2 # cargo-vet audits file
4 [[wildcard-audits.audio_thread_priority]]
5 who = "Paul Adenot <paul@paul.cx>"
6 criteria = "safe-to-deploy"
7 user-id = 1258 # Paul Adenot (padenot)
11 I've written most of this crate, the rest has been either written and in any
12 case has been reviewed by Mozilla developers.
15 [[wildcard-audits.authenticator]]
16 who = "John M. Schanck <jschanck@mozilla.com>"
17 criteria = "safe-to-deploy"
18 user-id = 175410 # John Schanck (jschanck)
21 notes = "Maintained by the CryptoEng team at Mozilla."
23 [[wildcard-audits.bhttp]]
24 who = "Martin Thomson <mt@lowentropy.net>"
25 criteria = "safe-to-deploy"
26 user-id = 128763 # Martin Thomson (martinthomson)
29 notes = "Though the code is safe to run and deploy, the code for processing HTTP/1.1 messages (the `read-http` feature, specifically) is not suited for deployment in real applications, either clients or servers. Some features necessary for live deployment are not implemented, such as the proper handling of some types of response (e.g., a response to a HEAD request). Software that processes HTTP/1.1 messages requires a large number of compatibility tweaks if it is to be deployed interoperably. This feature only exists to support basic validation tools and is unlikely to be widely compatible."
31 [[wildcard-audits.cexpr]]
32 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
33 criteria = "safe-to-deploy"
34 user-id = 3788 # Emilio Cobos Álvarez (emilio)
37 notes = "No unsafe code, rather straight-forward parser."
39 [[wildcard-audits.cocoa]]
40 who = "Bobby Holley <bobbyholley@gmail.com>"
41 criteria = "safe-to-deploy"
42 user-id = 2396 # Josh Matthews (jdm)
46 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
48 [[wildcard-audits.cocoa]]
49 who = "Bobby Holley <bobbyholley@gmail.com>"
50 criteria = "safe-to-deploy"
51 user-id = 5946 # Jeff Muizelaar (jrmuizel)
55 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
57 [[wildcard-audits.cocoa-foundation]]
58 who = "Bobby Holley <bobbyholley@gmail.com>"
59 criteria = "safe-to-deploy"
60 user-id = 5946 # Jeff Muizelaar (jrmuizel)
64 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
66 [[wildcard-audits.cocoa-foundation]]
67 who = "Bobby Holley <bobbyholley@gmail.com>"
68 criteria = "safe-to-deploy"
69 user-id = 2396 # Josh Matthews (jdm)
73 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
75 [[wildcard-audits.core-foundation]]
76 who = "Bobby Holley <bobbyholley@gmail.com>"
77 criteria = "safe-to-deploy"
78 user-id = 2396 # Josh Matthews (jdm)
82 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
84 [[wildcard-audits.core-foundation]]
85 who = "Bobby Holley <bobbyholley@gmail.com>"
86 criteria = "safe-to-deploy"
87 user-id = 5946 # Jeff Muizelaar (jrmuizel)
91 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
93 [[wildcard-audits.core-foundation-sys]]
94 who = "Bobby Holley <bobbyholley@gmail.com>"
95 criteria = "safe-to-deploy"
96 user-id = 2396 # Josh Matthews (jdm)
100 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
102 [[wildcard-audits.core-foundation-sys]]
103 who = "Bobby Holley <bobbyholley@gmail.com>"
104 criteria = "safe-to-deploy"
105 user-id = 5946 # Jeff Muizelaar (jrmuizel)
109 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
111 [[wildcard-audits.core-graphics]]
112 who = "Bobby Holley <bobbyholley@gmail.com>"
113 criteria = "safe-to-deploy"
114 user-id = 2396 # Josh Matthews (jdm)
118 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
120 [[wildcard-audits.core-graphics]]
121 who = "Bobby Holley <bobbyholley@gmail.com>"
122 criteria = "safe-to-deploy"
123 user-id = 5946 # Jeff Muizelaar (jrmuizel)
127 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
129 [[wildcard-audits.core-graphics-types]]
130 who = "Bobby Holley <bobbyholley@gmail.com>"
131 criteria = "safe-to-deploy"
132 user-id = 2396 # Josh Matthews (jdm)
136 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
138 [[wildcard-audits.core-text]]
139 who = "Bobby Holley <bobbyholley@gmail.com>"
140 criteria = "safe-to-deploy"
141 user-id = 2396 # Josh Matthews (jdm)
145 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
147 [[wildcard-audits.core-text]]
148 who = "Bobby Holley <bobbyholley@gmail.com>"
149 criteria = "safe-to-deploy"
150 user-id = 5946 # Jeff Muizelaar (jrmuizel)
154 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
156 [[wildcard-audits.dogear]]
157 who = "Bobby Holley <bobbyholley@gmail.com>"
158 criteria = "safe-to-deploy"
159 user-id = 27901 # Lina Butler (linabutler)
162 notes = "Lina developed this crate as Mozilla staff."
164 [[wildcard-audits.encoding_rs]]
165 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
166 criteria = "safe-to-deploy"
167 user-id = 4484 # Henri Sivonen (hsivonen)
170 notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
172 [[wildcard-audits.etagere]]
173 who = "Nicolas Silva <nical@fastmail.com>"
174 criteria = "safe-to-deploy"
175 user-id = 1281 # Nicolas Silva (nical)
178 notes = "I am the author of this crate."
180 [[wildcard-audits.euclid]]
181 who = "Nicolas Silva <nical@fastmail.com>"
182 criteria = "safe-to-deploy"
183 user-id = 1281 # Nicolas Silva (nical)
186 notes = "I wrote most of the commits in the euclid reprository and review every change that is not produced by me."
188 [[wildcard-audits.freetype]]
189 who = "Bobby Holley <bobbyholley@gmail.com>"
190 criteria = "safe-to-deploy"
191 user-id = 2396 # Josh Matthews (jdm)
195 notes = "All code written or reviewed by Mozilla staff."
197 [[wildcard-audits.gleam]]
198 who = "Bobby Holley <bobbyholley@gmail.com>"
199 criteria = "safe-to-deploy"
200 user-id = 2396 # Josh Matthews (jdm)
204 notes = "All code written or reviewed by Mozilla."
206 [[wildcard-audits.gleam]]
207 who = "Bobby Holley <bobbyholley@gmail.com>"
208 criteria = "safe-to-deploy"
209 user-id = 5946 # Jeff Muizelaar (jrmuizel)
213 notes = "All code written or reviewed by Mozilla."
215 [[wildcard-audits.gleam]]
216 who = "Bobby Holley <bobbyholley@gmail.com>"
217 criteria = "safe-to-deploy"
222 notes = "All code written or reviewed by Mozilla."
224 [[wildcard-audits.glean]]
225 who = "Chris H-C <chutten@mozilla.com>"
226 criteria = "safe-to-deploy"
227 user-id = 48 # Jan-Erik Rediger (badboy)
230 notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
232 [[wildcard-audits.glean]]
233 who = "Travis Long <tlong@mozilla.com>"
234 criteria = "safe-to-deploy"
239 [[wildcard-audits.glean-core]]
240 who = "Chris H-C <chutten@mozilla.com>"
241 criteria = "safe-to-deploy"
242 user-id = 48 # Jan-Erik Rediger (badboy)
245 notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
247 [[wildcard-audits.glean-core]]
248 who = "Travis Long <tlong@mozilla.com>"
249 criteria = "safe-to-deploy"
254 [[wildcard-audits.glslopt]]
255 who = "Jamie Nicol <jnicol@mozilla.com>"
256 criteria = "safe-to-deploy"
257 user-id = 84794 # Jamie Nicol (jamienicol)
261 [[wildcard-audits.io-surface]]
262 who = "Bobby Holley <bobbyholley@gmail.com>"
263 criteria = "safe-to-deploy"
264 user-id = 2396 # Josh Matthews (jdm)
268 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
270 [[wildcard-audits.marionette]]
271 who = "Henrik Skupin <mail@hskupin.info>"
272 criteria = "safe-to-run"
276 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
278 [[wildcard-audits.mozdevice]]
279 who = "Henrik Skupin <mail@hskupin.info>"
280 criteria = "safe-to-run"
284 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
286 [[wildcard-audits.mozprofile]]
287 who = "Henrik Skupin <mail@hskupin.info>"
288 criteria = "safe-to-deploy"
292 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
294 [[wildcard-audits.mozrunner]]
295 who = "Henrik Skupin <mail@hskupin.info>"
296 criteria = "safe-to-deploy"
300 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
302 [[wildcard-audits.mozversion]]
303 who = "Henrik Skupin <mail@hskupin.info>"
304 criteria = "safe-to-run"
308 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
310 [[wildcard-audits.nss-gk-api]]
311 who = "John M. Schanck <jschanck@mozilla.com>"
312 criteria = "safe-to-deploy"
313 user-id = 175410 # John Schanck (jschanck)
316 notes = "Maintained by the CryptoEng team at Mozilla."
318 [[wildcard-audits.ohttp]]
319 who = "Martin Thomson <mt@lowentropy.net>"
320 criteria = "safe-to-deploy"
321 user-id = 128763 # Martin Thomson (martinthomson)
324 notes = "This code contains two cryptographic back ends. No unsafe code is contained if the Rust `hpke` crate is used (the `rust-hpke` feature). Using NSS (the `nss` feature) involves extensive use of bindings to the native code provided by NSS. This interface uses wrappers that attempt to add safety to a fundamentally very dangerous library, but those wrappers have only been validated for use following the needs of this crate."
326 [[wildcard-audits.qcms]]
327 who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
328 criteria = "safe-to-deploy"
329 user-id = 5946 # Jeff Muizelaar (jrmuizel)
332 notes = "Maintained by the Graphics team at Mozilla in mozilla-central."
334 [[wildcard-audits.rust_cascade]]
335 who = "Dana Keeler <dkeeler@mozilla.com>"
336 criteria = "safe-to-deploy"
337 user-id = 57462 # Dana Keeler (mozkeeler)
340 notes = "Written and maintained by the security engineering team at Mozilla."
342 [[wildcard-audits.unicode-normalization]]
343 who = "Manish Goregaokar <manishsmail@gmail.com>"
344 criteria = "safe-to-deploy"
345 user-id = 1139 # Manish Goregaokar (Manishearth)
348 notes = "All code written or reviewed by Manish"
350 [[wildcard-audits.unicode-segmentation]]
351 who = "Manish Goregaokar <manishsmail@gmail.com>"
352 criteria = "safe-to-deploy"
353 user-id = 1139 # Manish Goregaokar (Manishearth)
356 notes = "All code written or reviewed by Manish"
358 [[wildcard-audits.unicode-width]]
359 who = "Manish Goregaokar <manishsmail@gmail.com>"
360 criteria = "safe-to-deploy"
361 user-id = 1139 # Manish Goregaokar (Manishearth)
364 notes = "All code written or reviewed by Manish"
366 [[wildcard-audits.unicode-xid]]
367 who = "Manish Goregaokar <manishsmail@gmail.com>"
368 criteria = "safe-to-deploy"
369 user-id = 1139 # Manish Goregaokar (Manishearth)
372 notes = "All code written or reviewed by Manish"
374 [[wildcard-audits.uniffi]]
375 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
376 criteria = "safe-to-deploy"
377 user-id = 48 # Jan-Erik Rediger (badboy)
380 notes = "Maintained by the Glean and Application Services teams"
382 [[wildcard-audits.uniffi]]
383 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
384 criteria = "safe-to-deploy"
385 user-id = 127697 # bendk
388 notes = "Maintained by the Glean and Application Services teams"
390 [[wildcard-audits.uniffi_bindgen]]
391 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
392 criteria = "safe-to-deploy"
393 user-id = 48 # Jan-Erik Rediger (badboy)
396 notes = "Maintained by the Glean and Application Services teams"
398 [[wildcard-audits.uniffi_bindgen]]
399 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
400 criteria = "safe-to-deploy"
401 user-id = 127697 # bendk
404 notes = "Maintained by the Glean and Application Services teams"
406 [[wildcard-audits.uniffi_build]]
407 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
408 criteria = "safe-to-deploy"
409 user-id = 48 # Jan-Erik Rediger (badboy)
412 notes = "Maintained by the Glean and Application Services teams"
414 [[wildcard-audits.uniffi_build]]
415 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
416 criteria = "safe-to-deploy"
417 user-id = 127697 # bendk
420 notes = "Maintained by the Glean and Application Services teams"
422 [[wildcard-audits.uniffi_checksum_derive]]
423 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
424 criteria = "safe-to-deploy"
425 user-id = 48 # Jan-Erik Rediger (badboy)
428 notes = "Maintained by the Glean and Application Services teams"
430 [[wildcard-audits.uniffi_checksum_derive]]
431 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
432 criteria = "safe-to-deploy"
433 user-id = 127697 # bendk
436 notes = "Maintained by the Glean and Application Services teams"
438 [[wildcard-audits.uniffi_core]]
439 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
440 criteria = "safe-to-deploy"
441 user-id = 48 # Jan-Erik Rediger (badboy)
444 notes = "Maintained by the Glean and Application Services teams"
446 [[wildcard-audits.uniffi_core]]
447 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
448 criteria = "safe-to-deploy"
449 user-id = 127697 # bendk
452 notes = "Maintained by the Glean and Application Services teams"
454 [[wildcard-audits.uniffi_macros]]
455 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
456 criteria = "safe-to-deploy"
457 user-id = 48 # Jan-Erik Rediger (badboy)
460 notes = "Maintained by the Glean and Application Services teams"
462 [[wildcard-audits.uniffi_macros]]
463 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
464 criteria = "safe-to-deploy"
465 user-id = 127697 # bendk
468 notes = "Maintained by the Glean and Application Services teams"
470 [[wildcard-audits.uniffi_meta]]
471 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
472 criteria = "safe-to-deploy"
473 user-id = 48 # Jan-Erik Rediger (badboy)
476 notes = "Maintained by the Glean and Application Services teams"
478 [[wildcard-audits.uniffi_meta]]
479 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
480 criteria = "safe-to-deploy"
481 user-id = 127697 # bendk
484 notes = "Maintained by the Glean and Application Services teams"
486 [[wildcard-audits.uniffi_testing]]
487 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
488 criteria = "safe-to-deploy"
489 user-id = 48 # Jan-Erik Rediger (badboy)
492 notes = "Maintained by the Glean and Application Services teams"
494 [[wildcard-audits.uniffi_testing]]
495 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
496 criteria = "safe-to-deploy"
497 user-id = 127697 # bendk
500 notes = "Maintained by the Glean and Application Services teams"
502 [[wildcard-audits.uniffi_udl]]
503 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
504 criteria = "safe-to-deploy"
505 user-id = 127697 # bendk
508 notes = "Maintained by the Glean and Application Services teams"
510 [[wildcard-audits.utf8_iter]]
511 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
512 criteria = "safe-to-deploy"
513 user-id = 4484 # Henri Sivonen (hsivonen)
516 notes = "Maintained by Henri Sivonen who works at Mozilla."
518 [[wildcard-audits.webdriver]]
519 who = "Henrik Skupin <mail@hskupin.info>"
520 criteria = "safe-to-deploy"
524 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
527 who = "Lee Salzman <lsalzman@mozilla.com>"
528 criteria = "safe-to-deploy"
530 notes = "Written and maintained by Gfx team at Mozilla."
533 who = "Mike Hommey <mh+mozilla@glandium.org>"
534 criteria = "safe-to-deploy"
535 delta = "0.7.6 -> 0.7.8"
537 [[audits.aho-corasick]]
538 who = "Mike Hommey <mh+mozilla@glandium.org>"
539 criteria = "safe-to-deploy"
540 delta = "0.7.18 -> 0.7.20"
543 who = "Mike Hommey <mh+mozilla@glandium.org>"
544 criteria = "safe-to-deploy"
545 delta = "0.4.3 -> 0.7.0"
548 who = "Mike Hommey <mh+mozilla@glandium.org>"
549 criteria = "safe-to-deploy"
550 delta = "0.7.0 -> 0.8.1"
552 [[audits.android_logger]]
553 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
554 criteria = "safe-to-deploy"
556 notes = "Small crate, wrapping Android log functionality, reviewed by janerik"
558 [[audits.android_logger]]
559 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
560 criteria = "safe-to-deploy"
561 delta = "0.11.0 -> 0.11.1"
562 notes = "Small crate, wrapping Android log functionality, now switched to properly using MaybeUninit"
564 [[audits.android_logger]]
565 who = "Mike Hommey <mh+mozilla@glandium.org>"
566 criteria = "safe-to-deploy"
567 delta = "0.11.1 -> 0.11.3"
569 [[audits.android_logger]]
570 who = "Chris H-C <chutten@mozilla.com>"
571 criteria = "safe-to-deploy"
572 delta = "0.11.3 -> 0.12.0"
573 notes = "Small wrapper crate. This update fixes log level filtering."
575 [[audits.android_system_properties]]
576 who = "Nicolas Silva <nical@fastmail.com>"
577 criteria = "safe-to-deploy"
579 notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
581 [[audits.android_system_properties]]
582 who = "Mike Hommey <mh+mozilla@glandium.org>"
583 criteria = "safe-to-deploy"
584 delta = "0.1.2 -> 0.1.4"
586 [[audits.android_system_properties]]
587 who = "Mike Hommey <mh+mozilla@glandium.org>"
588 criteria = "safe-to-deploy"
589 delta = "0.1.4 -> 0.1.5"
592 who = "Mike Hommey <mh+mozilla@glandium.org>"
593 criteria = "safe-to-deploy"
594 delta = "1.0.57 -> 1.0.61"
597 who = "Bobby Holley <bobbyholley@gmail.com>"
598 criteria = "safe-to-deploy"
599 delta = "1.0.58 -> 1.0.57"
600 notes = "No functional differences, just CI config and docs."
603 who = "Mike Hommey <mh+mozilla@glandium.org>"
604 criteria = "safe-to-deploy"
605 delta = "1.0.61 -> 1.0.62"
608 who = "Mike Hommey <mh+mozilla@glandium.org>"
609 criteria = "safe-to-deploy"
610 delta = "1.0.62 -> 1.0.68"
613 who = "Mike Hommey <mh+mozilla@glandium.org>"
614 criteria = "safe-to-deploy"
615 delta = "1.0.68 -> 1.0.69"
618 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
619 criteria = "safe-to-deploy"
622 I'm pretty familiar with this crate. It provides a fixed-point numeric type.
623 The code is pretty straight-forward, there's no unsafe code at all.
627 who = "Nicolas Silva <nical@fastmail.com>"
628 criteria = "safe-to-deploy"
632 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
633 criteria = "safe-to-deploy"
634 delta = "0.7.1 -> 0.7.2"
635 notes = "Adding repr(transparent) plus a couple minor clean-ups, no functional changes from 0.7.1."
638 who = "Mike Hommey <mh+mozilla@glandium.org>"
639 criteria = "safe-to-run"
640 delta = "1.1.0 -> 1.1.1"
643 who = "Mike Hommey <mh+mozilla@glandium.org>"
644 criteria = "safe-to-run"
645 delta = "1.1.1 -> 1.1.3"
648 who = "Mike Hommey <mh+mozilla@glandium.org>"
649 criteria = "safe-to-run"
650 delta = "1.1.3 -> 1.2.0"
653 who = "Mike Hommey <mh+mozilla@glandium.org>"
654 criteria = "safe-to-run"
655 delta = "1.2.0 -> 1.2.3"
658 who = "Jim Blandy <jimb@red-bean.com>"
659 criteria = "safe-to-deploy"
660 delta = "0.37.0+1.3.209 -> 0.37.1+1.3.235"
662 Nicolas Silva, Jim Blandy, and Teodor Tanasoaia audited ash master
663 branch commits from e43e9c0c to 6bd82768 inclusive.
667 who = "Nicolas Silva <nical@fastmail.com>"
668 criteria = "safe-to-deploy"
669 delta = "0.37.1+1.3.235 -> 0.37.2+1.3.238"
672 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
673 criteria = "safe-to-deploy"
674 delta = "0.37.2+1.3.238 -> 0.37.3+1.3.251"
677 who = "Matthew Gregan <kinetik@flim.org>"
678 criteria = "safe-to-deploy"
681 Small unsafe wrapper around Android 8.0's ASharedMemory native API that falls
682 back to older private ioctl-based API at runtime on earlier OS releases. The
683 shim code is small and doesn't inspect the API arguments, so is unlikely to
684 expose any safety issues beyond those presented by the native OS API.
688 who = "Bobby Holley <bobbyholley@gmail.com>"
689 criteria = "safe-to-deploy"
692 Just contains some traits and re-exports for use by a broader package of related
693 crates. No unsafe code or ambient capability usage.
696 [[audits.async-task]]
697 who = "Nika Layzell <nika@thelayzells.com>"
698 criteria = "safe-to-deploy"
699 delta = "4.0.3 -> 4.0.3@git:f6488e35beccb26eb6e85847b02aa78a42cd3d0e"
700 notes = "Recorded by bholley, confirmed over slack."
702 [[audits.async-task]]
703 who = "Nika Layzell <nika@thelayzells.com>"
704 criteria = "safe-to-deploy"
705 delta = "4.0.3 -> 4.3.0"
706 notes = "Main addition is the new FallibleTask type, which I implemented. No risky unsafe code changes."
708 [[audits.async-trait]]
709 who = "Mike Hommey <mh+mozilla@glandium.org>"
710 criteria = "safe-to-deploy"
711 delta = "0.1.56 -> 0.1.57"
713 [[audits.async-trait]]
714 who = "Mike Hommey <mh+mozilla@glandium.org>"
715 criteria = "safe-to-deploy"
716 delta = "0.1.57 -> 0.1.60"
718 [[audits.async-trait]]
719 who = "Mike Hommey <mh+mozilla@glandium.org>"
720 criteria = "safe-to-deploy"
721 delta = "0.1.60 -> 0.1.64"
723 [[audits.atomic_refcell]]
724 who = "Bobby Holley <bholley@mozilla.com>"
725 criteria = "safe-to-deploy"
727 notes = "I maintain this crate and have reviewed every line."
729 [[audits.atomic_refcell]]
730 who = "Mike Hommey <mh+mozilla@glandium.org>"
731 criteria = "safe-to-deploy"
732 delta = "0.1.8 -> 0.1.9"
734 [[audits.audio-mixer]]
735 who = "Chun-Min Chang <chun.m.chang@gmail.com>"
736 criteria = "safe-to-deploy"
738 notes = "audio-mixer is a Mozilla-developed package."
740 [[audits.audio-mixer]]
741 who = "Mike Hommey <mh+mozilla@glandium.org>"
742 criteria = "safe-to-deploy"
743 delta = "0.1.2 -> 0.1.3"
745 [[audits.authenticator]]
746 who = "John M. Schanck <jschanck@mozilla.com>"
747 criteria = "safe-to-deploy"
748 version = "0.4.0-alpha.13"
749 notes = "Maintained by the CryptoEng team at Mozilla."
752 who = "Josh Stone <jistone@redhat.com>"
753 criteria = "safe-to-deploy"
755 notes = "All code written or reviewed by Josh Stone."
758 who = "Mike Hommey <mh+mozilla@glandium.org>"
759 criteria = "safe-to-deploy"
760 delta = "0.13.0 -> 0.13.1"
763 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
764 criteria = "safe-to-deploy"
766 notes = "I'm the primary author and maintainer of the crate."
769 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
770 criteria = "safe-to-deploy"
771 delta = "0.59.2 -> 0.63.0"
774 who = "Mike Hommey <mh+mozilla@glandium.org>"
775 criteria = "safe-to-deploy"
776 delta = "0.63.0 -> 0.64.0"
779 who = "Mike Hommey <mh+mozilla@glandium.org>"
780 criteria = "safe-to-deploy"
781 delta = "0.64.0 -> 0.66.1"
784 who = "Mike Hommey <mh+mozilla@glandium.org>"
785 criteria = "safe-to-deploy"
786 delta = "0.66.1 -> 0.68.1"
789 who = "Andreas Pehrson <apehrson@mozilla.com>"
790 criteria = "safe-to-deploy"
791 delta = "0.68.1 -> 0.69.1"
794 who = "Mike Hommey <mh+mozilla@glandium.org>"
795 criteria = "safe-to-deploy"
796 delta = "0.69.1 -> 0.69.2"
799 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
800 criteria = "safe-to-deploy"
801 delta = "0.69.2 -> 0.69.4"
804 who = "Aria Beingessner <a.beingessner@gmail.com>"
805 criteria = "safe-to-deploy"
807 notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
810 who = "Mike Hommey <mh+mozilla@glandium.org>"
811 criteria = "safe-to-deploy"
812 delta = "0.5.2 -> 0.5.3"
815 who = "Aria Beingessner <a.beingessner@gmail.com>"
816 criteria = "safe-to-deploy"
818 notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
821 who = "Alex Franchuk <afranchuk@mozilla.com>"
822 criteria = "safe-to-deploy"
823 delta = "1.3.2 -> 2.0.2"
824 notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
827 who = "Nicolas Silva <nical@fastmail.com>"
828 criteria = "safe-to-deploy"
829 delta = "2.0.2 -> 2.1.0"
832 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
833 criteria = "safe-to-deploy"
834 delta = "2.2.1 -> 2.3.2"
837 who = "Mike Hommey <mh+mozilla@glandium.org>"
838 criteria = "safe-to-deploy"
839 delta = "2.3.3 -> 2.4.0"
841 [[audits.block-buffer]]
842 who = "Mike Hommey <mh+mozilla@glandium.org>"
843 criteria = "safe-to-deploy"
844 delta = "0.10.2 -> 0.10.3"
846 [[audits.build-parallel]]
847 who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
848 criteria = "safe-to-deploy"
852 who = "Bobby Holley <bobbyholley@gmail.com>"
853 criteria = "safe-to-run"
854 delta = "3.9.1 -> 3.10.0"
856 Some nontrivial functional changes but certainly meets the no-malware bar of
857 safe-to-run. If we needed safe-to-deploy for this in m-c I'd ask Nick to re-
858 certify this version, but we don't, so this is fine for now.
862 who = "Mike Hommey <mh+mozilla@glandium.org>"
863 criteria = "safe-to-run"
864 delta = "3.11.1 -> 3.12.0"
867 who = "Mike Hommey <mh+mozilla@glandium.org>"
868 criteria = "safe-to-deploy"
869 delta = "1.1.0 -> 1.2.1"
872 who = "Mike Hommey <mh+mozilla@glandium.org>"
873 criteria = "safe-to-deploy"
874 delta = "1.2.1 -> 1.3.0"
877 who = "Mike Hommey <mh+mozilla@glandium.org>"
878 criteria = "safe-to-deploy"
879 delta = "1.3.0 -> 1.4.0"
882 who = "Mike Hommey <mh+mozilla@glandium.org>"
883 criteria = "safe-to-deploy"
884 delta = "1.0.9 -> 1.1.1"
887 who = "Mike Hommey <mh+mozilla@glandium.org>"
888 criteria = "safe-to-deploy"
889 delta = "1.1.1 -> 1.1.2"
891 [[audits.cargo_metadata]]
892 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
893 criteria = "safe-to-deploy"
895 notes = "I reviewed the whole code base. Parser for the output of cargo-metadata, relying mostly on serde. No unsafe code used."
897 [[audits.cargo_metadata]]
898 who = "Mike Hommey <mh+mozilla@glandium.org>"
899 criteria = "safe-to-deploy"
900 delta = "0.15.2 -> 0.15.3"
903 who = "Mike Hommey <mh+mozilla@glandium.org>"
904 criteria = "safe-to-deploy"
905 delta = "1.0.73 -> 1.0.78"
908 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
909 criteria = "safe-to-deploy"
911 notes = "I, Henri Sivonen, wrote this (safe-code-only) crate for Gecko even though the crate is published via crates.io."
914 who = "Bobby Holley <bobbyholley@gmail.com>"
915 criteria = "safe-to-deploy"
916 delta = "0.1.9 -> 0.1.9@git:3484d3e3ebdc8931493aa5df4d7ee9360a90e76b"
918 [[audits.chardetng_c]]
919 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
920 criteria = "safe-to-deploy"
922 notes = "I, Henri Sivonen, wrote this crate for Gecko even though it is published via crates.io. The buffer input assumes Rust slice constraints for the start pointer. In Gecko, this is taken care of by mozilla::Span, but the C API doesn't conform to idiomatic C constraints on this point."
924 [[audits.chardetng_c]]
925 who = "Bobby Holley <bobbyholley@gmail.com>"
926 criteria = "safe-to-deploy"
927 delta = "0.1.2 -> 0.1.2@git:ed8a4c6f900a90d4dbc1d64b856e61490a1c3570"
930 who = "Mike Hommey <mh+mozilla@glandium.org>"
931 criteria = "safe-to-deploy"
932 delta = "1.3.3 -> 1.4.0"
935 who = "Mike Hommey <mh+mozilla@glandium.org>"
936 criteria = "safe-to-deploy"
937 delta = "1.4.0 -> 1.6.0"
940 who = "Mike Hommey <mh+mozilla@glandium.org>"
941 criteria = "safe-to-deploy"
942 delta = "0.2.0 -> 0.2.2"
945 who = "Mike Hommey <mh+mozilla@glandium.org>"
946 criteria = "safe-to-deploy"
947 delta = "0.2.2 -> 0.2.4"
950 who = "Nick Alexander <nalexander@mozilla.com>"
951 criteria = "safe-to-deploy"
954 The comedy crate was written by Adam Gashlin for Mozilla's use. The entire
955 comedy 0.2.0 crate is full of `unsafe` code and makes many assumptions about
956 memory and layout, but there is no particular processing of untrusted input
961 who = "Mike Hommey <mh+mozilla@glandium.org>"
962 criteria = "safe-to-run"
963 delta = "0.16.0 -> 0.16.2"
965 [[audits.core-graphics]]
966 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
967 criteria = "safe-to-deploy"
968 delta = "0.22.3 -> 0.23.1"
970 [[audits.core-graphics-types]]
971 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
972 criteria = "safe-to-deploy"
973 delta = "0.1.1 -> 0.1.2"
976 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
977 criteria = "safe-to-deploy"
978 delta = "19.2.0 -> 20.0.0"
981 who = "Jonathan Kew <jfkthame@gmail.com>"
982 criteria = "safe-to-deploy"
983 delta = "20.0.0 -> 20.1.0"
985 The bulk of the 20.0.0 -> 20.1.0 changes were purely cosmetic clippy and rustfmt changes.
987 The only substantive change was the addition of wrappers to expose two additional Core Text APIs,
988 the variants of CTFontCreateWithName and CTFontCreateWithFontDescriptor that accept a CTFontOptions
989 parameter. These are directly parallel to the existing versions without CTFontOptions, and do not
990 introduce any new forms of risk.
993 [[audits.core_maths]]
994 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
995 criteria = "safe-to-deploy"
998 [[audits.coreaudio-sys]]
999 who = "Mike Hommey <mh+mozilla@glandium.org>"
1000 criteria = "safe-to-deploy"
1001 delta = "0.2.10 -> 0.2.11"
1003 [[audits.coreaudio-sys]]
1004 who = "Mike Hommey <mh+mozilla@glandium.org>"
1005 criteria = "safe-to-deploy"
1006 delta = "0.2.11 -> 0.2.12"
1008 [[audits.coreaudio-sys]]
1009 who = "Mike Hommey <mh+mozilla@glandium.org>"
1010 criteria = "safe-to-deploy"
1011 delta = "0.2.12 -> 0.2.13"
1013 [[audits.coreaudio-sys]]
1014 who = "Andreas Pehrson <apehrson@mozilla.com>"
1015 criteria = "safe-to-deploy"
1016 delta = "0.2.13 -> 0.2.14"
1019 who = "Mathew Hodson <mathew.hodson@gmail.com>"
1020 criteria = "safe-to-deploy"
1021 delta = "0.1.4 -> 0.1.4@git:43c22248d136c8b38fe42ea709d08da6355cf04b"
1023 [[audits.cpufeatures]]
1024 who = "Mike Hommey <mh+mozilla@glandium.org>"
1025 criteria = "safe-to-deploy"
1026 delta = "0.2.2 -> 0.2.4"
1028 [[audits.cpufeatures]]
1029 who = "Mike Hommey <mh+mozilla@glandium.org>"
1030 criteria = "safe-to-deploy"
1031 delta = "0.2.4 -> 0.2.5"
1033 [[audits.cpufeatures]]
1034 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1035 criteria = "safe-to-deploy"
1036 delta = "0.2.7 -> 0.2.8"
1037 notes = "This release contains a single fix for an issue that affected Firefox"
1039 [[audits.crash-context]]
1040 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1041 criteria = "safe-to-deploy"
1043 notes = "Mozilla employees contributed to this crate and the remaining code was fully audited"
1045 [[audits.crash-context]]
1046 who = "Alex Franchuk <afranchuk@mozilla.com>"
1047 criteria = "safe-to-deploy"
1048 delta = "0.5.1 -> 0.6.0"
1050 There are few changes. The main change is the removal of `winapi` in favor of
1051 manually-generated bindings (which are minimal). The few small bugfixes are
1055 [[audits.crash-context]]
1056 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1057 criteria = "safe-to-deploy"
1058 delta = "0.6.0 -> 0.6.1"
1060 [[audits.crossbeam-channel]]
1061 who = "Mike Hommey <mh+mozilla@glandium.org>"
1062 criteria = "safe-to-deploy"
1063 delta = "0.5.4 -> 0.5.6"
1065 [[audits.crossbeam-deque]]
1066 who = "Mike Hommey <mh+mozilla@glandium.org>"
1067 criteria = "safe-to-deploy"
1068 delta = "0.8.1 -> 0.8.2"
1070 [[audits.crossbeam-epoch]]
1071 who = "Mike Hommey <mh+mozilla@glandium.org>"
1072 criteria = "safe-to-deploy"
1073 delta = "0.9.8 -> 0.9.10"
1075 [[audits.crossbeam-epoch]]
1076 who = "Mike Hommey <mh+mozilla@glandium.org>"
1077 criteria = "safe-to-deploy"
1078 delta = "0.9.10 -> 0.9.13"
1080 [[audits.crossbeam-epoch]]
1081 who = "Mike Hommey <mh+mozilla@glandium.org>"
1082 criteria = "safe-to-deploy"
1083 delta = "0.9.13 -> 0.9.14"
1085 [[audits.crossbeam-queue]]
1086 who = "Matthew Gregan <kinetik@flim.org>"
1087 criteria = "safe-to-deploy"
1090 [[audits.crossbeam-utils]]
1091 who = "Mike Hommey <mh+mozilla@glandium.org>"
1092 criteria = "safe-to-deploy"
1093 delta = "0.8.8 -> 0.8.11"
1095 [[audits.crossbeam-utils]]
1096 who = "Mike Hommey <mh+mozilla@glandium.org>"
1097 criteria = "safe-to-deploy"
1098 delta = "0.8.11 -> 0.8.14"
1100 [[audits.crypto-common]]
1101 who = "Mike Hommey <mh+mozilla@glandium.org>"
1102 criteria = "safe-to-deploy"
1103 delta = "0.1.3 -> 0.1.6"
1105 [[audits.cssparser]]
1106 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1107 criteria = "safe-to-deploy"
1110 I've reviewed or authored most of the recent changes to this library, and it
1111 was developed by other mozilla folks. Unsafe code there is reasonable (utf-8
1112 casts for serialization and parsing).
1115 [[audits.cssparser]]
1116 who = "Bobby Holley <bobbyholley@gmail.com>"
1117 criteria = "safe-to-deploy"
1118 delta = "0.29.6 -> 0.31.0"
1120 All the changes in this release were authored by Mozilla staff, except the
1121 uninit_array stuff, which looks fine.
1124 [[audits.cssparser]]
1125 who = "Mike Hommey <mh+mozilla@glandium.org>"
1126 criteria = "safe-to-deploy"
1127 delta = "0.31.0 -> 0.31.2"
1129 [[audits.cssparser]]
1130 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1131 criteria = "safe-to-deploy"
1132 delta = "0.31.2 -> 0.32.0"
1133 notes = "All changes were either authored or reviewed by Mozilla employees."
1135 [[audits.cssparser]]
1136 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1137 criteria = "safe-to-deploy"
1138 delta = "0.32.0 -> 0.33.0"
1140 Mozilla authored. Breaking changes from 0.32 involve splitting color APIs into
1141 their own crate and removing an unused line number offset mechanism.
1144 [[audits.cssparser]]
1145 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1146 criteria = "safe-to-deploy"
1147 delta = "0.33.0 -> 0.33.0@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
1148 notes = "Only one minimal change exposing a previously-private enumeration."
1150 [[audits.cssparser-color]]
1151 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1152 criteria = "safe-to-deploy"
1154 notes = "This code used to live in cssparser's color module. Only moved out. Mozilla-authored."
1156 [[audits.cssparser-macros]]
1157 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1158 criteria = "safe-to-deploy"
1161 Trivial crate with a single proc macro to compute the max length of the inputs
1162 to a match expression.
1165 [[audits.cssparser-macros]]
1166 who = "Mike Hommey <mh+mozilla@glandium.org>"
1167 criteria = "safe-to-deploy"
1168 delta = "0.6.0 -> 0.6.1"
1170 [[audits.cssparser-macros]]
1171 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1172 criteria = "safe-to-deploy"
1173 delta = "0.6.1 -> 0.6.1@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
1174 notes = "No changes from already-certified upstream, but needed because it lives in the same git repo as the cssparser crate."
1177 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1178 criteria = "safe-to-deploy"
1181 I've reviewed the code of the crate thoroughly. It generates an unsafe block
1182 which is statically guaranteed to be safe. Inputs to the macro have to be
1183 static so there's no uncontrolled input whatsoever.
1187 who = "Mike Hommey <mh+mozilla@glandium.org>"
1188 criteria = "safe-to-deploy"
1189 delta = "0.2.10 -> 0.2.11"
1192 who = "Matthew Gregan <kinetik@flim.org>"
1193 criteria = "safe-to-deploy"
1196 Mozilla-developed package.
1200 who = "Matthew Gregan <kinetik@flim.org>"
1201 criteria = "safe-to-deploy"
1202 delta = "0.10.1 -> 0.10.2"
1205 who = "Mike Hommey <mh+mozilla@glandium.org>"
1206 criteria = "safe-to-deploy"
1207 delta = "0.10.2 -> 0.10.3"
1210 who = "Andreas Pehrson <apehrson@mozilla.com>"
1211 criteria = "safe-to-deploy"
1212 delta = "0.10.3 -> 0.12.0"
1214 [[audits.cubeb-backend]]
1215 who = "Matthew Gregan <kinetik@flim.org>"
1216 criteria = "safe-to-deploy"
1219 Mozilla-developed package.
1222 [[audits.cubeb-backend]]
1223 who = "Matthew Gregan <kinetik@flim.org>"
1224 criteria = "safe-to-deploy"
1225 delta = "0.10.1 -> 0.10.2"
1227 [[audits.cubeb-backend]]
1228 who = "Paul Adenot <paul@paul.cx>"
1229 criteria = "safe-to-deploy"
1230 delta = "0.10.2 -> 0.10.3"
1232 Mozilla-developed package.
1235 [[audits.cubeb-backend]]
1236 who = "Andreas Pehrson <apehrson@mozilla.com>"
1237 criteria = "safe-to-deploy"
1238 delta = "0.10.3 -> 0.10.7"
1240 [[audits.cubeb-backend]]
1241 who = "Andreas Pehrson <apehrson@mozilla.com>"
1242 criteria = "safe-to-deploy"
1243 delta = "0.10.7 -> 0.12.0"
1245 [[audits.cubeb-core]]
1246 who = "Matthew Gregan <kinetik@flim.org>"
1247 criteria = "safe-to-deploy"
1250 Mozilla-developed package.
1253 [[audits.cubeb-core]]
1254 who = "Matthew Gregan <kinetik@flim.org>"
1255 criteria = "safe-to-deploy"
1256 delta = "0.10.1 -> 0.10.2"
1258 [[audits.cubeb-core]]
1259 who = "Paul Adenot <paul@paul.cx>"
1260 criteria = "safe-to-deploy"
1261 delta = "0.10.2 -> 0.10.3"
1263 Mozilla-developed package.
1266 [[audits.cubeb-core]]
1267 who = "Mike Hommey <mh+mozilla@glandium.org>"
1268 criteria = "safe-to-deploy"
1269 delta = "0.10.3 -> 0.10.4"
1271 [[audits.cubeb-core]]
1272 who = "Andreas Pehrson <apehrson@mozilla.com>"
1273 criteria = "safe-to-deploy"
1274 delta = "0.10.4 -> 0.10.7"
1276 [[audits.cubeb-core]]
1277 who = "Andreas Pehrson <apehrson@mozilla.com>"
1278 criteria = "safe-to-deploy"
1279 delta = "0.10.7 -> 0.12.0"
1281 [[audits.cubeb-sys]]
1282 who = "Matthew Gregan <kinetik@flim.org>"
1283 criteria = "safe-to-deploy"
1286 Mozilla-developed package.
1289 [[audits.cubeb-sys]]
1290 who = "Matthew Gregan <kinetik@flim.org>"
1291 criteria = "safe-to-deploy"
1292 delta = "0.10.1 -> 0.10.2"
1294 [[audits.cubeb-sys]]
1295 who = "Paul Adenot <paul@paul.cx>"
1296 criteria = "safe-to-deploy"
1297 delta = "0.10.2 -> 0.10.3"
1299 Mozilla-developed package.
1302 [[audits.cubeb-sys]]
1303 who = "Andreas Pehrson <apehrson@mozilla.com>"
1304 criteria = "safe-to-deploy"
1305 delta = "0.10.3 -> 0.10.7"
1307 [[audits.cubeb-sys]]
1308 who = "Andreas Pehrson <apehrson@mozilla.com>"
1309 criteria = "safe-to-deploy"
1310 delta = "0.10.7 -> 0.12.0"
1313 who = "Jim Blandy <jimb@red-bean.com>"
1314 criteria = "safe-to-deploy"
1315 delta = "0.4.1 -> 0.5.0"
1316 notes = "The commits between 0.4.1 and 0.5.0 were all audited by Dzmitry Malyshau or myself."
1319 who = "Nicolas Silva <nical@fastmail.com>"
1320 criteria = "safe-to-deploy"
1321 delta = "0.5.0 -> 0.7.0"
1325 "Erich Gubler <egubler@mozilla.com>",
1326 "Jim Blandy <jimb@red-bean.com>",
1327 "Nicolas Silva <nical@fastmail.com>",
1328 "Erich Gubler <erichdongubler@gmail.com>",
1329 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
1331 criteria = "safe-to-deploy"
1332 delta = "0.7.0 -> 0.19.0@git:9c9418e84a9dd9730c0ab316e0f30f2a571827e4"
1336 who = "Mike Hommey <mh+mozilla@glandium.org>"
1337 criteria = "safe-to-deploy"
1338 delta = "0.13.4 -> 0.14.2"
1341 who = "Mike Hommey <mh+mozilla@glandium.org>"
1342 criteria = "safe-to-deploy"
1343 delta = "0.14.2 -> 0.14.3"
1346 who = "Mike Hommey <mh+mozilla@glandium.org>"
1347 criteria = "safe-to-deploy"
1348 delta = "0.14.3 -> 0.20.1"
1350 [[audits.darling_core]]
1351 who = "Mike Hommey <mh+mozilla@glandium.org>"
1352 criteria = "safe-to-deploy"
1353 delta = "0.13.4 -> 0.14.2"
1355 [[audits.darling_core]]
1356 who = "Mike Hommey <mh+mozilla@glandium.org>"
1357 criteria = "safe-to-deploy"
1358 delta = "0.14.2 -> 0.14.3"
1360 [[audits.darling_core]]
1361 who = "Mike Hommey <mh+mozilla@glandium.org>"
1362 criteria = "safe-to-deploy"
1363 delta = "0.14.3 -> 0.20.1"
1365 [[audits.darling_macro]]
1366 who = "Mike Hommey <mh+mozilla@glandium.org>"
1367 criteria = "safe-to-deploy"
1368 delta = "0.13.4 -> 0.14.2"
1370 [[audits.darling_macro]]
1371 who = "Mike Hommey <mh+mozilla@glandium.org>"
1372 criteria = "safe-to-deploy"
1373 delta = "0.14.2 -> 0.14.3"
1375 [[audits.darling_macro]]
1376 who = "Mike Hommey <mh+mozilla@glandium.org>"
1377 criteria = "safe-to-deploy"
1378 delta = "0.14.3 -> 0.20.1"
1380 [[audits.data-encoding]]
1381 who = "Mike Hommey <mh+mozilla@glandium.org>"
1382 criteria = "safe-to-deploy"
1383 delta = "2.3.2 -> 2.3.3"
1386 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1387 criteria = "safe-to-deploy"
1389 notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it."
1391 [[audits.derive_arbitrary]]
1392 who = "Mike Hommey <mh+mozilla@glandium.org>"
1393 criteria = "safe-to-run"
1394 delta = "1.1.0 -> 1.1.1"
1396 [[audits.derive_arbitrary]]
1397 who = "Mike Hommey <mh+mozilla@glandium.org>"
1398 criteria = "safe-to-run"
1399 delta = "1.1.1 -> 1.1.3"
1401 [[audits.derive_arbitrary]]
1402 who = "Mike Hommey <mh+mozilla@glandium.org>"
1403 criteria = "safe-to-run"
1404 delta = "1.1.3 -> 1.2.1"
1406 [[audits.derive_arbitrary]]
1407 who = "Mike Hommey <mh+mozilla@glandium.org>"
1408 criteria = "safe-to-run"
1409 delta = "1.2.1 -> 1.2.3"
1411 [[audits.derive_arbitrary]]
1412 who = "Mike Hommey <mh+mozilla@glandium.org>"
1413 criteria = "safe-to-run"
1414 delta = "1.3.0 -> 1.3.1"
1416 [[audits.derive_more]]
1417 who = "Mike Hommey <mh+mozilla@glandium.org>"
1418 criteria = "safe-to-deploy"
1419 delta = "0.99.17 -> 1.0.0-beta.2"
1422 who = "Mike Hommey <mh+mozilla@glandium.org>"
1423 criteria = "safe-to-deploy"
1424 delta = "0.3.4 -> 0.3.5"
1427 who = "Mike Hommey <mh+mozilla@glandium.org>"
1428 criteria = "safe-to-deploy"
1429 delta = "0.3.5 -> 0.3.6"
1432 who = "Mike Hommey <mh+mozilla@glandium.org>"
1433 criteria = "safe-to-deploy"
1434 delta = "0.10.3 -> 0.10.6"
1437 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1438 criteria = "safe-to-deploy"
1440 notes = "This crate is FFI wrapper generator using by ICU4X ffi libraries. This uses unsafe code to convert paramenters, I have reviewed this and generated headers."
1443 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1444 criteria = "safe-to-deploy"
1445 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1448 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1449 criteria = "safe-to-deploy"
1450 delta = "0.5.2 -> 0.7.0"
1452 [[audits.diplomat-runtime]]
1453 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1454 criteria = "safe-to-deploy"
1456 notes = "This crate is FFI wrapper generator runtime using by ICU4X ffi libraries. This uses unsafe code for memory access of FFI. I have reviewed carefully."
1458 [[audits.diplomat-runtime]]
1459 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1460 criteria = "safe-to-deploy"
1461 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1463 [[audits.diplomat-runtime]]
1464 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1465 criteria = "safe-to-deploy"
1466 delta = "0.5.2 -> 0.7.0"
1468 [[audits.diplomat_core]]
1469 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1470 criteria = "safe-to-deploy"
1472 notes = "This crate contains unsafe code, no network and no file access."
1474 [[audits.diplomat_core]]
1475 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1476 criteria = "safe-to-deploy"
1477 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1479 [[audits.diplomat_core]]
1480 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1481 criteria = "safe-to-deploy"
1482 delta = "0.5.2 -> 0.7.0"
1484 [[audits.displaydoc]]
1485 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1486 criteria = "safe-to-deploy"
1489 This crate is convenient macros to implement core::fmt::Display trait.
1490 Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access.
1491 It meets the criteria for safe-to-deploy.
1494 [[audits.displaydoc]]
1495 who = "Mike Hommey <mh+mozilla@glandium.org>"
1496 criteria = "safe-to-deploy"
1497 delta = "0.2.3 -> 0.2.4"
1499 [[audits.document-features]]
1500 who = "Erich Gubler <erichdongubler@gmail.com>"
1501 criteria = "safe-to-deploy"
1505 who = "Sammy Khamis <skhamis@mozilla.com>"
1506 criteria = "safe-to-deploy"
1507 delta = "0.4.0 -> 0.5.0"
1508 notes = "The repository for this crate belongs in the Mozilla org."
1510 [[audits.dtoa-short]]
1511 who = "Bobby Holley <bobbyholley@gmail.com>"
1512 criteria = "safe-to-deploy"
1516 who = "Bobby Holley <bobbyholley@gmail.com>"
1517 criteria = "safe-to-deploy"
1519 notes = "All code written or reviewed by Mozilla staff."
1522 who = "Mike Hommey <mh+mozilla@glandium.org>"
1523 criteria = "safe-to-deploy"
1524 delta = "1.6.1 -> 1.7.0"
1527 who = "Mike Hommey <mh+mozilla@glandium.org>"
1528 criteria = "safe-to-deploy"
1529 delta = "1.7.0 -> 1.8.0"
1532 who = "Mike Hommey <mh+mozilla@glandium.org>"
1533 criteria = "safe-to-deploy"
1534 delta = "1.8.0 -> 1.8.1"
1536 [[audits.encoding_c]]
1537 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1538 criteria = "safe-to-deploy"
1540 notes = "I, Henri Sivonen, wrote encoding_c for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/issues/79#issuecomment-1211870361"
1542 [[audits.encoding_c_mem]]
1543 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1544 criteria = "safe-to-deploy"
1547 I, Henri Sivonen, wrote encoding_c_mem for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C
1548 ++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/i
1549 ssues/79#issuecomment-1211870361
1552 [[audits.encoding_rs]]
1553 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1554 criteria = "safe-to-deploy"
1556 notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
1558 [[audits.encoding_rs]]
1559 who = "Mike Hommey <mh+mozilla@glandium.org>"
1560 criteria = "safe-to-deploy"
1561 delta = "0.8.31 -> 0.8.32"
1564 who = "Kershaw Chang <kershaw@mozilla.com>"
1565 criteria = "safe-to-deploy"
1568 [[audits.enum-map-derive]]
1569 who = "Kershaw Chang <kershaw@mozilla.com>"
1570 criteria = "safe-to-deploy"
1573 [[audits.enum-primitive-derive]]
1574 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1575 criteria = "safe-to-deploy"
1579 who = "Mike Hommey <mh+mozilla@glandium.org>"
1580 criteria = "safe-to-deploy"
1581 delta = "1.0.11 -> 1.0.12"
1584 who = "Mike Hommey <mh+mozilla@glandium.org>"
1585 criteria = "safe-to-deploy"
1586 delta = "1.0.12 -> 1.1.2"
1588 [[audits.enumset_derive]]
1589 who = "Mike Hommey <mh+mozilla@glandium.org>"
1590 criteria = "safe-to-deploy"
1591 delta = "0.6.0 -> 0.6.1"
1593 [[audits.enumset_derive]]
1594 who = "Mike Hommey <mh+mozilla@glandium.org>"
1595 criteria = "safe-to-deploy"
1596 delta = "0.6.1 -> 0.8.1"
1598 [[audits.env_logger]]
1599 who = "Mike Hommey <mh+mozilla@glandium.org>"
1600 criteria = "safe-to-deploy"
1601 delta = "0.9.0 -> 0.9.3"
1603 [[audits.env_logger]]
1604 who = "Nicolas Silva <nical@fastmail.com>"
1605 criteria = "safe-to-deploy"
1606 delta = "0.9.3 -> 0.10.0"
1609 who = "Mike Hommey <mh+mozilla@glandium.org>"
1610 criteria = "safe-to-deploy"
1611 delta = "0.3.1 -> 0.3.3"
1614 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
1615 criteria = "safe-to-deploy"
1617 notes = "Inspected the crate and noted that the impl block comes directly from the proc-macro input. If no new code can be added by this crate, I don't think there can be any issues."
1620 who = "Mike Hommey <mh+mozilla@glandium.org>"
1621 criteria = "safe-to-deploy"
1622 delta = "1.1.2 -> 1.2.0"
1624 [[audits.fallible_collections]]
1625 who = "Mike Hommey <mh+mozilla@glandium.org>"
1626 criteria = "safe-to-deploy"
1627 delta = "0.4.4 -> 0.4.5"
1629 [[audits.fallible_collections]]
1630 who = "Mike Hommey <mh+mozilla@glandium.org>"
1631 criteria = "safe-to-deploy"
1632 delta = "0.4.5 -> 0.4.6"
1633 notes = "The changes in this version are mine."
1636 who = "Mike Hommey <mh+mozilla@glandium.org>"
1637 criteria = "safe-to-deploy"
1638 delta = "1.7.0 -> 1.8.0"
1641 who = "Mike Hommey <mh+mozilla@glandium.org>"
1642 criteria = "safe-to-deploy"
1643 delta = "1.8.0 -> 1.9.0"
1646 who = "Mike Hommey <mh+mozilla@glandium.org>"
1647 criteria = "safe-to-deploy"
1648 delta = "1.9.0 -> 2.0.0"
1650 [[audits.filetime_win]]
1651 who = "Nick Alexander <nalexander@mozilla.com>"
1652 criteria = "safe-to-deploy"
1655 filetime_win was written by Adam Gashlin for Mozilla's use. The `unsafe` code
1656 blocks in filetime_win 0.2.0 are straight-forward invocations of `mem::zeroed`
1657 and expected invocations of Win32 APIs (with error handling as appropriate).
1661 who = "Ryan Hunt <rhunt@eqrion.net>"
1662 criteria = "safe-to-deploy"
1664 notes = "Uses no ambient capabilities, vetted the one instance of unsafe."
1667 who = "Mike Hommey <mh+mozilla@glandium.org>"
1668 criteria = "safe-to-deploy"
1669 delta = "1.0.24 -> 1.0.25"
1672 who = "Zibi Braniecki <zibi@unicode.org>"
1673 criteria = "safe-to-deploy"
1676 [[audits.fluent-bundle]]
1677 who = "Zibi Braniecki <zibi@unicode.org>"
1678 criteria = "safe-to-deploy"
1681 [[audits.fluent-fallback]]
1682 who = "Zibi Braniecki <zibi@unicode.org>"
1683 criteria = "safe-to-deploy"
1686 [[audits.fluent-fallback]]
1687 who = "Greg Tatum <tatum.creative@gmail.com>"
1688 criteria = "safe-to-deploy"
1689 delta = "0.6.0 -> 0.7.0"
1691 [[audits.fluent-langneg]]
1692 who = "Zibi Braniecki <zibi@unicode.org>"
1693 criteria = "safe-to-deploy"
1696 [[audits.fluent-pseudo]]
1697 who = "Zibi Braniecki <zibi@unicode.org>"
1698 criteria = "safe-to-deploy"
1701 [[audits.fluent-syntax]]
1702 who = "Zibi Braniecki <zibi@unicode.org>"
1703 criteria = "safe-to-deploy"
1706 [[audits.fluent-testing]]
1707 who = "Zibi Braniecki <zibi@unicode.org>"
1708 criteria = "safe-to-run"
1711 [[audits.fluent-testing]]
1712 who = "Greg Tatum <tatum.creative@gmail.com>"
1713 criteria = "safe-to-run"
1714 delta = "0.0.2 -> 0.0.3"
1717 who = "Bobby Holley <bobbyholley@gmail.com>"
1718 criteria = "safe-to-deploy"
1720 notes = "Simple hasher implementation with no unsafe code."
1722 [[audits.foreign-types]]
1723 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1724 criteria = "safe-to-deploy"
1725 delta = "0.3.2 -> 0.5.0"
1727 [[audits.foreign-types-macros]]
1728 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1729 criteria = "safe-to-deploy"
1732 [[audits.foreign-types-shared]]
1733 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1734 criteria = "safe-to-deploy"
1735 delta = "0.1.1 -> 0.3.1"
1737 [[audits.form_urlencoded]]
1738 who = "Valentin Gosu <valentin.gosu@gmail.com>"
1739 criteria = "safe-to-deploy"
1742 [[audits.form_urlencoded]]
1743 who = "Valentin Gosu <valentin.gosu@gmail.com>"
1744 criteria = "safe-to-deploy"
1745 delta = "1.2.0 -> 1.2.1"
1748 who = "Mike Hommey <mh+mozilla@glandium.org>"
1749 criteria = "safe-to-deploy"
1750 delta = "2.7.0 -> 2.8.1"
1753 who = "Mike Hommey <mh+mozilla@glandium.org>"
1754 criteria = "safe-to-deploy"
1755 delta = "2.8.1 -> 2.9.0"
1758 who = "Mike Hommey <mh+mozilla@glandium.org>"
1759 criteria = "safe-to-deploy"
1760 delta = "0.3.21 -> 0.3.23"
1763 who = "Mike Hommey <mh+mozilla@glandium.org>"
1764 criteria = "safe-to-deploy"
1765 delta = "0.3.23 -> 0.3.25"
1768 who = "Mike Hommey <mh+mozilla@glandium.org>"
1769 criteria = "safe-to-deploy"
1770 delta = "0.3.25 -> 0.3.26"
1773 who = "Mike Hommey <mh+mozilla@glandium.org>"
1774 criteria = "safe-to-deploy"
1775 delta = "0.3.26 -> 0.3.28"
1777 [[audits.futures-channel]]
1778 who = "Mike Hommey <mh+mozilla@glandium.org>"
1779 criteria = "safe-to-deploy"
1780 delta = "0.3.21 -> 0.3.23"
1782 [[audits.futures-channel]]
1783 who = "Mike Hommey <mh+mozilla@glandium.org>"
1784 criteria = "safe-to-deploy"
1785 delta = "0.3.23 -> 0.3.25"
1787 [[audits.futures-channel]]
1788 who = "Mike Hommey <mh+mozilla@glandium.org>"
1789 criteria = "safe-to-deploy"
1790 delta = "0.3.25 -> 0.3.26"
1792 [[audits.futures-channel]]
1793 who = "Bobby Holley <bobbyholley@gmail.com>"
1794 criteria = "safe-to-deploy"
1795 delta = "0.3.27 -> 0.3.26"
1797 [[audits.futures-channel]]
1798 who = "Mike Hommey <mh+mozilla@glandium.org>"
1799 criteria = "safe-to-deploy"
1800 delta = "0.3.27 -> 0.3.28"
1802 [[audits.futures-core]]
1803 who = "Mike Hommey <mh+mozilla@glandium.org>"
1804 criteria = "safe-to-deploy"
1805 delta = "0.3.21 -> 0.3.23"
1807 [[audits.futures-core]]
1808 who = "Mike Hommey <mh+mozilla@glandium.org>"
1809 criteria = "safe-to-deploy"
1810 delta = "0.3.23 -> 0.3.25"
1812 [[audits.futures-core]]
1813 who = "Mike Hommey <mh+mozilla@glandium.org>"
1814 criteria = "safe-to-deploy"
1815 delta = "0.3.25 -> 0.3.26"
1817 [[audits.futures-core]]
1818 who = "Bobby Holley <bobbyholley@gmail.com>"
1819 criteria = "safe-to-deploy"
1820 delta = "0.3.27 -> 0.3.26"
1822 [[audits.futures-core]]
1823 who = "Mike Hommey <mh+mozilla@glandium.org>"
1824 criteria = "safe-to-deploy"
1825 delta = "0.3.27 -> 0.3.28"
1827 [[audits.futures-executor]]
1828 who = "Mike Hommey <mh+mozilla@glandium.org>"
1829 criteria = "safe-to-deploy"
1830 delta = "0.3.21 -> 0.3.23"
1832 [[audits.futures-executor]]
1833 who = "Mike Hommey <mh+mozilla@glandium.org>"
1834 criteria = "safe-to-deploy"
1835 delta = "0.3.23 -> 0.3.25"
1837 [[audits.futures-executor]]
1838 who = "Mike Hommey <mh+mozilla@glandium.org>"
1839 criteria = "safe-to-deploy"
1840 delta = "0.3.25 -> 0.3.26"
1842 [[audits.futures-executor]]
1843 who = "Bobby Holley <bobbyholley@gmail.com>"
1844 criteria = "safe-to-deploy"
1845 delta = "0.3.27 -> 0.3.23"
1847 [[audits.futures-executor]]
1848 who = "Mike Hommey <mh+mozilla@glandium.org>"
1849 criteria = "safe-to-deploy"
1850 delta = "0.3.27 -> 0.3.28"
1852 [[audits.futures-io]]
1853 who = "Mike Hommey <mh+mozilla@glandium.org>"
1854 criteria = "safe-to-deploy"
1855 delta = "0.3.21 -> 0.3.23"
1857 [[audits.futures-io]]
1858 who = "Mike Hommey <mh+mozilla@glandium.org>"
1859 criteria = "safe-to-deploy"
1860 delta = "0.3.23 -> 0.3.25"
1862 [[audits.futures-io]]
1863 who = "Mike Hommey <mh+mozilla@glandium.org>"
1864 criteria = "safe-to-deploy"
1865 delta = "0.3.25 -> 0.3.26"
1867 [[audits.futures-io]]
1868 who = "Bobby Holley <bobbyholley@gmail.com>"
1869 criteria = "safe-to-deploy"
1870 delta = "0.3.27 -> 0.3.23"
1872 [[audits.futures-io]]
1873 who = "Mike Hommey <mh+mozilla@glandium.org>"
1874 criteria = "safe-to-deploy"
1875 delta = "0.3.27 -> 0.3.28"
1877 [[audits.futures-macro]]
1878 who = "Mike Hommey <mh+mozilla@glandium.org>"
1879 criteria = "safe-to-deploy"
1880 delta = "0.3.21 -> 0.3.23"
1882 [[audits.futures-macro]]
1883 who = "Mike Hommey <mh+mozilla@glandium.org>"
1884 criteria = "safe-to-deploy"
1885 delta = "0.3.23 -> 0.3.25"
1887 [[audits.futures-macro]]
1888 who = "Mike Hommey <mh+mozilla@glandium.org>"
1889 criteria = "safe-to-deploy"
1890 delta = "0.3.25 -> 0.3.26"
1892 [[audits.futures-macro]]
1893 who = "Mike Hommey <mh+mozilla@glandium.org>"
1894 criteria = "safe-to-deploy"
1895 delta = "0.3.26 -> 0.3.28"
1897 [[audits.futures-sink]]
1898 who = "Mike Hommey <mh+mozilla@glandium.org>"
1899 criteria = "safe-to-deploy"
1900 delta = "0.3.21 -> 0.3.23"
1902 [[audits.futures-sink]]
1903 who = "Mike Hommey <mh+mozilla@glandium.org>"
1904 criteria = "safe-to-deploy"
1905 delta = "0.3.23 -> 0.3.25"
1907 [[audits.futures-sink]]
1908 who = "Mike Hommey <mh+mozilla@glandium.org>"
1909 criteria = "safe-to-deploy"
1910 delta = "0.3.25 -> 0.3.26"
1912 [[audits.futures-sink]]
1913 who = "Bobby Holley <bobbyholley@gmail.com>"
1914 criteria = "safe-to-deploy"
1915 delta = "0.3.27 -> 0.3.23"
1917 [[audits.futures-sink]]
1918 who = "Mike Hommey <mh+mozilla@glandium.org>"
1919 criteria = "safe-to-deploy"
1920 delta = "0.3.27 -> 0.3.28"
1922 [[audits.futures-task]]
1923 who = "Mike Hommey <mh+mozilla@glandium.org>"
1924 criteria = "safe-to-deploy"
1925 delta = "0.3.21 -> 0.3.23"
1927 [[audits.futures-task]]
1928 who = "Mike Hommey <mh+mozilla@glandium.org>"
1929 criteria = "safe-to-deploy"
1930 delta = "0.3.23 -> 0.3.25"
1932 [[audits.futures-task]]
1933 who = "Mike Hommey <mh+mozilla@glandium.org>"
1934 criteria = "safe-to-deploy"
1935 delta = "0.3.25 -> 0.3.26"
1937 [[audits.futures-task]]
1938 who = "Mike Hommey <mh+mozilla@glandium.org>"
1939 criteria = "safe-to-deploy"
1940 delta = "0.3.26 -> 0.3.28"
1942 [[audits.futures-util]]
1943 who = "Mike Hommey <mh+mozilla@glandium.org>"
1944 criteria = "safe-to-deploy"
1945 delta = "0.3.21 -> 0.3.23"
1947 [[audits.futures-util]]
1948 who = "Mike Hommey <mh+mozilla@glandium.org>"
1949 criteria = "safe-to-deploy"
1950 delta = "0.3.23 -> 0.3.25"
1952 [[audits.futures-util]]
1953 who = "Mike Hommey <mh+mozilla@glandium.org>"
1954 criteria = "safe-to-deploy"
1955 delta = "0.3.25 -> 0.3.26"
1957 [[audits.futures-util]]
1958 who = "Mike Hommey <mh+mozilla@glandium.org>"
1959 criteria = "safe-to-deploy"
1960 delta = "0.3.26 -> 0.3.28"
1963 who = "Bobby Holley <bobbyholley@gmail.com>"
1964 criteria = "safe-to-deploy"
1966 notes = "Straightforward crate with no unsafe code, does what it says on the tin."
1968 [[audits.generic-array]]
1969 who = "Mike Hommey <mh+mozilla@glandium.org>"
1970 criteria = "safe-to-deploy"
1971 delta = "0.14.5 -> 0.14.6"
1973 [[audits.getrandom]]
1974 who = "Mike Hommey <mh+mozilla@glandium.org>"
1975 criteria = "safe-to-deploy"
1976 delta = "0.2.6 -> 0.2.7"
1978 [[audits.getrandom]]
1979 who = "Mike Hommey <mh+mozilla@glandium.org>"
1980 criteria = "safe-to-deploy"
1981 delta = "0.2.7 -> 0.2.8"
1983 [[audits.getrandom]]
1984 who = "Yannis Juglaret <yjuglaret@mozilla.com>"
1985 criteria = "safe-to-deploy"
1986 delta = "0.2.8 -> 0.2.9"
1988 [[audits.getrandom]]
1989 who = "Simon Friedberger <simon@mozilla.com>"
1990 criteria = "safe-to-deploy"
1991 delta = "0.2.10 -> 0.2.11"
1994 who = "Jamie Nicol <jnicol@mozilla.com>"
1995 criteria = "safe-to-deploy"
1996 delta = "0.13.1 -> 0.15.0"
1999 who = "Mike Hommey <mh+mozilla@glandium.org>"
2000 criteria = "safe-to-deploy"
2001 delta = "0.3.0 -> 0.3.1"
2004 who = "Mike Hommey <mh+mozilla@glandium.org>"
2005 criteria = "safe-to-deploy"
2006 delta = "6.0.1 -> 6.0.2"
2007 notes = "I'm the author of the changes in this version of the crate."
2010 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
2011 criteria = "safe-to-deploy"
2012 delta = "0.1.3 -> 0.5.4"
2013 notes = "Several bugfixes since 2019. This version is also in use by Mozilla's crash reporting tooling, e.g. minidump-writer"
2016 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2017 criteria = "safe-to-deploy"
2018 delta = "0.5.4 -> 0.6.0"
2019 notes = "Mostly bug fixes and some added functionality"
2022 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2023 criteria = "safe-to-deploy"
2024 delta = "0.6.0 -> 0.7.1"
2026 [[audits.gpu-alloc]]
2027 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2028 criteria = "safe-to-deploy"
2029 delta = "0.5.3 -> 0.6.0"
2031 [[audits.gpu-alloc-types]]
2032 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2033 criteria = "safe-to-deploy"
2034 delta = "0.2.0 -> 0.3.0"
2036 [[audits.gpu-allocator]]
2037 who = "Erich Gubler <erichdongubler@gmail.com>"
2038 criteria = "safe-to-deploy"
2041 [[audits.gpu-descriptor]]
2042 who = "Mike Hommey <mh+mozilla@glandium.org>"
2043 criteria = "safe-to-deploy"
2044 delta = "0.2.2 -> 0.2.3"
2047 who = "Bobby Holley <bobbyholley@gmail.com>"
2048 criteria = "safe-to-deploy"
2051 This crate has some unsafe code for the FFI bits, which I've reviewed carefully.
2052 It uses the deprecated mem::uninitialized(), which is generally sketchy. However
2053 the usage is pretty straightforward and while it's technically UB, it seems no
2054 more likely to lead to miscompilation than any other use of mem::uninitialized.
2058 who = "Mike Hommey <mh+mozilla@glandium.org>"
2059 criteria = "safe-to-run"
2060 delta = "0.3.13 -> 0.3.14"
2063 who = "Mike Hommey <mh+mozilla@glandium.org>"
2064 criteria = "safe-to-run"
2065 delta = "0.3.14 -> 0.3.15"
2068 who = "John M. Schanck <jschanck@mozilla.com>"
2069 criteria = "safe-to-deploy"
2072 This crate contains unsafe code for bitwise casts to/from binary16 floating-point
2073 format. I've reviewed these and found no issues. There are no uses of ambient
2077 [[audits.hashbrown]]
2078 who = "Mike Hommey <mh+mozilla@glandium.org>"
2079 criteria = "safe-to-deploy"
2081 notes = "This version is used in rust's libstd, so effectively we're already trusting it"
2084 who = "Mike Hommey <mh+mozilla@glandium.org>"
2085 criteria = "safe-to-deploy"
2086 delta = "0.7.0 -> 0.8.1"
2089 who = "Mike Hommey <mh+mozilla@glandium.org>"
2090 criteria = "safe-to-run"
2091 delta = "0.3.7 -> 0.3.8"
2093 [[audits.headers-core]]
2094 who = "Bobby Holley <bobbyholley@gmail.com>"
2095 criteria = "safe-to-deploy"
2097 notes = "Trivial crate, no unsafe code."
2100 who = "Mike Hommey <mh+mozilla@glandium.org>"
2101 criteria = "safe-to-deploy"
2102 delta = "0.4.0 -> 0.4.1"
2104 [[audits.hermit-abi]]
2105 who = "Mike Hommey <mh+mozilla@glandium.org>"
2106 criteria = "safe-to-deploy"
2107 delta = "0.1.19 -> 0.2.6"
2110 who = "Simon Friedberger <simon@mozilla.com>"
2111 criteria = "safe-to-deploy"
2115 who = "Mike Hommey <mh+mozilla@glandium.org>"
2116 criteria = "safe-to-run"
2117 delta = "0.2.8 -> 0.2.9"
2120 who = "Mike Hommey <mh+mozilla@glandium.org>"
2121 criteria = "safe-to-run"
2122 delta = "1.7.1 -> 1.8.0"
2125 who = "Mike Hommey <mh+mozilla@glandium.org>"
2126 criteria = "safe-to-run"
2127 delta = "0.14.19 -> 0.14.20"
2130 who = "Mike Hommey <mh+mozilla@glandium.org>"
2131 criteria = "safe-to-run"
2132 delta = "0.14.20 -> 0.14.22"
2135 who = "Mike Hommey <mh+mozilla@glandium.org>"
2136 criteria = "safe-to-run"
2137 delta = "0.14.22 -> 0.14.23"
2140 who = "Mike Hommey <mh+mozilla@glandium.org>"
2141 criteria = "safe-to-run"
2142 delta = "0.14.23 -> 0.14.24"
2145 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2146 criteria = "safe-to-deploy"
2148 notes = "This crate is C/C++ FFI for ICU4X using diplomat crate. no unsafe and no file access etc on this crate."
2151 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2152 criteria = "safe-to-deploy"
2153 delta = "1.2.2 -> 1.4.0"
2155 [[audits.icu_collections]]
2156 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2157 criteria = "safe-to-deploy"
2159 notes = "This crate is used by ICU4X for internal data structure. There is no fileaccess and network access. This uses unsafe block, but we confirm data is valid before."
2161 [[audits.icu_collections]]
2162 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2163 criteria = "safe-to-deploy"
2164 delta = "1.2.0 -> 1.4.0"
2166 [[audits.icu_locid]]
2167 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2168 criteria = "safe-to-deploy"
2170 notes = "This has unsafe block to handle ascii string in utf-8 string. I've vetted the one instance of unsafe code."
2172 [[audits.icu_locid]]
2173 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2174 criteria = "safe-to-deploy"
2175 delta = "1.2.0 -> 1.4.0"
2177 [[audits.icu_locid_transform]]
2178 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2179 criteria = "safe-to-deploy"
2181 notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code."
2183 [[audits.icu_locid_transform_data]]
2184 who = "Jonathan Kew <jkew@mozilla.com>"
2185 criteria = "safe-to-deploy"
2187 notes = "Compile-time static for the icu_locid_transform crate."
2189 [[audits.icu_properties]]
2190 who = "Jonathan Kew <jkew@mozilla.com>"
2191 criteria = "safe-to-deploy"
2193 notes = "This is used by ICU4X for character property lookup. The few (4) usages of unsafe have comments clarifying their safety."
2195 [[audits.icu_properties_data]]
2196 who = "Jonathan Kew <jkew@mozilla.com>"
2197 criteria = "safe-to-deploy"
2199 notes = "Compile-time static data for the icu_properties crate."
2201 [[audits.icu_provider]]
2202 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2203 criteria = "safe-to-deploy"
2205 notes = "Although this has unsafe block, this has a commnet why this is safety and I audited code. Also, this doesn't have file access and network access."
2207 [[audits.icu_provider]]
2208 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2209 criteria = "safe-to-deploy"
2210 delta = "1.2.0 -> 1.4.0"
2212 [[audits.icu_provider_adapters]]
2213 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2214 criteria = "safe-to-deploy"
2216 notes = "This is one of ICU4X data provider crates that depends on data type. This has no unsafe code and uses no ambient capabilities."
2218 [[audits.icu_provider_adapters]]
2219 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2220 criteria = "safe-to-deploy"
2221 delta = "1.2.0 -> 1.4.0"
2223 [[audits.icu_provider_macros]]
2224 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2225 criteria = "safe-to-deploy"
2227 notes = "This crate is macros for ICU4X's data provider implementer. This has no unsafe code and uses no ambient capabilities."
2229 [[audits.icu_provider_macros]]
2230 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2231 criteria = "safe-to-deploy"
2232 delta = "1.2.0 -> 1.2.0@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
2234 [[audits.icu_provider_macros]]
2235 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2236 criteria = "safe-to-deploy"
2237 delta = "1.2.0 -> 1.4.0"
2239 [[audits.icu_segmenter]]
2240 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2241 criteria = "safe-to-deploy"
2243 notes = "Original authors are Makoto Kato and Ting-Yu Lin who work at Mozilla. This crate uses unsafe to matrix calculation, but it is safety to check length. And there is no filesystem / network access."
2245 [[audits.icu_segmenter]]
2246 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2247 criteria = "safe-to-deploy"
2248 delta = "1.2.1 -> 1.4.0"
2250 [[audits.icu_segmenter_data]]
2251 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2252 criteria = "safe-to-deploy"
2254 notes = "This crate is data only for icu_segmenter. There is no filesystem / network access."
2257 who = "Bobby Holley <bobbyholley@gmail.com>"
2258 criteria = "safe-to-deploy"
2259 delta = "0.3.0 -> 0.2.3"
2260 notes = "Backwards diff with some algorithm changes, no unsafe code."
2263 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2264 criteria = "safe-to-deploy"
2265 delta = "0.4.0 -> 0.5.0"
2268 who = "Mike Hommey <mh+mozilla@glandium.org>"
2269 criteria = "safe-to-deploy"
2270 delta = "1.8.2 -> 1.9.1"
2273 who = "Mike Hommey <mh+mozilla@glandium.org>"
2274 criteria = "safe-to-deploy"
2275 delta = "1.9.1 -> 1.9.2"
2278 who = "Mike Hommey <mh+mozilla@glandium.org>"
2279 criteria = "safe-to-deploy"
2280 delta = "1.0.1 -> 1.0.2"
2283 who = "Mike Hommey <mh+mozilla@glandium.org>"
2284 criteria = "safe-to-deploy"
2285 delta = "1.0.2 -> 1.0.3"
2288 who = "Mike Hommey <mh+mozilla@glandium.org>"
2289 criteria = "safe-to-deploy"
2290 delta = "1.0.3 -> 1.0.4"
2292 [[audits.inplace_it]]
2293 who = "Mike Hommey <mh+mozilla@glandium.org>"
2294 criteria = "safe-to-deploy"
2295 delta = "0.3.3 -> 0.3.4"
2297 [[audits.intl-memoizer]]
2298 who = "Zibi Braniecki <zibi@unicode.org>"
2299 criteria = "safe-to-deploy"
2302 [[audits.intl_pluralrules]]
2303 who = "Zibi Braniecki <zibi@unicode.org>"
2304 criteria = "safe-to-deploy"
2307 [[audits.intl_pluralrules]]
2308 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2309 criteria = "safe-to-deploy"
2310 delta = "7.0.1 -> 7.0.2"
2312 [[audits.itertools]]
2313 who = "Mike Hommey <mh+mozilla@glandium.org>"
2314 criteria = "safe-to-deploy"
2315 delta = "0.10.3 -> 0.10.5"
2318 who = "Mike Hommey <mh+mozilla@glandium.org>"
2319 criteria = "safe-to-deploy"
2320 delta = "1.0.2 -> 1.0.3"
2323 who = "Mike Hommey <mh+mozilla@glandium.org>"
2324 criteria = "safe-to-deploy"
2325 delta = "1.0.3 -> 1.0.5"
2327 [[audits.jobserver]]
2328 who = "Mike Hommey <mh+mozilla@glandium.org>"
2329 criteria = "safe-to-deploy"
2330 delta = "0.1.24 -> 0.1.25"
2333 who = "Simon Friedberger <simon@mozilla.com>"
2334 criteria = "safe-to-deploy"
2335 delta = "0.1.2 -> 0.1.3"
2337 [[audits.khronos-egl]]
2338 who = "Nicolas Silva <nical@fastmail.com>"
2339 criteria = "safe-to-deploy"
2340 delta = "4.1.0 -> 6.0.0"
2343 who = "Mike Hommey <mh+mozilla@glandium.org>"
2344 criteria = "safe-to-deploy"
2345 delta = "0.2.126 -> 0.2.132"
2348 who = "Mike Hommey <mh+mozilla@glandium.org>"
2349 criteria = "safe-to-deploy"
2350 delta = "0.2.132 -> 0.2.138"
2353 who = "Mike Hommey <mh+mozilla@glandium.org>"
2354 criteria = "safe-to-deploy"
2355 delta = "0.2.138 -> 0.2.139"
2358 who = "Mike Hommey <mh+mozilla@glandium.org>"
2359 criteria = "safe-to-deploy"
2360 delta = "0.2.147 -> 0.2.148"
2362 [[audits.libloading]]
2363 who = "Mike Hommey <mh+mozilla@glandium.org>"
2364 criteria = "safe-to-deploy"
2365 delta = "0.7.3 -> 0.7.4"
2368 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2369 criteria = "safe-to-deploy"
2371 notes = "This crate uses unsafe block, but this doesn't have network and file access. I audited code."
2373 [[audits.libsqlite3-sys]]
2374 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2375 criteria = "safe-to-deploy"
2376 delta = "0.25.2 -> 0.26.0"
2378 [[audits.libsqlite3-sys]]
2379 who = "Mark Hammond <mhammond@mozilla.com>"
2380 criteria = "safe-to-deploy"
2381 delta = "0.26.0 -> 0.27.0"
2383 [[audits.linked-hash-map]]
2384 who = "Aria Beingessner <a.beingessner@gmail.com>"
2385 criteria = "safe-to-deploy"
2387 notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
2389 [[audits.linked-hash-map]]
2390 who = "Mike Hommey <mh+mozilla@glandium.org>"
2391 criteria = "safe-to-run"
2392 delta = "0.5.4 -> 0.5.6"
2395 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2396 criteria = "safe-to-deploy"
2398 notes = "This crete has no unsafe code, no file acceess and no network access."
2401 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2402 criteria = "safe-to-deploy"
2403 delta = "0.7.0 -> 0.7.2"
2406 who = "Erich Gubler <erichdongubler@gmail.com>"
2407 criteria = "safe-to-deploy"
2411 who = "Bobby Holley <bobbyholley@gmail.com>"
2412 criteria = "safe-to-deploy"
2414 notes = "Victor and Myk developed this crate at Mozilla."
2417 who = "Mike Hommey <mh+mozilla@glandium.org>"
2418 criteria = "safe-to-deploy"
2419 delta = "0.4.7 -> 0.4.9"
2422 who = "Mike Hommey <mh+mozilla@glandium.org>"
2423 criteria = "safe-to-deploy"
2427 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2428 criteria = "safe-to-deploy"
2431 [[audits.malloc_buf]]
2432 who = "Bobby Holley <bobbyholley@gmail.com>"
2433 criteria = "safe-to-deploy"
2436 Very small crate for managing malloc-ed buffers, primarily for use in the objc crate.
2437 There is an edge-case condition that passes slice::from_raw_parts(0x1, 0) which I'm
2438 not entirely certain is technically sound, but in either case I am reasonably confident
2439 it's not exploitable.
2442 [[audits.malloc_size_of_derive]]
2443 who = "Bobby Holley <bobbyholley@gmail.com>"
2444 criteria = "safe-to-deploy"
2447 This was originally servo code which I put on crates.io some years ago but didn't
2448 examine at the time, so I examined it now. I didn't perform a full logic review
2449 but convinced myself that any generated code will be entirely safe to deploy.
2453 who = "Bobby Holley <bobbyholley@gmail.com>"
2454 criteria = "safe-to-deploy"
2456 notes = "This is a trivial crate."
2459 who = "Mike Hommey <mh+mozilla@glandium.org>"
2460 criteria = "safe-to-deploy"
2461 delta = "0.1.9 -> 0.1.10"
2464 who = "Dana Keeler <dkeeler@mozilla.com>"
2465 criteria = "safe-to-deploy"
2469 who = "Mike Hommey <mh+mozilla@glandium.org>"
2470 criteria = "safe-to-deploy"
2471 delta = "0.5.4 -> 0.5.7"
2474 who = "Mike Hommey <mh+mozilla@glandium.org>"
2475 criteria = "safe-to-deploy"
2476 delta = "0.5.7 -> 0.5.8"
2479 who = "Mike Hommey <mh+mozilla@glandium.org>"
2480 criteria = "safe-to-deploy"
2481 delta = "0.5.8 -> 0.5.9"
2484 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2485 criteria = "safe-to-deploy"
2486 delta = "0.5.9 -> 0.8.0"
2489 who = "Mike Hommey <mh+mozilla@glandium.org>"
2490 criteria = "safe-to-deploy"
2491 delta = "0.8.0 -> 0.9.3"
2493 [[audits.memoffset]]
2494 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2495 criteria = "safe-to-deploy"
2496 delta = "0.6.5 -> 0.7.1"
2498 [[audits.memoffset]]
2499 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2500 criteria = "safe-to-deploy"
2501 delta = "0.8.0 -> 0.9.0"
2504 who = "Jim Blandy <jimb@red-bean.com>"
2505 criteria = "safe-to-deploy"
2507 notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer."
2510 who = "Jim Blandy <jimb@red-bean.com>"
2511 criteria = "safe-to-deploy"
2512 delta = "0.23.1 -> 0.24.0"
2513 notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer."
2516 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2517 criteria = "safe-to-deploy"
2518 delta = "0.24.0 -> 0.25.0"
2521 who = "Erich Gubler <egubler@mozilla.com>"
2522 criteria = "safe-to-deploy"
2523 delta = "0.25.0 -> 0.26.0"
2526 who = "Nicolas Silva <nical@fastmail.com>, Jim Blandy <jimb@red-bean.com>"
2527 criteria = "safe-to-deploy"
2528 delta = "0.26.0 -> 0.27.0"
2531 who = "Bobby Holley <bobbyholley@gmail.com>"
2532 criteria = "safe-to-deploy"
2533 delta = "0.7.0 -> 0.7.0@git:519e651241e867af3391db08f9ae6400bc023e18"
2536 who = "Mike Hommey <mh+mozilla@glandium.org>"
2537 criteria = "safe-to-deploy"
2538 delta = "0.7.0 -> 0.7.0@git:85156e360a37d851734118104619f86bd18e94c6"
2541 [[audits.minidump-common]]
2542 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2543 criteria = "safe-to-deploy"
2545 notes = "The code in this crate was written or reviewed by Mozilla employees."
2547 [[audits.minidump-common]]
2548 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2549 criteria = "safe-to-deploy"
2550 delta = "0.15.2 -> 0.17.0"
2552 [[audits.minidump-common]]
2553 who = "Mike Hommey <mh+mozilla@glandium.org>"
2554 criteria = "safe-to-deploy"
2555 delta = "0.17.0 -> 0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545"
2557 [[audits.minidump-common]]
2558 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2559 criteria = "safe-to-deploy"
2560 delta = "0.17.0 -> 0.19.1"
2561 notes = "All the changes have been authored or reviewed by Mozilla employees"
2563 [[audits.minidump-common]]
2564 who = "Mike Hommey <mh+mozilla@glandium.org>"
2565 criteria = "safe-to-deploy"
2566 delta = "0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545 -> 0.17.0@git:6ae42a7f992e8a88ebee661bc77bcedb95cd671f"
2568 [[audits.minidump-writer]]
2569 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2570 criteria = "safe-to-deploy"
2572 notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko."
2574 [[audits.minidump-writer]]
2575 who = "Alex Franchuk <afranchuk@mozilla.com>"
2576 criteria = "safe-to-deploy"
2577 delta = "0.7.0 -> 0.8.0"
2578 notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko."
2580 [[audits.minidump-writer]]
2581 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2582 criteria = "safe-to-deploy"
2583 delta = "0.8.0 -> 0.8.1"
2585 [[audits.minidump-writer]]
2586 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2587 criteria = "safe-to-deploy"
2588 delta = "0.8.1 -> 0.8.1@git:491eb330e78e310c32927e5cc3bd2350af1e93f8"
2589 notes = "All the changes were written by a Mozilla employee (me)"
2591 [[audits.minidump-writer]]
2592 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2593 criteria = "safe-to-deploy"
2594 delta = "0.8.1 -> 0.8.3"
2595 notes = "All changes were authored or reviewed by Mozilla employees"
2597 [[audits.miniz_oxide]]
2598 who = "Mike Hommey <mh+mozilla@glandium.org>"
2599 criteria = "safe-to-deploy"
2600 delta = "0.5.3 -> 0.6.2"
2603 who = "Bobby Holley <bobbyholley@gmail.com>"
2604 criteria = "safe-to-run"
2605 delta = "0.6.21 -> 0.6.23"
2608 who = "Mike Hommey <mh+mozilla@glandium.org>"
2609 criteria = "safe-to-deploy"
2610 delta = "0.8.0 -> 0.8.6"
2613 who = "Mike Hommey <mh+mozilla@glandium.org>"
2614 criteria = "safe-to-deploy"
2615 delta = "0.8.8 -> 0.8.8@git:9a2ef335c366044ffe73b1c4acabe50a1daefe05"
2619 who = "Bobby Holley <bobbyholley@gmail.com>"
2620 criteria = "safe-to-deploy"
2622 notes = "Developed by Mozilla staff."
2625 who = "Dzmitry Malyshau <kvark@fastmail.com>"
2626 criteria = "safe-to-deploy"
2629 This crate, up through the indicated version, was written or reviewed
2630 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
2631 Mozilla at the beginning of February 2022. This audit statement was
2632 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
2633 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
2637 who = "Jim Blandy <jimb@red-bean.com>"
2638 criteria = "safe-to-deploy"
2639 delta = "0.8.0 -> 0.9.0"
2642 who = "Jim Blandy <jimb@red-bean.com>"
2643 criteria = "safe-to-deploy"
2644 delta = "0.9.0 -> 0.10.0"
2647 who = "Nicolas Silva <nical@fastmail.com>"
2648 criteria = "safe-to-deploy"
2649 delta = "0.10.0 -> 0.11.0"
2652 who = "Nicolas Silva <nical@fastmail.com>"
2653 criteria = "safe-to-deploy"
2654 delta = "0.11.0 -> 0.12.0"
2657 who = "Nicolas Silva <nical@fastmail.com>"
2658 criteria = "safe-to-deploy"
2659 delta = "0.12.0 -> 0.13.0"
2662 who = "Nicolas Silva <nical@fastmail.com>"
2663 criteria = "safe-to-deploy"
2664 delta = "0.13.0 -> 0.14.0"
2668 "Jim Blandy <jimb@red-bean.com>",
2669 "Nicolas Silva <nical@fastmail.com>",
2670 "Erich Gubler <erichdongubler@gmail.com>",
2671 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
2673 criteria = "safe-to-deploy"
2674 delta = "0.14.0 -> 0.19.0@git:9c9418e84a9dd9730c0ab316e0f30f2a571827e4"
2678 who = "Mike Hommey <mh+mozilla@glandium.org>"
2679 criteria = "safe-to-run"
2680 delta = "0.2.37 -> 0.2.38"
2682 [[audits.new_debug_unreachable]]
2683 who = "Bobby Holley <bobbyholley@gmail.com>"
2684 criteria = "safe-to-deploy"
2686 notes = "This is a trivial crate."
2689 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2690 criteria = "safe-to-deploy"
2691 delta = "0.15.0 -> 0.25.0"
2692 notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions."
2695 who = "Mike Hommey <mh+mozilla@glandium.org>"
2696 criteria = "safe-to-deploy"
2697 delta = "0.25.0 -> 0.25.1"
2700 who = "Mike Hommey <mh+mozilla@glandium.org>"
2701 criteria = "safe-to-deploy"
2702 delta = "0.25.1 -> 0.26.2"
2705 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2706 criteria = "safe-to-deploy"
2707 delta = "0.26.2 -> 0.27.1"
2710 who = "Mike Hommey <mh+mozilla@glandium.org>"
2711 criteria = "safe-to-deploy"
2712 delta = "7.1.1 -> 7.1.3"
2714 [[audits.nss-gk-api]]
2715 who = "John M. Schanck <jschanck@mozilla.com>"
2716 criteria = "safe-to-deploy"
2718 notes = "Maintained by the CryptoEng team at Mozilla."
2721 who = "Mike Hommey <mh+mozilla@glandium.org>"
2722 criteria = "safe-to-deploy"
2723 delta = "0.3.7 -> 0.4.0"
2726 who = "Josh Stone <jistone@redhat.com>"
2727 criteria = "safe-to-deploy"
2729 notes = "All code written or reviewed by Josh Stone."
2731 [[audits.num-bigint]]
2732 who = "Josh Stone <jistone@redhat.com>"
2733 criteria = "safe-to-deploy"
2735 notes = "All code written or reviewed by Josh Stone."
2737 [[audits.num-bigint]]
2738 who = "Josh Stone <jistone@redhat.com>"
2739 criteria = "safe-to-deploy"
2741 notes = "All code written or reviewed by Josh Stone."
2743 [[audits.num-complex]]
2744 who = "Josh Stone <jistone@redhat.com>"
2745 criteria = "safe-to-deploy"
2747 notes = "All code written or reviewed by Josh Stone."
2749 [[audits.num-derive]]
2750 who = "Josh Stone <jistone@redhat.com>"
2751 criteria = "safe-to-deploy"
2753 notes = "All code written or reviewed by Josh Stone."
2755 [[audits.num-derive]]
2756 who = "Mike Hommey <mh+mozilla@glandium.org>"
2757 criteria = "safe-to-deploy"
2758 delta = "0.3.3 -> 0.4.0"
2760 [[audits.num-integer]]
2761 who = "Josh Stone <jistone@redhat.com>"
2762 criteria = "safe-to-deploy"
2764 notes = "All code written or reviewed by Josh Stone."
2767 who = "Josh Stone <jistone@redhat.com>"
2768 criteria = "safe-to-deploy"
2770 notes = "All code written or reviewed by Josh Stone."
2772 [[audits.num-macros]]
2773 who = "Josh Stone <jistone@redhat.com>"
2774 criteria = "safe-to-deploy"
2776 notes = "All code written or reviewed by Josh Stone."
2778 [[audits.num-rational]]
2779 who = "Josh Stone <jistone@redhat.com>"
2780 criteria = "safe-to-deploy"
2782 notes = "All code written or reviewed by Josh Stone."
2784 [[audits.num-traits]]
2785 who = "Josh Stone <jistone@redhat.com>"
2786 criteria = "safe-to-deploy"
2788 notes = "All code written or reviewed by Josh Stone."
2791 who = "Mike Hommey <mh+mozilla@glandium.org>"
2792 criteria = "safe-to-deploy"
2793 delta = "1.13.1 -> 1.14.0"
2796 who = "Mike Hommey <mh+mozilla@glandium.org>"
2797 criteria = "safe-to-deploy"
2798 delta = "1.14.0 -> 1.15.0"
2801 who = "Mike Hommey <mh+mozilla@glandium.org>"
2802 criteria = "safe-to-deploy"
2803 delta = "0.28.4 -> 0.30.0"
2806 who = "Mike Hommey <mh+mozilla@glandium.org>"
2807 criteria = "safe-to-deploy"
2808 delta = "0.30.0 -> 0.30.3"
2810 [[audits.once_cell]]
2811 who = "Mike Hommey <mh+mozilla@glandium.org>"
2812 criteria = "safe-to-deploy"
2813 delta = "1.12.0 -> 1.13.1"
2815 [[audits.once_cell]]
2816 who = "Mike Hommey <mh+mozilla@glandium.org>"
2817 criteria = "safe-to-deploy"
2818 delta = "1.13.1 -> 1.16.0"
2820 [[audits.once_cell]]
2821 who = "Mike Hommey <mh+mozilla@glandium.org>"
2822 criteria = "safe-to-deploy"
2823 delta = "1.16.0 -> 1.17.1"
2826 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2827 criteria = "safe-to-deploy"
2829 notes = "Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years."
2832 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2833 criteria = "safe-to-deploy"
2834 version = "0.1.5@git:1f3c657c8073aec4f0b6ebac7be33b4851644745"
2836 Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years.
2838 The git branch is my fork of the official code that removes the `loom` target to avoid pulling in that crate and its dependencies into moz-central.
2839 This doesn't change any of the functionality -- the `loom` target is only used for testing.
2842 [[audits.oneshot-uniffi]]
2843 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2844 criteria = "safe-to-deploy"
2846 notes = "This is the essentially same code as `oneshot version 0.1.5` which has already been audited. The only difference is that it won't pull in `loom` and related dependencies when `mach vendor rust` is run."
2848 [[audits.ordered-float]]
2849 who = "Mike Hommey <mh+mozilla@glandium.org>"
2850 criteria = "safe-to-deploy"
2851 delta = "3.0.0 -> 3.4.0"
2853 [[audits.origin-trial-token]]
2854 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
2855 criteria = "safe-to-deploy"
2858 I'm the author of the crate. The only unsafe code is a view over a byte array
2859 which is properly validated.
2861 Cryptography shenanigans are delegated to the caller so there's no possible
2865 [[audits.os_str_bytes]]
2866 who = "Mike Hommey <mh+mozilla@glandium.org>"
2867 criteria = "safe-to-deploy"
2868 delta = "6.1.0 -> 6.3.0"
2870 [[audits.os_str_bytes]]
2871 who = "Mike Hommey <mh+mozilla@glandium.org>"
2872 criteria = "safe-to-deploy"
2873 delta = "6.3.0 -> 6.4.1"
2875 [[audits.oxilangtag]]
2876 who = "Jonathan Kew <jkew@mozilla.com>"
2877 criteria = "safe-to-deploy"
2880 I have reviewed all the code in this (small) crate.
2881 There is no unsafe code present.
2884 [[audits.packed_simd]]
2885 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
2886 criteria = "safe-to-deploy"
2887 delta = "0.3.8 -> 0.3.9"
2888 notes = "The update from 0.3.8 to 0.3.9 makes mechanical changes to accommodate renaming, compiler updates, and CI service updates."
2890 [[audits.packed_simd]]
2891 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
2892 criteria = "safe-to-deploy"
2893 delta = "0.3.9 -> 0.3.9@git:e588ceb568878e1a3156ea9ce551d5b63ef0cdc4"
2894 notes = "The patch on top of crates.io version 0.3.9 merely deletes code for a feature that Firefox does not use."
2896 [[audits.packed_simd_2]]
2897 who = "Mike Hommey <mh+mozilla@glandium.org>"
2898 criteria = "safe-to-deploy"
2899 delta = "0.3.7 -> 0.3.8"
2901 [[audits.packed_simd_2]]
2902 who = "Bobby Holley <bobbyholley@gmail.com>"
2903 criteria = "safe-to-deploy"
2904 delta = "0.3.8 -> 0.3.8@git:412f9a0aa556611de021bde89dee8fefe6e0fbbd"
2906 [[audits.parking_lot_core]]
2907 who = "Mike Hommey <mh+mozilla@glandium.org>"
2908 criteria = "safe-to-deploy"
2909 delta = "0.8.5 -> 0.8.6"
2912 who = "Mike Hommey <mh+mozilla@glandium.org>"
2913 criteria = "safe-to-deploy"
2914 delta = "1.0.7 -> 1.0.8"
2917 who = "Mike Hommey <mh+mozilla@glandium.org>"
2918 criteria = "safe-to-deploy"
2919 delta = "1.0.8 -> 1.0.11"
2921 [[audits.peeking_take_while]]
2922 who = "Bobby Holley <bobbyholley@gmail.com>"
2923 criteria = "safe-to-deploy"
2924 delta = "1.0.0 -> 0.1.2"
2925 notes = "Small refactor of some simple iterator logic, no unsafe code or capabilities."
2927 [[audits.percent-encoding]]
2928 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2929 criteria = "safe-to-deploy"
2930 delta = "2.2.0 -> 2.3.0"
2932 [[audits.percent-encoding]]
2933 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2934 criteria = "safe-to-deploy"
2935 delta = "2.3.0 -> 2.3.1"
2938 who = "Mike Hommey <mh+mozilla@glandium.org>"
2939 criteria = "safe-to-deploy"
2940 delta = "0.10.1 -> 0.11.2"
2942 [[audits.phf_codegen]]
2943 who = "Mike Hommey <mh+mozilla@glandium.org>"
2944 criteria = "safe-to-deploy"
2945 delta = "0.10.0 -> 0.11.2"
2947 [[audits.phf_generator]]
2948 who = "Mike Hommey <mh+mozilla@glandium.org>"
2949 criteria = "safe-to-deploy"
2950 delta = "0.10.0 -> 0.11.2"
2952 [[audits.phf_macros]]
2953 who = "Mike Hommey <mh+mozilla@glandium.org>"
2954 criteria = "safe-to-deploy"
2955 delta = "0.10.0 -> 0.11.2"
2957 [[audits.phf_shared]]
2958 who = "Mike Hommey <mh+mozilla@glandium.org>"
2959 criteria = "safe-to-deploy"
2960 delta = "0.10.0 -> 0.11.2"
2962 [[audits.pin-project]]
2963 who = "Mike Hommey <mh+mozilla@glandium.org>"
2964 criteria = "safe-to-run"
2965 delta = "1.0.10 -> 1.0.12"
2967 [[audits.pin-project]]
2968 who = "Mike Hommey <mh+mozilla@glandium.org>"
2969 criteria = "safe-to-run"
2970 delta = "1.0.12 -> 1.1.0"
2972 [[audits.pin-project-internal]]
2973 who = "Mike Hommey <mh+mozilla@glandium.org>"
2974 criteria = "safe-to-run"
2975 delta = "1.0.10 -> 1.0.12"
2977 [[audits.pin-project-internal]]
2978 who = "Mike Hommey <mh+mozilla@glandium.org>"
2979 criteria = "safe-to-run"
2980 delta = "1.0.12 -> 1.1.0"
2982 [[audits.pkcs11-bindings]]
2983 who = "Dana Keeler <dkeeler@mozilla.com>"
2984 criteria = "safe-to-deploy"
2987 This crate consists of declarations of types and constants that are
2988 auto-generated by running bindgen on the PKCS#11 specification headers. Other
2989 than the tests generated by bindgen, it consists of no runnable code.
2992 [[audits.pkcs11-bindings]]
2993 who = "John M. Schanck <jmschanck@gmail.com>"
2994 criteria = "safe-to-deploy"
2997 [[audits.pkcs11-bindings]]
2998 who = "Mike Hommey <mh+mozilla@glandium.org>"
2999 criteria = "safe-to-deploy"
3000 delta = "0.1.1 -> 0.1.4"
3002 [[audits.pkcs11-bindings]]
3003 who = "Mike Hommey <mh+mozilla@glandium.org>"
3004 criteria = "safe-to-deploy"
3005 delta = "0.1.4 -> 0.1.5"
3007 [[audits.pkg-config]]
3008 who = "Mike Hommey <mh+mozilla@glandium.org>"
3009 criteria = "safe-to-deploy"
3010 delta = "0.3.25 -> 0.3.26"
3012 [[audits.plane-split]]
3013 who = "Nicolas Silva <nical@fastmail.com>"
3014 criteria = "safe-to-deploy"
3016 notes = "Mozilla-developed package, no unsafe code, no access to file system, network or other far reaching APIs."
3018 [[audits.ppv-lite86]]
3019 who = "Mike Hommey <mh+mozilla@glandium.org>"
3020 criteria = "safe-to-deploy"
3021 delta = "0.2.16 -> 0.2.17"
3023 [[audits.precomputed-hash]]
3024 who = "Bobby Holley <bobbyholley@gmail.com>"
3025 criteria = "safe-to-deploy"
3027 notes = "This is a trivial crate."
3030 who = "Simon Friedberger <simon@mozilla.com>"
3031 criteria = "safe-to-deploy"
3033 notes = "The crate does not use any unsafe code or ambient capabilities and thus meets the criteria for safe-to-deploy. The cryptography itself should be considered experimental at this phase and is currently undergoing a thorough audit organized by Cloudflare."
3036 who = "Simon Friedberger <simon@mozilla.com>"
3037 criteria = "safe-to-deploy"
3040 [[audits.proc-macro-hack]]
3041 who = "Mike Hommey <mh+mozilla@glandium.org>"
3042 criteria = "safe-to-deploy"
3043 delta = "0.5.19 -> 0.5.20+deprecated"
3045 [[audits.proc-macro2]]
3046 who = "Nika Layzell <nika@thelayzells.com>"
3047 criteria = "safe-to-deploy"
3050 `proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
3051 `proc_macro` crate, or as a fallback implementation of the crate, depending on
3054 If using this crate on older versions of rustc (1.56 and earlier), it will
3055 temporarily replace the panic handler while initializing in order to detect if
3056 it is running within a `proc_macro`, which could lead to surprising behaviour.
3057 This should not be an issue for more recent compiler versions, which support
3058 `proc_macro::is_available()`.
3060 The `proc-macro2` crate's fallback behaviour is not identical to the complex
3061 behaviour of the rustc compiler (e.g. it does not perform unicode normalization
3062 for identifiers), however it behaves well enough for its intended use-case
3063 (tests and scripts processing rust code).
3065 `proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
3066 allow bypassing checks in the fallback implementation when constructing
3067 `Literal` using `from_str_unchecked`. This was intended to only be used by the
3068 `quote!` macro, however it has been removed
3069 (https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
3070 and is likely completely unused. Even when used, this API shouldn't be able to
3074 [[audits.proc-macro2]]
3075 who = "Mike Hommey <mh+mozilla@glandium.org>"
3076 criteria = "safe-to-deploy"
3077 delta = "1.0.39 -> 1.0.43"
3079 [[audits.proc-macro2]]
3080 who = "Mike Hommey <mh+mozilla@glandium.org>"
3081 criteria = "safe-to-deploy"
3082 delta = "1.0.43 -> 1.0.49"
3084 [[audits.proc-macro2]]
3085 who = "Mike Hommey <mh+mozilla@glandium.org>"
3086 criteria = "safe-to-deploy"
3087 delta = "1.0.49 -> 1.0.51"
3089 [[audits.procfs-core]]
3090 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3091 criteria = "safe-to-deploy"
3092 version = "0.16.0-RC1"
3094 [[audits.procfs-core]]
3095 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3096 criteria = "safe-to-deploy"
3097 delta = "0.16.0-RC1 -> 0.16.0"
3099 [[audits.profiling]]
3100 who = "Mike Hommey <mh+mozilla@glandium.org>"
3101 criteria = "safe-to-deploy"
3102 delta = "1.0.6 -> 1.0.7"
3105 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3106 criteria = "safe-to-deploy"
3107 delta = "0.8.0 -> 0.11.9"
3108 notes = "Mostly internal refactorings. Minimal new unsafe code, but with the invariants explicitly checked in code"
3111 who = "Drew Willcoxon <adw@mozilla.com>"
3112 criteria = "safe-to-deploy"
3113 delta = "0.11.9 -> 0.12.1"
3115 [[audits.prost-derive]]
3116 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3117 criteria = "safe-to-deploy"
3118 delta = "0.8.0 -> 0.11.9"
3119 notes = "Documentation and internal refactoring changes only"
3121 [[audits.prost-derive]]
3122 who = "Mike Hommey <mh+mozilla@glandium.org>"
3123 criteria = "safe-to-deploy"
3124 delta = "0.11.9 -> 0.11.9@git:95964e9d33df3c2a9c3f14285e262867cab6f96b"
3125 notes = "Changes against 0.11.9 are mine."
3127 [[audits.prost-derive]]
3128 who = "Drew Willcoxon <adw@mozilla.com>"
3129 criteria = "safe-to-deploy"
3130 delta = "0.11.9 -> 0.12.1"
3133 who = "Kershaw Chang <kershaw@mozilla.com>"
3134 criteria = "safe-to-deploy"
3138 who = "Kershaw Chang <kershaw@mozilla.com>"
3139 criteria = "safe-to-deploy"
3140 delta = "0.9.0 -> 0.11.0"
3143 who = "Kershaw Chang <kershaw@mozilla.com>"
3144 criteria = "safe-to-deploy"
3145 delta = "0.11.0 -> 0.12.0"
3148 who = "Nika Layzell <nika@thelayzells.com>"
3149 criteria = "safe-to-deploy"
3152 `quote` is a utility crate used by proc-macros to generate TokenStreams
3153 conveniently from source code. The bulk of the logic is some complex
3154 interlocking `macro_rules!` macros which are used to parse and build the
3155 `TokenStream` within the proc-macro.
3157 This crate contains no unsafe code, and the internal logic, while difficult to
3158 read, is generally straightforward. I have audited the the quote macros, ident
3159 formatter, and runtime logic.
3163 who = "Mike Hommey <mh+mozilla@glandium.org>"
3164 criteria = "safe-to-deploy"
3165 delta = "1.0.18 -> 1.0.21"
3168 who = "Mike Hommey <mh+mozilla@glandium.org>"
3169 criteria = "safe-to-deploy"
3170 delta = "1.0.21 -> 1.0.23"
3173 who = "Nika Layzell <nika@thelayzells.com>"
3174 criteria = "safe-to-deploy"
3177 I am no longer the primary maintainer of `radium`, however I have audited the
3178 code to ensure it is still correct. The implementation contains no `unsafe`
3179 logic, and will not abstract away `Sync` trait bounds.
3181 The core logic is very simple, and acts as an abstraction trait for `Cell<T>`
3185 [[audits.rand_core]]
3186 who = "Mike Hommey <mh+mozilla@glandium.org>"
3187 criteria = "safe-to-deploy"
3188 delta = "0.6.3 -> 0.6.4"
3190 [[audits.range-alloc]]
3191 who = "Bobby Holley <bobbyholley@gmail.com>"
3192 criteria = "safe-to-deploy"
3194 notes = "Dzmitry authored this crate while he was staff at Mozilla."
3196 [[audits.range-alloc]]
3197 who = "Mike Hommey <mh+mozilla@glandium.org>"
3198 criteria = "safe-to-deploy"
3199 delta = "0.1.2 -> 0.1.3"
3201 [[audits.range-map]]
3202 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3203 criteria = "safe-to-deploy"
3206 [[audits.raw-window-handle]]
3207 who = "Jim Blandy <jimb@red-bean.com>"
3208 criteria = "safe-to-deploy"
3210 notes = "I looked through all the sources of the v0.5.0 crate."
3212 [[audits.raw-window-handle]]
3213 who = "Mike Hommey <mh+mozilla@glandium.org>"
3214 criteria = "safe-to-deploy"
3215 delta = "0.5.0 -> 0.5.2"
3217 [[audits.raw-window-handle]]
3218 who = "Nicolas Silva <nical@fastmail.com>"
3219 criteria = "safe-to-deploy"
3220 delta = "0.5.2 -> 0.6.0"
3223 who = "Josh Stone <jistone@redhat.com>"
3224 criteria = "safe-to-deploy"
3226 notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
3229 who = "Mike Hommey <mh+mozilla@glandium.org>"
3230 criteria = "safe-to-deploy"
3231 delta = "1.5.3 -> 1.6.1"
3233 [[audits.rayon-core]]
3234 who = "Josh Stone <jistone@redhat.com>"
3235 criteria = "safe-to-deploy"
3237 notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
3239 [[audits.rayon-core]]
3240 who = "Mike Hommey <mh+mozilla@glandium.org>"
3241 criteria = "safe-to-deploy"
3242 delta = "1.9.3 -> 1.10.1"
3244 [[audits.rayon-core]]
3245 who = "Mike Hommey <mh+mozilla@glandium.org>"
3246 criteria = "safe-to-deploy"
3247 delta = "1.10.1 -> 1.10.2"
3249 [[audits.redox_syscall]]
3250 who = "Mike Hommey <mh+mozilla@glandium.org>"
3251 criteria = "safe-to-deploy"
3252 delta = "0.2.13 -> 0.2.16"
3255 who = "Mike Hommey <mh+mozilla@glandium.org>"
3256 criteria = "safe-to-deploy"
3257 delta = "1.5.6 -> 1.6.0"
3260 who = "Mike Hommey <mh+mozilla@glandium.org>"
3261 criteria = "safe-to-deploy"
3262 delta = "1.6.0 -> 1.7.0"
3265 who = "Mike Hommey <mh+mozilla@glandium.org>"
3266 criteria = "safe-to-deploy"
3267 delta = "1.7.0 -> 1.7.1"
3269 [[audits.regex-syntax]]
3270 who = "Mike Hommey <mh+mozilla@glandium.org>"
3271 criteria = "safe-to-deploy"
3272 delta = "0.6.26 -> 0.6.27"
3274 [[audits.regex-syntax]]
3275 who = "Mike Hommey <mh+mozilla@glandium.org>"
3276 criteria = "safe-to-deploy"
3277 delta = "0.6.27 -> 0.6.28"
3280 who = "Chris H-C <chutten@mozilla.com>"
3281 criteria = "safe-to-deploy"
3283 notes = "Maintained by Jan-Erik and :krosylight."
3286 who = "Chris H-C <chutten@mozilla.com>"
3287 criteria = "safe-to-deploy"
3291 who = "Mike Hommey <mh+mozilla@glandium.org>"
3292 criteria = "safe-to-deploy"
3293 delta = "0.7.0 -> 0.7.1"
3296 who = "Jim Blandy <jimb@red-bean.com>"
3297 criteria = "safe-to-deploy"
3298 delta = "0.7.1 -> 0.8.0"
3301 who = "Mike Hommey <mh+mozilla@glandium.org>"
3302 criteria = "safe-to-deploy"
3303 delta = "0.8.0 -> 0.8.1"
3306 who = "Nika Layzell <nika@thelayzells.com>"
3307 criteria = "safe-to-deploy"
3310 This is a fairly straightforward FFI wrapper crate for `regex`, maintained by
3311 the `regex` developers in the same repository.
3313 This crate is explicitly designed for FFI use, and should not be used directly
3314 by Rust code. The exported `extern \"C\"` functions are not marked as `unsafe`,
3315 meaning that it is technically incorrect to use them from within Rust code,
3316 however they are reasonable to use from C code.
3318 The unsafe code in this crate heavily depends on the C caller maintaining
3319 invariants, however these invariants are clearly documented in the `rure.h`
3320 file, bundled with the crate.
3322 I have checked the signatures of each function both in C++ and in the Rust to
3323 ensure they match. In some places, the c `rure.h` header file is missing a
3324 `const` qualifier which could be present given the Rust code, however this will
3325 have no impact on ABI, and is fairly normal for FFI crates.
3327 Panics are handled in all Rust FFI methods, meaning that projects which do not
3328 disable unwinding will still consistently abort (using `libc::abort()`) if a
3329 panic occurs in the Rust code.
3333 who = "Mike Hommey <mh+mozilla@glandium.org>"
3334 criteria = "safe-to-deploy"
3335 delta = "0.27.0 -> 0.28.0"
3338 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
3339 criteria = "safe-to-deploy"
3340 delta = "0.28.0 -> 0.29.0"
3343 who = "Mark Hammond <mhammond@mozilla.com>"
3344 criteria = "safe-to-deploy"
3345 delta = "0.29.0 -> 0.30.0"
3347 [[audits.rust_cascade]]
3348 who = "Mike Hommey <mh+mozilla@glandium.org>"
3349 criteria = "safe-to-deploy"
3350 delta = "1.4.0 -> 1.5.0"
3352 [[audits.rust_decimal]]
3353 who = "Mike Hommey <mh+mozilla@glandium.org>"
3354 criteria = "safe-to-deploy"
3355 delta = "1.24.0 -> 1.25.0"
3357 [[audits.rust_decimal]]
3358 who = "Mike Hommey <mh+mozilla@glandium.org>"
3359 criteria = "safe-to-deploy"
3360 delta = "1.25.0 -> 1.26.1"
3362 [[audits.rust_decimal]]
3363 who = "Mike Hommey <mh+mozilla@glandium.org>"
3364 criteria = "safe-to-deploy"
3365 delta = "1.26.1 -> 1.27.0"
3367 [[audits.rust_decimal]]
3368 who = "Mike Hommey <mh+mozilla@glandium.org>"
3369 criteria = "safe-to-deploy"
3370 delta = "1.27.0 -> 1.28.1"
3372 [[audits.rustc-hash]]
3373 who = "Bobby Holley <bobbyholley@gmail.com>"
3374 criteria = "safe-to-deploy"
3376 notes = "Straightforward crate with no unsafe code, does what it says on the tin."
3378 [[audits.rustc_version]]
3379 who = "Nika Layzell <nika@thelayzells.com>"
3380 criteria = "safe-to-run"
3383 Straightforward crate which runs `$RUSTC -vV` and parses the output into a
3384 machine-interpretable form for build scripts.
3387 [[audits.rustversion]]
3388 who = "Bobby Holley <bobbyholley@gmail.com>"
3389 criteria = "safe-to-deploy"
3392 This crate has a build-time component and procedural macro logic, which I looked
3393 at enough to convince myself it wasn't going to do anything dramatically wrong.
3394 I don't think logic bugs in the version parsing etc can realistically introduce
3395 a security vulnerability.
3398 [[audits.rustversion]]
3399 who = "Mike Hommey <mh+mozilla@glandium.org>"
3400 criteria = "safe-to-run"
3401 delta = "1.0.9 -> 1.0.11"
3404 who = "Mike Hommey <mh+mozilla@glandium.org>"
3405 criteria = "safe-to-deploy"
3406 delta = "1.0.10 -> 1.0.11"
3409 who = "Mike Hommey <mh+mozilla@glandium.org>"
3410 criteria = "safe-to-deploy"
3411 delta = "1.0.11 -> 1.0.12"
3414 who = "Bobby Holley <bobbyholley@gmail.com>"
3415 criteria = "safe-to-run"
3417 notes = "I didn't review the allocation code carefully but it's not malicious."
3419 [[audits.scoped-tls]]
3420 who = "Mike Hommey <mh+mozilla@glandium.org>"
3421 criteria = "safe-to-run"
3422 delta = "1.0.0 -> 1.0.1"
3425 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3426 criteria = "safe-to-deploy"
3427 delta = "0.10.2 -> 0.11.0"
3428 notes = "Small changes to exposed traits, that look reasonable and have additional buffer boundary checks. No unsafe code touched."
3430 [[audits.scroll_derive]]
3431 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3432 criteria = "safe-to-deploy"
3433 delta = "0.10.5 -> 0.11.0"
3434 notes = "No code changes. Tagged together with its parent crate scroll."
3436 [[audits.scroll_derive]]
3437 who = "Mike Hommey <mh+mozilla@glandium.org>"
3438 criteria = "safe-to-deploy"
3439 delta = "0.11.0 -> 0.11.1"
3441 [[audits.selectors]]
3442 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3443 criteria = "safe-to-deploy"
3446 This crate is basically developed in-tree. Mozilla employees have either
3447 reviewed or written virtually all of the code.
3451 who = "Mike Hommey <mh+mozilla@glandium.org>"
3452 criteria = "safe-to-deploy"
3453 delta = "1.0.9 -> 1.0.10"
3456 who = "Mike Hommey <mh+mozilla@glandium.org>"
3457 criteria = "safe-to-deploy"
3458 delta = "1.0.10 -> 1.0.13"
3461 who = "Mike Hommey <mh+mozilla@glandium.org>"
3462 criteria = "safe-to-deploy"
3463 delta = "1.0.13 -> 1.0.16"
3466 who = "Bobby Holley <bobbyholley@gmail.com>"
3467 criteria = "safe-to-deploy"
3468 delta = "1.0.17 -> 1.0.16"
3471 who = "Mike Hommey <mh+mozilla@glandium.org>"
3472 criteria = "safe-to-deploy"
3473 delta = "1.0.137 -> 1.0.143"
3476 who = "Mike Hommey <mh+mozilla@glandium.org>"
3477 criteria = "safe-to-deploy"
3478 delta = "1.0.143 -> 1.0.144"
3481 who = "Mike Hommey <mh+mozilla@glandium.org>"
3482 criteria = "safe-to-deploy"
3483 delta = "1.0.144 -> 1.0.151"
3486 who = "Mike Hommey <mh+mozilla@glandium.org>"
3487 criteria = "safe-to-deploy"
3488 delta = "1.0.151 -> 1.0.152"
3490 [[audits.serde_bytes]]
3491 who = "Mike Hommey <mh+mozilla@glandium.org>"
3492 criteria = "safe-to-deploy"
3493 delta = "0.11.6 -> 0.11.7"
3495 [[audits.serde_bytes]]
3496 who = "Mike Hommey <mh+mozilla@glandium.org>"
3497 criteria = "safe-to-deploy"
3498 delta = "0.11.7 -> 0.11.8"
3500 [[audits.serde_bytes]]
3501 who = "Mike Hommey <mh+mozilla@glandium.org>"
3502 criteria = "safe-to-deploy"
3503 delta = "0.11.8 -> 0.11.9"
3505 [[audits.serde_cbor]]
3506 who = "R. Martinho Fernandes <bugs@rmf.io>"
3507 criteria = "safe-to-deploy"
3510 [[audits.serde_cbor]]
3511 who = "John M. Schanck <jschanck@mozilla.com>"
3512 criteria = "safe-to-deploy"
3513 delta = "0.11.1 -> 0.11.2"
3515 [[audits.serde_derive]]
3516 who = "Mike Hommey <mh+mozilla@glandium.org>"
3517 criteria = "safe-to-deploy"
3518 delta = "1.0.137 -> 1.0.143"
3520 [[audits.serde_derive]]
3521 who = "Mike Hommey <mh+mozilla@glandium.org>"
3522 criteria = "safe-to-deploy"
3523 delta = "1.0.143 -> 1.0.144"
3525 [[audits.serde_derive]]
3526 who = "Mike Hommey <mh+mozilla@glandium.org>"
3527 criteria = "safe-to-deploy"
3528 delta = "1.0.144 -> 1.0.151"
3530 [[audits.serde_derive]]
3531 who = "Mike Hommey <mh+mozilla@glandium.org>"
3532 criteria = "safe-to-deploy"
3533 delta = "1.0.151 -> 1.0.152"
3535 [[audits.serde_json]]
3536 who = "Mike Hommey <mh+mozilla@glandium.org>"
3537 criteria = "safe-to-deploy"
3538 delta = "1.0.81 -> 1.0.83"
3540 [[audits.serde_json]]
3541 who = "Mike Hommey <mh+mozilla@glandium.org>"
3542 criteria = "safe-to-deploy"
3543 delta = "1.0.83 -> 1.0.85"
3545 [[audits.serde_json]]
3546 who = "Mike Hommey <mh+mozilla@glandium.org>"
3547 criteria = "safe-to-deploy"
3548 delta = "1.0.85 -> 1.0.91"
3550 [[audits.serde_json]]
3551 who = "Mike Hommey <mh+mozilla@glandium.org>"
3552 criteria = "safe-to-deploy"
3553 delta = "1.0.91 -> 1.0.93"
3555 [[audits.serde_path_to_error]]
3556 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
3557 criteria = "safe-to-deploy"
3560 [[audits.serde_repr]]
3561 who = "Mike Hommey <mh+mozilla@glandium.org>"
3562 criteria = "safe-to-run"
3563 delta = "0.1.8 -> 0.1.9"
3565 [[audits.serde_repr]]
3566 who = "Mike Hommey <mh+mozilla@glandium.org>"
3567 criteria = "safe-to-run"
3568 delta = "0.1.9 -> 0.1.10"
3570 [[audits.serde_with]]
3571 who = "Mike Hommey <mh+mozilla@glandium.org>"
3572 criteria = "safe-to-deploy"
3573 delta = "1.14.0 -> 3.0.0"
3575 [[audits.serde_with_macros]]
3576 who = "Mike Hommey <mh+mozilla@glandium.org>"
3577 criteria = "safe-to-deploy"
3578 delta = "1.5.2 -> 3.0.0"
3580 [[audits.serde_yaml]]
3581 who = "Mike Hommey <mh+mozilla@glandium.org>"
3582 criteria = "safe-to-run"
3583 delta = "0.8.24 -> 0.8.26"
3585 [[audits.servo_arc]]
3586 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3587 criteria = "safe-to-deploy"
3589 notes = "Developed in-tree, effectively."
3592 who = "Mike Hommey <mh+mozilla@glandium.org>"
3593 criteria = "safe-to-deploy"
3594 delta = "0.9.2 -> 0.9.3"
3597 who = "Dana Keeler <dkeeler@mozilla.com>"
3598 criteria = "safe-to-deploy"
3602 who = "Mike Hommey <mh+mozilla@glandium.org>"
3603 criteria = "safe-to-run"
3604 delta = "0.10.0 -> 0.10.5"
3607 who = "Mike Hommey <mh+mozilla@glandium.org>"
3608 criteria = "safe-to-deploy"
3609 delta = "0.10.2 -> 0.10.6"
3612 who = "Simon Friedberger <simon@mozilla.com>"
3613 criteria = "safe-to-deploy"
3614 delta = "0.10.6 -> 0.10.7"
3617 who = "Mike Hommey <mh+mozilla@glandium.org>"
3618 criteria = "safe-to-deploy"
3619 delta = "0.4.6 -> 0.4.7"
3622 who = "Mike Hommey <mh+mozilla@glandium.org>"
3623 criteria = "safe-to-deploy"
3624 delta = "0.4.7 -> 0.4.8"
3626 [[audits.smallbitvec]]
3627 who = "Bobby Holley <bobbyholley@gmail.com>"
3628 criteria = "safe-to-deploy"
3630 notes = "All code written or reviewed by Mozilla staff."
3632 [[audits.smallbitvec]]
3633 who = "Bobby Holley <bobbyholley@gmail.com>"
3634 criteria = "safe-to-deploy"
3635 delta = "2.5.0 -> 2.5.1"
3638 who = "Mike Hommey <mh+mozilla@glandium.org>"
3639 criteria = "safe-to-deploy"
3640 delta = "1.8.0 -> 1.9.0"
3643 who = "Mike Hommey <mh+mozilla@glandium.org>"
3644 criteria = "safe-to-deploy"
3645 delta = "1.9.0 -> 1.10.0"
3647 [[audits.smart-default]]
3648 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3649 criteria = "safe-to-deploy"
3652 [[audits.smart-default]]
3653 who = "Mike Hommey <mh+mozilla@glandium.org>"
3654 criteria = "safe-to-deploy"
3655 delta = "0.6.0 -> 0.7.1"
3658 who = "Mike Hommey <mh+mozilla@glandium.org>"
3659 criteria = "safe-to-deploy"
3660 delta = "0.4.4 -> 0.4.7"
3663 who = "Nicolas Silva <nical@fastmail.com>"
3664 criteria = "safe-to-deploy"
3665 delta = "0.2.0+1.5.4 -> 0.3.0+sdk-1.3.268.0"
3668 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3669 criteria = "safe-to-deploy"
3671 notes = "This crate uses unsafe lock to keep invariant. I auditted code. Also, this doesn't have file access and network access."
3673 [[audits.strck_ident]]
3674 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3675 criteria = "safe-to-deploy"
3677 notes = "This crate doesn't use unsafe block, network access and filesystem access."
3680 who = "Simon Friedberger <simon@mozilla.com>"
3681 criteria = "safe-to-deploy"
3683 notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
3686 who = "Bobby Holley <bobbyholley@gmail.com>"
3687 criteria = "safe-to-deploy"
3689 notes = "Simple string processing with no unsafe code or ambient capability usage."
3692 who = "Mike Hommey <mh+mozilla@glandium.org>"
3693 criteria = "safe-to-deploy"
3694 delta = "1.0.96 -> 1.0.99"
3697 who = "Mike Hommey <mh+mozilla@glandium.org>"
3698 criteria = "safe-to-deploy"
3699 delta = "1.0.99 -> 1.0.107"
3701 [[audits.synstructure]]
3702 who = "Nika Layzell <nika@thelayzells.com>"
3703 criteria = "safe-to-deploy"
3706 I am the primary author of the `synstructure` crate, and its current
3707 maintainer. The one use of `unsafe` is unnecessary, but documented and
3708 harmless. It will be removed in the next version.
3711 [[audits.synstructure]]
3712 who = "Mike Hommey <mh+mozilla@glandium.org>"
3713 criteria = "safe-to-deploy"
3714 delta = "0.12.6 -> 0.13.0"
3717 who = "Mike Hommey <mh+mozilla@glandium.org>"
3718 criteria = "safe-to-deploy"
3719 delta = "3.6.0 -> 3.8.0"
3722 who = "Mike Hommey <mh+mozilla@glandium.org>"
3723 criteria = "safe-to-deploy"
3724 delta = "3.8.0 -> 3.9.0"
3726 [[audits.termcolor]]
3727 who = "Mike Hommey <mh+mozilla@glandium.org>"
3728 criteria = "safe-to-deploy"
3729 delta = "1.1.3 -> 1.2.0"
3732 who = "Mike Hommey <mh+mozilla@glandium.org>"
3733 criteria = "safe-to-deploy"
3734 delta = "0.15.0 -> 0.15.2"
3737 who = "Mike Hommey <mh+mozilla@glandium.org>"
3738 criteria = "safe-to-deploy"
3739 delta = "0.15.2 -> 0.16.0"
3742 who = "Aria Beingessner <a.beingessner@gmail.com>"
3743 criteria = "safe-to-deploy"
3745 notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."
3748 who = "Mike Hommey <mh+mozilla@glandium.org>"
3749 criteria = "safe-to-deploy"
3750 delta = "0.2.5 -> 0.2.7"
3753 who = "Mike Hommey <mh+mozilla@glandium.org>"
3754 criteria = "safe-to-deploy"
3755 delta = "0.2.7 -> 0.2.12"
3757 [[audits.thiserror]]
3758 who = "Mike Hommey <mh+mozilla@glandium.org>"
3759 criteria = "safe-to-deploy"
3760 delta = "1.0.31 -> 1.0.32"
3762 [[audits.thiserror]]
3763 who = "Mike Hommey <mh+mozilla@glandium.org>"
3764 criteria = "safe-to-deploy"
3765 delta = "1.0.32 -> 1.0.38"
3767 [[audits.thiserror-impl]]
3768 who = "Mike Hommey <mh+mozilla@glandium.org>"
3769 criteria = "safe-to-deploy"
3770 delta = "1.0.31 -> 1.0.32"
3772 [[audits.thiserror-impl]]
3773 who = "Mike Hommey <mh+mozilla@glandium.org>"
3774 criteria = "safe-to-deploy"
3775 delta = "1.0.32 -> 1.0.38"
3777 [[audits.threadbound]]
3778 who = "Mike Hommey <mh+mozilla@glandium.org>"
3779 criteria = "safe-to-deploy"
3780 delta = "0.1.3 -> 0.1.4"
3782 [[audits.threadbound]]
3783 who = "Mike Hommey <mh+mozilla@glandium.org>"
3784 criteria = "safe-to-deploy"
3785 delta = "0.1.4 -> 0.1.5"
3788 who = "Mike Hommey <mh+mozilla@glandium.org>"
3789 criteria = "safe-to-deploy"
3790 delta = "0.1.44 -> 0.1.45"
3793 who = "Kershaw Chang <kershaw@mozilla.com>"
3794 criteria = "safe-to-deploy"
3795 delta = "0.1.45 -> 0.3.17"
3798 who = "Mike Hommey <mh+mozilla@glandium.org>"
3799 criteria = "safe-to-run"
3800 delta = "0.3.9 -> 0.3.17"
3803 who = "Kershaw Chang <kershaw@mozilla.com>"
3804 criteria = "safe-to-deploy"
3805 delta = "0.3.17 -> 0.3.23"
3807 [[audits.time-core]]
3808 who = "Kershaw Chang <kershaw@mozilla.com>"
3809 criteria = "safe-to-deploy"
3812 [[audits.time-core]]
3813 who = "Mike Hommey <mh+mozilla@glandium.org>"
3814 criteria = "safe-to-run"
3817 [[audits.time-core]]
3818 who = "Kershaw Chang <kershaw@mozilla.com>"
3819 criteria = "safe-to-deploy"
3820 delta = "0.1.0 -> 0.1.1"
3822 [[audits.time-macros]]
3823 who = "Kershaw Chang <kershaw@mozilla.com>"
3824 criteria = "safe-to-deploy"
3827 [[audits.time-macros]]
3828 who = "Mike Hommey <mh+mozilla@glandium.org>"
3829 criteria = "safe-to-run"
3830 delta = "0.2.4 -> 0.2.6"
3832 [[audits.time-macros]]
3833 who = "Kershaw Chang <kershaw@mozilla.com>"
3834 criteria = "safe-to-deploy"
3835 delta = "0.2.6 -> 0.2.10"
3838 who = "Zibi Braniecki <zibi@unicode.org>"
3839 criteria = "safe-to-deploy"
3843 who = "Zibi Braniecki <zibi@unicode.org>"
3844 criteria = "safe-to-deploy"
3848 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3849 criteria = "safe-to-deploy"
3851 notes = "One of original auther was Zibi Braniecki who worked at Mozilla and maintained by ICU4X developers (Google and Mozilla). I've vetted the one instance of unsafe code."
3854 who = "Mike Hommey <mh+mozilla@glandium.org>"
3855 criteria = "safe-to-deploy"
3856 delta = "0.7.0 -> 0.7.1"
3859 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3860 criteria = "safe-to-deploy"
3861 delta = "0.7.1 -> 0.7.4"
3863 [[audits.tokio-macros]]
3864 who = "Mike Hommey <mh+mozilla@glandium.org>"
3865 criteria = "safe-to-run"
3866 delta = "1.8.0 -> 1.8.2"
3868 [[audits.tokio-stream]]
3869 who = "Mike Hommey <mh+mozilla@glandium.org>"
3870 criteria = "safe-to-run"
3871 delta = "0.1.9 -> 0.1.11"
3873 [[audits.tokio-stream]]
3874 who = "Mike Hommey <mh+mozilla@glandium.org>"
3875 criteria = "safe-to-run"
3876 delta = "0.1.11 -> 0.1.12"
3879 who = "Bobby Holley <bobbyholley@gmail.com>"
3880 criteria = "safe-to-deploy"
3881 delta = "0.5.7 -> 0.5.9"
3884 who = "Mike Hommey <mh+mozilla@glandium.org>"
3885 criteria = "safe-to-deploy"
3886 delta = "0.5.9 -> 0.5.10"
3889 who = "Mike Hommey <mh+mozilla@glandium.org>"
3890 criteria = "safe-to-deploy"
3891 delta = "0.5.10 -> 0.5.11"
3893 [[audits.topological-sort]]
3894 who = "Bobby Holley <bobbyholley@gmail.com>"
3895 criteria = "safe-to-deploy"
3897 notes = "Simple algorithm crate with no unsafe code or capability usage."
3899 [[audits.tower-service]]
3900 who = "Mike Hommey <mh+mozilla@glandium.org>"
3901 criteria = "safe-to-run"
3902 delta = "0.3.1 -> 0.3.2"
3905 who = "Mike Hommey <mh+mozilla@glandium.org>"
3906 criteria = "safe-to-run"
3907 delta = "0.1.35 -> 0.1.36"
3910 who = "Mike Hommey <mh+mozilla@glandium.org>"
3911 criteria = "safe-to-run"
3912 delta = "0.1.36 -> 0.1.37"
3914 [[audits.tracing-attributes]]
3915 who = "Mike Hommey <mh+mozilla@glandium.org>"
3916 criteria = "safe-to-run"
3917 delta = "0.1.21 -> 0.1.22"
3919 [[audits.tracing-attributes]]
3920 who = "Mike Hommey <mh+mozilla@glandium.org>"
3921 criteria = "safe-to-run"
3922 delta = "0.1.22 -> 0.1.23"
3924 [[audits.tracing-attributes]]
3925 who = "Mike Hommey <mh+mozilla@glandium.org>"
3926 criteria = "safe-to-run"
3927 delta = "0.1.23 -> 0.1.24"
3929 [[audits.tracing-core]]
3930 who = "Mike Hommey <mh+mozilla@glandium.org>"
3931 criteria = "safe-to-run"
3932 delta = "0.1.27 -> 0.1.29"
3934 [[audits.tracing-core]]
3935 who = "Mike Hommey <mh+mozilla@glandium.org>"
3936 criteria = "safe-to-run"
3937 delta = "0.1.29 -> 0.1.30"
3940 who = "Glenn Watson <git@intuitionlibrary.com>"
3941 criteria = "safe-to-deploy"
3945 who = "Mike Hommey <mh+mozilla@glandium.org>"
3946 criteria = "safe-to-run"
3947 delta = "0.2.3 -> 0.2.4"
3949 [[audits.typed-arena-nomut]]
3950 who = "Lee Salzman <lsalzman@gmail.com>"
3951 criteria = "safe-to-deploy"
3955 who = "Mike Hommey <mh+mozilla@glandium.org>"
3956 criteria = "safe-to-deploy"
3957 delta = "1.15.0 -> 1.16.0"
3960 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3961 criteria = "safe-to-deploy"
3964 I've reviewed multiple patches in this crate, including the initial
3965 implementation back in the day. It has no unsafe code at all nowadays.
3968 [[audits.unic-langid]]
3969 who = "Zibi Braniecki <zibi@unicode.org>"
3970 criteria = "safe-to-deploy"
3973 [[audits.unic-langid]]
3974 who = "Mike Hommey <mh+mozilla@glandium.org>"
3975 criteria = "safe-to-deploy"
3976 delta = "0.9.0 -> 0.9.1"
3978 [[audits.unic-langid-impl]]
3979 who = "Zibi Braniecki <zibi@unicode.org>"
3980 criteria = "safe-to-deploy"
3983 [[audits.unic-langid-impl]]
3984 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3985 criteria = "safe-to-deploy"
3986 delta = "0.9.0 -> 0.9.1"
3988 [[audits.unic-langid-macros]]
3989 who = "Zibi Braniecki <zibi@unicode.org>"
3990 criteria = "safe-to-deploy"
3993 [[audits.unic-langid-macros]]
3994 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3995 criteria = "safe-to-deploy"
3996 delta = "0.9.0 -> 0.9.1"
3998 [[audits.unic-langid-macros-impl]]
3999 who = "Zibi Braniecki <zibi@unicode.org>"
4000 criteria = "safe-to-deploy"
4003 [[audits.unic-langid-macros-impl]]
4004 who = "Mike Hommey <mh+mozilla@glandium.org>"
4005 criteria = "safe-to-deploy"
4006 delta = "0.9.0 -> 0.9.1"
4008 [[audits.unicode-bidi]]
4009 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4010 criteria = "safe-to-deploy"
4011 delta = "0.3.8 -> 0.3.13"
4013 [[audits.unicode-bidi]]
4014 who = "Jonathan Kew <jkew@mozilla.com>"
4015 criteria = "safe-to-deploy"
4016 delta = "0.3.13 -> 0.3.14"
4017 notes = "I am the author of the bulk of the upstream changes in this version, and also checked the remaining post-0.3.13 changes."
4019 [[audits.unicode-bidi]]
4020 who = "Jonathan Kew <jfkthame@gmail.com>"
4021 criteria = "safe-to-deploy"
4022 delta = "0.3.14 -> 0.3.15"
4024 [[audits.unicode-bidi]]
4025 who = "Jonathan Kew <jfkthame@gmail.com>"
4026 criteria = "safe-to-deploy"
4027 delta = "0.3.15 -> 0.3.15@git:d43c644c388659d093cc5d1648a970daeef692d5"
4030 [[audits.unicode-ident]]
4031 who = "Mike Hommey <mh+mozilla@glandium.org>"
4032 criteria = "safe-to-deploy"
4033 delta = "1.0.0 -> 1.0.1"
4035 [[audits.unicode-ident]]
4036 who = "Mike Hommey <mh+mozilla@glandium.org>"
4037 criteria = "safe-to-deploy"
4038 delta = "1.0.1 -> 1.0.3"
4040 [[audits.unicode-ident]]
4041 who = "Mike Hommey <mh+mozilla@glandium.org>"
4042 criteria = "safe-to-deploy"
4043 delta = "1.0.3 -> 1.0.6"
4045 [[audits.unicode-normalization]]
4046 who = "Mike Hommey <mh+mozilla@glandium.org>"
4047 criteria = "safe-to-deploy"
4048 delta = "0.1.19 -> 0.1.20"
4049 notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
4051 [[audits.unicode-normalization]]
4052 who = "Mike Hommey <mh+mozilla@glandium.org>"
4053 criteria = "safe-to-deploy"
4054 delta = "0.1.20 -> 0.1.21"
4056 [[audits.unicode-normalization]]
4057 who = "Mike Hommey <mh+mozilla@glandium.org>"
4058 criteria = "safe-to-deploy"
4059 delta = "0.1.21 -> 0.1.22"
4061 [[audits.unicode-segmentation]]
4062 who = "Mike Hommey <mh+mozilla@glandium.org>"
4063 criteria = "safe-to-deploy"
4064 delta = "1.9.0 -> 1.10.0"
4066 [[audits.unicode-width]]
4067 who = "Mike Hommey <mh+mozilla@glandium.org>"
4068 criteria = "safe-to-deploy"
4069 delta = "0.1.9 -> 0.1.10"
4071 [[audits.unicode-xid]]
4072 who = "Mike Hommey <mh+mozilla@glandium.org>"
4073 criteria = "safe-to-deploy"
4074 delta = "0.2.3 -> 0.2.4"
4077 who = "Travis Long <tlong@mozilla.com>"
4078 criteria = "safe-to-deploy"
4080 notes = "Maintained by the Glean and Application Services teams"
4083 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4084 criteria = "safe-to-deploy"
4085 delta = "0.19.3 -> 0.19.6"
4086 notes = "Maintained by the Glean and Application Services team."
4089 who = "Perry McManis <pmcmanis@mozilla.com>"
4090 criteria = "safe-to-deploy"
4091 delta = "0.19.6 -> 0.20.0"
4094 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4095 criteria = "safe-to-deploy"
4096 delta = "0.20.0 -> 0.21.0"
4097 notes = "Maintained by the Glean and Application Services team."
4100 who = "Mike Hommey <mh+mozilla@glandium.org>"
4101 criteria = "safe-to-deploy"
4102 delta = "0.21.0 -> 0.21.1"
4103 notes = "No changes."
4106 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4107 criteria = "safe-to-deploy"
4108 delta = "0.21.1 -> 0.23.0"
4109 notes = "Maintained by the Glean and Application Services team."
4111 [[audits.uniffi_bindgen]]
4112 who = "Travis Long <tlong@mozilla.com>"
4113 criteria = "safe-to-deploy"
4115 notes = "Maintained by the Glean and Application Services teams."
4117 [[audits.uniffi_bindgen]]
4118 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4119 criteria = "safe-to-deploy"
4120 delta = "0.19.3 -> 0.19.6"
4121 notes = "Maintained by the Glean and Application Services team."
4123 [[audits.uniffi_bindgen]]
4124 who = "Perry McManis <pmcmanis@mozilla.com>"
4125 criteria = "safe-to-deploy"
4126 delta = "0.19.6 -> 0.20.0"
4128 [[audits.uniffi_bindgen]]
4129 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4130 criteria = "safe-to-deploy"
4131 delta = "0.20.0 -> 0.21.0"
4132 notes = "Maintained by the Glean and Application Services team."
4134 [[audits.uniffi_bindgen]]
4135 who = "Mike Hommey <mh+mozilla@glandium.org>"
4136 criteria = "safe-to-deploy"
4137 delta = "0.21.0 -> 0.21.1"
4138 notes = "I authored the changes in this version."
4140 [[audits.uniffi_bindgen]]
4141 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4142 criteria = "safe-to-deploy"
4143 delta = "0.21.1 -> 0.23.0"
4144 notes = "Maintained by the Glean and Application Services team."
4146 [[audits.uniffi_build]]
4147 who = "Travis Long <tlong@mozilla.com>"
4148 criteria = "safe-to-deploy"
4150 notes = "Maintained by the Glean and Application Services teams."
4152 [[audits.uniffi_build]]
4153 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4154 criteria = "safe-to-deploy"
4155 delta = "0.19.3 -> 0.19.6"
4156 notes = "Maintained by the Glean and Application Services team."
4158 [[audits.uniffi_build]]
4159 who = "Perry McManis <pmcmanis@mozilla.com>"
4160 criteria = "safe-to-deploy"
4161 delta = "0.19.6 -> 0.20.0"
4163 [[audits.uniffi_build]]
4164 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4165 criteria = "safe-to-deploy"
4166 delta = "0.20.0 -> 0.21.0"
4167 notes = "Maintained by the Glean and Application Services team."
4169 [[audits.uniffi_build]]
4170 who = "Mike Hommey <mh+mozilla@glandium.org>"
4171 criteria = "safe-to-deploy"
4172 delta = "0.21.0 -> 0.21.1"
4173 notes = "No changes."
4175 [[audits.uniffi_build]]
4176 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4177 criteria = "safe-to-deploy"
4178 delta = "0.21.1 -> 0.23.0"
4179 notes = "Maintained by the Glean and Application Services team."
4181 [[audits.uniffi_checksum_derive]]
4182 who = "Mike Hommey <mh+mozilla@glandium.org>"
4183 criteria = "safe-to-deploy"
4185 notes = "I authored this crate."
4187 [[audits.uniffi_checksum_derive]]
4188 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4189 criteria = "safe-to-deploy"
4190 delta = "0.21.1 -> 0.23.0"
4191 notes = "Maintained by the Glean and Application Services team."
4193 [[audits.uniffi_core]]
4194 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4195 criteria = "safe-to-deploy"
4197 notes = "Maintained by the Glean and Application Services teams."
4199 [[audits.uniffi_macros]]
4200 who = "Travis Long <tlong@mozilla.com>"
4201 criteria = "safe-to-deploy"
4203 notes = "Maintained by the Glean and Application Services teams."
4205 [[audits.uniffi_macros]]
4206 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4207 criteria = "safe-to-deploy"
4208 delta = "0.19.3 -> 0.19.6"
4209 notes = "Maintained by the Glean and Application Services team."
4211 [[audits.uniffi_macros]]
4212 who = "Perry McManis <pmcmanis@mozilla.com>"
4213 criteria = "safe-to-deploy"
4214 delta = "0.19.6 -> 0.20.0"
4216 [[audits.uniffi_macros]]
4217 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4218 criteria = "safe-to-deploy"
4219 delta = "0.20.0 -> 0.21.0"
4220 notes = "Maintained by the Glean and Application Services team."
4222 [[audits.uniffi_macros]]
4223 who = "Mike Hommey <mh+mozilla@glandium.org>"
4224 criteria = "safe-to-deploy"
4225 delta = "0.21.0 -> 0.21.1"
4226 notes = "No changes."
4228 [[audits.uniffi_macros]]
4229 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4230 criteria = "safe-to-deploy"
4231 delta = "0.21.1 -> 0.23.0"
4232 notes = "Maintained by the Glean and Application Services team."
4234 [[audits.uniffi_meta]]
4235 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4236 criteria = "safe-to-deploy"
4238 notes = "Maintained by the Glean and Application Services team."
4240 [[audits.uniffi_meta]]
4241 who = "Perry McManis <pmcmanis@mozilla.com>"
4242 criteria = "safe-to-deploy"
4243 delta = "0.19.6 -> 0.20.0"
4245 [[audits.uniffi_meta]]
4246 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4247 criteria = "safe-to-deploy"
4248 delta = "0.20.0 -> 0.21.0"
4249 notes = "Maintained by the Glean and Application Services team."
4251 [[audits.uniffi_meta]]
4252 who = "Mike Hommey <mh+mozilla@glandium.org>"
4253 criteria = "safe-to-deploy"
4254 delta = "0.21.0 -> 0.21.1"
4255 notes = "I authored the changes in this version."
4257 [[audits.uniffi_meta]]
4258 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4259 criteria = "safe-to-deploy"
4260 delta = "0.21.1 -> 0.23.0"
4261 notes = "Maintained by the Glean and Application Services team."
4263 [[audits.uniffi_testing]]
4264 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4265 criteria = "safe-to-deploy"
4267 notes = "Maintained by the Glean and Application Services team."
4270 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4271 criteria = "safe-to-deploy"
4275 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4276 criteria = "safe-to-deploy"
4277 delta = "2.4.0 -> 2.4.1"
4280 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4281 criteria = "safe-to-deploy"
4282 delta = "2.4.1 -> 2.5.0"
4285 who = "Gabriele Svelto <gsvelto@mozilla.com>"
4286 criteria = "safe-to-deploy"
4287 delta = "0.8.2 -> 1.2.2"
4290 who = "Mike Hommey <mh+mozilla@glandium.org>"
4291 criteria = "safe-to-deploy"
4292 delta = "1.2.2 -> 1.3.0"
4295 who = "Bobby Holley <bobbyholley@gmail.com>"
4296 criteria = "safe-to-deploy"
4298 notes = "Very small crate, just hosts the Void type for easier cross-crate interfacing."
4301 who = "Mike Hommey <mh+mozilla@glandium.org>"
4302 criteria = "safe-to-run"
4303 delta = "0.3.2 -> 0.3.3"
4306 who = "Bobby Holley <bobbyholley@gmail.com>"
4307 criteria = "safe-to-run"
4308 delta = "0.3.3 -> 0.3.3@git:4af45fae95bc98b0eba1ef0db17e1dac471bb23d"
4311 who = "Mike Hommey <mh+mozilla@glandium.org>"
4312 criteria = "safe-to-run"
4313 delta = "0.3.6 -> 0.3.6@git:9d081461ae1167eb321585ce424f4fef6cf0092b"
4315 [[audits.wasm-encoder]]
4316 who = "Ryan Hunt <rhunt@eqrion.net>"
4317 criteria = "safe-to-deploy"
4319 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. This has no unsafe code and uses no ambient capabilities."
4321 [[audits.wasm-encoder]]
4322 who = "Ryan Hunt <rhunt@eqrion.net>"
4323 criteria = "safe-to-deploy"
4324 delta = "0.7.0 -> 0.14.0"
4325 notes = "wasm-encoder has no unsafe code and uses no ambient capabilities."
4327 [[audits.wasm-encoder]]
4328 who = "Yury Delendik <ydelendik@mozilla.com>"
4329 criteria = "safe-to-deploy"
4330 delta = "0.14.0 -> 0.15.0"
4332 [[audits.wasm-encoder]]
4333 who = "Yury Delendik <ydelendik@mozilla.com>"
4334 criteria = "safe-to-deploy"
4335 delta = "0.16.0 -> 0.17.0"
4337 [[audits.wasm-encoder]]
4338 who = "Ryan Hunt <rhunt@eqrion.net>"
4339 criteria = "safe-to-deploy"
4340 delta = "0.19.0 -> 0.19.1"
4342 [[audits.wasm-smith]]
4343 who = "Ryan Hunt <rhunt@eqrion.net>"
4344 criteria = "safe-to-deploy"
4346 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code."
4348 [[audits.wasm-smith]]
4349 who = "Yury Delendik <ydelendik@mozilla.com>"
4350 criteria = "safe-to-run"
4351 delta = "0.11.2 -> 0.11.3"
4353 [[audits.wasm-smith]]
4354 who = "Yury Delendik <ydelendik@mozilla.com>"
4355 criteria = "safe-to-run"
4356 delta = "0.11.4 -> 0.11.5"
4358 [[audits.wasm-smith]]
4359 who = "Ryan Hunt <rhunt@eqrion.net>"
4360 criteria = "safe-to-run"
4361 delta = "0.11.7 -> 0.11.8"
4363 [[audits.wasmparser]]
4364 who = "Ryan Hunt <rhunt@eqrion.net>"
4365 criteria = "safe-to-deploy"
4367 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code."
4369 [[audits.wasmparser]]
4370 who = "Yury Delendik <ydelendik@mozilla.com>"
4371 criteria = "safe-to-deploy"
4372 delta = "0.87.0 -> 0.88.0"
4374 [[audits.wasmparser]]
4375 who = "Yury Delendik <ydelendik@mozilla.com>"
4376 criteria = "safe-to-deploy"
4377 delta = "0.89.1 -> 0.91.0"
4379 [[audits.wasmparser]]
4380 who = "Ryan Hunt <rhunt@eqrion.net>"
4381 criteria = "safe-to-deploy"
4382 delta = "0.93.0 -> 0.94.0"
4385 who = "Ryan Hunt <rhunt@eqrion.net>"
4386 criteria = "safe-to-deploy"
4390 who = "Ryan Hunt <rhunt@eqrion.net>"
4391 criteria = "safe-to-deploy"
4393 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. wast has no unsafe code and the only ambient capability it uses is to read the full contents of a file that is given to it."
4396 who = "Yury Delendik <ydelendik@mozilla.com>"
4397 criteria = "safe-to-deploy"
4398 delta = "44.0.0 -> 45.0.0"
4401 who = "Yury Delendik <ydelendik@mozilla.com>"
4402 criteria = "safe-to-deploy"
4403 delta = "46.0.0 -> 47.0.0"
4406 who = "Ryan Hunt <rhunt@eqrion.net>"
4407 criteria = "safe-to-deploy"
4408 delta = "48.0.0 -> 49.0.0"
4411 who = "Ben Visness <bvisness@mozilla.com>"
4412 criteria = "safe-to-deploy"
4413 delta = "55.0.0 -> 56.0.0"
4415 [[audits.webrtc-sdp]]
4416 who = "Byron Campen <docfaraday@gmail.com>"
4417 criteria = "safe-to-deploy"
4418 delta = "0.3.9 -> 0.3.10"
4420 [[audits.webrtc-sdp]]
4421 who = "Nicolas Grunbaum <ngrunbaum@mozilla.com>"
4422 criteria = "safe-to-deploy"
4423 delta = "0.3.10 -> 0.3.11"
4426 who = "Travis Long <tlong@mozilla.com>"
4427 criteria = "safe-to-deploy"
4429 notes = "Maintained by the Glean and Application Services teams."
4432 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4433 criteria = "safe-to-deploy"
4434 delta = "3.0.0 -> 4.0.0"
4435 notes = "Maintained by the Glean and Application Services team."
4437 [[audits.wgpu-core]]
4438 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4439 criteria = "safe-to-deploy"
4442 This crate, up through the indicated version, was written or reviewed
4443 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4444 Mozilla at the beginning of February 2022. This audit statement was
4445 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4446 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4449 [[audits.wgpu-core]]
4450 who = "Jim Blandy <jimb@mozilla.com>"
4451 criteria = "safe-to-deploy"
4452 delta = "0.12.0 -> 0.13.0"
4454 [[audits.wgpu-core]]
4455 who = "Jim Blandy <jimb@red-bean.com>"
4456 criteria = "safe-to-deploy"
4457 delta = "0.13.0 -> 0.14.0"
4458 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4460 [[audits.wgpu-core]]
4461 who = "Nicolas Silva <nical@fastmail.com>"
4462 criteria = "safe-to-deploy"
4463 delta = "0.14.0 -> 0.15.0"
4465 [[audits.wgpu-core]]
4466 who = "Nicolas Silva <nical@fastmail.com>"
4467 criteria = "safe-to-deploy"
4468 delta = "0.15.0 -> 0.16.0"
4470 [[audits.wgpu-core]]
4471 who = "Nicolas Silva <nical@fastmail.com>"
4472 criteria = "safe-to-deploy"
4473 delta = "0.16.0 -> 0.17.0"
4475 [[audits.wgpu-core]]
4476 who = "Nicolas Silva <nical@fastmail.com>"
4477 criteria = "safe-to-deploy"
4478 delta = "0.17.0 -> 0.18.0"
4480 [[audits.wgpu-core]]
4482 "Jim Blandy <jimb@red-bean.com>",
4483 "Nicolas Silva <nical@fastmail.com>",
4484 "Erich Gubler <erichdongubler@gmail.com>",
4485 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4487 criteria = "safe-to-deploy"
4488 delta = "0.18.0 -> 0.19.0@git:9c9418e84a9dd9730c0ab316e0f30f2a571827e4"
4492 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4493 criteria = "safe-to-deploy"
4496 This crate, up through the indicated version, was written or reviewed
4497 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4498 Mozilla at the beginning of February 2022. This audit statement was
4499 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4500 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4504 who = "Jim Blandy <jimb@mozilla.com>"
4505 criteria = "safe-to-deploy"
4506 delta = "0.12.0 -> 0.13.0"
4509 who = "Jim Blandy <jimb@red-bean.com>"
4510 criteria = "safe-to-deploy"
4511 delta = "0.13.0 -> 0.14.0"
4512 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4515 who = "Nicolas Silva <nical@fastmail.com>"
4516 criteria = "safe-to-deploy"
4517 delta = "0.14.0 -> 0.15.0"
4520 who = "Nicolas Silva <nical@fastmail.com>"
4521 criteria = "safe-to-deploy"
4522 delta = "0.15.0 -> 0.16.0"
4525 who = "Nicolas Silva <nical@fastmail.com>"
4526 criteria = "safe-to-deploy"
4527 delta = "0.16.0 -> 0.17.0"
4530 who = "Nicolas Silva <nical@fastmail.com>"
4531 criteria = "safe-to-deploy"
4532 delta = "0.17.0 -> 0.18.0"
4536 "Jim Blandy <jimb@red-bean.com>",
4537 "Nicolas Silva <nical@fastmail.com>",
4538 "Erich Gubler <erichdongubler@gmail.com>",
4539 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4541 criteria = "safe-to-deploy"
4542 delta = "0.18.0 -> 0.19.0@git:9c9418e84a9dd9730c0ab316e0f30f2a571827e4"
4545 [[audits.wgpu-types]]
4546 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4547 criteria = "safe-to-deploy"
4550 This crate, up through the indicated version, was written or reviewed
4551 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4552 Mozilla at the beginning of February 2022. This audit statement was
4553 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4554 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4557 [[audits.wgpu-types]]
4558 who = "Jim Blandy <jimb@mozilla.com>"
4559 criteria = "safe-to-deploy"
4560 delta = "0.12.0 -> 0.13.0"
4562 [[audits.wgpu-types]]
4563 who = "Jim Blandy <jimb@red-bean.com>"
4564 criteria = "safe-to-deploy"
4565 delta = "0.13.0 -> 0.14.0"
4566 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4568 [[audits.wgpu-types]]
4569 who = "Nicolas Silva <nical@fastmail.com>"
4570 criteria = "safe-to-deploy"
4571 delta = "0.14.0 -> 0.15.0"
4573 [[audits.wgpu-types]]
4574 who = "Nicolas Silva <nical@fastmail.com>"
4575 criteria = "safe-to-deploy"
4576 delta = "0.15.0 -> 0.16.0"
4578 [[audits.wgpu-types]]
4579 who = "Nicolas Silva <nical@fastmail.com>"
4580 criteria = "safe-to-deploy"
4581 delta = "0.16.0 -> 0.17.0"
4583 [[audits.wgpu-types]]
4584 who = "Nicolas Silva <nical@fastmail.com>"
4585 criteria = "safe-to-deploy"
4586 delta = "0.17.0 -> 0.18.0"
4588 [[audits.wgpu-types]]
4590 "Jim Blandy <jimb@red-bean.com>",
4591 "Nicolas Silva <nical@fastmail.com>",
4592 "Erich Gubler <erichdongubler@gmail.com>",
4593 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4595 criteria = "safe-to-deploy"
4596 delta = "0.18.0 -> 0.19.0@git:9c9418e84a9dd9730c0ab316e0f30f2a571827e4"
4600 who = "Bobby Holley <bobbyholley@gmail.com>"
4601 criteria = "safe-to-deploy"
4604 Contains platform-specific FFI code for apple, mac, and windows. The windows code
4605 also contains a small C file compiled at build-time. I audited all of it and it
4610 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4611 criteria = "safe-to-deploy"
4612 delta = "0.1.2 -> 0.3.1"
4613 notes = "Maintained by me. I have written or reviewed all of the code."
4616 who = "Ray Kraesig <rkraesig@mozilla.com>"
4617 criteria = "safe-to-run"
4620 This crate uses a lot of `unsafe`; not all of it is necessary, and not all of it
4621 is correct. (In particular, the alignment of data buffers does not seem to be
4622 correctly ensured at type-conversion time.) However, the code is not deceptive,
4623 and any more subtle issues do not appear to be exploitable -- certainly not from
4627 [[audits.wpf-gpu-raster]]
4628 who = "Lee Salzman <lsalzman@mozilla.com>"
4629 criteria = "safe-to-deploy"
4631 notes = "Written and maintained by Gfx team at Mozilla."
4633 [[audits.writeable]]
4634 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4635 criteria = "safe-to-deploy"
4637 notes = "writeable is a variation of fmt::Write with sink version. This uses `unsafe` block to handle potentially-invalid UTF-8 character. I've vetted the one instance of unsafe code."
4639 [[audits.writeable]]
4640 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4641 criteria = "safe-to-deploy"
4642 delta = "0.5.2 -> 0.5.4"
4645 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
4646 criteria = "safe-to-deploy"
4648 notes = "I, Henri Sivonen, wrote this crate myself for Gecko even though it's published on crates.io."
4651 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4652 criteria = "safe-to-deploy"
4654 notes = "This crate is for zero-copy serialization for ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, I audited code."
4657 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4658 criteria = "safe-to-deploy"
4659 delta = "0.7.1 -> 0.7.3"
4661 [[audits.yoke-derive]]
4662 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4663 criteria = "safe-to-deploy"
4664 version = "0.7.1@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4665 notes = "This crate is a helper for yoke crate that is ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, all has the comment why this uses unsafe and I audited code."
4667 [[audits.yoke-derive]]
4668 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4669 criteria = "safe-to-deploy"
4673 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4674 criteria = "safe-to-deploy"
4676 notes = "This crate is zero-copy version of \"From\". This has no unsafe code and uses no ambient capabilities."
4678 [[audits.zerofrom-derive]]
4679 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4680 criteria = "safe-to-deploy"
4681 version = "0.1.2@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4682 notes = "This is custom derives for `ZeroFrom` that is from zerofrom crate. This has no unsafe code and uses no ambient capabilities."
4684 [[audits.zerofrom-derive]]
4685 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4686 criteria = "safe-to-deploy"
4690 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4691 criteria = "safe-to-deploy"
4693 notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code."
4696 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4697 criteria = "safe-to-deploy"
4698 delta = "0.9.4 -> 0.10.1"
4700 [[audits.zerovec-derive]]
4701 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4702 criteria = "safe-to-deploy"
4703 version = "0.9.4@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4704 notes = "This is custom derives for `ZeroVec` that is from zerovec crate. Although this uses unsafe block for zero-copy, this has a comment in code why this uses unsafe and I audited code."
4706 [[audits.zerovec-derive]]
4707 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4708 criteria = "safe-to-deploy"
4712 who = "Mike Hommey <mh+mozilla@glandium.org>"
4713 criteria = "safe-to-run"
4714 delta = "0.6.2 -> 0.6.3"
4717 who = "Mike Hommey <mh+mozilla@glandium.org>"
4718 criteria = "safe-to-run"
4719 delta = "0.6.3 -> 0.6.4"
4721 [[trusted.aho-corasick]]
4722 criteria = "safe-to-deploy"
4723 user-id = 189 # Andrew Gallant (BurntSushi)
4724 start = "2019-03-28"
4728 criteria = "safe-to-deploy"
4729 user-id = 6743 # Ed Page (epage)
4730 start = "2022-05-18"
4733 [[trusted.async-trait]]
4734 criteria = "safe-to-deploy"
4735 user-id = 3618 # David Tolnay (dtolnay)
4736 start = "2019-07-23"
4740 criteria = "safe-to-deploy"
4741 user-id = 2915 # Amanieu d'Antras (Amanieu)
4742 start = "2019-02-22"
4745 [[trusted.byteorder]]
4746 criteria = "safe-to-deploy"
4747 user-id = 189 # Andrew Gallant (BurntSushi)
4748 start = "2019-06-09"
4752 criteria = "safe-to-deploy"
4753 user-id = 6741 # Alice Ryhl (Darksonn)
4754 start = "2021-01-11"
4758 criteria = "safe-to-deploy"
4759 user-id = 2915 # Amanieu d'Antras (Amanieu)
4760 start = "2024-02-20"
4764 criteria = "safe-to-deploy"
4765 user-id = 6743 # Ed Page (epage)
4766 start = "2021-12-08"
4769 [[trusted.clap_builder]]
4770 criteria = "safe-to-deploy"
4771 user-id = 6743 # Ed Page (epage)
4772 start = "2023-03-28"
4775 [[trusted.clap_derive]]
4776 criteria = "safe-to-deploy"
4777 user-id = 6743 # Ed Page (epage)
4778 start = "2021-12-08"
4781 [[trusted.clap_lex]]
4782 criteria = "safe-to-deploy"
4783 user-id = 6743 # Ed Page (epage)
4784 start = "2022-04-15"
4788 criteria = "safe-to-deploy"
4789 user-id = 3618 # David Tolnay (dtolnay)
4790 start = "2019-05-02"
4793 [[trusted.equivalent]]
4794 criteria = "safe-to-deploy"
4795 user-id = 539 # Josh Stone (cuviper)
4796 start = "2023-02-05"
4800 criteria = "safe-to-deploy"
4801 user-id = 6825 # Dan Gohman (sunfishcode)
4802 start = "2023-08-29"
4806 criteria = "safe-to-deploy"
4807 user-id = 4333 # Josh Triplett (joshtriplett)
4808 start = "2020-09-30"
4812 criteria = "safe-to-deploy"
4813 user-id = 359 # Sean McArthur (seanmonstar)
4814 start = "2019-03-13"
4817 [[trusted.hashbrown]]
4818 criteria = "safe-to-deploy"
4819 user-id = 2915 # Amanieu d'Antras (Amanieu)
4820 start = "2019-04-02"
4824 criteria = "safe-to-deploy"
4825 user-id = 359 # Sean McArthur (seanmonstar)
4826 start = "2019-09-09"
4829 [[trusted.httparse]]
4830 criteria = "safe-to-deploy"
4831 user-id = 359 # Sean McArthur (seanmonstar)
4832 start = "2019-07-03"
4835 [[trusted.indexmap]]
4836 criteria = "safe-to-deploy"
4837 user-id = 539 # Josh Stone (cuviper)
4838 start = "2020-01-15"
4841 [[trusted.inherent]]
4842 criteria = "safe-to-deploy"
4843 user-id = 3618 # David Tolnay (dtolnay)
4844 start = "2019-07-14"
4848 criteria = "safe-to-deploy"
4849 user-id = 10 # Carl Lerche (carllerche)
4850 start = "2019-10-09"
4854 criteria = "safe-to-deploy"
4855 user-id = 3618 # David Tolnay (dtolnay)
4856 start = "2019-05-02"
4859 [[trusted.jobserver]]
4860 criteria = "safe-to-deploy"
4861 user-id = 1 # Alex Crichton (alexcrichton)
4862 start = "2019-03-15"
4866 criteria = "safe-to-deploy"
4867 user-id = 2915 # Amanieu d'Antras (Amanieu)
4868 start = "2021-01-27"
4872 criteria = "safe-to-deploy"
4873 user-id = 51017 # Yuki Okushi (JohnTitor)
4874 start = "2020-03-17"
4877 [[trusted.linux-raw-sys]]
4878 criteria = "safe-to-deploy"
4879 user-id = 6825 # Dan Gohman (sunfishcode)
4880 start = "2021-06-12"
4883 [[trusted.lock_api]]
4884 criteria = "safe-to-deploy"
4885 user-id = 2915 # Amanieu d'Antras (Amanieu)
4886 start = "2019-05-04"
4890 criteria = "safe-to-deploy"
4891 user-id = 189 # Andrew Gallant (BurntSushi)
4892 start = "2019-07-07"
4896 criteria = "safe-to-deploy"
4897 user-id = 359 # Sean McArthur (seanmonstar)
4898 start = "2019-09-09"
4902 criteria = "safe-to-deploy"
4903 user-id = 10 # Carl Lerche (carllerche)
4904 start = "2019-05-15"
4907 [[trusted.num_cpus]]
4908 criteria = "safe-to-deploy"
4909 user-id = 359 # Sean McArthur (seanmonstar)
4910 start = "2019-06-10"
4913 [[trusted.ordered-float]]
4914 criteria = "safe-to-deploy"
4915 user-id = 2017 # Matt Brubeck (mbrubeck)
4916 start = "2019-03-13"
4919 [[trusted.parking_lot]]
4920 criteria = "safe-to-deploy"
4921 user-id = 2915 # Amanieu d'Antras (Amanieu)
4922 start = "2019-05-04"
4925 [[trusted.parking_lot_core]]
4926 criteria = "safe-to-deploy"
4927 user-id = 2915 # Amanieu d'Antras (Amanieu)
4928 start = "2019-05-04"
4932 criteria = "safe-to-deploy"
4933 user-id = 3618 # David Tolnay (dtolnay)
4934 start = "2019-03-19"
4937 [[trusted.proc-macro-hack]]
4938 criteria = "safe-to-deploy"
4939 user-id = 3618 # David Tolnay (dtolnay)
4940 start = "2019-04-16"
4943 [[trusted.proc-macro2]]
4944 criteria = "safe-to-deploy"
4945 user-id = 3618 # David Tolnay (dtolnay)
4946 start = "2019-04-23"
4950 criteria = "safe-to-deploy"
4951 user-id = 3618 # David Tolnay (dtolnay)
4952 start = "2019-04-09"
4956 criteria = "safe-to-deploy"
4957 user-id = 189 # Andrew Gallant (BurntSushi)
4958 start = "2019-02-27"
4961 [[trusted.regex-automata]]
4962 criteria = "safe-to-deploy"
4963 user-id = 189 # Andrew Gallant (BurntSushi)
4964 start = "2019-02-25"
4967 [[trusted.regex-syntax]]
4968 criteria = "safe-to-deploy"
4969 user-id = 189 # Andrew Gallant (BurntSushi)
4970 start = "2019-03-30"
4974 criteria = "safe-to-deploy"
4975 user-id = 6825 # Dan Gohman (sunfishcode)
4976 start = "2021-10-29"
4980 criteria = "safe-to-deploy"
4981 user-id = 3618 # David Tolnay (dtolnay)
4982 start = "2019-05-02"
4985 [[trusted.same-file]]
4986 criteria = "safe-to-deploy"
4987 user-id = 189 # Andrew Gallant (BurntSushi)
4988 start = "2019-07-16"
4991 [[trusted.scopeguard]]
4992 criteria = "safe-to-deploy"
4993 user-id = 2915 # Amanieu d'Antras (Amanieu)
4994 start = "2020-02-16"
4998 criteria = "safe-to-deploy"
4999 user-id = 3618 # David Tolnay (dtolnay)
5000 start = "2019-03-01"
5003 [[trusted.serde_bytes]]
5004 criteria = "safe-to-deploy"
5005 user-id = 3618 # David Tolnay (dtolnay)
5006 start = "2019-02-25"
5009 [[trusted.serde_derive]]
5010 criteria = "safe-to-deploy"
5011 user-id = 3618 # David Tolnay (dtolnay)
5012 start = "2019-03-01"
5015 [[trusted.serde_json]]
5016 criteria = "safe-to-deploy"
5017 user-id = 3618 # David Tolnay (dtolnay)
5018 start = "2019-02-28"
5021 [[trusted.serde_repr]]
5022 criteria = "safe-to-deploy"
5023 user-id = 3618 # David Tolnay (dtolnay)
5024 start = "2019-04-26"
5027 [[trusted.serde_yaml]]
5028 criteria = "safe-to-deploy"
5029 user-id = 3618 # David Tolnay (dtolnay)
5030 start = "2019-05-02"
5033 [[trusted.smallvec]]
5034 criteria = "safe-to-deploy"
5035 user-id = 2017 # Matt Brubeck (mbrubeck)
5036 start = "2019-10-28"
5040 criteria = "safe-to-deploy"
5041 user-id = 3618 # David Tolnay (dtolnay)
5042 start = "2019-03-01"
5045 [[trusted.termcolor]]
5046 criteria = "safe-to-deploy"
5047 user-id = 189 # Andrew Gallant (BurntSushi)
5048 start = "2019-06-04"
5051 [[trusted.thiserror]]
5052 criteria = "safe-to-deploy"
5053 user-id = 3618 # David Tolnay (dtolnay)
5054 start = "2019-10-09"
5057 [[trusted.thiserror-impl]]
5058 criteria = "safe-to-deploy"
5059 user-id = 3618 # David Tolnay (dtolnay)
5060 start = "2019-10-09"
5063 [[trusted.threadbound]]
5064 criteria = "safe-to-deploy"
5065 user-id = 3618 # David Tolnay (dtolnay)
5066 start = "2020-06-16"
5069 [[trusted.tokio-macros]]
5070 criteria = "safe-to-deploy"
5071 user-id = 6741 # Alice Ryhl (Darksonn)
5072 start = "2020-10-26"
5075 [[trusted.tokio-util]]
5076 criteria = "safe-to-deploy"
5077 user-id = 6741 # Alice Ryhl (Darksonn)
5078 start = "2021-01-12"
5082 criteria = "safe-to-deploy"
5083 user-id = 1 # Alex Crichton (alexcrichton)
5084 start = "2019-05-16"
5087 [[trusted.unicode-ident]]
5088 criteria = "safe-to-deploy"
5089 user-id = 3618 # David Tolnay (dtolnay)
5090 start = "2021-10-02"
5094 criteria = "safe-to-deploy"
5095 user-id = 189 # Andrew Gallant (BurntSushi)
5096 start = "2019-06-09"
5100 criteria = "safe-to-deploy"
5101 user-id = 359 # Sean McArthur (seanmonstar)
5102 start = "2019-03-20"
5106 criteria = "safe-to-deploy"
5107 user-id = 1 # Alex Crichton (alexcrichton)
5108 start = "2020-06-03"
5111 [[trusted.winapi-util]]
5112 criteria = "safe-to-deploy"
5113 user-id = 189 # Andrew Gallant (BurntSushi)
5114 start = "2020-01-11"
5118 criteria = "safe-to-deploy"
5119 user-id = 64539 # Kenny Kerr (kennykerr)
5120 start = "2021-01-15"
5123 [[trusted.windows-core]]
5124 criteria = "safe-to-deploy"
5125 user-id = 64539 # Kenny Kerr (kennykerr)
5126 start = "2021-11-15"
5129 [[trusted.windows-sys]]
5130 criteria = "safe-to-deploy"
5131 user-id = 64539 # Kenny Kerr (kennykerr)
5132 start = "2021-11-15"