2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
18 [[publisher.arbitrary]]
22 user-login = "fitzgen"
23 user-name = "Nick Fitzgerald"
25 [[publisher.async-trait]]
29 user-login = "dtolnay"
30 user-name = "David Tolnay"
36 user-login = "Amanieu"
37 user-name = "Amanieu d'Antras"
39 [[publisher.audio_thread_priority]]
43 user-login = "padenot"
44 user-name = "Paul Adenot"
46 [[publisher.authenticator]]
47 version = "0.4.0-alpha.24"
50 user-login = "jschanck"
51 user-name = "John Schanck"
57 user-login = "martinthomson"
58 user-name = "Martin Thomson"
64 user-login = "fitzgen"
65 user-name = "Nick Fitzgerald"
67 [[publisher.byteorder]]
71 user-login = "BurntSushi"
72 user-name = "Andrew Gallant"
78 user-login = "Darksonn"
79 user-name = "Alice Ryhl"
85 user-login = "Amanieu"
86 user-name = "Amanieu d'Antras"
93 user-name = "Emilio Cobos Álvarez"
100 user-name = "Ed Page"
102 [[publisher.clap_builder]]
107 user-name = "Ed Page"
109 [[publisher.clap_derive]]
114 user-name = "Ed Page"
116 [[publisher.clap_lex]]
121 user-name = "Ed Page"
123 [[publisher.core-foundation]]
127 user-login = "jrmuizel"
128 user-name = "Jeff Muizelaar"
130 [[publisher.core-foundation-sys]]
135 user-name = "Josh Matthews"
137 [[publisher.core-graphics]]
141 user-login = "jrmuizel"
142 user-name = "Jeff Muizelaar"
144 [[publisher.core-graphics-types]]
149 user-name = "Josh Matthews"
151 [[publisher.core-text]]
155 user-login = "jrmuizel"
156 user-name = "Jeff Muizelaar"
158 [[publisher.derive_arbitrary]]
162 user-login = "fitzgen"
163 user-name = "Nick Fitzgerald"
169 user-login = "linabutler"
170 user-name = "Lina Butler"
176 user-login = "dtolnay"
177 user-name = "David Tolnay"
179 [[publisher.encoding_rs]]
183 user-login = "hsivonen"
184 user-name = "Henri Sivonen"
190 user-login = "sunfishcode"
191 user-name = "Dan Gohman"
193 [[publisher.etagere]]
198 user-name = "Nicolas Silva"
205 user-name = "Nicolas Silva"
211 user-login = "joshtriplett"
212 user-name = "Josh Triplett"
214 [[publisher.freetype]]
219 user-name = "Josh Matthews"
225 user-login = "jrmuizel"
226 user-name = "Jeff Muizelaar"
232 user-login = "badboy"
233 user-name = "Jan-Erik Rediger"
235 [[publisher.glean-core]]
239 user-login = "badboy"
240 user-name = "Jan-Erik Rediger"
242 [[publisher.glslopt]]
246 user-login = "jamienicol"
247 user-name = "Jamie Nicol"
253 user-login = "seanmonstar"
254 user-name = "Sean McArthur"
256 [[publisher.headers]]
260 user-login = "seanmonstar"
261 user-name = "Sean McArthur"
263 [[publisher.httparse]]
267 user-login = "seanmonstar"
268 user-name = "Sean McArthur"
270 [[publisher.indexmap]]
274 user-login = "cuviper"
275 user-name = "Josh Stone"
277 [[publisher.inherent]]
281 user-login = "dtolnay"
282 user-name = "David Tolnay"
288 user-login = "carllerche"
289 user-name = "Carl Lerche"
295 user-login = "dtolnay"
296 user-name = "David Tolnay"
298 [[publisher.jobserver]]
302 user-login = "alexcrichton"
303 user-name = "Alex Crichton"
309 user-login = "JohnTitor"
310 user-name = "Yuki Okushi"
312 [[publisher.linux-raw-sys]]
316 user-login = "sunfishcode"
317 user-name = "Dan Gohman"
319 [[publisher.lock_api]]
323 user-login = "Amanieu"
324 user-name = "Amanieu d'Antras"
330 user-login = "BurntSushi"
331 user-name = "Andrew Gallant"
337 user-login = "seanmonstar"
338 user-name = "Sean McArthur"
344 user-login = "carllerche"
345 user-name = "Carl Lerche"
347 [[publisher.nss-gk-api]]
351 user-login = "jschanck"
352 user-name = "John Schanck"
354 [[publisher.num_cpus]]
358 user-login = "seanmonstar"
359 user-name = "Sean McArthur"
365 user-login = "martinthomson"
366 user-name = "Martin Thomson"
368 [[publisher.ordered-float]]
372 user-login = "mbrubeck"
373 user-name = "Matt Brubeck"
375 [[publisher.parking_lot]]
379 user-login = "Amanieu"
380 user-name = "Amanieu d'Antras"
382 [[publisher.parking_lot_core]]
386 user-login = "Amanieu"
387 user-name = "Amanieu d'Antras"
393 user-login = "dtolnay"
394 user-name = "David Tolnay"
396 [[publisher.presser]]
400 user-login = "embark-studios"
406 user-login = "divviup-github-automation"
408 [[publisher.proc-macro2]]
412 user-login = "dtolnay"
413 user-name = "David Tolnay"
419 user-login = "jrmuizel"
420 user-name = "Jeff Muizelaar"
426 user-login = "dtolnay"
427 user-name = "David Tolnay"
433 user-login = "BurntSushi"
434 user-name = "Andrew Gallant"
436 [[publisher.regex-automata]]
440 user-login = "BurntSushi"
441 user-name = "Andrew Gallant"
443 [[publisher.regex-syntax]]
447 user-login = "BurntSushi"
448 user-name = "Andrew Gallant"
450 [[publisher.rust_cascade]]
454 user-login = "mozkeeler"
455 user-name = "Dana Keeler"
461 user-login = "sunfishcode"
462 user-name = "Dan Gohman"
468 user-login = "dtolnay"
469 user-name = "David Tolnay"
471 [[publisher.same-file]]
475 user-login = "BurntSushi"
476 user-name = "Andrew Gallant"
478 [[publisher.scopeguard]]
482 user-login = "Amanieu"
483 user-name = "Amanieu d'Antras"
489 user-login = "dtolnay"
490 user-name = "David Tolnay"
492 [[publisher.serde_bytes]]
496 user-login = "dtolnay"
497 user-name = "David Tolnay"
499 [[publisher.serde_derive]]
503 user-login = "dtolnay"
504 user-name = "David Tolnay"
506 [[publisher.serde_json]]
510 user-login = "dtolnay"
511 user-name = "David Tolnay"
513 [[publisher.serde_repr]]
517 user-login = "dtolnay"
518 user-name = "David Tolnay"
520 [[publisher.serde_yaml]]
524 user-login = "dtolnay"
525 user-name = "David Tolnay"
527 [[publisher.smallvec]]
531 user-login = "mbrubeck"
532 user-name = "Matt Brubeck"
538 user-login = "dtolnay"
539 user-name = "David Tolnay"
541 [[publisher.termcolor]]
545 user-login = "BurntSushi"
546 user-name = "Andrew Gallant"
548 [[publisher.thiserror]]
552 user-login = "dtolnay"
553 user-name = "David Tolnay"
555 [[publisher.thiserror-impl]]
559 user-login = "dtolnay"
560 user-name = "David Tolnay"
562 [[publisher.threadbound]]
566 user-login = "dtolnay"
567 user-name = "David Tolnay"
569 [[publisher.tokio-util]]
573 user-login = "Darksonn"
574 user-name = "Alice Ryhl"
580 user-login = "alexcrichton"
581 user-name = "Alex Crichton"
583 [[publisher.unicode-ident]]
587 user-login = "dtolnay"
588 user-name = "David Tolnay"
590 [[publisher.unicode-width]]
594 user-login = "Manishearth"
595 user-name = "Manish Goregaokar"
597 [[publisher.unicode-xid]]
601 user-login = "Manishearth"
602 user-name = "Manish Goregaokar"
610 [[publisher.uniffi_bindgen]]
616 [[publisher.uniffi_build]]
622 [[publisher.uniffi_checksum_derive]]
628 [[publisher.uniffi_core]]
634 [[publisher.uniffi_macros]]
640 [[publisher.uniffi_meta]]
646 [[publisher.uniffi_testing]]
652 [[publisher.uniffi_udl]]
658 [[publisher.utf8_iter]]
662 user-login = "hsivonen"
663 user-name = "Henri Sivonen"
665 [[publisher.walkdir]]
669 user-login = "BurntSushi"
670 user-name = "Andrew Gallant"
676 user-login = "seanmonstar"
677 user-name = "Sean McArthur"
680 version = "0.11.0+wasi-snapshot-preview1"
683 user-login = "alexcrichton"
684 user-name = "Alex Crichton"
686 [[publisher.wasm-encoder]]
690 user-login = "alexcrichton"
691 user-name = "Alex Crichton"
693 [[publisher.wasm-encoder]]
697 user-login = "wasmtime-publish"
699 [[publisher.wasm-smith]]
703 user-login = "alexcrichton"
704 user-name = "Alex Crichton"
706 [[publisher.wasm-smith]]
710 user-login = "wasmtime-publish"
716 user-login = "alexcrichton"
717 user-name = "Alex Crichton"
723 user-login = "wasmtime-publish"
725 [[publisher.winapi-util]]
729 user-login = "BurntSushi"
730 user-name = "Andrew Gallant"
732 [[publisher.windows]]
736 user-login = "kennykerr"
737 user-name = "Kenny Kerr"
739 [[publisher.windows-core]]
743 user-login = "kennykerr"
744 user-name = "Kenny Kerr"
746 [[publisher.windows-sys]]
750 user-login = "kennykerr"
751 user-name = "Kenny Kerr"
753 [[publisher.zeitstempel]]
757 user-login = "badboy"
758 user-name = "Jan-Erik Rediger"
760 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
761 who = "Nick Fitzgerald <fitzgen@gmail.com>"
762 criteria = "safe-to-deploy"
763 user-id = 696 # Nick Fitzgerald (fitzgen)
766 notes = "I am an author of this crate."
768 [[audits.bytecode-alliance.wildcard-audits.bumpalo]]
769 who = "Nick Fitzgerald <fitzgen@gmail.com>"
770 criteria = "safe-to-deploy"
771 user-id = 696 # Nick Fitzgerald (fitzgen)
775 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
776 who = "Nick Fitzgerald <fitzgen@gmail.com>"
777 criteria = "safe-to-deploy"
778 user-id = 696 # Nick Fitzgerald (fitzgen)
781 notes = "I am an author of this crate"
783 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
784 who = "Alex Crichton <alex@alexcrichton.com>"
785 criteria = "safe-to-deploy"
786 user-id = 1 # Alex Crichton (alexcrichton)
790 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
791 repository of which I'm one of the primary maintainers and publishers for.
792 I am employed by a member of the Bytecode Alliance and plan to continue doing
793 so and will actively maintain this crate over time.
796 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
797 who = "Alex Crichton <alex@alexcrichton.com>"
798 criteria = "safe-to-deploy"
799 user-id = 1 # Alex Crichton (alexcrichton)
803 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
804 repository of which I'm one of the primary maintainers and publishers for.
805 I am employed by a member of the Bytecode Alliance and plan to continue doing
806 so and will actively maintain this crate over time.
809 [[audits.bytecode-alliance.wildcard-audits.wast]]
810 who = "Alex Crichton <alex@alexcrichton.com>"
811 criteria = "safe-to-deploy"
812 user-id = 1 # Alex Crichton (alexcrichton)
816 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
817 repository of which I'm one of the primary maintainers and publishers for.
818 I am employed by a member of the Bytecode Alliance and plan to continue doing
819 so and will actively maintain this crate over time.
822 [[audits.bytecode-alliance.audits.adler]]
823 who = "Alex Crichton <alex@alexcrichton.com>"
824 criteria = "safe-to-deploy"
826 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
828 [[audits.bytecode-alliance.audits.arrayref]]
829 who = "Nick Fitzgerald <fitzgen@gmail.com>"
830 criteria = "safe-to-deploy"
833 Unsafe code, but its logic looks good to me. Necessary given what it is
834 doing. Well tested, has quickchecks.
837 [[audits.bytecode-alliance.audits.arrayvec]]
838 who = "Nick Fitzgerald <fitzgen@gmail.com>"
839 criteria = "safe-to-deploy"
842 Well documented invariants, good assertions for those invariants in unsafe code,
843 and tested with MIRI to boot. LGTM.
846 [[audits.bytecode-alliance.audits.base64]]
847 who = "Pat Hickey <phickey@fastly.com>"
848 criteria = "safe-to-deploy"
850 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
852 [[audits.bytecode-alliance.audits.bitflags]]
853 who = "Jamey Sharp <jsharp@fastly.com>"
854 criteria = "safe-to-deploy"
855 delta = "2.1.0 -> 2.2.1"
857 This version adds unsafe impls of traits from the bytemuck crate when built
858 with that library enabled, but I believe the impls satisfy the documented
859 safety requirements for bytemuck. The other changes are minor.
862 [[audits.bytecode-alliance.audits.bitflags]]
863 who = "Alex Crichton <alex@alexcrichton.com>"
864 criteria = "safe-to-deploy"
865 delta = "2.3.2 -> 2.3.3"
867 Nothing outside the realm of what one would expect from a bitflags generator,
871 [[audits.bytecode-alliance.audits.block-buffer]]
872 who = "Benjamin Bouvier <public@benj.me>"
873 criteria = "safe-to-deploy"
874 delta = "0.9.0 -> 0.10.2"
876 [[audits.bytecode-alliance.audits.bumpalo]]
877 who = "Nick Fitzgerald <fitzgen@gmail.com>"
878 criteria = "safe-to-deploy"
880 notes = "I am the author of this crate."
882 [[audits.bytecode-alliance.audits.cargo-platform]]
883 who = "Pat Hickey <phickey@fastly.com>"
884 criteria = "safe-to-deploy"
886 notes = "no build, no ambient capabilities, no unsafe"
888 [[audits.bytecode-alliance.audits.cfg-if]]
889 who = "Alex Crichton <alex@alexcrichton.com>"
890 criteria = "safe-to-deploy"
892 notes = "I am the author of this crate."
894 [[audits.bytecode-alliance.audits.codespan-reporting]]
895 who = "Jamey Sharp <jsharp@fastly.com>"
896 criteria = "safe-to-deploy"
898 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
900 [[audits.bytecode-alliance.audits.cpufeatures]]
901 who = "Alex Crichton <alex@alexcrichton.com>"
902 criteria = "safe-to-deploy"
903 delta = "0.2.2 -> 0.2.7"
905 This is a minor update that looks to add some more detected CPU features and
906 various other minor portability fixes such as MIRI support.
909 [[audits.bytecode-alliance.audits.crypto-common]]
910 who = "Benjamin Bouvier <public@benj.me>"
911 criteria = "safe-to-deploy"
914 [[audits.bytecode-alliance.audits.fallible-iterator]]
915 who = "Alex Crichton <alex@alexcrichton.com>"
916 criteria = "safe-to-deploy"
917 delta = "0.2.0 -> 0.3.0"
919 This major version update has a few minor breaking changes but everything
920 this crate has to do with iterators and `Result` and such. No `unsafe` or
921 anything like that, all looks good.
924 [[audits.bytecode-alliance.audits.foreign-types]]
925 who = "Pat Hickey <phickey@fastly.com>"
926 criteria = "safe-to-deploy"
928 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
930 [[audits.bytecode-alliance.audits.foreign-types-shared]]
931 who = "Pat Hickey <phickey@fastly.com>"
932 criteria = "safe-to-deploy"
935 [[audits.bytecode-alliance.audits.futures-channel]]
936 who = "Pat Hickey <phickey@fastly.com>"
937 criteria = "safe-to-deploy"
939 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
941 [[audits.bytecode-alliance.audits.futures-core]]
942 who = "Pat Hickey <phickey@fastly.com>"
943 criteria = "safe-to-deploy"
945 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
947 [[audits.bytecode-alliance.audits.futures-executor]]
948 who = "Pat Hickey <phickey@fastly.com>"
949 criteria = "safe-to-deploy"
951 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
953 [[audits.bytecode-alliance.audits.futures-io]]
954 who = "Pat Hickey <phickey@fastly.com>"
955 criteria = "safe-to-deploy"
958 [[audits.bytecode-alliance.audits.futures-sink]]
959 who = "Pat Hickey <phickey@fastly.com>"
960 criteria = "safe-to-deploy"
963 [[audits.bytecode-alliance.audits.heck]]
964 who = "Alex Crichton <alex@alexcrichton.com>"
965 criteria = "safe-to-deploy"
967 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
969 [[audits.bytecode-alliance.audits.id-arena]]
970 who = "Nick Fitzgerald <fitzgen@gmail.com>"
971 criteria = "safe-to-deploy"
973 notes = "I am the author of this crate."
975 [[audits.bytecode-alliance.audits.idna]]
976 who = "Alex Crichton <alex@alexcrichton.com>"
977 criteria = "safe-to-deploy"
980 This is a crate without unsafe code or usage of the standard library. The large
981 size of this crate comes from the large generated unicode tables file. This
982 crate is broadly used throughout the ecosystem and does not contain anything
986 [[audits.bytecode-alliance.audits.leb128]]
987 who = "Nick Fitzgerald <fitzgen@gmail.com>"
988 criteria = "safe-to-deploy"
990 notes = "I am the author of this crate."
992 [[audits.bytecode-alliance.audits.memoffset]]
993 who = "Alex Crichton <alex@alexcrichton.com>"
994 criteria = "safe-to-deploy"
995 delta = "0.7.1 -> 0.8.0"
996 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
998 [[audits.bytecode-alliance.audits.miniz_oxide]]
999 who = "Alex Crichton <alex@alexcrichton.com>"
1000 criteria = "safe-to-deploy"
1003 This crate is a Rust implementation of zlib compression/decompression and has
1004 been used by default by the Rust standard library for quite some time. It's also
1005 a default dependency of the popular `backtrace` crate for decompressing debug
1006 information. This crate forbids unsafe code and does not otherwise access system
1007 resources. It's originally a port of the `miniz.c` library as well, and given
1008 its own longevity should be relatively hardened against some of the more common
1009 compression-related issues.
1012 [[audits.bytecode-alliance.audits.mio]]
1013 who = "Alex Crichton <alex@alexcrichton.com>"
1014 criteria = "safe-to-deploy"
1015 delta = "0.8.6 -> 0.8.8"
1016 notes = "Mostly OS portability updates along with some minor bugfixes."
1018 [[audits.bytecode-alliance.audits.object]]
1019 who = "Alex Crichton <alex@alexcrichton.com>"
1020 criteria = "safe-to-deploy"
1021 delta = "0.30.3 -> 0.31.1"
1022 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1024 [[audits.bytecode-alliance.audits.object]]
1025 who = "Alex Crichton <alex@alexcrichton.com>"
1026 criteria = "safe-to-deploy"
1027 delta = "0.31.1 -> 0.32.0"
1028 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1030 [[audits.bytecode-alliance.audits.percent-encoding]]
1031 who = "Alex Crichton <alex@alexcrichton.com>"
1032 criteria = "safe-to-deploy"
1035 This crate is a single-file crate that does what it says on the tin. There are
1036 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1037 as correct and otherwise this crate is good to go.
1040 [[audits.bytecode-alliance.audits.pin-utils]]
1041 who = "Pat Hickey <phickey@fastly.com>"
1042 criteria = "safe-to-deploy"
1045 [[audits.bytecode-alliance.audits.pkg-config]]
1046 who = "Pat Hickey <phickey@fastly.com>"
1047 criteria = "safe-to-deploy"
1049 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1051 [[audits.bytecode-alliance.audits.rustc-demangle]]
1052 who = "Alex Crichton <alex@alexcrichton.com>"
1053 criteria = "safe-to-deploy"
1055 notes = "I am the author of this crate."
1057 [[audits.bytecode-alliance.audits.semver]]
1058 who = "Pat Hickey <phickey@fastly.com>"
1059 criteria = "safe-to-deploy"
1061 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1063 [[audits.bytecode-alliance.audits.slab]]
1064 who = "Pat Hickey <phickey@fastly.com>"
1065 criteria = "safe-to-deploy"
1067 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1069 [[audits.bytecode-alliance.audits.socket2]]
1070 who = "Alex Crichton <alex@alexcrichton.com>"
1071 criteria = "safe-to-deploy"
1072 delta = "0.4.7 -> 0.4.9"
1073 notes = "Minor OS compat updates but otherwise nothing major here."
1075 [[audits.bytecode-alliance.audits.tempfile]]
1076 who = "Pat Hickey <phickey@fastly.com>"
1077 criteria = "safe-to-deploy"
1078 delta = "3.3.0 -> 3.5.0"
1080 [[audits.bytecode-alliance.audits.tempfile]]
1081 who = "Alex Crichton <alex@alexcrichton.com>"
1082 criteria = "safe-to-deploy"
1083 delta = "3.5.0 -> 3.6.0"
1084 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1086 [[audits.bytecode-alliance.audits.unicase]]
1087 who = "Alex Crichton <alex@alexcrichton.com>"
1088 criteria = "safe-to-deploy"
1091 This crate contains no `unsafe` code and no unnecessary use of the standard
1095 [[audits.bytecode-alliance.audits.unicode-bidi]]
1096 who = "Alex Crichton <alex@alexcrichton.com>"
1097 criteria = "safe-to-deploy"
1100 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1101 does not attempt to out of the bounds of what it's already supposed to be doing.
1104 [[audits.bytecode-alliance.audits.unicode-normalization]]
1105 who = "Alex Crichton <alex@alexcrichton.com>"
1106 criteria = "safe-to-deploy"
1109 This crate contains one usage of `unsafe` which I have manually checked to see
1110 it as correct. This crate's size comes in large part due to the generated
1111 unicode tables that it contains. This crate is additionally widely used
1112 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1113 and nothing suspicious.
1116 [[audits.embark-studios.wildcard-audits.presser]]
1117 who = "Gray Olson <opensource@embark-studios.com>"
1118 criteria = "safe-to-deploy"
1119 user-id = 52553 # embark-studios
1120 start = "2021-01-01"
1123 Small crate with no dependencies and no ambient capabilities. The safe interface of the crate
1124 is gated behind unsafe implementation of a core trait, and care must be taken to ensure that
1125 the relevant invariants are guaranteed when doing so. Maintained by the Ark team at Embark
1126 and used in production.
1129 [[audits.embark-studios.audits.anyhow]]
1130 who = "Johan Andersson <opensource@embark-studios.com>"
1131 criteria = "safe-to-deploy"
1134 [[audits.embark-studios.audits.cfg_aliases]]
1135 who = "Johan Andersson <opensource@embark-studios.com>"
1136 criteria = "safe-to-deploy"
1138 notes = "No unsafe usage or ambient capabilities"
1140 [[audits.embark-studios.audits.derive_more]]
1141 who = "Johan Andersson <opensource@embark-studios.com>"
1142 criteria = "safe-to-deploy"
1144 notes = "No unsafe usage or ambient capabilities"
1146 [[audits.embark-studios.audits.ident_case]]
1147 who = "Johan Andersson <opensource@embark-studios.com>"
1148 criteria = "safe-to-deploy"
1150 notes = "No unsafe usage or ambient capabilities"
1152 [[audits.embark-studios.audits.idna]]
1153 who = "Johan Andersson <opensource@embark-studios.com>"
1154 criteria = "safe-to-deploy"
1155 delta = "0.3.0 -> 0.4.0"
1156 notes = "No unsafe usage or ambient capabilities"
1158 [[audits.embark-studios.audits.line-wrap]]
1159 who = "Johan Andersson <opensource@embark-studios.com>"
1160 criteria = "safe-to-deploy"
1162 notes = "No unsafe usage or ambient capabilities"
1164 [[audits.embark-studios.audits.yaml-rust]]
1165 who = "Johan Andersson <opensource@embark-studios.com>"
1166 criteria = "safe-to-deploy"
1168 notes = "No unsafe usage or ambient capabilities"
1170 [[audits.google.audits.ash]]
1171 who = "David Koloski <dkoloski@google.com>"
1172 criteria = "safe-to-deploy"
1173 version = "0.37.0+1.3.209"
1174 notes = "Reviewed on https://fxrev.dev/694269"
1175 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1177 [[audits.google.audits.fastrand]]
1178 who = "George Burgess IV <gbiv@google.com>"
1179 criteria = "safe-to-deploy"
1182 `does-not-implement-crypto` is certified because this crate explicitly says
1183 that the RNG here is not cryptographically secure.
1185 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1187 [[audits.google.audits.futures]]
1188 who = "George Burgess IV <gbiv@google.com>"
1189 criteria = "safe-to-deploy"
1192 `futures` has no logic other than tests - it simply `pub use`s things from
1195 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1197 [[audits.google.audits.glob]]
1198 who = "George Burgess IV <gbiv@google.com>"
1199 criteria = "safe-to-deploy"
1201 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1203 [[audits.google.audits.http]]
1205 criteria = "safe-to-run"
1207 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1209 [[audits.google.audits.http-body]]
1211 criteria = "safe-to-run"
1213 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1215 [[audits.google.audits.httpdate]]
1217 criteria = "safe-to-run"
1219 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1221 [[audits.google.audits.hyper]]
1223 criteria = "safe-to-run"
1225 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1227 [[audits.google.audits.nom]]
1228 who = "danakj@chromium.org"
1229 criteria = "safe-to-deploy"
1232 Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
1234 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1236 [[audits.google.audits.pin-project]]
1238 criteria = "safe-to-run"
1240 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1242 [[audits.google.audits.pin-project-internal]]
1244 criteria = "safe-to-run"
1246 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1248 [[audits.google.audits.pin-project-lite]]
1249 who = "David Koloski <dkoloski@google.com>"
1250 criteria = "safe-to-deploy"
1252 notes = "Reviewed on https://fxrev.dev/824504"
1253 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1255 [[audits.google.audits.scoped-tls]]
1256 who = "George Burgess IV <gbiv@google.com>"
1257 criteria = "safe-to-run"
1259 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1261 [[audits.google.audits.serde_urlencoded]]
1263 criteria = "safe-to-run"
1265 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1267 [[audits.google.audits.static_assertions]]
1268 who = "Lukasz Anforowicz <lukasza@chromium.org>"
1269 criteria = "safe-to-deploy"
1272 Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
1273 and there were no hits except for one `unsafe`.
1275 The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code
1276 never runs) and is only introduced for some compile-time checks. Additional
1277 unsafe review comments can be found in https://crrev.com/c/5353376.
1279 This crate has been added to Chromium in https://crrev.com/c/3736562. The CL
1280 description contains a link to a document with an additional security review.
1282 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1284 [[audits.google.audits.strsim]]
1285 who = "danakj@chromium.org"
1286 criteria = "safe-to-deploy"
1289 Reviewed in https://crrev.com/c/5171063
1291 Previously reviewed during security review and the audit is grandparented in.
1293 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1295 [[audits.google.audits.tokio]]
1296 who = "Vovo Yang <vovoy@google.com>"
1297 criteria = "safe-to-run"
1299 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1301 [[audits.google.audits.tokio-stream]]
1302 who = "David Koloski <dkoloski@google.com>"
1303 criteria = "safe-to-deploy"
1305 notes = "Reviewed on https://fxrev.dev/804724"
1306 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1308 [[audits.google.audits.tower-service]]
1310 criteria = "safe-to-run"
1312 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1314 [[audits.google.audits.tracing]]
1316 criteria = "safe-to-run"
1318 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1320 [[audits.google.audits.tracing-attributes]]
1322 criteria = "safe-to-run"
1324 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1326 [[audits.google.audits.tracing-core]]
1328 criteria = "safe-to-run"
1330 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1332 [[audits.google.audits.try-lock]]
1334 criteria = "safe-to-run"
1336 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1338 [[audits.google.audits.version_check]]
1339 who = "George Burgess IV <gbiv@google.com>"
1340 criteria = "safe-to-deploy"
1342 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1344 [[audits.google.audits.want]]
1346 criteria = "safe-to-run"
1348 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1350 [[audits.isrg.wildcard-audits.prio]]
1351 who = "David Cook <dcook@divviup.org>"
1352 criteria = "safe-to-deploy"
1353 user-id = 213776 # divviup-github-automation
1354 start = "2020-09-28"
1357 [[audits.isrg.audits.base64]]
1358 who = "Tim Geoghegan <timg@letsencrypt.org>"
1359 criteria = "safe-to-deploy"
1360 delta = "0.21.0 -> 0.21.1"
1362 [[audits.isrg.audits.base64]]
1363 who = "Brandon Pitman <bran@bran.land>"
1364 criteria = "safe-to-deploy"
1365 delta = "0.21.1 -> 0.21.2"
1367 [[audits.isrg.audits.base64]]
1368 who = "David Cook <dcook@divviup.org>"
1369 criteria = "safe-to-deploy"
1370 delta = "0.21.2 -> 0.21.3"
1372 [[audits.isrg.audits.block-buffer]]
1373 who = "David Cook <dcook@divviup.org>"
1374 criteria = "safe-to-deploy"
1377 [[audits.isrg.audits.getrandom]]
1378 who = "Tim Geoghegan <timg@letsencrypt.org>"
1379 criteria = "safe-to-deploy"
1380 delta = "0.2.9 -> 0.2.10"
1381 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1383 [[audits.isrg.audits.keccak]]
1384 who = "David Cook <dcook@divviup.org>"
1385 criteria = "safe-to-deploy"
1388 [[audits.isrg.audits.keccak]]
1389 who = "Brandon Pitman <bran@bran.land>"
1390 criteria = "safe-to-deploy"
1391 delta = "0.1.3 -> 0.1.4"
1393 [[audits.isrg.audits.once_cell]]
1394 who = "Brandon Pitman <bran@bran.land>"
1395 criteria = "safe-to-deploy"
1396 delta = "1.17.1 -> 1.17.2"
1398 [[audits.isrg.audits.once_cell]]
1399 who = "David Cook <dcook@divviup.org>"
1400 criteria = "safe-to-deploy"
1401 delta = "1.17.2 -> 1.18.0"
1403 [[audits.isrg.audits.once_cell]]
1404 who = "Brandon Pitman <bran@bran.land>"
1405 criteria = "safe-to-deploy"
1406 delta = "1.18.0 -> 1.19.0"
1408 [[audits.isrg.audits.rand_chacha]]
1409 who = "David Cook <dcook@divviup.org>"
1410 criteria = "safe-to-deploy"
1413 [[audits.isrg.audits.rand_core]]
1414 who = "David Cook <dcook@divviup.org>"
1415 criteria = "safe-to-deploy"
1418 [[audits.isrg.audits.rayon-core]]
1419 who = "Brandon Pitman <bran@bran.land>"
1420 criteria = "safe-to-deploy"
1421 delta = "1.10.2 -> 1.11.0"
1423 [[audits.isrg.audits.rayon-core]]
1424 who = "David Cook <dcook@divviup.org>"
1425 criteria = "safe-to-deploy"
1426 delta = "1.11.0 -> 1.12.0"
1428 [[audits.isrg.audits.sha2]]
1429 who = "David Cook <dcook@divviup.org>"
1430 criteria = "safe-to-deploy"
1433 [[audits.isrg.audits.sha3]]
1434 who = "David Cook <dcook@divviup.org>"
1435 criteria = "safe-to-deploy"
1438 [[audits.isrg.audits.sha3]]
1439 who = "Brandon Pitman <bran@bran.land>"
1440 criteria = "safe-to-deploy"
1441 delta = "0.10.7 -> 0.10.8"
1443 [[audits.mozilla.wildcard-audits.zeitstempel]]
1444 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1445 criteria = "safe-to-deploy"
1446 user-id = 48 # Jan-Erik Rediger (badboy)
1447 start = "2021-03-03"
1449 notes = "Maintained by me"
1450 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1452 [[audits.mozilla.audits.askama]]
1453 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1454 criteria = "safe-to-deploy"
1455 delta = "0.11.1 -> 0.12.0"
1456 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1457 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1459 [[audits.mozilla.audits.askama_derive]]
1460 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1461 criteria = "safe-to-deploy"
1462 delta = "0.11.2 -> 0.12.1"
1463 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1464 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1466 [[audits.mozilla.audits.basic-toml]]
1467 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1468 criteria = "safe-to-deploy"
1470 notes = "TOML parser, forked from toml 0.5"
1471 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1473 [[audits.mozilla.audits.bitflags]]
1474 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1475 criteria = "safe-to-deploy"
1476 delta = "2.4.0 -> 2.4.1"
1477 notes = "Only allowing new clippy lints"
1478 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1480 [[audits.mozilla.audits.either]]
1481 who = "Nika Layzell <nika@thelayzells.com>"
1482 criteria = "safe-to-deploy"
1485 Straightforward crate providing the Either enum and trait implementations with
1488 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1490 [[audits.mozilla.audits.lazy_static]]
1491 who = "Nika Layzell <nika@thelayzells.com>"
1492 criteria = "safe-to-deploy"
1494 notes = "I have read over the macros, and audited the unsafe code."
1495 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1497 [[audits.mozilla.audits.log]]
1498 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1499 criteria = "safe-to-deploy"
1500 delta = "0.4.17 -> 0.4.18"
1501 notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed."
1502 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1504 [[audits.mozilla.audits.log]]
1505 who = "Kagami Sascha Rosylight <krosylight@mozilla.com>"
1506 criteria = "safe-to-deploy"
1507 delta = "0.4.18 -> 0.4.20"
1508 notes = "Only cfg attribute and internal macro changes and module refactorings"
1509 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1511 [[audits.mozilla.audits.rkv]]
1512 who = "Kagami Sascha Rosylight <krosylight@mozilla.com>"
1513 criteria = "safe-to-deploy"
1514 delta = "0.18.4 -> 0.19.0"
1515 notes = "Maintained by Mozilla, no addition of unsafe blocks"
1516 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"