2 # cargo-vet imports lock
8 [[publisher.aho-corasick]]
12 user-login = "BurntSushi"
13 user-name = "Andrew Gallant"
15 [[publisher.aho-corasick]]
19 user-login = "BurntSushi"
20 user-name = "Andrew Gallant"
29 [[publisher.arbitrary]]
33 user-login = "fitzgen"
34 user-name = "Nick Fitzgerald"
36 [[publisher.async-trait]]
40 user-login = "dtolnay"
41 user-name = "David Tolnay"
47 user-login = "Amanieu"
48 user-name = "Amanieu d'Antras"
50 [[publisher.audio_thread_priority]]
54 user-login = "padenot"
55 user-name = "Paul Adenot"
57 [[publisher.authenticator]]
58 version = "0.4.0-alpha.23"
61 user-login = "jschanck"
62 user-name = "John Schanck"
64 [[publisher.authenticator]]
65 version = "0.4.0-alpha.24"
68 user-login = "jschanck"
69 user-name = "John Schanck"
75 user-login = "martinthomson"
76 user-name = "Martin Thomson"
78 [[publisher.byteorder]]
82 user-login = "BurntSushi"
83 user-name = "Andrew Gallant"
89 user-login = "Darksonn"
90 user-name = "Alice Ryhl"
97 user-name = "Emilio Cobos Álvarez"
104 user-name = "Ed Page"
106 [[publisher.clap_builder]]
111 user-name = "Ed Page"
113 [[publisher.clap_derive]]
118 user-name = "Ed Page"
120 [[publisher.clap_lex]]
125 user-name = "Ed Page"
127 [[publisher.core-foundation]]
131 user-login = "jrmuizel"
132 user-name = "Jeff Muizelaar"
134 [[publisher.core-foundation-sys]]
139 user-name = "Josh Matthews"
141 [[publisher.core-graphics]]
145 user-login = "jrmuizel"
146 user-name = "Jeff Muizelaar"
148 [[publisher.core-graphics-types]]
153 user-name = "Josh Matthews"
155 [[publisher.core-text]]
159 user-login = "jrmuizel"
160 user-name = "Jeff Muizelaar"
162 [[publisher.derive_arbitrary]]
166 user-login = "fitzgen"
167 user-name = "Nick Fitzgerald"
173 user-login = "linabutler"
174 user-name = "Lina Butler"
180 user-login = "dtolnay"
181 user-name = "David Tolnay"
183 [[publisher.encoding_rs]]
187 user-login = "hsivonen"
188 user-name = "Henri Sivonen"
190 [[publisher.etagere]]
195 user-name = "Nicolas Silva"
202 user-name = "Nicolas Silva"
208 user-login = "joshtriplett"
209 user-name = "Josh Triplett"
211 [[publisher.freetype]]
216 user-name = "Josh Matthews"
222 user-login = "jrmuizel"
223 user-name = "Jeff Muizelaar"
229 user-login = "badboy"
230 user-name = "Jan-Erik Rediger"
236 user-login = "badboy"
237 user-name = "Jan-Erik Rediger"
239 [[publisher.glean-core]]
243 user-login = "badboy"
244 user-name = "Jan-Erik Rediger"
246 [[publisher.glean-core]]
250 user-login = "badboy"
251 user-name = "Jan-Erik Rediger"
253 [[publisher.glslopt]]
257 user-login = "jamienicol"
258 user-name = "Jamie Nicol"
264 user-login = "seanmonstar"
265 user-name = "Sean McArthur"
267 [[publisher.headers]]
271 user-login = "seanmonstar"
272 user-name = "Sean McArthur"
274 [[publisher.httparse]]
278 user-login = "seanmonstar"
279 user-name = "Sean McArthur"
281 [[publisher.indexmap]]
285 user-login = "cuviper"
286 user-name = "Josh Stone"
288 [[publisher.inherent]]
292 user-login = "dtolnay"
293 user-name = "David Tolnay"
299 user-login = "carllerche"
300 user-name = "Carl Lerche"
306 user-login = "dtolnay"
307 user-name = "David Tolnay"
309 [[publisher.jobserver]]
313 user-login = "alexcrichton"
314 user-name = "Alex Crichton"
320 user-login = "Amanieu"
321 user-name = "Amanieu d'Antras"
327 user-login = "JohnTitor"
328 user-name = "Yuki Okushi"
330 [[publisher.linux-raw-sys]]
334 user-login = "sunfishcode"
335 user-name = "Dan Gohman"
337 [[publisher.lock_api]]
341 user-login = "Amanieu"
342 user-name = "Amanieu d'Antras"
348 user-login = "BurntSushi"
349 user-name = "Andrew Gallant"
355 user-login = "seanmonstar"
356 user-name = "Sean McArthur"
362 user-login = "carllerche"
363 user-name = "Carl Lerche"
365 [[publisher.nss-gk-api]]
369 user-login = "jschanck"
370 user-name = "John Schanck"
372 [[publisher.num_cpus]]
376 user-login = "seanmonstar"
377 user-name = "Sean McArthur"
383 user-login = "martinthomson"
384 user-name = "Martin Thomson"
386 [[publisher.ordered-float]]
390 user-login = "mbrubeck"
391 user-name = "Matt Brubeck"
393 [[publisher.parking_lot]]
397 user-login = "Amanieu"
398 user-name = "Amanieu d'Antras"
400 [[publisher.parking_lot_core]]
404 user-login = "Amanieu"
405 user-name = "Amanieu d'Antras"
411 user-login = "dtolnay"
412 user-name = "David Tolnay"
418 user-login = "le-automaton"
424 user-login = "divviup-github-automation"
426 [[publisher.proc-macro2]]
430 user-login = "dtolnay"
431 user-name = "David Tolnay"
433 [[publisher.proc-macro2]]
437 user-login = "dtolnay"
438 user-name = "David Tolnay"
440 [[publisher.proc-macro2]]
444 user-login = "dtolnay"
445 user-name = "David Tolnay"
451 user-login = "dtolnay"
452 user-name = "David Tolnay"
458 user-login = "dtolnay"
459 user-name = "David Tolnay"
465 user-login = "BurntSushi"
466 user-name = "Andrew Gallant"
472 user-login = "BurntSushi"
473 user-name = "Andrew Gallant"
475 [[publisher.regex-automata]]
479 user-login = "BurntSushi"
480 user-name = "Andrew Gallant"
482 [[publisher.regex-syntax]]
486 user-login = "BurntSushi"
487 user-name = "Andrew Gallant"
489 [[publisher.regex-syntax]]
493 user-login = "BurntSushi"
494 user-name = "Andrew Gallant"
496 [[publisher.rust_cascade]]
500 user-login = "mozkeeler"
501 user-name = "Dana Keeler"
507 user-login = "sunfishcode"
508 user-name = "Dan Gohman"
514 user-login = "dtolnay"
515 user-name = "David Tolnay"
517 [[publisher.same-file]]
521 user-login = "BurntSushi"
522 user-name = "Andrew Gallant"
524 [[publisher.scopeguard]]
528 user-login = "Amanieu"
529 user-name = "Amanieu d'Antras"
535 user-login = "dtolnay"
536 user-name = "David Tolnay"
542 user-login = "dtolnay"
543 user-name = "David Tolnay"
549 user-login = "dtolnay"
550 user-name = "David Tolnay"
556 user-login = "dtolnay"
557 user-name = "David Tolnay"
563 user-login = "dtolnay"
564 user-name = "David Tolnay"
566 [[publisher.serde_bytes]]
570 user-login = "dtolnay"
571 user-name = "David Tolnay"
573 [[publisher.serde_derive]]
577 user-login = "dtolnay"
578 user-name = "David Tolnay"
580 [[publisher.serde_derive]]
584 user-login = "dtolnay"
585 user-name = "David Tolnay"
587 [[publisher.serde_derive]]
591 user-login = "dtolnay"
592 user-name = "David Tolnay"
594 [[publisher.serde_derive]]
598 user-login = "dtolnay"
599 user-name = "David Tolnay"
601 [[publisher.serde_derive]]
605 user-login = "dtolnay"
606 user-name = "David Tolnay"
608 [[publisher.serde_json]]
612 user-login = "dtolnay"
613 user-name = "David Tolnay"
615 [[publisher.serde_repr]]
619 user-login = "dtolnay"
620 user-name = "David Tolnay"
622 [[publisher.serde_yaml]]
626 user-login = "dtolnay"
627 user-name = "David Tolnay"
629 [[publisher.smallvec]]
633 user-login = "mbrubeck"
634 user-name = "Matt Brubeck"
640 user-login = "dtolnay"
641 user-name = "David Tolnay"
647 user-login = "dtolnay"
648 user-name = "David Tolnay"
654 user-login = "dtolnay"
655 user-name = "David Tolnay"
657 [[publisher.termcolor]]
661 user-login = "BurntSushi"
662 user-name = "Andrew Gallant"
664 [[publisher.termcolor]]
668 user-login = "BurntSushi"
669 user-name = "Andrew Gallant"
671 [[publisher.thiserror]]
675 user-login = "dtolnay"
676 user-name = "David Tolnay"
678 [[publisher.thiserror-impl]]
682 user-login = "dtolnay"
683 user-name = "David Tolnay"
685 [[publisher.threadbound]]
689 user-login = "dtolnay"
690 user-name = "David Tolnay"
692 [[publisher.tokio-util]]
696 user-login = "Darksonn"
697 user-name = "Alice Ryhl"
703 user-login = "alexcrichton"
704 user-name = "Alex Crichton"
706 [[publisher.unicode-ident]]
710 user-login = "dtolnay"
711 user-name = "David Tolnay"
713 [[publisher.unicode-segmentation]]
717 user-login = "Manishearth"
718 user-name = "Manish Goregaokar"
720 [[publisher.unicode-width]]
724 user-login = "Manishearth"
725 user-name = "Manish Goregaokar"
727 [[publisher.unicode-xid]]
731 user-login = "Manishearth"
732 user-name = "Manish Goregaokar"
738 user-login = "badboy"
739 user-name = "Jan-Erik Rediger"
745 user-login = "mhammond"
746 user-name = "Mark Hammond"
754 [[publisher.uniffi_bindgen]]
758 user-login = "badboy"
759 user-name = "Jan-Erik Rediger"
761 [[publisher.uniffi_bindgen]]
765 user-login = "mhammond"
766 user-name = "Mark Hammond"
768 [[publisher.uniffi_bindgen]]
774 [[publisher.uniffi_build]]
778 user-login = "badboy"
779 user-name = "Jan-Erik Rediger"
781 [[publisher.uniffi_build]]
785 user-login = "mhammond"
786 user-name = "Mark Hammond"
788 [[publisher.uniffi_build]]
794 [[publisher.uniffi_checksum_derive]]
798 user-login = "badboy"
799 user-name = "Jan-Erik Rediger"
801 [[publisher.uniffi_checksum_derive]]
805 user-login = "mhammond"
806 user-name = "Mark Hammond"
808 [[publisher.uniffi_checksum_derive]]
814 [[publisher.uniffi_core]]
818 user-login = "badboy"
819 user-name = "Jan-Erik Rediger"
821 [[publisher.uniffi_core]]
825 user-login = "mhammond"
826 user-name = "Mark Hammond"
828 [[publisher.uniffi_core]]
834 [[publisher.uniffi_macros]]
838 user-login = "badboy"
839 user-name = "Jan-Erik Rediger"
841 [[publisher.uniffi_macros]]
845 user-login = "mhammond"
846 user-name = "Mark Hammond"
848 [[publisher.uniffi_macros]]
854 [[publisher.uniffi_meta]]
858 user-login = "badboy"
859 user-name = "Jan-Erik Rediger"
861 [[publisher.uniffi_meta]]
865 user-login = "mhammond"
866 user-name = "Mark Hammond"
868 [[publisher.uniffi_meta]]
874 [[publisher.uniffi_testing]]
878 user-login = "badboy"
879 user-name = "Jan-Erik Rediger"
881 [[publisher.uniffi_testing]]
885 user-login = "mhammond"
886 user-name = "Mark Hammond"
888 [[publisher.uniffi_testing]]
894 [[publisher.uniffi_udl]]
898 user-login = "mhammond"
899 user-name = "Mark Hammond"
901 [[publisher.uniffi_udl]]
907 [[publisher.utf8_iter]]
911 user-login = "hsivonen"
912 user-name = "Henri Sivonen"
914 [[publisher.walkdir]]
918 user-login = "BurntSushi"
919 user-name = "Andrew Gallant"
925 user-login = "seanmonstar"
926 user-name = "Sean McArthur"
932 user-login = "seanmonstar"
933 user-name = "Sean McArthur"
936 version = "0.11.0+wasi-snapshot-preview1"
939 user-login = "alexcrichton"
940 user-name = "Alex Crichton"
942 [[publisher.wasm-encoder]]
946 user-login = "alexcrichton"
947 user-name = "Alex Crichton"
949 [[publisher.wasm-encoder]]
953 user-login = "alexcrichton"
954 user-name = "Alex Crichton"
956 [[publisher.wasm-smith]]
960 user-login = "alexcrichton"
961 user-name = "Alex Crichton"
963 [[publisher.wasm-smith]]
967 user-login = "alexcrichton"
968 user-name = "Alex Crichton"
974 user-login = "alexcrichton"
975 user-name = "Alex Crichton"
981 user-login = "alexcrichton"
982 user-name = "Alex Crichton"
984 [[publisher.winapi-util]]
988 user-login = "BurntSushi"
989 user-name = "Andrew Gallant"
991 [[publisher.windows-sys]]
995 user-login = "kennykerr"
996 user-name = "Kenny Kerr"
998 [[publisher.zeitstempel]]
1002 user-login = "badboy"
1003 user-name = "Jan-Erik Rediger"
1005 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
1006 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1007 criteria = "safe-to-deploy"
1008 user-id = 696 # Nick Fitzgerald (fitzgen)
1009 start = "2020-01-14"
1011 notes = "I am an author of this crate."
1013 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
1014 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1015 criteria = "safe-to-deploy"
1016 user-id = 696 # Nick Fitzgerald (fitzgen)
1017 start = "2020-01-14"
1019 notes = "I am an author of this crate"
1021 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
1022 who = "Alex Crichton <alex@alexcrichton.com>"
1023 criteria = "safe-to-deploy"
1024 user-id = 1 # Alex Crichton (alexcrichton)
1025 start = "2020-12-11"
1028 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
1029 repository of which I'm one of the primary maintainers and publishers for.
1030 I am employed by a member of the Bytecode Alliance and plan to continue doing
1031 so and will actively maintain this crate over time.
1034 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
1035 who = "Alex Crichton <alex@alexcrichton.com>"
1036 criteria = "safe-to-deploy"
1037 user-id = 1 # Alex Crichton (alexcrichton)
1038 start = "2020-09-03"
1041 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
1042 repository of which I'm one of the primary maintainers and publishers for.
1043 I am employed by a member of the Bytecode Alliance and plan to continue doing
1044 so and will actively maintain this crate over time.
1047 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
1048 who = "Alex Crichton <alex@alexcrichton.com>"
1049 criteria = "safe-to-deploy"
1050 user-id = 1 # Alex Crichton (alexcrichton)
1051 start = "2020-07-13"
1054 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
1055 repository of which I'm one of the primary maintainers and publishers for.
1056 I am employed by a member of the Bytecode Alliance and plan to continue doing
1057 so and will actively maintain this crate over time.
1060 [[audits.bytecode-alliance.wildcard-audits.wast]]
1061 who = "Alex Crichton <alex@alexcrichton.com>"
1062 criteria = "safe-to-deploy"
1063 user-id = 1 # Alex Crichton (alexcrichton)
1064 start = "2019-10-16"
1067 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
1068 repository of which I'm one of the primary maintainers and publishers for.
1069 I am employed by a member of the Bytecode Alliance and plan to continue doing
1070 so and will actively maintain this crate over time.
1073 [[audits.bytecode-alliance.audits.adler]]
1074 who = "Alex Crichton <alex@alexcrichton.com>"
1075 criteria = "safe-to-deploy"
1077 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
1079 [[audits.bytecode-alliance.audits.arrayref]]
1080 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1081 criteria = "safe-to-deploy"
1084 Unsafe code, but its logic looks good to me. Necessary given what it is
1085 doing. Well tested, has quickchecks.
1088 [[audits.bytecode-alliance.audits.arrayvec]]
1089 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1090 criteria = "safe-to-deploy"
1093 Well documented invariants, good assertions for those invariants in unsafe code,
1094 and tested with MIRI to boot. LGTM.
1097 [[audits.bytecode-alliance.audits.base64]]
1098 who = "Pat Hickey <phickey@fastly.com>"
1099 criteria = "safe-to-deploy"
1101 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
1103 [[audits.bytecode-alliance.audits.bitflags]]
1104 who = "Jamey Sharp <jsharp@fastly.com>"
1105 criteria = "safe-to-deploy"
1106 delta = "2.1.0 -> 2.2.1"
1108 This version adds unsafe impls of traits from the bytemuck crate when built
1109 with that library enabled, but I believe the impls satisfy the documented
1110 safety requirements for bytemuck. The other changes are minor.
1113 [[audits.bytecode-alliance.audits.bitflags]]
1114 who = "Alex Crichton <alex@alexcrichton.com>"
1115 criteria = "safe-to-deploy"
1116 delta = "2.3.2 -> 2.3.3"
1118 Nothing outside the realm of what one would expect from a bitflags generator,
1122 [[audits.bytecode-alliance.audits.block-buffer]]
1123 who = "Benjamin Bouvier <public@benj.me>"
1124 criteria = "safe-to-deploy"
1125 delta = "0.9.0 -> 0.10.2"
1127 [[audits.bytecode-alliance.audits.bumpalo]]
1128 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1129 criteria = "safe-to-deploy"
1131 notes = "I am the author of this crate."
1133 [[audits.bytecode-alliance.audits.cargo-platform]]
1134 who = "Pat Hickey <phickey@fastly.com>"
1135 criteria = "safe-to-deploy"
1137 notes = "no build, no ambient capabilities, no unsafe"
1139 [[audits.bytecode-alliance.audits.cc]]
1140 who = "Alex Crichton <alex@alexcrichton.com>"
1141 criteria = "safe-to-deploy"
1143 notes = "I am the author of this crate."
1145 [[audits.bytecode-alliance.audits.cfg-if]]
1146 who = "Alex Crichton <alex@alexcrichton.com>"
1147 criteria = "safe-to-deploy"
1149 notes = "I am the author of this crate."
1151 [[audits.bytecode-alliance.audits.codespan-reporting]]
1152 who = "Jamey Sharp <jsharp@fastly.com>"
1153 criteria = "safe-to-deploy"
1155 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
1157 [[audits.bytecode-alliance.audits.cpufeatures]]
1158 who = "Alex Crichton <alex@alexcrichton.com>"
1159 criteria = "safe-to-deploy"
1160 delta = "0.2.2 -> 0.2.7"
1162 This is a minor update that looks to add some more detected CPU features and
1163 various other minor portability fixes such as MIRI support.
1166 [[audits.bytecode-alliance.audits.crypto-common]]
1167 who = "Benjamin Bouvier <public@benj.me>"
1168 criteria = "safe-to-deploy"
1171 [[audits.bytecode-alliance.audits.errno]]
1172 who = "Dan Gohman <dev@sunfishcode.online>"
1173 criteria = "safe-to-deploy"
1175 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
1177 [[audits.bytecode-alliance.audits.errno]]
1178 who = "Dan Gohman <dev@sunfishcode.online>"
1179 criteria = "safe-to-deploy"
1180 delta = "0.3.0 -> 0.3.1"
1181 notes = "Just a dependency version bump and a bug fix for redox"
1183 [[audits.bytecode-alliance.audits.errno-dragonfly]]
1184 who = "Jamey Sharp <jsharp@fastly.com>"
1185 criteria = "safe-to-deploy"
1187 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
1189 [[audits.bytecode-alliance.audits.fallible-iterator]]
1190 who = "Alex Crichton <alex@alexcrichton.com>"
1191 criteria = "safe-to-deploy"
1192 delta = "0.2.0 -> 0.3.0"
1194 This major version update has a few minor breaking changes but everything
1195 this crate has to do with iterators and `Result` and such. No `unsafe` or
1196 anything like that, all looks good.
1199 [[audits.bytecode-alliance.audits.foreign-types]]
1200 who = "Pat Hickey <phickey@fastly.com>"
1201 criteria = "safe-to-deploy"
1203 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
1205 [[audits.bytecode-alliance.audits.foreign-types-shared]]
1206 who = "Pat Hickey <phickey@fastly.com>"
1207 criteria = "safe-to-deploy"
1210 [[audits.bytecode-alliance.audits.futures-channel]]
1211 who = "Pat Hickey <phickey@fastly.com>"
1212 criteria = "safe-to-deploy"
1214 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
1216 [[audits.bytecode-alliance.audits.futures-core]]
1217 who = "Pat Hickey <phickey@fastly.com>"
1218 criteria = "safe-to-deploy"
1220 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
1222 [[audits.bytecode-alliance.audits.futures-executor]]
1223 who = "Pat Hickey <phickey@fastly.com>"
1224 criteria = "safe-to-deploy"
1226 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
1228 [[audits.bytecode-alliance.audits.futures-io]]
1229 who = "Pat Hickey <phickey@fastly.com>"
1230 criteria = "safe-to-deploy"
1233 [[audits.bytecode-alliance.audits.futures-sink]]
1234 who = "Pat Hickey <phickey@fastly.com>"
1235 criteria = "safe-to-deploy"
1238 [[audits.bytecode-alliance.audits.heck]]
1239 who = "Alex Crichton <alex@alexcrichton.com>"
1240 criteria = "safe-to-deploy"
1242 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1244 [[audits.bytecode-alliance.audits.id-arena]]
1245 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1246 criteria = "safe-to-deploy"
1248 notes = "I am the author of this crate."
1250 [[audits.bytecode-alliance.audits.idna]]
1251 who = "Alex Crichton <alex@alexcrichton.com>"
1252 criteria = "safe-to-deploy"
1255 This is a crate without unsafe code or usage of the standard library. The large
1256 size of this crate comes from the large generated unicode tables file. This
1257 crate is broadly used throughout the ecosystem and does not contain anything
1261 [[audits.bytecode-alliance.audits.leb128]]
1262 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1263 criteria = "safe-to-deploy"
1265 notes = "I am the author of this crate."
1267 [[audits.bytecode-alliance.audits.libc]]
1268 who = "Alex Crichton <alex@alexcrichton.com>"
1269 criteria = "safe-to-deploy"
1270 delta = "0.2.146 -> 0.2.147"
1271 notes = "Only new type definitions and updating others for some platforms, no major changes"
1273 [[audits.bytecode-alliance.audits.memoffset]]
1274 who = "Alex Crichton <alex@alexcrichton.com>"
1275 criteria = "safe-to-deploy"
1276 delta = "0.7.1 -> 0.8.0"
1277 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1279 [[audits.bytecode-alliance.audits.miniz_oxide]]
1280 who = "Alex Crichton <alex@alexcrichton.com>"
1281 criteria = "safe-to-deploy"
1284 This crate is a Rust implementation of zlib compression/decompression and has
1285 been used by default by the Rust standard library for quite some time. It's also
1286 a default dependency of the popular `backtrace` crate for decompressing debug
1287 information. This crate forbids unsafe code and does not otherwise access system
1288 resources. It's originally a port of the `miniz.c` library as well, and given
1289 its own longevity should be relatively hardened against some of the more common
1290 compression-related issues.
1293 [[audits.bytecode-alliance.audits.mio]]
1294 who = "Alex Crichton <alex@alexcrichton.com>"
1295 criteria = "safe-to-deploy"
1296 delta = "0.8.6 -> 0.8.8"
1297 notes = "Mostly OS portability updates along with some minor bugfixes."
1299 [[audits.bytecode-alliance.audits.object]]
1300 who = "Alex Crichton <alex@alexcrichton.com>"
1301 criteria = "safe-to-deploy"
1302 delta = "0.30.3 -> 0.31.1"
1303 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1305 [[audits.bytecode-alliance.audits.object]]
1306 who = "Alex Crichton <alex@alexcrichton.com>"
1307 criteria = "safe-to-deploy"
1308 delta = "0.31.1 -> 0.32.0"
1309 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1311 [[audits.bytecode-alliance.audits.peeking_take_while]]
1312 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1313 criteria = "safe-to-deploy"
1315 notes = "I am the author of this crate."
1317 [[audits.bytecode-alliance.audits.percent-encoding]]
1318 who = "Alex Crichton <alex@alexcrichton.com>"
1319 criteria = "safe-to-deploy"
1322 This crate is a single-file crate that does what it says on the tin. There are
1323 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1324 as correct and otherwise this crate is good to go.
1327 [[audits.bytecode-alliance.audits.pin-utils]]
1328 who = "Pat Hickey <phickey@fastly.com>"
1329 criteria = "safe-to-deploy"
1332 [[audits.bytecode-alliance.audits.pkg-config]]
1333 who = "Pat Hickey <phickey@fastly.com>"
1334 criteria = "safe-to-deploy"
1336 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1338 [[audits.bytecode-alliance.audits.rustc-demangle]]
1339 who = "Alex Crichton <alex@alexcrichton.com>"
1340 criteria = "safe-to-deploy"
1342 notes = "I am the author of this crate."
1344 [[audits.bytecode-alliance.audits.semver]]
1345 who = "Pat Hickey <phickey@fastly.com>"
1346 criteria = "safe-to-deploy"
1348 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1350 [[audits.bytecode-alliance.audits.slab]]
1351 who = "Pat Hickey <phickey@fastly.com>"
1352 criteria = "safe-to-deploy"
1354 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1356 [[audits.bytecode-alliance.audits.socket2]]
1357 who = "Alex Crichton <alex@alexcrichton.com>"
1358 criteria = "safe-to-deploy"
1359 delta = "0.4.7 -> 0.4.9"
1360 notes = "Minor OS compat updates but otherwise nothing major here."
1362 [[audits.bytecode-alliance.audits.tempfile]]
1363 who = "Pat Hickey <phickey@fastly.com>"
1364 criteria = "safe-to-deploy"
1365 delta = "3.3.0 -> 3.5.0"
1367 [[audits.bytecode-alliance.audits.tempfile]]
1368 who = "Alex Crichton <alex@alexcrichton.com>"
1369 criteria = "safe-to-deploy"
1370 delta = "3.5.0 -> 3.6.0"
1371 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1373 [[audits.bytecode-alliance.audits.unicase]]
1374 who = "Alex Crichton <alex@alexcrichton.com>"
1375 criteria = "safe-to-deploy"
1378 This crate contains no `unsafe` code and no unnecessary use of the standard
1382 [[audits.bytecode-alliance.audits.unicode-bidi]]
1383 who = "Alex Crichton <alex@alexcrichton.com>"
1384 criteria = "safe-to-deploy"
1387 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1388 does not attempt to out of the bounds of what it's already supposed to be doing.
1391 [[audits.bytecode-alliance.audits.unicode-normalization]]
1392 who = "Alex Crichton <alex@alexcrichton.com>"
1393 criteria = "safe-to-deploy"
1396 This crate contains one usage of `unsafe` which I have manually checked to see
1397 it as correct. This crate's size comes in large part due to the generated
1398 unicode tables that it contains. This crate is additionally widely used
1399 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1400 and nothing suspicious.
1403 [[audits.embark-studios.audits.anyhow]]
1404 who = "Johan Andersson <opensource@embark-studios.com>"
1405 criteria = "safe-to-deploy"
1408 [[audits.embark-studios.audits.derive_more]]
1409 who = "Johan Andersson <opensource@embark-studios.com>"
1410 criteria = "safe-to-deploy"
1412 notes = "No unsafe usage or ambient capabilities"
1414 [[audits.embark-studios.audits.ident_case]]
1415 who = "Johan Andersson <opensource@embark-studios.com>"
1416 criteria = "safe-to-deploy"
1418 notes = "No unsafe usage or ambient capabilities"
1420 [[audits.embark-studios.audits.idna]]
1421 who = "Johan Andersson <opensource@embark-studios.com>"
1422 criteria = "safe-to-deploy"
1423 delta = "0.3.0 -> 0.4.0"
1424 notes = "No unsafe usage or ambient capabilities"
1426 [[audits.embark-studios.audits.line-wrap]]
1427 who = "Johan Andersson <opensource@embark-studios.com>"
1428 criteria = "safe-to-deploy"
1430 notes = "No unsafe usage or ambient capabilities"
1432 [[audits.embark-studios.audits.thiserror]]
1433 who = "Johan Andersson <opensource@embark-studios.com>"
1434 criteria = "safe-to-deploy"
1436 notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
1438 [[audits.embark-studios.audits.thiserror-impl]]
1439 who = "Johan Andersson <opensource@embark-studios.com>"
1440 criteria = "safe-to-deploy"
1442 notes = "Found no unsafe or ambient capabilities used"
1444 [[audits.embark-studios.audits.yaml-rust]]
1445 who = "Johan Andersson <opensource@embark-studios.com>"
1446 criteria = "safe-to-deploy"
1448 notes = "No unsafe usage or ambient capabilities"
1450 [[audits.google.audits.ash]]
1451 who = "David Koloski <dkoloski@google.com>"
1452 criteria = "safe-to-deploy"
1453 version = "0.37.0+1.3.209"
1454 notes = "Reviewed on https://fxrev.dev/694269"
1455 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1457 [[audits.google.audits.fastrand]]
1458 who = "George Burgess IV <gbiv@google.com>"
1459 criteria = "safe-to-deploy"
1462 `does-not-implement-crypto` is certified because this crate explicitly says
1463 that the RNG here is not cryptographically secure.
1465 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1467 [[audits.google.audits.futures]]
1468 who = "George Burgess IV <gbiv@google.com>"
1469 criteria = "safe-to-deploy"
1472 `futures` has no logic other than tests - it simply `pub use`s things from
1475 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1477 [[audits.google.audits.glob]]
1478 who = "George Burgess IV <gbiv@google.com>"
1479 criteria = "safe-to-deploy"
1481 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1483 [[audits.google.audits.h2]]
1485 criteria = "safe-to-run"
1487 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1489 [[audits.google.audits.http]]
1491 criteria = "safe-to-run"
1493 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1495 [[audits.google.audits.http-body]]
1497 criteria = "safe-to-run"
1499 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1501 [[audits.google.audits.httpdate]]
1503 criteria = "safe-to-run"
1505 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1507 [[audits.google.audits.hyper]]
1509 criteria = "safe-to-run"
1511 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1513 [[audits.google.audits.pin-project]]
1515 criteria = "safe-to-run"
1517 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1519 [[audits.google.audits.pin-project-internal]]
1521 criteria = "safe-to-run"
1523 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1525 [[audits.google.audits.pin-project-lite]]
1526 who = "David Koloski <dkoloski@google.com>"
1527 criteria = "safe-to-deploy"
1529 notes = "Reviewed on https://fxrev.dev/824504"
1530 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1532 [[audits.google.audits.scoped-tls]]
1533 who = "George Burgess IV <gbiv@google.com>"
1534 criteria = "safe-to-run"
1536 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1538 [[audits.google.audits.serde_urlencoded]]
1540 criteria = "safe-to-run"
1542 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1544 [[audits.google.audits.tokio]]
1545 who = "Vovo Yang <vovoy@google.com>"
1546 criteria = "safe-to-run"
1548 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1550 [[audits.google.audits.tokio-stream]]
1551 who = "David Koloski <dkoloski@google.com>"
1552 criteria = "safe-to-deploy"
1554 notes = "Reviewed on https://fxrev.dev/804724"
1555 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1557 [[audits.google.audits.tower-service]]
1559 criteria = "safe-to-run"
1561 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1563 [[audits.google.audits.tracing]]
1565 criteria = "safe-to-run"
1567 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1569 [[audits.google.audits.tracing-attributes]]
1571 criteria = "safe-to-run"
1573 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1575 [[audits.google.audits.tracing-core]]
1577 criteria = "safe-to-run"
1579 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1581 [[audits.google.audits.try-lock]]
1583 criteria = "safe-to-run"
1585 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1587 [[audits.google.audits.version_check]]
1588 who = "George Burgess IV <gbiv@google.com>"
1589 criteria = "safe-to-deploy"
1591 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1593 [[audits.google.audits.want]]
1595 criteria = "safe-to-run"
1597 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1599 [[audits.isrg.wildcard-audits.prio]]
1600 who = "David Cook <dcook@divviup.org>"
1601 criteria = "safe-to-deploy"
1602 user-id = 101233 # le-automaton
1603 start = "2020-09-28"
1606 [[audits.isrg.wildcard-audits.prio]]
1607 who = "David Cook <dcook@divviup.org>"
1608 criteria = "safe-to-deploy"
1609 user-id = 213776 # divviup-github-automation
1610 start = "2020-09-28"
1613 [[audits.isrg.audits.base64]]
1614 who = "Tim Geoghegan <timg@letsencrypt.org>"
1615 criteria = "safe-to-deploy"
1616 delta = "0.21.0 -> 0.21.1"
1618 [[audits.isrg.audits.base64]]
1619 who = "Brandon Pitman <bran@bran.land>"
1620 criteria = "safe-to-deploy"
1621 delta = "0.21.1 -> 0.21.2"
1623 [[audits.isrg.audits.base64]]
1624 who = "David Cook <dcook@divviup.org>"
1625 criteria = "safe-to-deploy"
1626 delta = "0.21.2 -> 0.21.3"
1628 [[audits.isrg.audits.block-buffer]]
1629 who = "David Cook <dcook@divviup.org>"
1630 criteria = "safe-to-deploy"
1633 [[audits.isrg.audits.getrandom]]
1634 who = "Tim Geoghegan <timg@letsencrypt.org>"
1635 criteria = "safe-to-deploy"
1636 delta = "0.2.9 -> 0.2.10"
1637 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1639 [[audits.isrg.audits.keccak]]
1640 who = "David Cook <dcook@divviup.org>"
1641 criteria = "safe-to-deploy"
1644 [[audits.isrg.audits.keccak]]
1645 who = "Brandon Pitman <bran@bran.land>"
1646 criteria = "safe-to-deploy"
1647 delta = "0.1.3 -> 0.1.4"
1649 [[audits.isrg.audits.once_cell]]
1650 who = "Brandon Pitman <bran@bran.land>"
1651 criteria = "safe-to-deploy"
1652 delta = "1.17.1 -> 1.17.2"
1654 [[audits.isrg.audits.once_cell]]
1655 who = "David Cook <dcook@divviup.org>"
1656 criteria = "safe-to-deploy"
1657 delta = "1.17.2 -> 1.18.0"
1659 [[audits.isrg.audits.once_cell]]
1660 who = "Brandon Pitman <bran@bran.land>"
1661 criteria = "safe-to-deploy"
1662 delta = "1.18.0 -> 1.19.0"
1664 [[audits.isrg.audits.rand_chacha]]
1665 who = "David Cook <dcook@divviup.org>"
1666 criteria = "safe-to-deploy"
1669 [[audits.isrg.audits.rand_core]]
1670 who = "David Cook <dcook@divviup.org>"
1671 criteria = "safe-to-deploy"
1674 [[audits.isrg.audits.rayon-core]]
1675 who = "Brandon Pitman <bran@bran.land>"
1676 criteria = "safe-to-deploy"
1677 delta = "1.10.2 -> 1.11.0"
1679 [[audits.isrg.audits.rayon-core]]
1680 who = "David Cook <dcook@divviup.org>"
1681 criteria = "safe-to-deploy"
1682 delta = "1.11.0 -> 1.12.0"
1684 [[audits.isrg.audits.sha2]]
1685 who = "David Cook <dcook@divviup.org>"
1686 criteria = "safe-to-deploy"
1689 [[audits.isrg.audits.sha3]]
1690 who = "David Cook <dcook@divviup.org>"
1691 criteria = "safe-to-deploy"
1694 [[audits.isrg.audits.sha3]]
1695 who = "Brandon Pitman <bran@bran.land>"
1696 criteria = "safe-to-deploy"
1697 delta = "0.10.7 -> 0.10.8"
1699 [[audits.mozilla.wildcard-audits.uniffi]]
1700 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1701 criteria = "safe-to-deploy"
1702 user-id = 111105 # Mark Hammond (mhammond)
1703 start = "2021-11-22"
1705 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1707 [[audits.mozilla.wildcard-audits.uniffi_bindgen]]
1708 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1709 criteria = "safe-to-deploy"
1710 user-id = 111105 # Mark Hammond (mhammond)
1711 start = "2021-11-22"
1713 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1715 [[audits.mozilla.wildcard-audits.uniffi_build]]
1716 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1717 criteria = "safe-to-deploy"
1718 user-id = 111105 # Mark Hammond (mhammond)
1719 start = "2021-11-22"
1721 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1723 [[audits.mozilla.wildcard-audits.uniffi_checksum_derive]]
1724 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1725 criteria = "safe-to-deploy"
1726 user-id = 111105 # Mark Hammond (mhammond)
1727 start = "2023-11-20"
1729 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1731 [[audits.mozilla.wildcard-audits.uniffi_core]]
1732 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1733 criteria = "safe-to-deploy"
1734 user-id = 111105 # Mark Hammond (mhammond)
1735 start = "2023-11-20"
1737 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1739 [[audits.mozilla.wildcard-audits.uniffi_macros]]
1740 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1741 criteria = "safe-to-deploy"
1742 user-id = 111105 # Mark Hammond (mhammond)
1743 start = "2021-11-22"
1745 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1747 [[audits.mozilla.wildcard-audits.uniffi_meta]]
1748 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1749 criteria = "safe-to-deploy"
1750 user-id = 111105 # Mark Hammond (mhammond)
1751 start = "2023-11-20"
1753 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1755 [[audits.mozilla.wildcard-audits.uniffi_testing]]
1756 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1757 criteria = "safe-to-deploy"
1758 user-id = 111105 # Mark Hammond (mhammond)
1759 start = "2023-11-20"
1761 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1763 [[audits.mozilla.wildcard-audits.uniffi_udl]]
1764 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1765 criteria = "safe-to-deploy"
1766 user-id = 111105 # Mark Hammond (mhammond)
1767 start = "2023-11-20"
1769 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1771 [[audits.mozilla.wildcard-audits.zeitstempel]]
1772 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1773 criteria = "safe-to-deploy"
1774 user-id = 48 # Jan-Erik Rediger (badboy)
1775 start = "2021-03-03"
1777 notes = "Maintained by me"
1778 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1780 [[audits.mozilla.audits.askama]]
1781 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1782 criteria = "safe-to-deploy"
1783 delta = "0.11.1 -> 0.12.0"
1784 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1785 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1787 [[audits.mozilla.audits.askama_derive]]
1788 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1789 criteria = "safe-to-deploy"
1790 delta = "0.11.2 -> 0.12.1"
1791 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1792 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1794 [[audits.mozilla.audits.basic-toml]]
1795 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1796 criteria = "safe-to-deploy"
1798 notes = "TOML parser, forked from toml 0.5"
1799 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1801 [[audits.mozilla.audits.either]]
1802 who = "Nika Layzell <nika@thelayzells.com>"
1803 criteria = "safe-to-deploy"
1806 Straightforward crate providing the Either enum and trait implementations with
1809 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1811 [[audits.mozilla.audits.lazy_static]]
1812 who = "Nika Layzell <nika@thelayzells.com>"
1813 criteria = "safe-to-deploy"
1815 notes = "I have read over the macros, and audited the unsafe code."
1816 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1818 [[audits.mozilla.audits.qcms]]
1819 who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
1820 criteria = "safe-to-deploy"
1822 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"