflags]]
892 who = "Jamey Sharp <jsharp@fastly.com>"
893 criteria = "safe-to-deploy"
894 delta = "2.1.0 -> 2.2.1"
896 This version adds unsafe impls of traits from the bytemuck crate when built
897 with that library enabled, but I believe the impls satisfy the documented
898 safety requirements for bytemuck. The other changes are minor.
901 [[audits.bytecode-alliance.audits.bitflags]]
902 who = "Alex Crichton <alex@alexcrichton.com>"
903 criteria = "safe-to-deploy"
904 delta = "2.3.2 -> 2.3.3"
906 Nothing outside the realm of what one would expect from a bitflags generator,
910 [[audits.bytecode-alliance.audits.block-buffer]]
911 who = "Benjamin Bouvier <public@benj.me>"
912 criteria = "safe-to-deploy"
913 delta = "0.9.0 -> 0.10.2"
915 [[audits.bytecode-alliance.audits.bumpalo]]
916 who = "Nick Fitzgerald <fitzgen@gmail.com>"
917 criteria = "safe-to-deploy"
919 notes = "I am the author of this crate."
921 [[audits.bytecode-alliance.audits.cargo-platform]]
922 who = "Pat Hickey <phickey@fastly.com>"
923 criteria = "safe-to-deploy"
925 notes = "no build, no ambient capabilities, no unsafe"
927 [[audits.bytecode-alliance.audits.cc]]
928 who = "Alex Crichton <alex@alexcrichton.com>"
929 criteria = "safe-to-deploy"
931 notes = "I am the author of this crate."
933 [[audits.bytecode-alliance.audits.cfg-if]]
934 who = "Alex Crichton <alex@alexcrichton.com>"
935 criteria = "safe-to-deploy"
937 notes = "I am the author of this crate."
939 [[audits.bytecode-alliance.audits.codespan-reporting]]
940 who = "Jamey Sharp <jsharp@fastly.com>"
941 criteria = "safe-to-deploy"
943 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
945 [[audits.bytecode-alliance.audits.cpufeatures]]
946 who = "Alex Crichton <alex@alexcrichton.com>"
947 criteria = "safe-to-deploy"
948 delta = "0.2.2 -> 0.2.7"
950 This is a minor update that looks to add some more detected CPU features and
951 various other minor portability fixes such as MIRI support.
954 [[audits.bytecode-alliance.audits.crypto-common]]
955 who = "Benjamin Bouvier <public@benj.me>"
956 criteria = "safe-to-deploy"
959 [[audits.bytecode-alliance.audits.errno]]
960 who = "Dan Gohman <dev@sunfishcode.online>"
961 criteria = "safe-to-deploy"
963 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
965 [[audits.bytecode-alliance.audits.errno]]
966 who = "Dan Gohman <dev@sunfishcode.online>"
967 criteria = "safe-to-deploy"
968 delta = "0.3.0 -> 0.3.1"
969 notes = "Just a dependency version bump and a bug fix for redox"
971 [[audits.bytecode-alliance.audits.errno-dragonfly]]
972 who = "Jamey Sharp <jsharp@fastly.com>"
973 criteria = "safe-to-deploy"
975 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
977 [[audits.bytecode-alliance.audits.foreign-types]]
978 who = "Pat Hickey <phickey@fastly.com>"
979 criteria = "safe-to-deploy"
981 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
983 [[audits.bytecode-alliance.audits.foreign-types-shared]]
984 who = "Pat Hickey <phickey@fastly.com>"
985 criteria = "safe-to-deploy"
988 [[audits.bytecode-alliance.audits.futures-channel]]
989 who = "Pat Hickey <phickey@fastly.com>"
990 criteria = "safe-to-deploy"
992 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
994 [[audits.bytecode-alliance.audits.futures-core]]
995 who = "Pat Hickey <phickey@fastly.com>"
996 criteria = "safe-to-deploy"
998 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
1000 [[audits.bytecode-alliance.audits.futures-executor]]
1001 who = "Pat Hickey <phickey@fastly.com>"
1002 criteria = "safe-to-deploy"
1004 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
1006 [[audits.bytecode-alliance.audits.futures-io]]
1007 who = "Pat Hickey <phickey@fastly.com>"
1008 criteria = "safe-to-deploy"
1011 [[audits.bytecode-alliance.audits.futures-sink]]
1012 who = "Pat Hickey <phickey@fastly.com>"
1013 criteria = "safe-to-deploy"
1016 [[audits.bytecode-alliance.audits.heck]]
1017 who = "Alex Crichton <alex@alexcrichton.com>"
1018 criteria = "safe-to-deploy"
1020 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1022 [[audits.bytecode-alliance.audits.id-arena]]
1023 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1024 criteria = "safe-to-deploy"
1026 notes = "I am the author of this crate."
1028 [[audits.bytecode-alliance.audits.idna]]
1029 who = "Alex Crichton <alex@alexcrichton.com>"
1030 criteria = "safe-to-deploy"
1033 This is a crate without unsafe code or usage of the standard library. The large
1034 size of this crate comes from the large generated unicode tables file. This
1035 crate is broadly used throughout the ecosystem and does not contain anything
1039 [[audits.bytecode-alliance.audits.leb128]]
1040 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1041 criteria = "safe-to-deploy"
1043 notes = "I am the author of this crate."
1045 [[audits.bytecode-alliance.audits.libc]]
1046 who = "Alex Crichton <alex@alexcrichton.com>"
1047 criteria = "safe-to-deploy"
1048 delta = "0.2.146 -> 0.2.147"
1049 notes = "Only new type definitions and updating others for some platforms, no major changes"
1051 [[audits.bytecode-alliance.audits.memoffset]]
1052 who = "Alex Crichton <alex@alexcrichton.com>"
1053 criteria = "safe-to-deploy"
1054 delta = "0.7.1 -> 0.8.0"
1055 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1057 [[audits.bytecode-alliance.audits.miniz_oxide]]
1058 who = "Alex Crichton <alex@alexcrichton.com>"
1059 criteria = "safe-to-deploy"
1062 This crate is a Rust implementation of zlib compression/decompression and has
1063 been used by default by the Rust standard library for quite some time. It's also
1064 a default dependency of the popular `backtrace` crate for decompressing debug
1065 information. This crate forbids unsafe code and does not otherwise access system
1066 resources. It's originally a port of the `miniz.c` library as well, and given
1067 its own longevity should be relatively hardened against some of the more common
1068 compression-related issues.
1071 [[audits.bytecode-alliance.audits.mio]]
1072 who = "Alex Crichton <alex@alexcrichton.com>"
1073 criteria = "safe-to-deploy"
1074 delta = "0.8.6 -> 0.8.8"
1075 notes = "Mostly OS portability updates along with some minor bugfixes."
1077 [[audits.bytecode-alliance.audits.object]]
1078 who = "Alex Crichton <alex@alexcrichton.com>"
1079 criteria = "safe-to-deploy"
1080 delta = "0.30.3 -> 0.31.1"
1081 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1083 [[audits.bytecode-alliance.audits.object]]
1084 who = "Alex Crichton <alex@alexcrichton.com>"
1085 criteria = "safe-to-deploy"
1086 delta = "0.31.1 -> 0.32.0"
1087 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1089 [[audits.bytecode-alliance.audits.peeking_take_while]]
1090 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1091 criteria = "safe-to-deploy"
1093 notes = "I am the author of this crate."
1095 [[audits.bytecode-alliance.audits.percent-encoding]]
1096 who = "Alex Crichton <alex@alexcrichton.com>"
1097 criteria = "safe-to-deploy"
1100 This crate is a single-file crate that does what it says on the tin. There are
1101 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1102 as correct and otherwise this crate is good to go.
1105 [[audits.bytecode-alliance.audits.pin-utils]]
1106 who = "Pat Hickey <phickey@fastly.com>"
1107 criteria = "safe-to-deploy"
1110 [[audits.bytecode-alliance.audits.pkg-config]]
1111 who = "Pat Hickey <phickey@fastly.com>"
1112 criteria = "safe-to-deploy"
1114 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1116 [[audits.bytecode-alliance.audits.rustc-demangle]]
1117 who = "Alex Crichton <alex@alexcrichton.com>"
1118 criteria = "safe-to-deploy"
1120 notes = "I am the author of this crate."
1122 [[audits.bytecode-alliance.audits.semver]]
1123 who = "Pat Hickey <phickey@fastly.com>"
1124 criteria = "safe-to-deploy"
1126 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1128 [[audits.bytecode-alliance.audits.slab]]
1129 who = "Pat Hickey <phickey@fastly.com>"
1130 criteria = "safe-to-deploy"
1132 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1134 [[audits.bytecode-alliance.audits.socket2]]
1135 who = "Alex Crichton <alex@alexcrichton.com>"
1136 criteria = "safe-to-deploy"
1137 delta = "0.4.7 -> 0.4.9"
1138 notes = "Minor OS compat updates but otherwise nothing major here."
1140 [[audits.bytecode-alliance.audits.tempfile]]
1141 who = "Pat Hickey <phickey@fastly.com>"
1142 criteria = "safe-to-deploy"
1143 delta = "3.3.0 -> 3.5.0"
1145 [[audits.bytecode-alliance.audits.tempfile]]
1146 who = "Alex Crichton <alex@alexcrichton.com>"
1147 criteria = "safe-to-deploy"
1148 delta = "3.5.0 -> 3.6.0"
1149 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1151 [[audits.bytecode-alliance.audits.unicase]]
1152 who = "Alex Crichton <alex@alexcrichton.com>"
1153 criteria = "safe-to-deploy"
1156 This crate contains no `unsafe` code and no unnecessary use of the standard
1160 [[audits.bytecode-alliance.audits.unicode-bidi]]
1161 who = "Alex Crichton <alex@alexcrichton.com>"
1162 criteria = "safe-to-deploy"
1165 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1166 does not attempt to out of the bounds of what it's already supposed to be doing.
1169 [[audits.bytecode-alliance.audits.unicode-normalization]]
1170 who = "Alex Crichton <alex@alexcrichton.com>"
1171 criteria = "safe-to-deploy"
1174 This crate contains one usage of `unsafe` which I have manually checked to see
1175 it as correct. This crate's size comes in large part due to the generated
1176 unicode tables that it contains. This crate is additionally widely used
1177 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1178 and nothing suspicious.
1181 [[audits.embark-studios.audits.anyhow]]
1182 who = "Johan Andersson <opensource@embark-studios.com>"
1183 criteria = "safe-to-deploy"
1186 [[audits.embark-studios.audits.derive_more]]
1187 who = "Johan Andersson <opensource@embark-studios.com>"
1188 criteria = "safe-to-deploy"
1190 notes = "No unsafe usage or ambient capabilities"
1192 [[audits.embark-studios.audits.ident_case]]
1193 who = "Johan Andersson <opensource@embark-studios.com>"
1194 criteria = "safe-to-deploy"
1196 notes = "No unsafe usage or ambient capabilities"
1198 [[audits.embark-studios.audits.idna]]
1199 who = "Johan Andersson <opensource@embark-studios.com>"
1200 criteria = "safe-to-deploy"
1201 delta = "0.3.0 -> 0.4.0"
1202 notes = "No unsafe usage or ambient capabilities"
1204 [[audits.embark-studios.audits.line-wrap]]
1205 who = "Johan Andersson <opensource@embark-studios.com>"
1206 criteria = "safe-to-deploy"
1208 notes = "No unsafe usage or ambient capabilities"
1210 [[audits.embark-studios.audits.thiserror]]
1211 who = "Johan Andersson <opensource@embark-studios.com>"
1212 criteria = "safe-to-deploy"
1214 notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
1216 [[audits.embark-studios.audits.thiserror-impl]]
1217 who = "Johan Andersson <opensource@embark-studios.com>"
1218 criteria = "safe-to-deploy"
1220 notes = "Found no unsafe or ambient capabilities used"
1222 [[audits.embark-studios.audits.yaml-rust]]
1223 who = "Johan Andersson <opensource@embark-studios.com>"
1224 criteria = "safe-to-deploy"
1226 notes = "No unsafe usage or ambient capabilities"
1228 [[audits.google.audits.ash]]
1229 who = "David Koloski <dkoloski@google.com>"
1230 criteria = "safe-to-deploy"
1231 version = "0.37.0+1.3.209"
1232 notes = "Reviewed on https://fxrev.dev/694269"
1233 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1235 [[audits.google.audits.fastrand]]
1236 who = "George Burgess IV <gbiv@google.com>"
1237 criteria = "safe-to-deploy"
1240 `does-not-implement-crypto` is certified because this crate explicitly says
1241 that the RNG here is not cryptographically secure.
1243 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1245 [[audits.google.audits.futures]]
1246 who = "George Burgess IV <gbiv@google.com>"
1247 criteria = "safe-to-deploy"
1250 `futures` has no logic other than tests - it simply `pub use`s things from
1253 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1255 [[audits.google.audits.glob]]
1256 who = "George Burgess IV <gbiv@google.com>"
1257 criteria = "safe-to-deploy"
1259 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1261 [[audits.google.audits.h2]]
1263 criteria = "safe-to-run"
1265 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1267 [[audits.google.audits.http]]
1269 criteria = "safe-to-run"
1271 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1273 [[audits.google.audits.http-body]]
1275 criteria = "safe-to-run"
1277 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1279 [[audits.google.audits.httpdate]]
1281 criteria = "safe-to-run"
1283 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1285 [[audits.google.audits.hyper]]
1287 criteria = "safe-to-run"
1289 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1291 [[audits.google.audits.pin-project]]
1293 criteria = "safe-to-run"
1295 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1297 [[audits.google.audits.pin-project-internal]]
1299 criteria = "safe-to-run"
1301 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1303 [[audits.google.audits.pin-project-lite]]
1304 who = "David Koloski <dkoloski@google.com>"
1305 criteria = "safe-to-deploy"
1307 notes = "Reviewed on https://fxrev.dev/824504"
1308 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1310 [[audits.google.audits.scoped-tls]]
1311 who = "George Burgess IV <gbiv@google.com>"
1312 criteria = "safe-to-run"
1314 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1316 [[audits.google.audits.serde_urlencoded]]
1318 criteria = "safe-to-run"
1320 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1322 [[audits.google.audits.tokio]]
1323 who = "Vovo Yang <vovoy@google.com>"
1324 criteria = "safe-to-run"
1326 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1328 [[audits.google.audits.tokio-stream]]
1329 who = "David Koloski <dkoloski@google.com>"
1330 criteria = "safe-to-deploy"
1332 notes = "Reviewed on https://fxrev.dev/804724"
1333 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1335 [[audits.google.audits.tower-service]]
1337 criteria = "safe-to-run"
1339 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1341 [[audits.google.audits.tracing]]
1343 criteria = "safe-to-run"
1345 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1347 [[audits.google.audits.tracing-attributes]]
1349 criteria = "safe-to-run"
1351 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1353 [[audits.google.audits.tracing-core]]
1355 criteria = "safe-to-run"
1357 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1359 [[audits.google.audits.try-lock]]
1361 criteria = "safe-to-run"
1363 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1365 [[audits.google.audits.version_check]]
1366 who = "George Burgess IV <gbiv@google.com>"
1367 criteria = "safe-to-deploy"
1369 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1371 [[audits.google.audits.want]]
1373 criteria = "safe-to-run"
1375 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1377 [[audits.isrg.wildcard-audits.prio]]
1378 who = "David Cook <dcook@divviup.org>"
1379 criteria = "safe-to-deploy"
1380 user-id = 101233 # le-automaton
1381 start = "2020-09-28"
1384 [[audits.isrg.wildcard-audits.prio]]
1385 who = "David Cook <dcook@divviup.org>"
1386 criteria = "safe-to-deploy"
1387 user-id = 213776 # divviup-github-automation
1388 start = "2020-09-28"
1391 [[audits.isrg.audits.base64]]
1392 who = "Tim Geoghegan <timg@letsencrypt.org>"
1393 criteria = "safe-to-deploy"
1394 delta = "0.21.0 -> 0.21.1"
1396 [[audits.isrg.audits.base64]]
1397 who = "Brandon Pitman <bran@bran.land>"
1398 criteria = "safe-to-deploy"
1399 delta = "0.21.1 -> 0.21.2"
1401 [[audits.isrg.audits.base64]]
1402 who = "David Cook <dcook@divviup.org>"
1403 criteria = "safe-to-deploy"
1404 delta = "0.21.2 -> 0.21.3"
1406 [[audits.isrg.audits.block-buffer]]
1407 who = "David Cook <dcook@divviup.org>"
1408 criteria = "safe-to-deploy"
1411 [[audits.isrg.audits.getrandom]]
1412 who = "Tim Geoghegan <timg@letsencrypt.org>"
1413 criteria = "safe-to-deploy"
1414 delta = "0.2.9 -> 0.2.10"
1415 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1417 [[audits.isrg.audits.keccak]]
1418 who = "David Cook <dcook@divviup.org>"
1419 criteria = "safe-to-deploy"
1422 [[audits.isrg.audits.keccak]]
1423 who = "Brandon Pitman <bran@bran.land>"
1424 criteria = "safe-to-deploy"
1425 delta = "0.1.3 -> 0.1.4"
1427 [[audits.isrg.audits.once_cell]]
1428 who = "Brandon Pitman <bran@bran.land>"
1429 criteria = "safe-to-deploy"
1430 delta = "1.17.1 -> 1.17.2"
1432 [[audits.isrg.audits.once_cell]]
1433 who = "David Cook <dcook@divviup.org>"
1434 criteria = "safe-to-deploy"
1435 delta = "1.17.2 -> 1.18.0"
1437 [[audits.isrg.audits.rand_chacha]]
1438 who = "David Cook <dcook@divviup.org>"
1439 criteria = "safe-to-deploy"
1442 [[audits.isrg.audits.rand_core]]
1443 who = "David Cook <dcook@divviup.org>"
1444 criteria = "safe-to-deploy"
1447 [[audits.isrg.audits.rayon-core]]
1448 who = "Brandon Pitman <bran@bran.land>"
1449 criteria = "safe-to-deploy"
1450 delta = "1.10.2 -> 1.11.0"
1452 [[audits.isrg.audits.rayon-core]]
1453 who = "David Cook <dcook@divviup.org>"
1454 criteria = "safe-to-deploy"
1455 delta = "1.11.0 -> 1.12.0"
1457 [[audits.isrg.audits.sha2]]
1458 who = "David Cook <dcook@divviup.org>"
1459 criteria = "safe-to-deploy"
1462 [[audits.isrg.audits.sha3]]
1463 who = "David Cook <dcook@divviup.org>"
1464 criteria = "safe-to-deploy"
1467 [[audits.isrg.audits.sha3]]
1468 who = "Brandon Pitman <bran@bran.land>"
1469 criteria = "safe-to-deploy"
1470 delta = "0.10.7 -> 0.10.8"
1472 [[audits.mozilla.wildcard-audits.zeitstempel]]
1473 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1474 criteria = "safe-to-deploy"
1475 user-id = 48 # Jan-Erik Rediger (badboy)
1476 start = "2021-03-03"
1478 notes = "Maintained by me"
1479 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1481 [[audits.mozilla.audits.askama]]
1482 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1483 criteria = "safe-to-deploy"
1484 delta = "0.11.1 -> 0.12.0"
1485 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1486 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1488 [[audits.mozilla.audits.askama_derive]]
1489 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1490 criteria = "safe-to-deploy"
1491 delta = "0.11.2 -> 0.12.1"
1492 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1493 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1495 [[audits.mozilla.audits.basic-toml]]
1496 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1497 criteria = "safe-to-deploy"
1499 notes = "TOML parser, forked from toml 0.5"
1500 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1502 [[audits.mozilla.audits.either]]
1503 who = "Nika Layzell <nika@thelayzells.com>"
1504 criteria = "safe-to-deploy"
1507 Straightforward crate providing the Either enum and trait implementations with
1510 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1512 [[audits.mozilla.audits.lazy_static]]
1513 who = "Nika Layzell <nika@thelayzells.com>"
1514 criteria = "safe-to-deploy"
1516 notes = "I have read over the macros, and audited the unsafe code."
1517 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"