2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
18 [[publisher.arbitrary]]
22 user-login = "fitzgen"
23 user-name = "Nick Fitzgerald"
25 [[publisher.async-trait]]
29 user-login = "dtolnay"
30 user-name = "David Tolnay"
36 user-login = "Amanieu"
37 user-name = "Amanieu d'Antras"
39 [[publisher.audio_thread_priority]]
43 user-login = "padenot"
44 user-name = "Paul Adenot"
46 [[publisher.audio_thread_priority]]
50 user-login = "padenot"
51 user-name = "Paul Adenot"
53 [[publisher.authenticator]]
54 version = "0.4.0-alpha.24"
57 user-login = "jschanck"
58 user-name = "John Schanck"
64 user-login = "martinthomson"
65 user-name = "Martin Thomson"
67 [[publisher.byteorder]]
71 user-login = "BurntSushi"
72 user-name = "Andrew Gallant"
78 user-login = "Darksonn"
79 user-name = "Alice Ryhl"
86 user-name = "Emilio Cobos Álvarez"
95 [[publisher.clap_builder]]
100 user-name = "Ed Page"
102 [[publisher.clap_derive]]
107 user-name = "Ed Page"
109 [[publisher.clap_lex]]
114 user-name = "Ed Page"
116 [[publisher.core-foundation]]
120 user-login = "jrmuizel"
121 user-name = "Jeff Muizelaar"
123 [[publisher.core-foundation-sys]]
128 user-name = "Josh Matthews"
130 [[publisher.core-graphics]]
134 user-login = "jrmuizel"
135 user-name = "Jeff Muizelaar"
137 [[publisher.core-graphics-types]]
142 user-name = "Josh Matthews"
144 [[publisher.core-text]]
148 user-login = "jrmuizel"
149 user-name = "Jeff Muizelaar"
151 [[publisher.derive_arbitrary]]
155 user-login = "fitzgen"
156 user-name = "Nick Fitzgerald"
162 user-login = "linabutler"
163 user-name = "Lina Butler"
169 user-login = "dtolnay"
170 user-name = "David Tolnay"
172 [[publisher.encoding_rs]]
176 user-login = "hsivonen"
177 user-name = "Henri Sivonen"
183 user-login = "sunfishcode"
184 user-name = "Dan Gohman"
186 [[publisher.etagere]]
191 user-name = "Nicolas Silva"
198 user-name = "Nicolas Silva"
204 user-login = "joshtriplett"
205 user-name = "Josh Triplett"
207 [[publisher.freetype]]
212 user-name = "Josh Matthews"
218 user-login = "jrmuizel"
219 user-name = "Jeff Muizelaar"
225 user-login = "badboy"
226 user-name = "Jan-Erik Rediger"
228 [[publisher.glean-core]]
232 user-login = "badboy"
233 user-name = "Jan-Erik Rediger"
235 [[publisher.glslopt]]
239 user-login = "jamienicol"
240 user-name = "Jamie Nicol"
246 user-login = "seanmonstar"
247 user-name = "Sean McArthur"
249 [[publisher.headers]]
253 user-login = "seanmonstar"
254 user-name = "Sean McArthur"
256 [[publisher.httparse]]
260 user-login = "seanmonstar"
261 user-name = "Sean McArthur"
263 [[publisher.indexmap]]
267 user-login = "cuviper"
268 user-name = "Josh Stone"
270 [[publisher.inherent]]
274 user-login = "dtolnay"
275 user-name = "David Tolnay"
281 user-login = "carllerche"
282 user-name = "Carl Lerche"
288 user-login = "dtolnay"
289 user-name = "David Tolnay"
291 [[publisher.jobserver]]
295 user-login = "alexcrichton"
296 user-name = "Alex Crichton"
302 user-login = "JohnTitor"
303 user-name = "Yuki Okushi"
309 user-login = "JohnTitor"
310 user-name = "Yuki Okushi"
312 [[publisher.linux-raw-sys]]
316 user-login = "sunfishcode"
317 user-name = "Dan Gohman"
319 [[publisher.linux-raw-sys]]
323 user-login = "sunfishcode"
324 user-name = "Dan Gohman"
326 [[publisher.lock_api]]
330 user-login = "Amanieu"
331 user-name = "Amanieu d'Antras"
337 user-login = "BurntSushi"
338 user-name = "Andrew Gallant"
344 user-login = "seanmonstar"
345 user-name = "Sean McArthur"
351 user-login = "carllerche"
352 user-name = "Carl Lerche"
354 [[publisher.nss-gk-api]]
358 user-login = "jschanck"
359 user-name = "John Schanck"
361 [[publisher.num_cpus]]
365 user-login = "seanmonstar"
366 user-name = "Sean McArthur"
372 user-login = "martinthomson"
373 user-name = "Martin Thomson"
375 [[publisher.ordered-float]]
379 user-login = "mbrubeck"
380 user-name = "Matt Brubeck"
382 [[publisher.parking_lot]]
386 user-login = "Amanieu"
387 user-name = "Amanieu d'Antras"
389 [[publisher.parking_lot_core]]
393 user-login = "Amanieu"
394 user-name = "Amanieu d'Antras"
396 [[publisher.parking_lot_core]]
400 user-login = "Amanieu"
401 user-name = "Amanieu d'Antras"
407 user-login = "dtolnay"
408 user-name = "David Tolnay"
410 [[publisher.presser]]
414 user-login = "embark-studios"
420 user-login = "divviup-github-automation"
422 [[publisher.proc-macro2]]
426 user-login = "dtolnay"
427 user-name = "David Tolnay"
433 user-login = "jrmuizel"
434 user-name = "Jeff Muizelaar"
440 user-login = "dtolnay"
441 user-name = "David Tolnay"
447 user-login = "BurntSushi"
448 user-name = "Andrew Gallant"
450 [[publisher.regex-automata]]
454 user-login = "BurntSushi"
455 user-name = "Andrew Gallant"
457 [[publisher.regex-syntax]]
461 user-login = "BurntSushi"
462 user-name = "Andrew Gallant"
464 [[publisher.rust_cascade]]
468 user-login = "mozkeeler"
469 user-name = "Dana Keeler"
475 user-login = "sunfishcode"
476 user-name = "Dan Gohman"
482 user-login = "sunfishcode"
483 user-name = "Dan Gohman"
489 user-login = "dtolnay"
490 user-name = "David Tolnay"
492 [[publisher.same-file]]
496 user-login = "BurntSushi"
497 user-name = "Andrew Gallant"
499 [[publisher.scopeguard]]
503 user-login = "Amanieu"
504 user-name = "Amanieu d'Antras"
510 user-login = "dtolnay"
511 user-name = "David Tolnay"
513 [[publisher.serde_bytes]]
517 user-login = "dtolnay"
518 user-name = "David Tolnay"
520 [[publisher.serde_derive]]
524 user-login = "dtolnay"
525 user-name = "David Tolnay"
527 [[publisher.serde_json]]
531 user-login = "dtolnay"
532 user-name = "David Tolnay"
534 [[publisher.serde_repr]]
538 user-login = "dtolnay"
539 user-name = "David Tolnay"
541 [[publisher.serde_yaml]]
545 user-login = "dtolnay"
546 user-name = "David Tolnay"
548 [[publisher.smallvec]]
552 user-login = "mbrubeck"
553 user-name = "Matt Brubeck"
559 user-login = "dtolnay"
560 user-name = "David Tolnay"
562 [[publisher.termcolor]]
566 user-login = "BurntSushi"
567 user-name = "Andrew Gallant"
569 [[publisher.termcolor]]
573 user-login = "BurntSushi"
574 user-name = "Andrew Gallant"
576 [[publisher.thiserror]]
580 user-login = "dtolnay"
581 user-name = "David Tolnay"
583 [[publisher.thiserror-impl]]
587 user-login = "dtolnay"
588 user-name = "David Tolnay"
590 [[publisher.threadbound]]
594 user-login = "dtolnay"
595 user-name = "David Tolnay"
597 [[publisher.tokio-util]]
601 user-login = "Darksonn"
602 user-name = "Alice Ryhl"
608 user-login = "alexcrichton"
609 user-name = "Alex Crichton"
611 [[publisher.unicode-ident]]
615 user-login = "dtolnay"
616 user-name = "David Tolnay"
618 [[publisher.unicode-width]]
622 user-login = "Manishearth"
623 user-name = "Manish Goregaokar"
625 [[publisher.unicode-xid]]
629 user-login = "Manishearth"
630 user-name = "Manish Goregaokar"
638 [[publisher.uniffi_bindgen]]
644 [[publisher.uniffi_build]]
650 [[publisher.uniffi_checksum_derive]]
656 [[publisher.uniffi_core]]
662 [[publisher.uniffi_macros]]
668 [[publisher.uniffi_meta]]
674 [[publisher.uniffi_testing]]
680 [[publisher.uniffi_udl]]
686 [[publisher.utf8_iter]]
690 user-login = "hsivonen"
691 user-name = "Henri Sivonen"
693 [[publisher.walkdir]]
697 user-login = "BurntSushi"
698 user-name = "Andrew Gallant"
704 user-login = "seanmonstar"
705 user-name = "Sean McArthur"
708 version = "0.11.0+wasi-snapshot-preview1"
711 user-login = "alexcrichton"
712 user-name = "Alex Crichton"
714 [[publisher.wasm-encoder]]
718 user-login = "alexcrichton"
719 user-name = "Alex Crichton"
721 [[publisher.wasm-encoder]]
725 user-login = "alexcrichton"
726 user-name = "Alex Crichton"
728 [[publisher.wasm-encoder]]
732 user-login = "alexcrichton"
733 user-name = "Alex Crichton"
735 [[publisher.wasm-smith]]
739 user-login = "alexcrichton"
740 user-name = "Alex Crichton"
742 [[publisher.wasm-smith]]
746 user-login = "alexcrichton"
747 user-name = "Alex Crichton"
749 [[publisher.wasm-smith]]
753 user-login = "alexcrichton"
754 user-name = "Alex Crichton"
760 user-login = "alexcrichton"
761 user-name = "Alex Crichton"
767 user-login = "alexcrichton"
768 user-name = "Alex Crichton"
774 user-login = "alexcrichton"
775 user-name = "Alex Crichton"
777 [[publisher.winapi-util]]
781 user-login = "BurntSushi"
782 user-name = "Andrew Gallant"
784 [[publisher.windows]]
788 user-login = "kennykerr"
789 user-name = "Kenny Kerr"
791 [[publisher.windows-core]]
795 user-login = "kennykerr"
796 user-name = "Kenny Kerr"
798 [[publisher.windows-sys]]
802 user-login = "kennykerr"
803 user-name = "Kenny Kerr"
805 [[publisher.windows-sys]]
809 user-login = "kennykerr"
810 user-name = "Kenny Kerr"
812 [[publisher.zeitstempel]]
816 user-login = "badboy"
817 user-name = "Jan-Erik Rediger"
819 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
820 who = "Nick Fitzgerald <fitzgen@gmail.com>"
821 criteria = "safe-to-deploy"
822 user-id = 696 # Nick Fitzgerald (fitzgen)
825 notes = "I am an author of this crate."
827 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
828 who = "Nick Fitzgerald <fitzgen@gmail.com>"
829 criteria = "safe-to-deploy"
830 user-id = 696 # Nick Fitzgerald (fitzgen)
833 notes = "I am an author of this crate"
835 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
836 who = "Alex Crichton <alex@alexcrichton.com>"
837 criteria = "safe-to-deploy"
838 user-id = 1 # Alex Crichton (alexcrichton)
842 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
843 repository of which I'm one of the primary maintainers and publishers for.
844 I am employed by a member of the Bytecode Alliance and plan to continue doing
845 so and will actively maintain this crate over time.
848 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
849 who = "Alex Crichton <alex@alexcrichton.com>"
850 criteria = "safe-to-deploy"
851 user-id = 1 # Alex Crichton (alexcrichton)
855 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
856 repository of which I'm one of the primary maintainers and publishers for.
857 I am employed by a member of the Bytecode Alliance and plan to continue doing
858 so and will actively maintain this crate over time.
861 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
862 who = "Alex Crichton <alex@alexcrichton.com>"
863 criteria = "safe-to-deploy"
864 user-id = 1 # Alex Crichton (alexcrichton)
868 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
869 repository of which I'm one of the primary maintainers and publishers for.
870 I am employed by a member of the Bytecode Alliance and plan to continue doing
871 so and will actively maintain this crate over time.
874 [[audits.bytecode-alliance.wildcard-audits.wast]]
875 who = "Alex Crichton <alex@alexcrichton.com>"
876 criteria = "safe-to-deploy"
877 user-id = 1 # Alex Crichton (alexcrichton)
881 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
882 repository of which I'm one of the primary maintainers and publishers for.
883 I am employed by a member of the Bytecode Alliance and plan to continue doing
884 so and will actively maintain this crate over time.
887 [[audits.bytecode-alliance.audits.adler]]
888 who = "Alex Crichton <alex@alexcrichton.com>"
889 criteria = "safe-to-deploy"
891 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
893 [[audits.bytecode-alliance.audits.arrayref]]
894 who = "Nick Fitzgerald <fitzgen@gmail.com>"
895 criteria = "safe-to-deploy"
898 Unsafe code, but its logic looks good to me. Necessary given what it is
899 doing. Well tested, has quickchecks.
902 [[audits.bytecode-alliance.audits.arrayvec]]
903 who = "Nick Fitzgerald <fitzgen@gmail.com>"
904 criteria = "safe-to-deploy"
907 Well documented invariants, good assertions for those invariants in unsafe code,
908 and tested with MIRI to boot. LGTM.
911 [[audits.bytecode-alliance.audits.base64]]
912 who = "Pat Hickey <phickey@fastly.com>"
913 criteria = "safe-to-deploy"
915 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
917 [[audits.bytecode-alliance.audits.bitflags]]
918 who = "Jamey Sharp <jsharp@fastly.com>"
919 criteria = "safe-to-deploy"
920 delta = "2.1.0 -> 2.2.1"
922 This version adds unsafe impls of traits from the bytemuck crate when built
923 with that library enabled, but I believe the impls satisfy the documented
924 safety requirements for bytemuck. The other changes are minor.
927 [[audits.bytecode-alliance.audits.bitflags]]
928 who = "Alex Crichton <alex@alexcrichton.com>"
929 criteria = "safe-to-deploy"
930 delta = "2.3.2 -> 2.3.3"
932 Nothing outside the realm of what one would expect from a bitflags generator,
936 [[audits.bytecode-alliance.audits.block-buffer]]
937 who = "Benjamin Bouvier <public@benj.me>"
938 criteria = "safe-to-deploy"
939 delta = "0.9.0 -> 0.10.2"
941 [[audits.bytecode-alliance.audits.bumpalo]]
942 who = "Nick Fitzgerald <fitzgen@gmail.com>"
943 criteria = "safe-to-deploy"
945 notes = "I am the author of this crate."
947 [[audits.bytecode-alliance.audits.cargo-platform]]
948 who = "Pat Hickey <phickey@fastly.com>"
949 criteria = "safe-to-deploy"
951 notes = "no build, no ambient capabilities, no unsafe"
953 [[audits.bytecode-alliance.audits.cc]]
954 who = "Alex Crichton <alex@alexcrichton.com>"
955 criteria = "safe-to-deploy"
957 notes = "I am the author of this crate."
959 [[audits.bytecode-alliance.audits.cfg-if]]
960 who = "Alex Crichton <alex@alexcrichton.com>"
961 criteria = "safe-to-deploy"
963 notes = "I am the author of this crate."
965 [[audits.bytecode-alliance.audits.codespan-reporting]]
966 who = "Jamey Sharp <jsharp@fastly.com>"
967 criteria = "safe-to-deploy"
969 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
971 [[audits.bytecode-alliance.audits.cpufeatures]]
972 who = "Alex Crichton <alex@alexcrichton.com>"
973 criteria = "safe-to-deploy"
974 delta = "0.2.2 -> 0.2.7"
976 This is a minor update that looks to add some more detected CPU features and
977 various other minor portability fixes such as MIRI support.
980 [[audits.bytecode-alliance.audits.crypto-common]]
981 who = "Benjamin Bouvier <public@benj.me>"
982 criteria = "safe-to-deploy"
985 [[audits.bytecode-alliance.audits.errno]]
986 who = "Dan Gohman <dev@sunfishcode.online>"
987 criteria = "safe-to-deploy"
989 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
991 [[audits.bytecode-alliance.audits.errno]]
992 who = "Dan Gohman <dev@sunfishcode.online>"
993 criteria = "safe-to-deploy"
994 delta = "0.3.0 -> 0.3.1"
995 notes = "Just a dependency version bump and a bug fix for redox"
997 [[audits.bytecode-alliance.audits.errno-dragonfly]]
998 who = "Jamey Sharp <jsharp@fastly.com>"
999 criteria = "safe-to-deploy"
1001 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
1003 [[audits.bytecode-alliance.audits.fallible-iterator]]
1004 who = "Alex Crichton <alex@alexcrichton.com>"
1005 criteria = "safe-to-deploy"
1006 delta = "0.2.0 -> 0.3.0"
1008 This major version update has a few minor breaking changes but everything
1009 this crate has to do with iterators and `Result` and such. No `unsafe` or
1010 anything like that, all looks good.
1013 [[audits.bytecode-alliance.audits.foreign-types]]
1014 who = "Pat Hickey <phickey@fastly.com>"
1015 criteria = "safe-to-deploy"
1017 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
1019 [[audits.bytecode-alliance.audits.foreign-types-shared]]
1020 who = "Pat Hickey <phickey@fastly.com>"
1021 criteria = "safe-to-deploy"
1024 [[audits.bytecode-alliance.audits.futures-channel]]
1025 who = "Pat Hickey <phickey@fastly.com>"
1026 criteria = "safe-to-deploy"
1028 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
1030 [[audits.bytecode-alliance.audits.futures-core]]
1031 who = "Pat Hickey <phickey@fastly.com>"
1032 criteria = "safe-to-deploy"
1034 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
1036 [[audits.bytecode-alliance.audits.futures-executor]]
1037 who = "Pat Hickey <phickey@fastly.com>"
1038 criteria = "safe-to-deploy"
1040 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
1042 [[audits.bytecode-alliance.audits.futures-io]]
1043 who = "Pat Hickey <phickey@fastly.com>"
1044 criteria = "safe-to-deploy"
1047 [[audits.bytecode-alliance.audits.futures-sink]]
1048 who = "Pat Hickey <phickey@fastly.com>"
1049 criteria = "safe-to-deploy"
1052 [[audits.bytecode-alliance.audits.heck]]
1053 who = "Alex Crichton <alex@alexcrichton.com>"
1054 criteria = "safe-to-deploy"
1056 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1058 [[audits.bytecode-alliance.audits.id-arena]]
1059 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1060 criteria = "safe-to-deploy"
1062 notes = "I am the author of this crate."
1064 [[audits.bytecode-alliance.audits.idna]]
1065 who = "Alex Crichton <alex@alexcrichton.com>"
1066 criteria = "safe-to-deploy"
1069 This is a crate without unsafe code or usage of the standard library. The large
1070 size of this crate comes from the large generated unicode tables file. This
1071 crate is broadly used throughout the ecosystem and does not contain anything
1075 [[audits.bytecode-alliance.audits.leb128]]
1076 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1077 criteria = "safe-to-deploy"
1079 notes = "I am the author of this crate."
1081 [[audits.bytecode-alliance.audits.memoffset]]
1082 who = "Alex Crichton <alex@alexcrichton.com>"
1083 criteria = "safe-to-deploy"
1084 delta = "0.7.1 -> 0.8.0"
1085 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1087 [[audits.bytecode-alliance.audits.miniz_oxide]]
1088 who = "Alex Crichton <alex@alexcrichton.com>"
1089 criteria = "safe-to-deploy"
1092 This crate is a Rust implementation of zlib compression/decompression and has
1093 been used by default by the Rust standard library for quite some time. It's also
1094 a default dependency of the popular `backtrace` crate for decompressing debug
1095 information. This crate forbids unsafe code and does not otherwise access system
1096 resources. It's originally a port of the `miniz.c` library as well, and given
1097 its own longevity should be relatively hardened against some of the more common
1098 compression-related issues.
1101 [[audits.bytecode-alliance.audits.mio]]
1102 who = "Alex Crichton <alex@alexcrichton.com>"
1103 criteria = "safe-to-deploy"
1104 delta = "0.8.6 -> 0.8.8"
1105 notes = "Mostly OS portability updates along with some minor bugfixes."
1107 [[audits.bytecode-alliance.audits.object]]
1108 who = "Alex Crichton <alex@alexcrichton.com>"
1109 criteria = "safe-to-deploy"
1110 delta = "0.30.3 -> 0.31.1"
1111 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1113 [[audits.bytecode-alliance.audits.object]]
1114 who = "Alex Crichton <alex@alexcrichton.com>"
1115 criteria = "safe-to-deploy"
1116 delta = "0.31.1 -> 0.32.0"
1117 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1119 [[audits.bytecode-alliance.audits.peeking_take_while]]
1120 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1121 criteria = "safe-to-deploy"
1123 notes = "I am the author of this crate."
1125 [[audits.bytecode-alliance.audits.percent-encoding]]
1126 who = "Alex Crichton <alex@alexcrichton.com>"
1127 criteria = "safe-to-deploy"
1130 This crate is a single-file crate that does what it says on the tin. There are
1131 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1132 as correct and otherwise this crate is good to go.
1135 [[audits.bytecode-alliance.audits.pin-utils]]
1136 who = "Pat Hickey <phickey@fastly.com>"
1137 criteria = "safe-to-deploy"
1140 [[audits.bytecode-alliance.audits.pkg-config]]
1141 who = "Pat Hickey <phickey@fastly.com>"
1142 criteria = "safe-to-deploy"
1144 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1146 [[audits.bytecode-alliance.audits.rustc-demangle]]
1147 who = "Alex Crichton <alex@alexcrichton.com>"
1148 criteria = "safe-to-deploy"
1150 notes = "I am the author of this crate."
1152 [[audits.bytecode-alliance.audits.semver]]
1153 who = "Pat Hickey <phickey@fastly.com>"
1154 criteria = "safe-to-deploy"
1156 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1158 [[audits.bytecode-alliance.audits.slab]]
1159 who = "Pat Hickey <phickey@fastly.com>"
1160 criteria = "safe-to-deploy"
1162 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1164 [[audits.bytecode-alliance.audits.socket2]]
1165 who = "Alex Crichton <alex@alexcrichton.com>"
1166 criteria = "safe-to-deploy"
1167 delta = "0.4.7 -> 0.4.9"
1168 notes = "Minor OS compat updates but otherwise nothing major here."
1170 [[audits.bytecode-alliance.audits.tempfile]]
1171 who = "Pat Hickey <phickey@fastly.com>"
1172 criteria = "safe-to-deploy"
1173 delta = "3.3.0 -> 3.5.0"
1175 [[audits.bytecode-alliance.audits.tempfile]]
1176 who = "Alex Crichton <alex@alexcrichton.com>"
1177 criteria = "safe-to-deploy"
1178 delta = "3.5.0 -> 3.6.0"
1179 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1181 [[audits.bytecode-alliance.audits.unicase]]
1182 who = "Alex Crichton <alex@alexcrichton.com>"
1183 criteria = "safe-to-deploy"
1186 This crate contains no `unsafe` code and no unnecessary use of the standard
1190 [[audits.bytecode-alliance.audits.unicode-bidi]]
1191 who = "Alex Crichton <alex@alexcrichton.com>"
1192 criteria = "safe-to-deploy"
1195 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1196 does not attempt to out of the bounds of what it's already supposed to be doing.
1199 [[audits.bytecode-alliance.audits.unicode-normalization]]
1200 who = "Alex Crichton <alex@alexcrichton.com>"
1201 criteria = "safe-to-deploy"
1204 This crate contains one usage of `unsafe` which I have manually checked to see
1205 it as correct. This crate's size comes in large part due to the generated
1206 unicode tables that it contains. This crate is additionally widely used
1207 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1208 and nothing suspicious.
1211 [[audits.embark-studios.wildcard-audits.presser]]
1212 who = "Gray Olson <opensource@embark-studios.com>"
1213 criteria = "safe-to-deploy"
1214 user-id = 52553 # embark-studios
1215 start = "2021-01-01"
1218 Small crate with no dependencies and no ambient capabilities. The safe interface of the crate
1219 is gated behind unsafe implementation of a core trait, and care must be taken to ensure that
1220 the relevant invariants are guaranteed when doing so. Maintained by the Ark team at Embark
1221 and used in production.
1224 [[audits.embark-studios.audits.anyhow]]
1225 who = "Johan Andersson <opensource@embark-studios.com>"
1226 criteria = "safe-to-deploy"
1229 [[audits.embark-studios.audits.cfg_aliases]]
1230 who = "Johan Andersson <opensource@embark-studios.com>"
1231 criteria = "safe-to-deploy"
1233 notes = "No unsafe usage or ambient capabilities"
1235 [[audits.embark-studios.audits.derive_more]]
1236 who = "Johan Andersson <opensource@embark-studios.com>"
1237 criteria = "safe-to-deploy"
1239 notes = "No unsafe usage or ambient capabilities"
1241 [[audits.embark-studios.audits.ident_case]]
1242 who = "Johan Andersson <opensource@embark-studios.com>"
1243 criteria = "safe-to-deploy"
1245 notes = "No unsafe usage or ambient capabilities"
1247 [[audits.embark-studios.audits.idna]]
1248 who = "Johan Andersson <opensource@embark-studios.com>"
1249 criteria = "safe-to-deploy"
1250 delta = "0.3.0 -> 0.4.0"
1251 notes = "No unsafe usage or ambient capabilities"
1253 [[audits.embark-studios.audits.line-wrap]]
1254 who = "Johan Andersson <opensource@embark-studios.com>"
1255 criteria = "safe-to-deploy"
1257 notes = "No unsafe usage or ambient capabilities"
1259 [[audits.embark-studios.audits.yaml-rust]]
1260 who = "Johan Andersson <opensource@embark-studios.com>"
1261 criteria = "safe-to-deploy"
1263 notes = "No unsafe usage or ambient capabilities"
1265 [[audits.google.audits.ash]]
1266 who = "David Koloski <dkoloski@google.com>"
1267 criteria = "safe-to-deploy"
1268 version = "0.37.0+1.3.209"
1269 notes = "Reviewed on https://fxrev.dev/694269"
1270 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1272 [[audits.google.audits.fastrand]]
1273 who = "George Burgess IV <gbiv@google.com>"
1274 criteria = "safe-to-deploy"
1277 `does-not-implement-crypto` is certified because this crate explicitly says
1278 that the RNG here is not cryptographically secure.
1280 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1282 [[audits.google.audits.futures]]
1283 who = "George Burgess IV <gbiv@google.com>"
1284 criteria = "safe-to-deploy"
1287 `futures` has no logic other than tests - it simply `pub use`s things from
1290 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1292 [[audits.google.audits.glob]]
1293 who = "George Burgess IV <gbiv@google.com>"
1294 criteria = "safe-to-deploy"
1296 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1298 [[audits.google.audits.http]]
1300 criteria = "safe-to-run"
1302 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1304 [[audits.google.audits.http-body]]
1306 criteria = "safe-to-run"
1308 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1310 [[audits.google.audits.httpdate]]
1312 criteria = "safe-to-run"
1314 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1316 [[audits.google.audits.hyper]]
1318 criteria = "safe-to-run"
1320 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1322 [[audits.google.audits.pin-project]]
1324 criteria = "safe-to-run"
1326 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1328 [[audits.google.audits.pin-project-internal]]
1330 criteria = "safe-to-run"
1332 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1334 [[audits.google.audits.pin-project-lite]]
1335 who = "David Koloski <dkoloski@google.com>"
1336 criteria = "safe-to-deploy"
1338 notes = "Reviewed on https://fxrev.dev/824504"
1339 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1341 [[audits.google.audits.scoped-tls]]
1342 who = "George Burgess IV <gbiv@google.com>"
1343 criteria = "safe-to-run"
1345 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1347 [[audits.google.audits.serde_urlencoded]]
1349 criteria = "safe-to-run"
1351 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1353 [[audits.google.audits.tokio]]
1354 who = "Vovo Yang <vovoy@google.com>"
1355 criteria = "safe-to-run"
1357 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1359 [[audits.google.audits.tokio-stream]]
1360 who = "David Koloski <dkoloski@google.com>"
1361 criteria = "safe-to-deploy"
1363 notes = "Reviewed on https://fxrev.dev/804724"
1364 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1366 [[audits.google.audits.tower-service]]
1368 criteria = "safe-to-run"
1370 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1372 [[audits.google.audits.tracing]]
1374 criteria = "safe-to-run"
1376 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1378 [[audits.google.audits.tracing-attributes]]
1380 criteria = "safe-to-run"
1382 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1384 [[audits.google.audits.tracing-core]]
1386 criteria = "safe-to-run"
1388 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1390 [[audits.google.audits.try-lock]]
1392 criteria = "safe-to-run"
1394 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1396 [[audits.google.audits.version_check]]
1397 who = "George Burgess IV <gbiv@google.com>"
1398 criteria = "safe-to-deploy"
1400 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1402 [[audits.google.audits.want]]
1404 criteria = "safe-to-run"
1406 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1408 [[audits.isrg.wildcard-audits.prio]]
1409 who = "David Cook <dcook@divviup.org>"
1410 criteria = "safe-to-deploy"
1411 user-id = 213776 # divviup-github-automation
1412 start = "2020-09-28"
1415 [[audits.isrg.audits.base64]]
1416 who = "Tim Geoghegan <timg@letsencrypt.org>"
1417 criteria = "safe-to-deploy"
1418 delta = "0.21.0 -> 0.21.1"
1420 [[audits.isrg.audits.base64]]
1421 who = "Brandon Pitman <bran@bran.land>"
1422 criteria = "safe-to-deploy"
1423 delta = "0.21.1 -> 0.21.2"
1425 [[audits.isrg.audits.base64]]
1426 who = "David Cook <dcook@divviup.org>"
1427 criteria = "safe-to-deploy"
1428 delta = "0.21.2 -> 0.21.3"
1430 [[audits.isrg.audits.block-buffer]]
1431 who = "David Cook <dcook@divviup.org>"
1432 criteria = "safe-to-deploy"
1435 [[audits.isrg.audits.getrandom]]
1436 who = "Tim Geoghegan <timg@letsencrypt.org>"
1437 criteria = "safe-to-deploy"
1438 delta = "0.2.9 -> 0.2.10"
1439 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1441 [[audits.isrg.audits.keccak]]
1442 who = "David Cook <dcook@divviup.org>"
1443 criteria = "safe-to-deploy"
1446 [[audits.isrg.audits.keccak]]
1447 who = "Brandon Pitman <bran@bran.land>"
1448 criteria = "safe-to-deploy"
1449 delta = "0.1.3 -> 0.1.4"
1451 [[audits.isrg.audits.once_cell]]
1452 who = "Brandon Pitman <bran@bran.land>"
1453 criteria = "safe-to-deploy"
1454 delta = "1.17.1 -> 1.17.2"
1456 [[audits.isrg.audits.once_cell]]
1457 who = "David Cook <dcook@divviup.org>"
1458 criteria = "safe-to-deploy"
1459 delta = "1.17.2 -> 1.18.0"
1461 [[audits.isrg.audits.once_cell]]
1462 who = "Brandon Pitman <bran@bran.land>"
1463 criteria = "safe-to-deploy"
1464 delta = "1.18.0 -> 1.19.0"
1466 [[audits.isrg.audits.rand_chacha]]
1467 who = "David Cook <dcook@divviup.org>"
1468 criteria = "safe-to-deploy"
1471 [[audits.isrg.audits.rand_core]]
1472 who = "David Cook <dcook@divviup.org>"
1473 criteria = "safe-to-deploy"
1476 [[audits.isrg.audits.rayon-core]]
1477 who = "Brandon Pitman <bran@bran.land>"
1478 criteria = "safe-to-deploy"
1479 delta = "1.10.2 -> 1.11.0"
1481 [[audits.isrg.audits.rayon-core]]
1482 who = "David Cook <dcook@divviup.org>"
1483 criteria = "safe-to-deploy"
1484 delta = "1.11.0 -> 1.12.0"
1486 [[audits.isrg.audits.sha2]]
1487 who = "David Cook <dcook@divviup.org>"
1488 criteria = "safe-to-deploy"
1491 [[audits.isrg.audits.sha3]]
1492 who = "David Cook <dcook@divviup.org>"
1493 criteria = "safe-to-deploy"
1496 [[audits.isrg.audits.sha3]]
1497 who = "Brandon Pitman <bran@bran.land>"
1498 criteria = "safe-to-deploy"
1499 delta = "0.10.7 -> 0.10.8"
1501 [[audits.mozilla.wildcard-audits.zeitstempel]]
1502 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1503 criteria = "safe-to-deploy"
1504 user-id = 48 # Jan-Erik Rediger (badboy)
1505 start = "2021-03-03"
1507 notes = "Maintained by me"
1508 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1510 [[audits.mozilla.audits.askama]]
1511 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1512 criteria = "safe-to-deploy"
1513 delta = "0.11.1 -> 0.12.0"
1514 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1515 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1517 [[audits.mozilla.audits.askama_derive]]
1518 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1519 criteria = "safe-to-deploy"
1520 delta = "0.11.2 -> 0.12.1"
1521 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1522 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1524 [[audits.mozilla.audits.basic-toml]]
1525 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1526 criteria = "safe-to-deploy"
1528 notes = "TOML parser, forked from toml 0.5"
1529 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1531 [[audits.mozilla.audits.bitflags]]
1532 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1533 criteria = "safe-to-deploy"
1534 delta = "2.4.0 -> 2.4.1"
1535 notes = "Only allowing new clippy lints"
1536 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1538 [[audits.mozilla.audits.either]]
1539 who = "Nika Layzell <nika@thelayzells.com>"
1540 criteria = "safe-to-deploy"
1543 Straightforward crate providing the Either enum and trait implementations with
1546 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1548 [[audits.mozilla.audits.lazy_static]]
1549 who = "Nika Layzell <nika@thelayzells.com>"
1550 criteria = "safe-to-deploy"
1552 notes = "I have read over the macros, and audited the unsafe code."
1553 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"