2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
18 [[publisher.arbitrary]]
22 user-login = "fitzgen"
23 user-name = "Nick Fitzgerald"
25 [[publisher.async-trait]]
29 user-login = "dtolnay"
30 user-name = "David Tolnay"
36 user-login = "Amanieu"
37 user-name = "Amanieu d'Antras"
39 [[publisher.audio_thread_priority]]
43 user-login = "padenot"
44 user-name = "Paul Adenot"
46 [[publisher.authenticator]]
47 version = "0.4.0-alpha.24"
50 user-login = "jschanck"
51 user-name = "John Schanck"
57 user-login = "martinthomson"
58 user-name = "Martin Thomson"
60 [[publisher.byteorder]]
64 user-login = "BurntSushi"
65 user-name = "Andrew Gallant"
71 user-login = "Darksonn"
72 user-name = "Alice Ryhl"
78 user-login = "Amanieu"
79 user-name = "Amanieu d'Antras"
86 user-name = "Emilio Cobos Álvarez"
95 [[publisher.clap_builder]]
100 user-name = "Ed Page"
102 [[publisher.clap_derive]]
107 user-name = "Ed Page"
109 [[publisher.clap_lex]]
114 user-name = "Ed Page"
116 [[publisher.core-foundation]]
120 user-login = "jrmuizel"
121 user-name = "Jeff Muizelaar"
123 [[publisher.core-foundation-sys]]
128 user-name = "Josh Matthews"
130 [[publisher.core-graphics]]
134 user-login = "jrmuizel"
135 user-name = "Jeff Muizelaar"
137 [[publisher.core-graphics-types]]
142 user-name = "Josh Matthews"
144 [[publisher.core-text]]
148 user-login = "jrmuizel"
149 user-name = "Jeff Muizelaar"
151 [[publisher.derive_arbitrary]]
155 user-login = "fitzgen"
156 user-name = "Nick Fitzgerald"
162 user-login = "linabutler"
163 user-name = "Lina Butler"
169 user-login = "dtolnay"
170 user-name = "David Tolnay"
172 [[publisher.encoding_rs]]
176 user-login = "hsivonen"
177 user-name = "Henri Sivonen"
183 user-login = "sunfishcode"
184 user-name = "Dan Gohman"
186 [[publisher.etagere]]
191 user-name = "Nicolas Silva"
198 user-name = "Nicolas Silva"
204 user-login = "joshtriplett"
205 user-name = "Josh Triplett"
207 [[publisher.freetype]]
212 user-name = "Josh Matthews"
218 user-login = "jrmuizel"
219 user-name = "Jeff Muizelaar"
225 user-login = "badboy"
226 user-name = "Jan-Erik Rediger"
228 [[publisher.glean-core]]
232 user-login = "badboy"
233 user-name = "Jan-Erik Rediger"
235 [[publisher.glslopt]]
239 user-login = "jamienicol"
240 user-name = "Jamie Nicol"
246 user-login = "seanmonstar"
247 user-name = "Sean McArthur"
249 [[publisher.headers]]
253 user-login = "seanmonstar"
254 user-name = "Sean McArthur"
256 [[publisher.httparse]]
260 user-login = "seanmonstar"
261 user-name = "Sean McArthur"
263 [[publisher.indexmap]]
267 user-login = "cuviper"
268 user-name = "Josh Stone"
270 [[publisher.inherent]]
274 user-login = "dtolnay"
275 user-name = "David Tolnay"
281 user-login = "carllerche"
282 user-name = "Carl Lerche"
288 user-login = "dtolnay"
289 user-name = "David Tolnay"
291 [[publisher.jobserver]]
295 user-login = "alexcrichton"
296 user-name = "Alex Crichton"
302 user-login = "JohnTitor"
303 user-name = "Yuki Okushi"
305 [[publisher.linux-raw-sys]]
309 user-login = "sunfishcode"
310 user-name = "Dan Gohman"
312 [[publisher.lock_api]]
316 user-login = "Amanieu"
317 user-name = "Amanieu d'Antras"
323 user-login = "BurntSushi"
324 user-name = "Andrew Gallant"
330 user-login = "seanmonstar"
331 user-name = "Sean McArthur"
337 user-login = "carllerche"
338 user-name = "Carl Lerche"
340 [[publisher.nss-gk-api]]
344 user-login = "jschanck"
345 user-name = "John Schanck"
347 [[publisher.num_cpus]]
351 user-login = "seanmonstar"
352 user-name = "Sean McArthur"
358 user-login = "martinthomson"
359 user-name = "Martin Thomson"
361 [[publisher.ordered-float]]
365 user-login = "mbrubeck"
366 user-name = "Matt Brubeck"
368 [[publisher.parking_lot]]
372 user-login = "Amanieu"
373 user-name = "Amanieu d'Antras"
375 [[publisher.parking_lot_core]]
379 user-login = "Amanieu"
380 user-name = "Amanieu d'Antras"
386 user-login = "dtolnay"
387 user-name = "David Tolnay"
389 [[publisher.presser]]
393 user-login = "embark-studios"
399 user-login = "divviup-github-automation"
401 [[publisher.proc-macro2]]
405 user-login = "dtolnay"
406 user-name = "David Tolnay"
412 user-login = "jrmuizel"
413 user-name = "Jeff Muizelaar"
419 user-login = "dtolnay"
420 user-name = "David Tolnay"
426 user-login = "BurntSushi"
427 user-name = "Andrew Gallant"
429 [[publisher.regex-automata]]
433 user-login = "BurntSushi"
434 user-name = "Andrew Gallant"
436 [[publisher.regex-syntax]]
440 user-login = "BurntSushi"
441 user-name = "Andrew Gallant"
443 [[publisher.rust_cascade]]
447 user-login = "mozkeeler"
448 user-name = "Dana Keeler"
454 user-login = "sunfishcode"
455 user-name = "Dan Gohman"
461 user-login = "dtolnay"
462 user-name = "David Tolnay"
464 [[publisher.same-file]]
468 user-login = "BurntSushi"
469 user-name = "Andrew Gallant"
471 [[publisher.scopeguard]]
475 user-login = "Amanieu"
476 user-name = "Amanieu d'Antras"
482 user-login = "dtolnay"
483 user-name = "David Tolnay"
485 [[publisher.serde_bytes]]
489 user-login = "dtolnay"
490 user-name = "David Tolnay"
492 [[publisher.serde_derive]]
496 user-login = "dtolnay"
497 user-name = "David Tolnay"
499 [[publisher.serde_json]]
503 user-login = "dtolnay"
504 user-name = "David Tolnay"
506 [[publisher.serde_repr]]
510 user-login = "dtolnay"
511 user-name = "David Tolnay"
513 [[publisher.serde_yaml]]
517 user-login = "dtolnay"
518 user-name = "David Tolnay"
520 [[publisher.smallvec]]
524 user-login = "mbrubeck"
525 user-name = "Matt Brubeck"
531 user-login = "dtolnay"
532 user-name = "David Tolnay"
534 [[publisher.termcolor]]
538 user-login = "BurntSushi"
539 user-name = "Andrew Gallant"
541 [[publisher.thiserror]]
545 user-login = "dtolnay"
546 user-name = "David Tolnay"
548 [[publisher.thiserror-impl]]
552 user-login = "dtolnay"
553 user-name = "David Tolnay"
555 [[publisher.threadbound]]
559 user-login = "dtolnay"
560 user-name = "David Tolnay"
562 [[publisher.tokio-util]]
566 user-login = "Darksonn"
567 user-name = "Alice Ryhl"
573 user-login = "alexcrichton"
574 user-name = "Alex Crichton"
576 [[publisher.unicode-ident]]
580 user-login = "dtolnay"
581 user-name = "David Tolnay"
583 [[publisher.unicode-width]]
587 user-login = "Manishearth"
588 user-name = "Manish Goregaokar"
590 [[publisher.unicode-xid]]
594 user-login = "Manishearth"
595 user-name = "Manish Goregaokar"
603 [[publisher.uniffi_bindgen]]
609 [[publisher.uniffi_build]]
615 [[publisher.uniffi_checksum_derive]]
621 [[publisher.uniffi_core]]
627 [[publisher.uniffi_macros]]
633 [[publisher.uniffi_meta]]
639 [[publisher.uniffi_testing]]
645 [[publisher.uniffi_udl]]
651 [[publisher.utf8_iter]]
655 user-login = "hsivonen"
656 user-name = "Henri Sivonen"
658 [[publisher.walkdir]]
662 user-login = "BurntSushi"
663 user-name = "Andrew Gallant"
669 user-login = "seanmonstar"
670 user-name = "Sean McArthur"
673 version = "0.11.0+wasi-snapshot-preview1"
676 user-login = "alexcrichton"
677 user-name = "Alex Crichton"
679 [[publisher.wasm-encoder]]
683 user-login = "alexcrichton"
684 user-name = "Alex Crichton"
686 [[publisher.wasm-smith]]
690 user-login = "alexcrichton"
691 user-name = "Alex Crichton"
697 user-login = "alexcrichton"
698 user-name = "Alex Crichton"
700 [[publisher.winapi-util]]
704 user-login = "BurntSushi"
705 user-name = "Andrew Gallant"
707 [[publisher.windows]]
711 user-login = "kennykerr"
712 user-name = "Kenny Kerr"
714 [[publisher.windows-core]]
718 user-login = "kennykerr"
719 user-name = "Kenny Kerr"
721 [[publisher.windows-sys]]
725 user-login = "kennykerr"
726 user-name = "Kenny Kerr"
728 [[publisher.zeitstempel]]
732 user-login = "badboy"
733 user-name = "Jan-Erik Rediger"
735 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
736 who = "Nick Fitzgerald <fitzgen@gmail.com>"
737 criteria = "safe-to-deploy"
738 user-id = 696 # Nick Fitzgerald (fitzgen)
741 notes = "I am an author of this crate."
743 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
744 who = "Nick Fitzgerald <fitzgen@gmail.com>"
745 criteria = "safe-to-deploy"
746 user-id = 696 # Nick Fitzgerald (fitzgen)
749 notes = "I am an author of this crate"
751 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
752 who = "Alex Crichton <alex@alexcrichton.com>"
753 criteria = "safe-to-deploy"
754 user-id = 1 # Alex Crichton (alexcrichton)
758 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
759 repository of which I'm one of the primary maintainers and publishers for.
760 I am employed by a member of the Bytecode Alliance and plan to continue doing
761 so and will actively maintain this crate over time.
764 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
765 who = "Alex Crichton <alex@alexcrichton.com>"
766 criteria = "safe-to-deploy"
767 user-id = 1 # Alex Crichton (alexcrichton)
771 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
772 repository of which I'm one of the primary maintainers and publishers for.
773 I am employed by a member of the Bytecode Alliance and plan to continue doing
774 so and will actively maintain this crate over time.
777 [[audits.bytecode-alliance.wildcard-audits.wast]]
778 who = "Alex Crichton <alex@alexcrichton.com>"
779 criteria = "safe-to-deploy"
780 user-id = 1 # Alex Crichton (alexcrichton)
784 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
785 repository of which I'm one of the primary maintainers and publishers for.
786 I am employed by a member of the Bytecode Alliance and plan to continue doing
787 so and will actively maintain this crate over time.
790 [[audits.bytecode-alliance.audits.adler]]
791 who = "Alex Crichton <alex@alexcrichton.com>"
792 criteria = "safe-to-deploy"
794 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
796 [[audits.bytecode-alliance.audits.arrayref]]
797 who = "Nick Fitzgerald <fitzgen@gmail.com>"
798 criteria = "safe-to-deploy"
801 Unsafe code, but its logic looks good to me. Necessary given what it is
802 doing. Well tested, has quickchecks.
805 [[audits.bytecode-alliance.audits.arrayvec]]
806 who = "Nick Fitzgerald <fitzgen@gmail.com>"
807 criteria = "safe-to-deploy"
810 Well documented invariants, good assertions for those invariants in unsafe code,
811 and tested with MIRI to boot. LGTM.
814 [[audits.bytecode-alliance.audits.base64]]
815 who = "Pat Hickey <phickey@fastly.com>"
816 criteria = "safe-to-deploy"
818 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
820 [[audits.bytecode-alliance.audits.bitflags]]
821 who = "Jamey Sharp <jsharp@fastly.com>"
822 criteria = "safe-to-deploy"
823 delta = "2.1.0 -> 2.2.1"
825 This version adds unsafe impls of traits from the bytemuck crate when built
826 with that library enabled, but I believe the impls satisfy the documented
827 safety requirements for bytemuck. The other changes are minor.
830 [[audits.bytecode-alliance.audits.bitflags]]
831 who = "Alex Crichton <alex@alexcrichton.com>"
832 criteria = "safe-to-deploy"
833 delta = "2.3.2 -> 2.3.3"
835 Nothing outside the realm of what one would expect from a bitflags generator,
839 [[audits.bytecode-alliance.audits.block-buffer]]
840 who = "Benjamin Bouvier <public@benj.me>"
841 criteria = "safe-to-deploy"
842 delta = "0.9.0 -> 0.10.2"
844 [[audits.bytecode-alliance.audits.bumpalo]]
845 who = "Nick Fitzgerald <fitzgen@gmail.com>"
846 criteria = "safe-to-deploy"
848 notes = "I am the author of this crate."
850 [[audits.bytecode-alliance.audits.cargo-platform]]
851 who = "Pat Hickey <phickey@fastly.com>"
852 criteria = "safe-to-deploy"
854 notes = "no build, no ambient capabilities, no unsafe"
856 [[audits.bytecode-alliance.audits.cfg-if]]
857 who = "Alex Crichton <alex@alexcrichton.com>"
858 criteria = "safe-to-deploy"
860 notes = "I am the author of this crate."
862 [[audits.bytecode-alliance.audits.codespan-reporting]]
863 who = "Jamey Sharp <jsharp@fastly.com>"
864 criteria = "safe-to-deploy"
866 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
868 [[audits.bytecode-alliance.audits.cpufeatures]]
869 who = "Alex Crichton <alex@alexcrichton.com>"
870 criteria = "safe-to-deploy"
871 delta = "0.2.2 -> 0.2.7"
873 This is a minor update that looks to add some more detected CPU features and
874 various other minor portability fixes such as MIRI support.
877 [[audits.bytecode-alliance.audits.crypto-common]]
878 who = "Benjamin Bouvier <public@benj.me>"
879 criteria = "safe-to-deploy"
882 [[audits.bytecode-alliance.audits.fallible-iterator]]
883 who = "Alex Crichton <alex@alexcrichton.com>"
884 criteria = "safe-to-deploy"
885 delta = "0.2.0 -> 0.3.0"
887 This major version update has a few minor breaking changes but everything
888 this crate has to do with iterators and `Result` and such. No `unsafe` or
889 anything like that, all looks good.
892 [[audits.bytecode-alliance.audits.foreign-types]]
893 who = "Pat Hickey <phickey@fastly.com>"
894 criteria = "safe-to-deploy"
896 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
898 [[audits.bytecode-alliance.audits.foreign-types-shared]]
899 who = "Pat Hickey <phickey@fastly.com>"
900 criteria = "safe-to-deploy"
903 [[audits.bytecode-alliance.audits.futures-channel]]
904 who = "Pat Hickey <phickey@fastly.com>"
905 criteria = "safe-to-deploy"
907 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
909 [[audits.bytecode-alliance.audits.futures-core]]
910 who = "Pat Hickey <phickey@fastly.com>"
911 criteria = "safe-to-deploy"
913 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
915 [[audits.bytecode-alliance.audits.futures-executor]]
916 who = "Pat Hickey <phickey@fastly.com>"
917 criteria = "safe-to-deploy"
919 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
921 [[audits.bytecode-alliance.audits.futures-io]]
922 who = "Pat Hickey <phickey@fastly.com>"
923 criteria = "safe-to-deploy"
926 [[audits.bytecode-alliance.audits.futures-sink]]
927 who = "Pat Hickey <phickey@fastly.com>"
928 criteria = "safe-to-deploy"
931 [[audits.bytecode-alliance.audits.heck]]
932 who = "Alex Crichton <alex@alexcrichton.com>"
933 criteria = "safe-to-deploy"
935 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
937 [[audits.bytecode-alliance.audits.id-arena]]
938 who = "Nick Fitzgerald <fitzgen@gmail.com>"
939 criteria = "safe-to-deploy"
941 notes = "I am the author of this crate."
943 [[audits.bytecode-alliance.audits.idna]]
944 who = "Alex Crichton <alex@alexcrichton.com>"
945 criteria = "safe-to-deploy"
948 This is a crate without unsafe code or usage of the standard library. The large
949 size of this crate comes from the large generated unicode tables file. This
950 crate is broadly used throughout the ecosystem and does not contain anything
954 [[audits.bytecode-alliance.audits.leb128]]
955 who = "Nick Fitzgerald <fitzgen@gmail.com>"
956 criteria = "safe-to-deploy"
958 notes = "I am the author of this crate."
960 [[audits.bytecode-alliance.audits.memoffset]]
961 who = "Alex Crichton <alex@alexcrichton.com>"
962 criteria = "safe-to-deploy"
963 delta = "0.7.1 -> 0.8.0"
964 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
966 [[audits.bytecode-alliance.audits.miniz_oxide]]
967 who = "Alex Crichton <alex@alexcrichton.com>"
968 criteria = "safe-to-deploy"
971 This crate is a Rust implementation of zlib compression/decompression and has
972 been used by default by the Rust standard library for quite some time. It's also
973 a default dependency of the popular `backtrace` crate for decompressing debug
974 information. This crate forbids unsafe code and does not otherwise access system
975 resources. It's originally a port of the `miniz.c` library as well, and given
976 its own longevity should be relatively hardened against some of the more common
977 compression-related issues.
980 [[audits.bytecode-alliance.audits.mio]]
981 who = "Alex Crichton <alex@alexcrichton.com>"
982 criteria = "safe-to-deploy"
983 delta = "0.8.6 -> 0.8.8"
984 notes = "Mostly OS portability updates along with some minor bugfixes."
986 [[audits.bytecode-alliance.audits.object]]
987 who = "Alex Crichton <alex@alexcrichton.com>"
988 criteria = "safe-to-deploy"
989 delta = "0.30.3 -> 0.31.1"
990 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
992 [[audits.bytecode-alliance.audits.object]]
993 who = "Alex Crichton <alex@alexcrichton.com>"
994 criteria = "safe-to-deploy"
995 delta = "0.31.1 -> 0.32.0"
996 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
998 [[audits.bytecode-alliance.audits.percent-encoding]]
999 who = "Alex Crichton <alex@alexcrichton.com>"
1000 criteria = "safe-to-deploy"
1003 This crate is a single-file crate that does what it says on the tin. There are
1004 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1005 as correct and otherwise this crate is good to go.
1008 [[audits.bytecode-alliance.audits.pin-utils]]
1009 who = "Pat Hickey <phickey@fastly.com>"
1010 criteria = "safe-to-deploy"
1013 [[audits.bytecode-alliance.audits.pkg-config]]
1014 who = "Pat Hickey <phickey@fastly.com>"
1015 criteria = "safe-to-deploy"
1017 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1019 [[audits.bytecode-alliance.audits.rustc-demangle]]
1020 who = "Alex Crichton <alex@alexcrichton.com>"
1021 criteria = "safe-to-deploy"
1023 notes = "I am the author of this crate."
1025 [[audits.bytecode-alliance.audits.semver]]
1026 who = "Pat Hickey <phickey@fastly.com>"
1027 criteria = "safe-to-deploy"
1029 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1031 [[audits.bytecode-alliance.audits.slab]]
1032 who = "Pat Hickey <phickey@fastly.com>"
1033 criteria = "safe-to-deploy"
1035 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1037 [[audits.bytecode-alliance.audits.socket2]]
1038 who = "Alex Crichton <alex@alexcrichton.com>"
1039 criteria = "safe-to-deploy"
1040 delta = "0.4.7 -> 0.4.9"
1041 notes = "Minor OS compat updates but otherwise nothing major here."
1043 [[audits.bytecode-alliance.audits.tempfile]]
1044 who = "Pat Hickey <phickey@fastly.com>"
1045 criteria = "safe-to-deploy"
1046 delta = "3.3.0 -> 3.5.0"
1048 [[audits.bytecode-alliance.audits.tempfile]]
1049 who = "Alex Crichton <alex@alexcrichton.com>"
1050 criteria = "safe-to-deploy"
1051 delta = "3.5.0 -> 3.6.0"
1052 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1054 [[audits.bytecode-alliance.audits.unicase]]
1055 who = "Alex Crichton <alex@alexcrichton.com>"
1056 criteria = "safe-to-deploy"
1059 This crate contains no `unsafe` code and no unnecessary use of the standard
1063 [[audits.bytecode-alliance.audits.unicode-bidi]]
1064 who = "Alex Crichton <alex@alexcrichton.com>"
1065 criteria = "safe-to-deploy"
1068 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1069 does not attempt to out of the bounds of what it's already supposed to be doing.
1072 [[audits.bytecode-alliance.audits.unicode-normalization]]
1073 who = "Alex Crichton <alex@alexcrichton.com>"
1074 criteria = "safe-to-deploy"
1077 This crate contains one usage of `unsafe` which I have manually checked to see
1078 it as correct. This crate's size comes in large part due to the generated
1079 unicode tables that it contains. This crate is additionally widely used
1080 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1081 and nothing suspicious.
1084 [[audits.embark-studios.wildcard-audits.presser]]
1085 who = "Gray Olson <opensource@embark-studios.com>"
1086 criteria = "safe-to-deploy"
1087 user-id = 52553 # embark-studios
1088 start = "2021-01-01"
1091 Small crate with no dependencies and no ambient capabilities. The safe interface of the crate
1092 is gated behind unsafe implementation of a core trait, and care must be taken to ensure that
1093 the relevant invariants are guaranteed when doing so. Maintained by the Ark team at Embark
1094 and used in production.
1097 [[audits.embark-studios.audits.anyhow]]
1098 who = "Johan Andersson <opensource@embark-studios.com>"
1099 criteria = "safe-to-deploy"
1102 [[audits.embark-studios.audits.cfg_aliases]]
1103 who = "Johan Andersson <opensource@embark-studios.com>"
1104 criteria = "safe-to-deploy"
1106 notes = "No unsafe usage or ambient capabilities"
1108 [[audits.embark-studios.audits.derive_more]]
1109 who = "Johan Andersson <opensource@embark-studios.com>"
1110 criteria = "safe-to-deploy"
1112 notes = "No unsafe usage or ambient capabilities"
1114 [[audits.embark-studios.audits.ident_case]]
1115 who = "Johan Andersson <opensource@embark-studios.com>"
1116 criteria = "safe-to-deploy"
1118 notes = "No unsafe usage or ambient capabilities"
1120 [[audits.embark-studios.audits.idna]]
1121 who = "Johan Andersson <opensource@embark-studios.com>"
1122 criteria = "safe-to-deploy"
1123 delta = "0.3.0 -> 0.4.0"
1124 notes = "No unsafe usage or ambient capabilities"
1126 [[audits.embark-studios.audits.line-wrap]]
1127 who = "Johan Andersson <opensource@embark-studios.com>"
1128 criteria = "safe-to-deploy"
1130 notes = "No unsafe usage or ambient capabilities"
1132 [[audits.embark-studios.audits.yaml-rust]]
1133 who = "Johan Andersson <opensource@embark-studios.com>"
1134 criteria = "safe-to-deploy"
1136 notes = "No unsafe usage or ambient capabilities"
1138 [[audits.google.audits.ash]]
1139 who = "David Koloski <dkoloski@google.com>"
1140 criteria = "safe-to-deploy"
1141 version = "0.37.0+1.3.209"
1142 notes = "Reviewed on https://fxrev.dev/694269"
1143 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1145 [[audits.google.audits.fastrand]]
1146 who = "George Burgess IV <gbiv@google.com>"
1147 criteria = "safe-to-deploy"
1150 `does-not-implement-crypto` is certified because this crate explicitly says
1151 that the RNG here is not cryptographically secure.
1153 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1155 [[audits.google.audits.futures]]
1156 who = "George Burgess IV <gbiv@google.com>"
1157 criteria = "safe-to-deploy"
1160 `futures` has no logic other than tests - it simply `pub use`s things from
1163 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1165 [[audits.google.audits.glob]]
1166 who = "George Burgess IV <gbiv@google.com>"
1167 criteria = "safe-to-deploy"
1169 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1171 [[audits.google.audits.http]]
1173 criteria = "safe-to-run"
1175 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1177 [[audits.google.audits.http-body]]
1179 criteria = "safe-to-run"
1181 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1183 [[audits.google.audits.httpdate]]
1185 criteria = "safe-to-run"
1187 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1189 [[audits.google.audits.hyper]]
1191 criteria = "safe-to-run"
1193 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1195 [[audits.google.audits.nom]]
1196 who = "danakj@chromium.org"
1197 criteria = "safe-to-deploy"
1200 Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
1202 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1204 [[audits.google.audits.pin-project]]
1206 criteria = "safe-to-run"
1208 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1210 [[audits.google.audits.pin-project-internal]]
1212 criteria = "safe-to-run"
1214 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1216 [[audits.google.audits.pin-project-lite]]
1217 who = "David Koloski <dkoloski@google.com>"
1218 criteria = "safe-to-deploy"
1220 notes = "Reviewed on https://fxrev.dev/824504"
1221 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1223 [[audits.google.audits.scoped-tls]]
1224 who = "George Burgess IV <gbiv@google.com>"
1225 criteria = "safe-to-run"
1227 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1229 [[audits.google.audits.serde_urlencoded]]
1231 criteria = "safe-to-run"
1233 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1235 [[audits.google.audits.static_assertions]]
1236 who = "Lukasz Anforowicz <lukasza@chromium.org>"
1237 criteria = "safe-to-deploy"
1240 Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
1241 and there were no hits except for one `unsafe`.
1243 The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code
1244 never runs) and is only introduced for some compile-time checks. Additional
1245 unsafe review comments can be found in https://crrev.com/c/5353376.
1247 This crate has been added to Chromium in https://crrev.com/c/3736562. The CL
1248 description contains a link to a document with an additional security review.
1250 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1252 [[audits.google.audits.strsim]]
1253 who = "danakj@chromium.org"
1254 criteria = "safe-to-deploy"
1257 Reviewed in https://crrev.com/c/5171063
1259 Previously reviewed during security review and the audit is grandparented in.
1261 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1263 [[audits.google.audits.tokio]]
1264 who = "Vovo Yang <vovoy@google.com>"
1265 criteria = "safe-to-run"
1267 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1269 [[audits.google.audits.tokio-stream]]
1270 who = "David Koloski <dkoloski@google.com>"
1271 criteria = "safe-to-deploy"
1273 notes = "Reviewed on https://fxrev.dev/804724"
1274 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1276 [[audits.google.audits.tower-service]]
1278 criteria = "safe-to-run"
1280 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1282 [[audits.google.audits.tracing]]
1284 criteria = "safe-to-run"
1286 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1288 [[audits.google.audits.tracing-attributes]]
1290 criteria = "safe-to-run"
1292 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1294 [[audits.google.audits.tracing-core]]
1296 criteria = "safe-to-run"
1298 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1300 [[audits.google.audits.try-lock]]
1302 criteria = "safe-to-run"
1304 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1306 [[audits.google.audits.version_check]]
1307 who = "George Burgess IV <gbiv@google.com>"
1308 criteria = "safe-to-deploy"
1310 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1312 [[audits.google.audits.want]]
1314 criteria = "safe-to-run"
1316 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1318 [[audits.isrg.wildcard-audits.prio]]
1319 who = "David Cook <dcook@divviup.org>"
1320 criteria = "safe-to-deploy"
1321 user-id = 213776 # divviup-github-automation
1322 start = "2020-09-28"
1325 [[audits.isrg.audits.base64]]
1326 who = "Tim Geoghegan <timg@letsencrypt.org>"
1327 criteria = "safe-to-deploy"
1328 delta = "0.21.0 -> 0.21.1"
1330 [[audits.isrg.audits.base64]]
1331 who = "Brandon Pitman <bran@bran.land>"
1332 criteria = "safe-to-deploy"
1333 delta = "0.21.1 -> 0.21.2"
1335 [[audits.isrg.audits.base64]]
1336 who = "David Cook <dcook@divviup.org>"
1337 criteria = "safe-to-deploy"
1338 delta = "0.21.2 -> 0.21.3"
1340 [[audits.isrg.audits.block-buffer]]
1341 who = "David Cook <dcook@divviup.org>"
1342 criteria = "safe-to-deploy"
1345 [[audits.isrg.audits.getrandom]]
1346 who = "Tim Geoghegan <timg@letsencrypt.org>"
1347 criteria = "safe-to-deploy"
1348 delta = "0.2.9 -> 0.2.10"
1349 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1351 [[audits.isrg.audits.keccak]]
1352 who = "David Cook <dcook@divviup.org>"
1353 criteria = "safe-to-deploy"
1356 [[audits.isrg.audits.keccak]]
1357 who = "Brandon Pitman <bran@bran.land>"
1358 criteria = "safe-to-deploy"
1359 delta = "0.1.3 -> 0.1.4"
1361 [[audits.isrg.audits.once_cell]]
1362 who = "Brandon Pitman <bran@bran.land>"
1363 criteria = "safe-to-deploy"
1364 delta = "1.17.1 -> 1.17.2"
1366 [[audits.isrg.audits.once_cell]]
1367 who = "David Cook <dcook@divviup.org>"
1368 criteria = "safe-to-deploy"
1369 delta = "1.17.2 -> 1.18.0"
1371 [[audits.isrg.audits.once_cell]]
1372 who = "Brandon Pitman <bran@bran.land>"
1373 criteria = "safe-to-deploy"
1374 delta = "1.18.0 -> 1.19.0"
1376 [[audits.isrg.audits.rand_chacha]]
1377 who = "David Cook <dcook@divviup.org>"
1378 criteria = "safe-to-deploy"
1381 [[audits.isrg.audits.rand_core]]
1382 who = "David Cook <dcook@divviup.org>"
1383 criteria = "safe-to-deploy"
1386 [[audits.isrg.audits.rayon-core]]
1387 who = "Brandon Pitman <bran@bran.land>"
1388 criteria = "safe-to-deploy"
1389 delta = "1.10.2 -> 1.11.0"
1391 [[audits.isrg.audits.rayon-core]]
1392 who = "David Cook <dcook@divviup.org>"
1393 criteria = "safe-to-deploy"
1394 delta = "1.11.0 -> 1.12.0"
1396 [[audits.isrg.audits.sha2]]
1397 who = "David Cook <dcook@divviup.org>"
1398 criteria = "safe-to-deploy"
1401 [[audits.isrg.audits.sha3]]
1402 who = "David Cook <dcook@divviup.org>"
1403 criteria = "safe-to-deploy"
1406 [[audits.isrg.audits.sha3]]
1407 who = "Brandon Pitman <bran@bran.land>"
1408 criteria = "safe-to-deploy"
1409 delta = "0.10.7 -> 0.10.8"
1411 [[audits.mozilla.wildcard-audits.zeitstempel]]
1412 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1413 criteria = "safe-to-deploy"
1414 user-id = 48 # Jan-Erik Rediger (badboy)
1415 start = "2021-03-03"
1417 notes = "Maintained by me"
1418 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1420 [[audits.mozilla.audits.askama]]
1421 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1422 criteria = "safe-to-deploy"
1423 delta = "0.11.1 -> 0.12.0"
1424 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1425 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1427 [[audits.mozilla.audits.askama_derive]]
1428 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1429 criteria = "safe-to-deploy"
1430 delta = "0.11.2 -> 0.12.1"
1431 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1432 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1434 [[audits.mozilla.audits.basic-toml]]
1435 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1436 criteria = "safe-to-deploy"
1438 notes = "TOML parser, forked from toml 0.5"
1439 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1441 [[audits.mozilla.audits.bitflags]]
1442 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1443 criteria = "safe-to-deploy"
1444 delta = "2.4.0 -> 2.4.1"
1445 notes = "Only allowing new clippy lints"
1446 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1448 [[audits.mozilla.audits.either]]
1449 who = "Nika Layzell <nika@thelayzells.com>"
1450 criteria = "safe-to-deploy"
1453 Straightforward crate providing the Either enum and trait implementations with
1456 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1458 [[audits.mozilla.audits.lazy_static]]
1459 who = "Nika Layzell <nika@thelayzells.com>"
1460 criteria = "safe-to-deploy"
1462 notes = "I have read over the macros, and audited the unsafe code."
1463 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1465 [[audits.mozilla.audits.log]]
1466 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1467 criteria = "safe-to-deploy"
1468 delta = "0.4.17 -> 0.4.18"
1469 notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed."
1470 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1472 [[audits.mozilla.audits.log]]
1473 who = "Kagami Sascha Rosylight <krosylight@mozilla.com>"
1474 criteria = "safe-to-deploy"
1475 delta = "0.4.18 -> 0.4.20"
1476 notes = "Only cfg attribute and internal macro changes and module refactorings"
1477 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1479 [[audits.mozilla.audits.rkv]]
1480 who = "Kagami Sascha Rosylight <krosylight@mozilla.com>"
1481 criteria = "safe-to-deploy"
1482 delta = "0.18.4 -> 0.19.0"
1483 notes = "Maintained by Mozilla, no addition of unsafe blocks"
1484 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"