2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
11 [[publisher.aho-corasick]]
15 user-login = "BurntSushi"
16 user-name = "Andrew Gallant"
25 [[publisher.arbitrary]]
29 user-login = "fitzgen"
30 user-name = "Nick Fitzgerald"
32 [[publisher.async-trait]]
36 user-login = "dtolnay"
37 user-name = "David Tolnay"
43 user-login = "Amanieu"
44 user-name = "Amanieu d'Antras"
46 [[publisher.audio_thread_priority]]
50 user-login = "padenot"
51 user-name = "Paul Adenot"
53 [[publisher.authenticator]]
54 version = "0.4.0-alpha.23"
57 user-login = "jschanck"
58 user-name = "John Schanck"
64 user-login = "martinthomson"
65 user-name = "Martin Thomson"
67 [[publisher.byteorder]]
71 user-login = "BurntSushi"
72 user-name = "Andrew Gallant"
78 user-login = "Darksonn"
79 user-name = "Alice Ryhl"
86 user-name = "Emilio Cobos Álvarez"
95 [[publisher.clap_builder]]
100 user-name = "Ed Page"
102 [[publisher.clap_derive]]
107 user-name = "Ed Page"
109 [[publisher.clap_lex]]
114 user-name = "Ed Page"
116 [[publisher.core-foundation]]
120 user-login = "jrmuizel"
121 user-name = "Jeff Muizelaar"
123 [[publisher.core-foundation-sys]]
128 user-name = "Josh Matthews"
130 [[publisher.core-graphics]]
134 user-login = "jrmuizel"
135 user-name = "Jeff Muizelaar"
137 [[publisher.core-graphics-types]]
142 user-name = "Josh Matthews"
144 [[publisher.core-text]]
148 user-login = "jrmuizel"
149 user-name = "Jeff Muizelaar"
151 [[publisher.derive_arbitrary]]
155 user-login = "fitzgen"
156 user-name = "Nick Fitzgerald"
162 user-login = "linabutler"
163 user-name = "Lina Butler"
169 user-login = "dtolnay"
170 user-name = "David Tolnay"
172 [[publisher.encoding_rs]]
176 user-login = "hsivonen"
177 user-name = "Henri Sivonen"
179 [[publisher.etagere]]
184 user-name = "Nicolas Silva"
191 user-name = "Nicolas Silva"
197 user-login = "joshtriplett"
198 user-name = "Josh Triplett"
200 [[publisher.freetype]]
205 user-name = "Josh Matthews"
211 user-login = "jrmuizel"
212 user-name = "Jeff Muizelaar"
218 user-login = "badboy"
219 user-name = "Jan-Erik Rediger"
221 [[publisher.glean-core]]
225 user-login = "badboy"
226 user-name = "Jan-Erik Rediger"
228 [[publisher.glslopt]]
232 user-login = "jamienicol"
233 user-name = "Jamie Nicol"
235 [[publisher.headers]]
239 user-login = "seanmonstar"
240 user-name = "Sean McArthur"
242 [[publisher.httparse]]
246 user-login = "seanmonstar"
247 user-name = "Sean McArthur"
249 [[publisher.indexmap]]
253 user-login = "cuviper"
254 user-name = "Josh Stone"
256 [[publisher.inherent]]
260 user-login = "dtolnay"
261 user-name = "David Tolnay"
267 user-login = "carllerche"
268 user-name = "Carl Lerche"
274 user-login = "dtolnay"
275 user-name = "David Tolnay"
277 [[publisher.jobserver]]
281 user-login = "alexcrichton"
282 user-name = "Alex Crichton"
288 user-login = "Amanieu"
289 user-name = "Amanieu d'Antras"
295 user-login = "JohnTitor"
296 user-name = "Yuki Okushi"
298 [[publisher.linux-raw-sys]]
302 user-login = "sunfishcode"
303 user-name = "Dan Gohman"
305 [[publisher.lock_api]]
309 user-login = "Amanieu"
310 user-name = "Amanieu d'Antras"
316 user-login = "BurntSushi"
317 user-name = "Andrew Gallant"
323 user-login = "seanmonstar"
324 user-name = "Sean McArthur"
330 user-login = "carllerche"
331 user-name = "Carl Lerche"
333 [[publisher.nss-gk-api]]
337 user-login = "jschanck"
338 user-name = "John Schanck"
340 [[publisher.num_cpus]]
344 user-login = "seanmonstar"
345 user-name = "Sean McArthur"
351 user-login = "martinthomson"
352 user-name = "Martin Thomson"
354 [[publisher.ordered-float]]
358 user-login = "mbrubeck"
359 user-name = "Matt Brubeck"
361 [[publisher.parking_lot]]
365 user-login = "Amanieu"
366 user-name = "Amanieu d'Antras"
368 [[publisher.parking_lot_core]]
372 user-login = "Amanieu"
373 user-name = "Amanieu d'Antras"
379 user-login = "dtolnay"
380 user-name = "David Tolnay"
386 user-login = "le-automaton"
392 user-login = "divviup-github-automation"
394 [[publisher.proc-macro2]]
398 user-login = "dtolnay"
399 user-name = "David Tolnay"
401 [[publisher.proc-macro2]]
405 user-login = "dtolnay"
406 user-name = "David Tolnay"
412 user-login = "dtolnay"
413 user-name = "David Tolnay"
419 user-login = "BurntSushi"
420 user-name = "Andrew Gallant"
426 user-login = "BurntSushi"
427 user-name = "Andrew Gallant"
429 [[publisher.regex-automata]]
433 user-login = "BurntSushi"
434 user-name = "Andrew Gallant"
436 [[publisher.regex-syntax]]
440 user-login = "BurntSushi"
441 user-name = "Andrew Gallant"
443 [[publisher.regex-syntax]]
447 user-login = "BurntSushi"
448 user-name = "Andrew Gallant"
450 [[publisher.rust_cascade]]
454 user-login = "mozkeeler"
455 user-name = "Dana Keeler"
461 user-login = "sunfishcode"
462 user-name = "Dan Gohman"
468 user-login = "dtolnay"
469 user-name = "David Tolnay"
471 [[publisher.same-file]]
475 user-login = "BurntSushi"
476 user-name = "Andrew Gallant"
478 [[publisher.scopeguard]]
482 user-login = "Amanieu"
483 user-name = "Amanieu d'Antras"
489 user-login = "dtolnay"
490 user-name = "David Tolnay"
496 user-login = "dtolnay"
497 user-name = "David Tolnay"
503 user-login = "dtolnay"
504 user-name = "David Tolnay"
506 [[publisher.serde_bytes]]
510 user-login = "dtolnay"
511 user-name = "David Tolnay"
513 [[publisher.serde_derive]]
517 user-login = "dtolnay"
518 user-name = "David Tolnay"
520 [[publisher.serde_derive]]
524 user-login = "dtolnay"
525 user-name = "David Tolnay"
527 [[publisher.serde_derive]]
531 user-login = "dtolnay"
532 user-name = "David Tolnay"
534 [[publisher.serde_json]]
538 user-login = "dtolnay"
539 user-name = "David Tolnay"
541 [[publisher.serde_repr]]
545 user-login = "dtolnay"
546 user-name = "David Tolnay"
548 [[publisher.serde_yaml]]
552 user-login = "dtolnay"
553 user-name = "David Tolnay"
555 [[publisher.smallvec]]
559 user-login = "mbrubeck"
560 user-name = "Matt Brubeck"
566 user-login = "dtolnay"
567 user-name = "David Tolnay"
573 user-login = "dtolnay"
574 user-name = "David Tolnay"
576 [[publisher.termcolor]]
580 user-login = "BurntSushi"
581 user-name = "Andrew Gallant"
583 [[publisher.termcolor]]
587 user-login = "BurntSushi"
588 user-name = "Andrew Gallant"
590 [[publisher.threadbound]]
594 user-login = "dtolnay"
595 user-name = "David Tolnay"
597 [[publisher.tokio-util]]
601 user-login = "Darksonn"
602 user-name = "Alice Ryhl"
608 user-login = "alexcrichton"
609 user-name = "Alex Crichton"
611 [[publisher.unicode-ident]]
615 user-login = "dtolnay"
616 user-name = "David Tolnay"
618 [[publisher.unicode-segmentation]]
622 user-login = "Manishearth"
623 user-name = "Manish Goregaokar"
625 [[publisher.unicode-width]]
629 user-login = "Manishearth"
630 user-name = "Manish Goregaokar"
632 [[publisher.unicode-xid]]
636 user-login = "Manishearth"
637 user-name = "Manish Goregaokar"
643 user-login = "badboy"
644 user-name = "Jan-Erik Rediger"
646 [[publisher.uniffi_bindgen]]
650 user-login = "badboy"
651 user-name = "Jan-Erik Rediger"
653 [[publisher.uniffi_build]]
657 user-login = "badboy"
658 user-name = "Jan-Erik Rediger"
660 [[publisher.uniffi_checksum_derive]]
664 user-login = "badboy"
665 user-name = "Jan-Erik Rediger"
667 [[publisher.uniffi_core]]
671 user-login = "badboy"
672 user-name = "Jan-Erik Rediger"
674 [[publisher.uniffi_macros]]
678 user-login = "badboy"
679 user-name = "Jan-Erik Rediger"
681 [[publisher.uniffi_meta]]
685 user-login = "badboy"
686 user-name = "Jan-Erik Rediger"
688 [[publisher.uniffi_testing]]
692 user-login = "badboy"
693 user-name = "Jan-Erik Rediger"
695 [[publisher.utf8_iter]]
699 user-login = "hsivonen"
700 user-name = "Henri Sivonen"
702 [[publisher.walkdir]]
706 user-login = "BurntSushi"
707 user-name = "Andrew Gallant"
713 user-login = "seanmonstar"
714 user-name = "Sean McArthur"
717 version = "0.11.0+wasi-snapshot-preview1"
720 user-login = "alexcrichton"
721 user-name = "Alex Crichton"
723 [[publisher.wasm-encoder]]
727 user-login = "alexcrichton"
728 user-name = "Alex Crichton"
730 [[publisher.wasm-encoder]]
734 user-login = "alexcrichton"
735 user-name = "Alex Crichton"
737 [[publisher.wasm-smith]]
741 user-login = "alexcrichton"
742 user-name = "Alex Crichton"
744 [[publisher.wasm-smith]]
748 user-login = "alexcrichton"
749 user-name = "Alex Crichton"
755 user-login = "alexcrichton"
756 user-name = "Alex Crichton"
762 user-login = "alexcrichton"
763 user-name = "Alex Crichton"
765 [[publisher.winapi-util]]
769 user-login = "BurntSushi"
770 user-name = "Andrew Gallant"
772 [[publisher.windows-sys]]
776 user-login = "kennykerr"
777 user-name = "Kenny Kerr"
779 [[publisher.zeitstempel]]
783 user-login = "badboy"
784 user-name = "Jan-Erik Rediger"
786 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
787 who = "Nick Fitzgerald <fitzgen@gmail.com>"
788 criteria = "safe-to-deploy"
789 user-id = 696 # Nick Fitzgerald (fitzgen)
792 notes = "I am an author of this crate."
794 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
795 who = "Nick Fitzgerald <fitzgen@gmail.com>"
796 criteria = "safe-to-deploy"
797 user-id = 696 # Nick Fitzgerald (fitzgen)
800 notes = "I am an author of this crate"
802 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
803 who = "Alex Crichton <alex@alexcrichton.com>"
804 criteria = "safe-to-deploy"
805 user-id = 1 # Alex Crichton (alexcrichton)
809 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
810 repository of which I'm one of the primary maintainers and publishers for.
811 I am employed by a member of the Bytecode Alliance and plan to continue doing
812 so and will actively maintain this crate over time.
815 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
816 who = "Alex Crichton <alex@alexcrichton.com>"
817 criteria = "safe-to-deploy"
818 user-id = 1 # Alex Crichton (alexcrichton)
822 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
823 repository of which I'm one of the primary maintainers and publishers for.
824 I am employed by a member of the Bytecode Alliance and plan to continue doing
825 so and will actively maintain this crate over time.
828 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
829 who = "Alex Crichton <alex@alexcrichton.com>"
830 criteria = "safe-to-deploy"
831 user-id = 1 # Alex Crichton (alexcrichton)
835 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
836 repository of which I'm one of the primary maintainers and publishers for.
837 I am employed by a member of the Bytecode Alliance and plan to continue doing
838 so and will actively maintain this crate over time.
841 [[audits.bytecode-alliance.wildcard-audits.wast]]
842 who = "Alex Crichton <alex@alexcrichton.com>"
843 criteria = "safe-to-deploy"
844 user-id = 1 # Alex Crichton (alexcrichton)
848 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
849 repository of which I'm one of the primary maintainers and publishers for.
850 I am employed by a member of the Bytecode Alliance and plan to continue doing
851 so and will actively maintain this crate over time.
854 [[audits.bytecode-alliance.audits.adler]]
855 who = "Alex Crichton <alex@alexcrichton.com>"
856 criteria = "safe-to-deploy"
858 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
860 [[audits.bytecode-alliance.audits.arrayref]]
861 who = "Nick Fitzgerald <fitzgen@gmail.com>"
862 criteria = "safe-to-deploy"
865 Unsafe code, but its logic looks good to me. Necessary given what it is
866 doing. Well tested, has quickchecks.
869 [[audits.bytecode-alliance.audits.arrayvec]]
870 who = "Nick Fitzgerald <fitzgen@gmail.com>"
871 criteria = "safe-to-deploy"
874 Well documented invariants, good assertions for those invariants in unsafe code,
875 and tested with MIRI to boot. LGTM.
878 [[audits.bytecode-alliance.audits.base64]]
879 who = "Pat Hickey <phickey@fastly.com>"
880 criteria = "safe-to-deploy"
882 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
884 [[audits.bytecode-alliance.audits.bitflags]]
885 who = "Jamey Sharp <jsharp@fastly.com>"
886 criteria = "safe-to-deploy"
887 delta = "2.1.0 -> 2.2.1"
889 This version adds unsafe impls of traits from the bytemuck crate when built
890 with that library enabled, but I believe the impls satisfy the documented
891 safety requirements for bytemuck. The other changes are minor.
894 [[audits.bytecode-alliance.audits.bitflags]]
895 who = "Alex Crichton <alex@alexcrichton.com>"
896 criteria = "safe-to-deploy"
897 delta = "2.3.2 -> 2.3.3"
899 Nothing outside the realm of what one would expect from a bitflags generator,
903 [[audits.bytecode-alliance.audits.block-buffer]]
904 who = "Benjamin Bouvier <public@benj.me>"
905 criteria = "safe-to-deploy"
906 delta = "0.9.0 -> 0.10.2"
908 [[audits.bytecode-alliance.audits.bumpalo]]
909 who = "Nick Fitzgerald <fitzgen@gmail.com>"
910 criteria = "safe-to-deploy"
912 notes = "I am the author of this crate."
914 [[audits.bytecode-alliance.audits.cargo-platform]]
915 who = "Pat Hickey <phickey@fastly.com>"
916 criteria = "safe-to-deploy"
918 notes = "no build, no ambient capabilities, no unsafe"
920 [[audits.bytecode-alliance.audits.cc]]
921 who = "Alex Crichton <alex@alexcrichton.com>"
922 criteria = "safe-to-deploy"
924 notes = "I am the author of this crate."
926 [[audits.bytecode-alliance.audits.cfg-if]]
927 who = "Alex Crichton <alex@alexcrichton.com>"
928 criteria = "safe-to-deploy"
930 notes = "I am the author of this crate."
932 [[audits.bytecode-alliance.audits.codespan-reporting]]
933 who = "Jamey Sharp <jsharp@fastly.com>"
934 criteria = "safe-to-deploy"
936 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
938 [[audits.bytecode-alliance.audits.cpufeatures]]
939 who = "Alex Crichton <alex@alexcrichton.com>"
940 criteria = "safe-to-deploy"
941 delta = "0.2.2 -> 0.2.7"
943 This is a minor update that looks to add some more detected CPU features and
944 various other minor portability fixes such as MIRI support.
947 [[audits.bytecode-alliance.audits.crypto-common]]
948 who = "Benjamin Bouvier <public@benj.me>"
949 criteria = "safe-to-deploy"
952 [[audits.bytecode-alliance.audits.errno]]
953 who = "Dan Gohman <dev@sunfishcode.online>"
954 criteria = "safe-to-deploy"
956 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
958 [[audits.bytecode-alliance.audits.errno]]
959 who = "Dan Gohman <dev@sunfishcode.online>"
960 criteria = "safe-to-deploy"
961 delta = "0.3.0 -> 0.3.1"
962 notes = "Just a dependency version bump and a bug fix for redox"
964 [[audits.bytecode-alliance.audits.errno-dragonfly]]
965 who = "Jamey Sharp <jsharp@fastly.com>"
966 criteria = "safe-to-deploy"
968 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
970 [[audits.bytecode-alliance.audits.foreign-types]]
971 who = "Pat Hickey <phickey@fastly.com>"
972 criteria = "safe-to-deploy"
974 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
976 [[audits.bytecode-alliance.audits.foreign-types-shared]]
977 who = "Pat Hickey <phickey@fastly.com>"
978 criteria = "safe-to-deploy"
981 [[audits.bytecode-alliance.audits.futures-channel]]
982 who = "Pat Hickey <phickey@fastly.com>"
983 criteria = "safe-to-deploy"
985 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
987 [[audits.bytecode-alliance.audits.futures-core]]
988 who = "Pat Hickey <phickey@fastly.com>"
989 criteria = "safe-to-deploy"
991 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
993 [[audits.bytecode-alliance.audits.futures-executor]]
994 who = "Pat Hickey <phickey@fastly.com>"
995 criteria = "safe-to-deploy"
997 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
999 [[audits.bytecode-alliance.audits.futures-io]]
1000 who = "Pat Hickey <phickey@fastly.com>"
1001 criteria = "safe-to-deploy"
1004 [[audits.bytecode-alliance.audits.futures-sink]]
1005 who = "Pat Hickey <phickey@fastly.com>"
1006 criteria = "safe-to-deploy"
1009 [[audits.bytecode-alliance.audits.heck]]
1010 who = "Alex Crichton <alex@alexcrichton.com>"
1011 criteria = "safe-to-deploy"
1013 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1015 [[audits.bytecode-alliance.audits.id-arena]]
1016 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1017 criteria = "safe-to-deploy"
1019 notes = "I am the author of this crate."
1021 [[audits.bytecode-alliance.audits.idna]]
1022 who = "Alex Crichton <alex@alexcrichton.com>"
1023 criteria = "safe-to-deploy"
1026 This is a crate without unsafe code or usage of the standard library. The large
1027 size of this crate comes from the large generated unicode tables file. This
1028 crate is broadly used throughout the ecosystem and does not contain anything
1032 [[audits.bytecode-alliance.audits.leb128]]
1033 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1034 criteria = "safe-to-deploy"
1036 notes = "I am the author of this crate."
1038 [[audits.bytecode-alliance.audits.libc]]
1039 who = "Alex Crichton <alex@alexcrichton.com>"
1040 criteria = "safe-to-deploy"
1041 delta = "0.2.146 -> 0.2.147"
1042 notes = "Only new type definitions and updating others for some platforms, no major changes"
1044 [[audits.bytecode-alliance.audits.memoffset]]
1045 who = "Alex Crichton <alex@alexcrichton.com>"
1046 criteria = "safe-to-deploy"
1047 delta = "0.7.1 -> 0.8.0"
1048 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1050 [[audits.bytecode-alliance.audits.miniz_oxide]]
1051 who = "Alex Crichton <alex@alexcrichton.com>"
1052 criteria = "safe-to-deploy"
1055 This crate is a Rust implementation of zlib compression/decompression and has
1056 been used by default by the Rust standard library for quite some time. It's also
1057 a default dependency of the popular `backtrace` crate for decompressing debug
1058 information. This crate forbids unsafe code and does not otherwise access system
1059 resources. It's originally a port of the `miniz.c` library as well, and given
1060 its own longevity should be relatively hardened against some of the more common
1061 compression-related issues.
1064 [[audits.bytecode-alliance.audits.mio]]
1065 who = "Alex Crichton <alex@alexcrichton.com>"
1066 criteria = "safe-to-deploy"
1067 delta = "0.8.6 -> 0.8.8"
1068 notes = "Mostly OS portability updates along with some minor bugfixes."
1070 [[audits.bytecode-alliance.audits.object]]
1071 who = "Alex Crichton <alex@alexcrichton.com>"
1072 criteria = "safe-to-deploy"
1073 delta = "0.30.3 -> 0.31.1"
1074 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1076 [[audits.bytecode-alliance.audits.object]]
1077 who = "Alex Crichton <alex@alexcrichton.com>"
1078 criteria = "safe-to-deploy"
1079 delta = "0.31.1 -> 0.32.0"
1080 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1082 [[audits.bytecode-alliance.audits.peeking_take_while]]
1083 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1084 criteria = "safe-to-deploy"
1086 notes = "I am the author of this crate."
1088 [[audits.bytecode-alliance.audits.percent-encoding]]
1089 who = "Alex Crichton <alex@alexcrichton.com>"
1090 criteria = "safe-to-deploy"
1093 This crate is a single-file crate that does what it says on the tin. There are
1094 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1095 as correct and otherwise this crate is good to go.
1098 [[audits.bytecode-alliance.audits.pin-utils]]
1099 who = "Pat Hickey <phickey@fastly.com>"
1100 criteria = "safe-to-deploy"
1103 [[audits.bytecode-alliance.audits.pkg-config]]
1104 who = "Pat Hickey <phickey@fastly.com>"
1105 criteria = "safe-to-deploy"
1107 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1109 [[audits.bytecode-alliance.audits.rustc-demangle]]
1110 who = "Alex Crichton <alex@alexcrichton.com>"
1111 criteria = "safe-to-deploy"
1113 notes = "I am the author of this crate."
1115 [[audits.bytecode-alliance.audits.semver]]
1116 who = "Pat Hickey <phickey@fastly.com>"
1117 criteria = "safe-to-deploy"
1119 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1121 [[audits.bytecode-alliance.audits.slab]]
1122 who = "Pat Hickey <phickey@fastly.com>"
1123 criteria = "safe-to-deploy"
1125 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1127 [[audits.bytecode-alliance.audits.socket2]]
1128 who = "Alex Crichton <alex@alexcrichton.com>"
1129 criteria = "safe-to-deploy"
1130 delta = "0.4.7 -> 0.4.9"
1131 notes = "Minor OS compat updates but otherwise nothing major here."
1133 [[audits.bytecode-alliance.audits.tempfile]]
1134 who = "Pat Hickey <phickey@fastly.com>"
1135 criteria = "safe-to-deploy"
1136 delta = "3.3.0 -> 3.5.0"
1138 [[audits.bytecode-alliance.audits.tempfile]]
1139 who = "Alex Crichton <alex@alexcrichton.com>"
1140 criteria = "safe-to-deploy"
1141 delta = "3.5.0 -> 3.6.0"
1142 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1144 [[audits.bytecode-alliance.audits.unicase]]
1145 who = "Alex Crichton <alex@alexcrichton.com>"
1146 criteria = "safe-to-deploy"
1149 This crate contains no `unsafe` code and no unnecessary use of the standard
1153 [[audits.bytecode-alliance.audits.unicode-bidi]]
1154 who = "Alex Crichton <alex@alexcrichton.com>"
1155 criteria = "safe-to-deploy"
1158 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1159 does not attempt to out of the bounds of what it's already supposed to be doing.
1162 [[audits.bytecode-alliance.audits.unicode-normalization]]
1163 who = "Alex Crichton <alex@alexcrichton.com>"
1164 criteria = "safe-to-deploy"
1167 This crate contains one usage of `unsafe` which I have manually checked to see
1168 it as correct. This crate's size comes in large part due to the generated
1169 unicode tables that it contains. This crate is additionally widely used
1170 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1171 and nothing suspicious.
1174 [[audits.embark-studios.audits.anyhow]]
1175 who = "Johan Andersson <opensource@embark-studios.com>"
1176 criteria = "safe-to-deploy"
1179 [[audits.embark-studios.audits.derive_more]]
1180 who = "Johan Andersson <opensource@embark-studios.com>"
1181 criteria = "safe-to-deploy"
1183 notes = "No unsafe usage or ambient capabilities"
1185 [[audits.embark-studios.audits.ident_case]]
1186 who = "Johan Andersson <opensource@embark-studios.com>"
1187 criteria = "safe-to-deploy"
1189 notes = "No unsafe usage or ambient capabilities"
1191 [[audits.embark-studios.audits.idna]]
1192 who = "Johan Andersson <opensource@embark-studios.com>"
1193 criteria = "safe-to-deploy"
1194 delta = "0.3.0 -> 0.4.0"
1195 notes = "No unsafe usage or ambient capabilities"
1197 [[audits.embark-studios.audits.line-wrap]]
1198 who = "Johan Andersson <opensource@embark-studios.com>"
1199 criteria = "safe-to-deploy"
1201 notes = "No unsafe usage or ambient capabilities"
1203 [[audits.embark-studios.audits.thiserror]]
1204 who = "Johan Andersson <opensource@embark-studios.com>"
1205 criteria = "safe-to-deploy"
1207 notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
1209 [[audits.embark-studios.audits.thiserror-impl]]
1210 who = "Johan Andersson <opensource@embark-studios.com>"
1211 criteria = "safe-to-deploy"
1213 notes = "Found no unsafe or ambient capabilities used"
1215 [[audits.embark-studios.audits.yaml-rust]]
1216 who = "Johan Andersson <opensource@embark-studios.com>"
1217 criteria = "safe-to-deploy"
1219 notes = "No unsafe usage or ambient capabilities"
1221 [[audits.google.audits.ash]]
1222 who = "David Koloski <dkoloski@google.com>"
1223 criteria = "safe-to-deploy"
1224 version = "0.37.0+1.3.209"
1225 notes = "Reviewed on https://fxrev.dev/694269"
1226 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1228 [[audits.google.audits.fastrand]]
1229 who = "George Burgess IV <gbiv@google.com>"
1230 criteria = "safe-to-deploy"
1233 `does-not-implement-crypto` is certified because this crate explicitly says
1234 that the RNG here is not cryptographically secure.
1236 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1238 [[audits.google.audits.futures]]
1239 who = "George Burgess IV <gbiv@google.com>"
1240 criteria = "safe-to-deploy"
1243 `futures` has no logic other than tests - it simply `pub use`s things from
1246 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1248 [[audits.google.audits.glob]]
1249 who = "George Burgess IV <gbiv@google.com>"
1250 criteria = "safe-to-deploy"
1252 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1254 [[audits.google.audits.h2]]
1256 criteria = "safe-to-run"
1258 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1260 [[audits.google.audits.http]]
1262 criteria = "safe-to-run"
1264 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1266 [[audits.google.audits.http-body]]
1268 criteria = "safe-to-run"
1270 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1272 [[audits.google.audits.httpdate]]
1274 criteria = "safe-to-run"
1276 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1278 [[audits.google.audits.hyper]]
1280 criteria = "safe-to-run"
1282 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1284 [[audits.google.audits.pin-project]]
1286 criteria = "safe-to-run"
1288 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1290 [[audits.google.audits.pin-project-internal]]
1292 criteria = "safe-to-run"
1294 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1296 [[audits.google.audits.pin-project-lite]]
1297 who = "David Koloski <dkoloski@google.com>"
1298 criteria = "safe-to-deploy"
1300 notes = "Reviewed on https://fxrev.dev/824504"
1301 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1303 [[audits.google.audits.scoped-tls]]
1304 who = "George Burgess IV <gbiv@google.com>"
1305 criteria = "safe-to-run"
1307 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1309 [[audits.google.audits.serde_urlencoded]]
1311 criteria = "safe-to-run"
1313 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1315 [[audits.google.audits.tokio]]
1316 who = "Vovo Yang <vovoy@google.com>"
1317 criteria = "safe-to-run"
1319 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1321 [[audits.google.audits.tokio-stream]]
1322 who = "David Koloski <dkoloski@google.com>"
1323 criteria = "safe-to-deploy"
1325 notes = "Reviewed on https://fxrev.dev/804724"
1326 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1328 [[audits.google.audits.tower-service]]
1330 criteria = "safe-to-run"
1332 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1334 [[audits.google.audits.tracing]]
1336 criteria = "safe-to-run"
1338 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1340 [[audits.google.audits.tracing-attributes]]
1342 criteria = "safe-to-run"
1344 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1346 [[audits.google.audits.tracing-core]]
1348 criteria = "safe-to-run"
1350 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1352 [[audits.google.audits.try-lock]]
1354 criteria = "safe-to-run"
1356 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1358 [[audits.google.audits.version_check]]
1359 who = "George Burgess IV <gbiv@google.com>"
1360 criteria = "safe-to-deploy"
1362 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1364 [[audits.google.audits.want]]
1366 criteria = "safe-to-run"
1368 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1370 [[audits.isrg.wildcard-audits.prio]]
1371 who = "David Cook <dcook@divviup.org>"
1372 criteria = "safe-to-deploy"
1373 user-id = 101233 # le-automaton
1374 start = "2020-09-28"
1377 [[audits.isrg.wildcard-audits.prio]]
1378 who = "David Cook <dcook@divviup.org>"
1379 criteria = "safe-to-deploy"
1380 user-id = 213776 # divviup-github-automation
1381 start = "2020-09-28"
1384 [[audits.isrg.audits.base64]]
1385 who = "Tim Geoghegan <timg@letsencrypt.org>"
1386 criteria = "safe-to-deploy"
1387 delta = "0.21.0 -> 0.21.1"
1389 [[audits.isrg.audits.base64]]
1390 who = "Brandon Pitman <bran@bran.land>"
1391 criteria = "safe-to-deploy"
1392 delta = "0.21.1 -> 0.21.2"
1394 [[audits.isrg.audits.base64]]
1395 who = "David Cook <dcook@divviup.org>"
1396 criteria = "safe-to-deploy"
1397 delta = "0.21.2 -> 0.21.3"
1399 [[audits.isrg.audits.block-buffer]]
1400 who = "David Cook <dcook@divviup.org>"
1401 criteria = "safe-to-deploy"
1404 [[audits.isrg.audits.getrandom]]
1405 who = "Tim Geoghegan <timg@letsencrypt.org>"
1406 criteria = "safe-to-deploy"
1407 delta = "0.2.9 -> 0.2.10"
1408 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1410 [[audits.isrg.audits.keccak]]
1411 who = "David Cook <dcook@divviup.org>"
1412 criteria = "safe-to-deploy"
1415 [[audits.isrg.audits.keccak]]
1416 who = "Brandon Pitman <bran@bran.land>"
1417 criteria = "safe-to-deploy"
1418 delta = "0.1.3 -> 0.1.4"
1420 [[audits.isrg.audits.once_cell]]
1421 who = "Brandon Pitman <bran@bran.land>"
1422 criteria = "safe-to-deploy"
1423 delta = "1.17.1 -> 1.17.2"
1425 [[audits.isrg.audits.once_cell]]
1426 who = "David Cook <dcook@divviup.org>"
1427 criteria = "safe-to-deploy"
1428 delta = "1.17.2 -> 1.18.0"
1430 [[audits.isrg.audits.rand_chacha]]
1431 who = "David Cook <dcook@divviup.org>"
1432 criteria = "safe-to-deploy"
1435 [[audits.isrg.audits.rand_core]]
1436 who = "David Cook <dcook@divviup.org>"
1437 criteria = "safe-to-deploy"
1440 [[audits.isrg.audits.rayon-core]]
1441 who = "Brandon Pitman <bran@bran.land>"
1442 criteria = "safe-to-deploy"
1443 delta = "1.10.2 -> 1.11.0"
1445 [[audits.isrg.audits.rayon-core]]
1446 who = "David Cook <dcook@divviup.org>"
1447 criteria = "safe-to-deploy"
1448 delta = "1.11.0 -> 1.12.0"
1450 [[audits.isrg.audits.sha2]]
1451 who = "David Cook <dcook@divviup.org>"
1452 criteria = "safe-to-deploy"
1455 [[audits.isrg.audits.sha3]]
1456 who = "David Cook <dcook@divviup.org>"
1457 criteria = "safe-to-deploy"
1460 [[audits.isrg.audits.sha3]]
1461 who = "Brandon Pitman <bran@bran.land>"
1462 criteria = "safe-to-deploy"
1463 delta = "0.10.7 -> 0.10.8"
1465 [[audits.mozilla.wildcard-audits.zeitstempel]]
1466 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1467 criteria = "safe-to-deploy"
1468 user-id = 48 # Jan-Erik Rediger (badboy)
1469 start = "2021-03-03"
1471 notes = "Maintained by me"
1472 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1474 [[audits.mozilla.audits.askama]]
1475 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1476 criteria = "safe-to-deploy"
1477 delta = "0.11.1 -> 0.12.0"
1478 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1479 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1481 [[audits.mozilla.audits.askama_derive]]
1482 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1483 criteria = "safe-to-deploy"
1484 delta = "0.11.2 -> 0.12.1"
1485 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1486 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1488 [[audits.mozilla.audits.basic-toml]]
1489 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1490 criteria = "safe-to-deploy"
1492 notes = "TOML parser, forked from toml 0.5"
1493 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1495 [[audits.mozilla.audits.either]]
1496 who = "Nika Layzell <nika@thelayzells.com>"
1497 criteria = "safe-to-deploy"
1500 Straightforward crate providing the Either enum and trait implementations with
1503 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1505 [[audits.mozilla.audits.lazy_static]]
1506 who = "Nika Layzell <nika@thelayzells.com>"
1507 criteria = "safe-to-deploy"
1509 notes = "I have read over the macros, and audited the unsafe code."
1510 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"