2 # cargo-vet audits file
4 [[wildcard-audits.audio_thread_priority]]
5 who = "Paul Adenot <paul@paul.cx>"
6 criteria = "safe-to-deploy"
7 user-id = 1258 # Paul Adenot (padenot)
11 I've written most of this crate, the rest has been either written and in any
12 case has been reviewed by Mozilla developers.
15 [[wildcard-audits.authenticator]]
16 who = "John M. Schanck <jschanck@mozilla.com>"
17 criteria = "safe-to-deploy"
18 user-id = 175410 # John Schanck (jschanck)
21 notes = "Maintained by the CryptoEng team at Mozilla."
23 [[wildcard-audits.bhttp]]
24 who = "Martin Thomson <mt@lowentropy.net>"
25 criteria = "safe-to-deploy"
26 user-id = 128763 # Martin Thomson (martinthomson)
29 notes = "Though the code is safe to run and deploy, the code for processing HTTP/1.1 messages (the `read-http` feature, specifically) is not suited for deployment in real applications, either clients or servers. Some features necessary for live deployment are not implemented, such as the proper handling of some types of response (e.g., a response to a HEAD request). Software that processes HTTP/1.1 messages requires a large number of compatibility tweaks if it is to be deployed interoperably. This feature only exists to support basic validation tools and is unlikely to be widely compatible."
31 [[wildcard-audits.cexpr]]
32 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
33 criteria = "safe-to-deploy"
34 user-id = 3788 # Emilio Cobos Álvarez (emilio)
37 notes = "No unsafe code, rather straight-forward parser."
39 [[wildcard-audits.cocoa]]
40 who = "Bobby Holley <bobbyholley@gmail.com>"
41 criteria = "safe-to-deploy"
42 user-id = 2396 # Josh Matthews (jdm)
46 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
48 [[wildcard-audits.cocoa]]
49 who = "Bobby Holley <bobbyholley@gmail.com>"
50 criteria = "safe-to-deploy"
51 user-id = 5946 # Jeff Muizelaar (jrmuizel)
55 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
57 [[wildcard-audits.cocoa-foundation]]
58 who = "Bobby Holley <bobbyholley@gmail.com>"
59 criteria = "safe-to-deploy"
60 user-id = 5946 # Jeff Muizelaar (jrmuizel)
64 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
66 [[wildcard-audits.cocoa-foundation]]
67 who = "Bobby Holley <bobbyholley@gmail.com>"
68 criteria = "safe-to-deploy"
69 user-id = 2396 # Josh Matthews (jdm)
73 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
75 [[wildcard-audits.core-foundation]]
76 who = "Bobby Holley <bobbyholley@gmail.com>"
77 criteria = "safe-to-deploy"
78 user-id = 2396 # Josh Matthews (jdm)
82 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
84 [[wildcard-audits.core-foundation]]
85 who = "Bobby Holley <bobbyholley@gmail.com>"
86 criteria = "safe-to-deploy"
87 user-id = 5946 # Jeff Muizelaar (jrmuizel)
91 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
93 [[wildcard-audits.core-foundation-sys]]
94 who = "Bobby Holley <bobbyholley@gmail.com>"
95 criteria = "safe-to-deploy"
96 user-id = 2396 # Josh Matthews (jdm)
100 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
102 [[wildcard-audits.core-foundation-sys]]
103 who = "Bobby Holley <bobbyholley@gmail.com>"
104 criteria = "safe-to-deploy"
105 user-id = 5946 # Jeff Muizelaar (jrmuizel)
109 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
111 [[wildcard-audits.core-graphics]]
112 who = "Bobby Holley <bobbyholley@gmail.com>"
113 criteria = "safe-to-deploy"
114 user-id = 2396 # Josh Matthews (jdm)
118 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
120 [[wildcard-audits.core-graphics]]
121 who = "Bobby Holley <bobbyholley@gmail.com>"
122 criteria = "safe-to-deploy"
123 user-id = 5946 # Jeff Muizelaar (jrmuizel)
127 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
129 [[wildcard-audits.core-graphics-types]]
130 who = "Bobby Holley <bobbyholley@gmail.com>"
131 criteria = "safe-to-deploy"
132 user-id = 2396 # Josh Matthews (jdm)
136 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
138 [[wildcard-audits.core-text]]
139 who = "Bobby Holley <bobbyholley@gmail.com>"
140 criteria = "safe-to-deploy"
141 user-id = 2396 # Josh Matthews (jdm)
145 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
147 [[wildcard-audits.core-text]]
148 who = "Bobby Holley <bobbyholley@gmail.com>"
149 criteria = "safe-to-deploy"
150 user-id = 5946 # Jeff Muizelaar (jrmuizel)
154 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
156 [[wildcard-audits.dogear]]
157 who = "Bobby Holley <bobbyholley@gmail.com>"
158 criteria = "safe-to-deploy"
159 user-id = 27901 # Lina Butler (linabutler)
162 notes = "Lina developed this crate as Mozilla staff."
164 [[wildcard-audits.encoding_rs]]
165 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
166 criteria = "safe-to-deploy"
167 user-id = 4484 # Henri Sivonen (hsivonen)
170 notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
172 [[wildcard-audits.etagere]]
173 who = "Nicolas Silva <nical@fastmail.com>"
174 criteria = "safe-to-deploy"
175 user-id = 1281 # Nicolas Silva (nical)
178 notes = "I am the author of this crate."
180 [[wildcard-audits.euclid]]
181 who = "Nicolas Silva <nical@fastmail.com>"
182 criteria = "safe-to-deploy"
183 user-id = 1281 # Nicolas Silva (nical)
186 notes = "I wrote most of the commits in the euclid reprository and review every change that is not produced by me."
188 [[wildcard-audits.freetype]]
189 who = "Bobby Holley <bobbyholley@gmail.com>"
190 criteria = "safe-to-deploy"
191 user-id = 2396 # Josh Matthews (jdm)
195 notes = "All code written or reviewed by Mozilla staff."
197 [[wildcard-audits.gleam]]
198 who = "Bobby Holley <bobbyholley@gmail.com>"
199 criteria = "safe-to-deploy"
200 user-id = 2396 # Josh Matthews (jdm)
204 notes = "All code written or reviewed by Mozilla."
206 [[wildcard-audits.gleam]]
207 who = "Bobby Holley <bobbyholley@gmail.com>"
208 criteria = "safe-to-deploy"
209 user-id = 5946 # Jeff Muizelaar (jrmuizel)
213 notes = "All code written or reviewed by Mozilla."
215 [[wildcard-audits.gleam]]
216 who = "Bobby Holley <bobbyholley@gmail.com>"
217 criteria = "safe-to-deploy"
222 notes = "All code written or reviewed by Mozilla."
224 [[wildcard-audits.glean]]
225 who = "Chris H-C <chutten@mozilla.com>"
226 criteria = "safe-to-deploy"
227 user-id = 48 # Jan-Erik Rediger (badboy)
230 notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
232 [[wildcard-audits.glean]]
233 who = "Travis Long <tlong@mozilla.com>"
234 criteria = "safe-to-deploy"
239 [[wildcard-audits.glean-core]]
240 who = "Chris H-C <chutten@mozilla.com>"
241 criteria = "safe-to-deploy"
242 user-id = 48 # Jan-Erik Rediger (badboy)
245 notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
247 [[wildcard-audits.glean-core]]
248 who = "Travis Long <tlong@mozilla.com>"
249 criteria = "safe-to-deploy"
254 [[wildcard-audits.glslopt]]
255 who = "Jamie Nicol <jnicol@mozilla.com>"
256 criteria = "safe-to-deploy"
257 user-id = 84794 # Jamie Nicol (jamienicol)
261 [[wildcard-audits.io-surface]]
262 who = "Bobby Holley <bobbyholley@gmail.com>"
263 criteria = "safe-to-deploy"
264 user-id = 2396 # Josh Matthews (jdm)
268 notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
270 [[wildcard-audits.marionette]]
271 who = "Henrik Skupin <mail@hskupin.info>"
272 criteria = "safe-to-run"
276 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
278 [[wildcard-audits.mozdevice]]
279 who = "Henrik Skupin <mail@hskupin.info>"
280 criteria = "safe-to-run"
284 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
286 [[wildcard-audits.mozprofile]]
287 who = "Henrik Skupin <mail@hskupin.info>"
288 criteria = "safe-to-deploy"
292 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
294 [[wildcard-audits.mozrunner]]
295 who = "Henrik Skupin <mail@hskupin.info>"
296 criteria = "safe-to-deploy"
300 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
302 [[wildcard-audits.mozversion]]
303 who = "Henrik Skupin <mail@hskupin.info>"
304 criteria = "safe-to-run"
308 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
310 [[wildcard-audits.nss-gk-api]]
311 who = "John M. Schanck <jschanck@mozilla.com>"
312 criteria = "safe-to-deploy"
313 user-id = 175410 # John Schanck (jschanck)
316 notes = "Maintained by the CryptoEng team at Mozilla."
318 [[wildcard-audits.ohttp]]
319 who = "Martin Thomson <mt@lowentropy.net>"
320 criteria = "safe-to-deploy"
321 user-id = 128763 # Martin Thomson (martinthomson)
324 notes = "This code contains two cryptographic back ends. No unsafe code is contained if the Rust `hpke` crate is used (the `rust-hpke` feature). Using NSS (the `nss` feature) involves extensive use of bindings to the native code provided by NSS. This interface uses wrappers that attempt to add safety to a fundamentally very dangerous library, but those wrappers have only been validated for use following the needs of this crate."
326 [[wildcard-audits.qcms]]
327 who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
328 criteria = "safe-to-deploy"
329 user-id = 5946 # Jeff Muizelaar (jrmuizel)
332 notes = "Maintained by the Graphics team at Mozilla in mozilla-central."
334 [[wildcard-audits.rust_cascade]]
335 who = "Dana Keeler <dkeeler@mozilla.com>"
336 criteria = "safe-to-deploy"
337 user-id = 57462 # Dana Keeler (mozkeeler)
340 notes = "Written and maintained by the security engineering team at Mozilla."
342 [[wildcard-audits.unicode-normalization]]
343 who = "Manish Goregaokar <manishsmail@gmail.com>"
344 criteria = "safe-to-deploy"
345 user-id = 1139 # Manish Goregaokar (Manishearth)
348 notes = "All code written or reviewed by Manish"
350 [[wildcard-audits.unicode-segmentation]]
351 who = "Manish Goregaokar <manishsmail@gmail.com>"
352 criteria = "safe-to-deploy"
353 user-id = 1139 # Manish Goregaokar (Manishearth)
356 notes = "All code written or reviewed by Manish"
358 [[wildcard-audits.unicode-width]]
359 who = "Manish Goregaokar <manishsmail@gmail.com>"
360 criteria = "safe-to-deploy"
361 user-id = 1139 # Manish Goregaokar (Manishearth)
364 notes = "All code written or reviewed by Manish"
366 [[wildcard-audits.unicode-xid]]
367 who = "Manish Goregaokar <manishsmail@gmail.com>"
368 criteria = "safe-to-deploy"
369 user-id = 1139 # Manish Goregaokar (Manishearth)
372 notes = "All code written or reviewed by Manish"
374 [[wildcard-audits.uniffi]]
375 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
376 criteria = "safe-to-deploy"
377 user-id = 48 # Jan-Erik Rediger (badboy)
380 notes = "Maintained by the Glean and Application Services teams"
382 [[wildcard-audits.uniffi]]
383 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
384 criteria = "safe-to-deploy"
385 user-id = 127697 # bendk
388 notes = "Maintained by the Glean and Application Services teams"
390 [[wildcard-audits.uniffi_bindgen]]
391 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
392 criteria = "safe-to-deploy"
393 user-id = 48 # Jan-Erik Rediger (badboy)
396 notes = "Maintained by the Glean and Application Services teams"
398 [[wildcard-audits.uniffi_bindgen]]
399 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
400 criteria = "safe-to-deploy"
401 user-id = 127697 # bendk
404 notes = "Maintained by the Glean and Application Services teams"
406 [[wildcard-audits.uniffi_build]]
407 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
408 criteria = "safe-to-deploy"
409 user-id = 48 # Jan-Erik Rediger (badboy)
412 notes = "Maintained by the Glean and Application Services teams"
414 [[wildcard-audits.uniffi_build]]
415 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
416 criteria = "safe-to-deploy"
417 user-id = 127697 # bendk
420 notes = "Maintained by the Glean and Application Services teams"
422 [[wildcard-audits.uniffi_checksum_derive]]
423 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
424 criteria = "safe-to-deploy"
425 user-id = 48 # Jan-Erik Rediger (badboy)
428 notes = "Maintained by the Glean and Application Services teams"
430 [[wildcard-audits.uniffi_checksum_derive]]
431 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
432 criteria = "safe-to-deploy"
433 user-id = 127697 # bendk
436 notes = "Maintained by the Glean and Application Services teams"
438 [[wildcard-audits.uniffi_core]]
439 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
440 criteria = "safe-to-deploy"
441 user-id = 48 # Jan-Erik Rediger (badboy)
444 notes = "Maintained by the Glean and Application Services teams"
446 [[wildcard-audits.uniffi_core]]
447 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
448 criteria = "safe-to-deploy"
449 user-id = 127697 # bendk
452 notes = "Maintained by the Glean and Application Services teams"
454 [[wildcard-audits.uniffi_macros]]
455 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
456 criteria = "safe-to-deploy"
457 user-id = 48 # Jan-Erik Rediger (badboy)
460 notes = "Maintained by the Glean and Application Services teams"
462 [[wildcard-audits.uniffi_macros]]
463 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
464 criteria = "safe-to-deploy"
465 user-id = 127697 # bendk
468 notes = "Maintained by the Glean and Application Services teams"
470 [[wildcard-audits.uniffi_meta]]
471 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
472 criteria = "safe-to-deploy"
473 user-id = 48 # Jan-Erik Rediger (badboy)
476 notes = "Maintained by the Glean and Application Services teams"
478 [[wildcard-audits.uniffi_meta]]
479 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
480 criteria = "safe-to-deploy"
481 user-id = 127697 # bendk
484 notes = "Maintained by the Glean and Application Services teams"
486 [[wildcard-audits.uniffi_testing]]
487 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
488 criteria = "safe-to-deploy"
489 user-id = 48 # Jan-Erik Rediger (badboy)
492 notes = "Maintained by the Glean and Application Services teams"
494 [[wildcard-audits.uniffi_testing]]
495 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
496 criteria = "safe-to-deploy"
497 user-id = 127697 # bendk
500 notes = "Maintained by the Glean and Application Services teams"
502 [[wildcard-audits.uniffi_udl]]
503 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
504 criteria = "safe-to-deploy"
505 user-id = 127697 # bendk
508 notes = "Maintained by the Glean and Application Services teams"
510 [[wildcard-audits.utf8_iter]]
511 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
512 criteria = "safe-to-deploy"
513 user-id = 4484 # Henri Sivonen (hsivonen)
516 notes = "Maintained by Henri Sivonen who works at Mozilla."
518 [[wildcard-audits.webdriver]]
519 who = "Henrik Skupin <mail@hskupin.info>"
520 criteria = "safe-to-deploy"
524 notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
527 who = "Lee Salzman <lsalzman@mozilla.com>"
528 criteria = "safe-to-deploy"
530 notes = "Written and maintained by Gfx team at Mozilla."
533 who = "Mike Hommey <mh+mozilla@glandium.org>"
534 criteria = "safe-to-deploy"
535 delta = "0.7.6 -> 0.7.8"
537 [[audits.aho-corasick]]
538 who = "Mike Hommey <mh+mozilla@glandium.org>"
539 criteria = "safe-to-deploy"
540 delta = "0.7.18 -> 0.7.20"
543 who = "Mike Hommey <mh+mozilla@glandium.org>"
544 criteria = "safe-to-deploy"
545 delta = "0.4.3 -> 0.7.0"
548 who = "Mike Hommey <mh+mozilla@glandium.org>"
549 criteria = "safe-to-deploy"
550 delta = "0.7.0 -> 0.8.1"
552 [[audits.android_logger]]
553 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
554 criteria = "safe-to-deploy"
556 notes = "Small crate, wrapping Android log functionality, reviewed by janerik"
558 [[audits.android_logger]]
559 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
560 criteria = "safe-to-deploy"
561 delta = "0.11.0 -> 0.11.1"
562 notes = "Small crate, wrapping Android log functionality, now switched to properly using MaybeUninit"
564 [[audits.android_logger]]
565 who = "Mike Hommey <mh+mozilla@glandium.org>"
566 criteria = "safe-to-deploy"
567 delta = "0.11.1 -> 0.11.3"
569 [[audits.android_logger]]
570 who = "Chris H-C <chutten@mozilla.com>"
571 criteria = "safe-to-deploy"
572 delta = "0.11.3 -> 0.12.0"
573 notes = "Small wrapper crate. This update fixes log level filtering."
575 [[audits.android_system_properties]]
576 who = "Nicolas Silva <nical@fastmail.com>"
577 criteria = "safe-to-deploy"
579 notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
581 [[audits.android_system_properties]]
582 who = "Mike Hommey <mh+mozilla@glandium.org>"
583 criteria = "safe-to-deploy"
584 delta = "0.1.2 -> 0.1.4"
586 [[audits.android_system_properties]]
587 who = "Mike Hommey <mh+mozilla@glandium.org>"
588 criteria = "safe-to-deploy"
589 delta = "0.1.4 -> 0.1.5"
592 who = "Mike Hommey <mh+mozilla@glandium.org>"
593 criteria = "safe-to-deploy"
594 delta = "1.0.57 -> 1.0.61"
597 who = "Bobby Holley <bobbyholley@gmail.com>"
598 criteria = "safe-to-deploy"
599 delta = "1.0.58 -> 1.0.57"
600 notes = "No functional differences, just CI config and docs."
603 who = "Mike Hommey <mh+mozilla@glandium.org>"
604 criteria = "safe-to-deploy"
605 delta = "1.0.61 -> 1.0.62"
608 who = "Mike Hommey <mh+mozilla@glandium.org>"
609 criteria = "safe-to-deploy"
610 delta = "1.0.62 -> 1.0.68"
613 who = "Mike Hommey <mh+mozilla@glandium.org>"
614 criteria = "safe-to-deploy"
615 delta = "1.0.68 -> 1.0.69"
618 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
619 criteria = "safe-to-deploy"
622 I'm pretty familiar with this crate. It provides a fixed-point numeric type.
623 The code is pretty straight-forward, there's no unsafe code at all.
627 who = "Nicolas Silva <nical@fastmail.com>"
628 criteria = "safe-to-deploy"
632 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
633 criteria = "safe-to-deploy"
634 delta = "0.7.1 -> 0.7.2"
635 notes = "Adding repr(transparent) plus a couple minor clean-ups, no functional changes from 0.7.1."
638 who = "Mike Hommey <mh+mozilla@glandium.org>"
639 criteria = "safe-to-run"
640 delta = "1.1.0 -> 1.1.1"
643 who = "Mike Hommey <mh+mozilla@glandium.org>"
644 criteria = "safe-to-run"
645 delta = "1.1.1 -> 1.1.3"
648 who = "Mike Hommey <mh+mozilla@glandium.org>"
649 criteria = "safe-to-run"
650 delta = "1.1.3 -> 1.2.0"
653 who = "Mike Hommey <mh+mozilla@glandium.org>"
654 criteria = "safe-to-run"
655 delta = "1.2.0 -> 1.2.3"
658 who = "Jim Blandy <jimb@red-bean.com>"
659 criteria = "safe-to-deploy"
660 delta = "0.37.0+1.3.209 -> 0.37.1+1.3.235"
662 Nicolas Silva, Jim Blandy, and Teodor Tanasoaia audited ash master
663 branch commits from e43e9c0c to 6bd82768 inclusive.
667 who = "Nicolas Silva <nical@fastmail.com>"
668 criteria = "safe-to-deploy"
669 delta = "0.37.1+1.3.235 -> 0.37.2+1.3.238"
672 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
673 criteria = "safe-to-deploy"
674 delta = "0.37.2+1.3.238 -> 0.37.3+1.3.251"
677 who = "Matthew Gregan <kinetik@flim.org>"
678 criteria = "safe-to-deploy"
681 Small unsafe wrapper around Android 8.0's ASharedMemory native API that falls
682 back to older private ioctl-based API at runtime on earlier OS releases. The
683 shim code is small and doesn't inspect the API arguments, so is unlikely to
684 expose any safety issues beyond those presented by the native OS API.
688 who = "Bobby Holley <bobbyholley@gmail.com>"
689 criteria = "safe-to-deploy"
692 Just contains some traits and re-exports for use by a broader package of related
693 crates. No unsafe code or ambient capability usage.
696 [[audits.async-task]]
697 who = "Nika Layzell <nika@thelayzells.com>"
698 criteria = "safe-to-deploy"
699 delta = "4.0.3 -> 4.0.3@git:f6488e35beccb26eb6e85847b02aa78a42cd3d0e"
700 notes = "Recorded by bholley, confirmed over slack."
702 [[audits.async-task]]
703 who = "Nika Layzell <nika@thelayzells.com>"
704 criteria = "safe-to-deploy"
705 delta = "4.0.3 -> 4.3.0"
706 notes = "Main addition is the new FallibleTask type, which I implemented. No risky unsafe code changes."
708 [[audits.async-trait]]
709 who = "Mike Hommey <mh+mozilla@glandium.org>"
710 criteria = "safe-to-deploy"
711 delta = "0.1.56 -> 0.1.57"
713 [[audits.async-trait]]
714 who = "Mike Hommey <mh+mozilla@glandium.org>"
715 criteria = "safe-to-deploy"
716 delta = "0.1.57 -> 0.1.60"
718 [[audits.async-trait]]
719 who = "Mike Hommey <mh+mozilla@glandium.org>"
720 criteria = "safe-to-deploy"
721 delta = "0.1.60 -> 0.1.64"
723 [[audits.atomic_refcell]]
724 who = "Bobby Holley <bholley@mozilla.com>"
725 criteria = "safe-to-deploy"
727 notes = "I maintain this crate and have reviewed every line."
729 [[audits.atomic_refcell]]
730 who = "Mike Hommey <mh+mozilla@glandium.org>"
731 criteria = "safe-to-deploy"
732 delta = "0.1.8 -> 0.1.9"
734 [[audits.audio-mixer]]
735 who = "Chun-Min Chang <chun.m.chang@gmail.com>"
736 criteria = "safe-to-deploy"
738 notes = "audio-mixer is a Mozilla-developed package."
740 [[audits.audio-mixer]]
741 who = "Mike Hommey <mh+mozilla@glandium.org>"
742 criteria = "safe-to-deploy"
743 delta = "0.1.2 -> 0.1.3"
745 [[audits.authenticator]]
746 who = "John M. Schanck <jschanck@mozilla.com>"
747 criteria = "safe-to-deploy"
748 version = "0.4.0-alpha.13"
749 notes = "Maintained by the CryptoEng team at Mozilla."
752 who = "Josh Stone <jistone@redhat.com>"
753 criteria = "safe-to-deploy"
755 notes = "All code written or reviewed by Josh Stone."
758 who = "Mike Hommey <mh+mozilla@glandium.org>"
759 criteria = "safe-to-deploy"
760 delta = "0.13.0 -> 0.13.1"
763 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
764 criteria = "safe-to-deploy"
766 notes = "I'm the primary author and maintainer of the crate."
769 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
770 criteria = "safe-to-deploy"
771 delta = "0.59.2 -> 0.63.0"
774 who = "Mike Hommey <mh+mozilla@glandium.org>"
775 criteria = "safe-to-deploy"
776 delta = "0.63.0 -> 0.64.0"
779 who = "Mike Hommey <mh+mozilla@glandium.org>"
780 criteria = "safe-to-deploy"
781 delta = "0.64.0 -> 0.66.1"
784 who = "Mike Hommey <mh+mozilla@glandium.org>"
785 criteria = "safe-to-deploy"
786 delta = "0.66.1 -> 0.68.1"
789 who = "Andreas Pehrson <apehrson@mozilla.com>"
790 criteria = "safe-to-deploy"
791 delta = "0.68.1 -> 0.69.1"
794 who = "Mike Hommey <mh+mozilla@glandium.org>"
795 criteria = "safe-to-deploy"
796 delta = "0.69.1 -> 0.69.2"
799 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
800 criteria = "safe-to-deploy"
801 delta = "0.69.2 -> 0.69.4"
804 who = "Aria Beingessner <a.beingessner@gmail.com>"
805 criteria = "safe-to-deploy"
807 notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
810 who = "Mike Hommey <mh+mozilla@glandium.org>"
811 criteria = "safe-to-deploy"
812 delta = "0.5.2 -> 0.5.3"
815 who = "Aria Beingessner <a.beingessner@gmail.com>"
816 criteria = "safe-to-deploy"
818 notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
821 who = "Alex Franchuk <afranchuk@mozilla.com>"
822 criteria = "safe-to-deploy"
823 delta = "1.3.2 -> 2.0.2"
824 notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
827 who = "Nicolas Silva <nical@fastmail.com>"
828 criteria = "safe-to-deploy"
829 delta = "2.0.2 -> 2.1.0"
832 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
833 criteria = "safe-to-deploy"
834 delta = "2.2.1 -> 2.3.2"
837 who = "Mike Hommey <mh+mozilla@glandium.org>"
838 criteria = "safe-to-deploy"
839 delta = "2.3.3 -> 2.4.0"
841 [[audits.block-buffer]]
842 who = "Mike Hommey <mh+mozilla@glandium.org>"
843 criteria = "safe-to-deploy"
844 delta = "0.10.2 -> 0.10.3"
846 [[audits.build-parallel]]
847 who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
848 criteria = "safe-to-deploy"
852 who = "Bobby Holley <bobbyholley@gmail.com>"
853 criteria = "safe-to-run"
854 delta = "3.9.1 -> 3.10.0"
856 Some nontrivial functional changes but certainly meets the no-malware bar of
857 safe-to-run. If we needed safe-to-deploy for this in m-c I'd ask Nick to re-
858 certify this version, but we don't, so this is fine for now.
862 who = "Mike Hommey <mh+mozilla@glandium.org>"
863 criteria = "safe-to-run"
864 delta = "3.11.1 -> 3.12.0"
867 who = "Mike Hommey <mh+mozilla@glandium.org>"
868 criteria = "safe-to-deploy"
869 delta = "1.1.0 -> 1.2.1"
872 who = "Mike Hommey <mh+mozilla@glandium.org>"
873 criteria = "safe-to-deploy"
874 delta = "1.2.1 -> 1.3.0"
877 who = "Mike Hommey <mh+mozilla@glandium.org>"
878 criteria = "safe-to-deploy"
879 delta = "1.3.0 -> 1.4.0"
882 who = "Mike Hommey <mh+mozilla@glandium.org>"
883 criteria = "safe-to-deploy"
884 delta = "1.0.9 -> 1.1.1"
887 who = "Mike Hommey <mh+mozilla@glandium.org>"
888 criteria = "safe-to-deploy"
889 delta = "1.1.1 -> 1.1.2"
891 [[audits.cargo_metadata]]
892 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
893 criteria = "safe-to-deploy"
895 notes = "I reviewed the whole code base. Parser for the output of cargo-metadata, relying mostly on serde. No unsafe code used."
897 [[audits.cargo_metadata]]
898 who = "Mike Hommey <mh+mozilla@glandium.org>"
899 criteria = "safe-to-deploy"
900 delta = "0.15.2 -> 0.15.3"
903 who = "Mike Hommey <mh+mozilla@glandium.org>"
904 criteria = "safe-to-deploy"
905 delta = "1.0.73 -> 1.0.78"
908 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
909 criteria = "safe-to-deploy"
911 notes = "I, Henri Sivonen, wrote this (safe-code-only) crate for Gecko even though the crate is published via crates.io."
914 who = "Bobby Holley <bobbyholley@gmail.com>"
915 criteria = "safe-to-deploy"
916 delta = "0.1.9 -> 0.1.9@git:3484d3e3ebdc8931493aa5df4d7ee9360a90e76b"
918 [[audits.chardetng_c]]
919 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
920 criteria = "safe-to-deploy"
922 notes = "I, Henri Sivonen, wrote this crate for Gecko even though it is published via crates.io. The buffer input assumes Rust slice constraints for the start pointer. In Gecko, this is taken care of by mozilla::Span, but the C API doesn't conform to idiomatic C constraints on this point."
924 [[audits.chardetng_c]]
925 who = "Bobby Holley <bobbyholley@gmail.com>"
926 criteria = "safe-to-deploy"
927 delta = "0.1.2 -> 0.1.2@git:ed8a4c6f900a90d4dbc1d64b856e61490a1c3570"
930 who = "Mike Hommey <mh+mozilla@glandium.org>"
931 criteria = "safe-to-deploy"
932 delta = "1.3.3 -> 1.4.0"
935 who = "Mike Hommey <mh+mozilla@glandium.org>"
936 criteria = "safe-to-deploy"
937 delta = "1.4.0 -> 1.6.0"
940 who = "Mike Hommey <mh+mozilla@glandium.org>"
941 criteria = "safe-to-deploy"
942 delta = "0.2.0 -> 0.2.2"
945 who = "Mike Hommey <mh+mozilla@glandium.org>"
946 criteria = "safe-to-deploy"
947 delta = "0.2.2 -> 0.2.4"
950 who = "Nick Alexander <nalexander@mozilla.com>"
951 criteria = "safe-to-deploy"
954 The comedy crate was written by Adam Gashlin for Mozilla's use. The entire
955 comedy 0.2.0 crate is full of `unsafe` code and makes many assumptions about
956 memory and layout, but there is no particular processing of untrusted input
961 who = "Mike Hommey <mh+mozilla@glandium.org>"
962 criteria = "safe-to-run"
963 delta = "0.16.0 -> 0.16.2"
965 [[audits.core-graphics]]
966 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
967 criteria = "safe-to-deploy"
968 delta = "0.22.3 -> 0.23.1"
970 [[audits.core-graphics-types]]
971 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
972 criteria = "safe-to-deploy"
973 delta = "0.1.1 -> 0.1.2"
976 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
977 criteria = "safe-to-deploy"
978 delta = "19.2.0 -> 20.0.0"
981 who = "Jonathan Kew <jfkthame@gmail.com>"
982 criteria = "safe-to-deploy"
983 delta = "20.0.0 -> 20.1.0"
985 The bulk of the 20.0.0 -> 20.1.0 changes were purely cosmetic clippy and rustfmt changes.
987 The only substantive change was the addition of wrappers to expose two additional Core Text APIs,
988 the variants of CTFontCreateWithName and CTFontCreateWithFontDescriptor that accept a CTFontOptions
989 parameter. These are directly parallel to the existing versions without CTFontOptions, and do not
990 introduce any new forms of risk.
993 [[audits.core_maths]]
994 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
995 criteria = "safe-to-deploy"
998 [[audits.coreaudio-sys]]
999 who = "Mike Hommey <mh+mozilla@glandium.org>"
1000 criteria = "safe-to-deploy"
1001 delta = "0.2.10 -> 0.2.11"
1003 [[audits.coreaudio-sys]]
1004 who = "Mike Hommey <mh+mozilla@glandium.org>"
1005 criteria = "safe-to-deploy"
1006 delta = "0.2.11 -> 0.2.12"
1008 [[audits.coreaudio-sys]]
1009 who = "Mike Hommey <mh+mozilla@glandium.org>"
1010 criteria = "safe-to-deploy"
1011 delta = "0.2.12 -> 0.2.13"
1013 [[audits.coreaudio-sys]]
1014 who = "Andreas Pehrson <apehrson@mozilla.com>"
1015 criteria = "safe-to-deploy"
1016 delta = "0.2.13 -> 0.2.14"
1019 who = "Mathew Hodson <mathew.hodson@gmail.com>"
1020 criteria = "safe-to-deploy"
1021 delta = "0.1.4 -> 0.1.4@git:43c22248d136c8b38fe42ea709d08da6355cf04b"
1023 [[audits.cpufeatures]]
1024 who = "Mike Hommey <mh+mozilla@glandium.org>"
1025 criteria = "safe-to-deploy"
1026 delta = "0.2.2 -> 0.2.4"
1028 [[audits.cpufeatures]]
1029 who = "Mike Hommey <mh+mozilla@glandium.org>"
1030 criteria = "safe-to-deploy"
1031 delta = "0.2.4 -> 0.2.5"
1033 [[audits.cpufeatures]]
1034 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1035 criteria = "safe-to-deploy"
1036 delta = "0.2.7 -> 0.2.8"
1037 notes = "This release contains a single fix for an issue that affected Firefox"
1039 [[audits.crash-context]]
1040 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1041 criteria = "safe-to-deploy"
1043 notes = "Mozilla employees contributed to this crate and the remaining code was fully audited"
1045 [[audits.crash-context]]
1046 who = "Alex Franchuk <afranchuk@mozilla.com>"
1047 criteria = "safe-to-deploy"
1048 delta = "0.5.1 -> 0.6.0"
1050 There are few changes. The main change is the removal of `winapi` in favor of
1051 manually-generated bindings (which are minimal). The few small bugfixes are
1055 [[audits.crash-context]]
1056 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1057 criteria = "safe-to-deploy"
1058 delta = "0.6.0 -> 0.6.1"
1060 [[audits.crossbeam-channel]]
1061 who = "Mike Hommey <mh+mozilla@glandium.org>"
1062 criteria = "safe-to-deploy"
1063 delta = "0.5.4 -> 0.5.6"
1065 [[audits.crossbeam-deque]]
1066 who = "Mike Hommey <mh+mozilla@glandium.org>"
1067 criteria = "safe-to-deploy"
1068 delta = "0.8.1 -> 0.8.2"
1070 [[audits.crossbeam-epoch]]
1071 who = "Mike Hommey <mh+mozilla@glandium.org>"
1072 criteria = "safe-to-deploy"
1073 delta = "0.9.8 -> 0.9.10"
1075 [[audits.crossbeam-epoch]]
1076 who = "Mike Hommey <mh+mozilla@glandium.org>"
1077 criteria = "safe-to-deploy"
1078 delta = "0.9.10 -> 0.9.13"
1080 [[audits.crossbeam-epoch]]
1081 who = "Mike Hommey <mh+mozilla@glandium.org>"
1082 criteria = "safe-to-deploy"
1083 delta = "0.9.13 -> 0.9.14"
1085 [[audits.crossbeam-queue]]
1086 who = "Matthew Gregan <kinetik@flim.org>"
1087 criteria = "safe-to-deploy"
1090 [[audits.crossbeam-utils]]
1091 who = "Mike Hommey <mh+mozilla@glandium.org>"
1092 criteria = "safe-to-deploy"
1093 delta = "0.8.8 -> 0.8.11"
1095 [[audits.crossbeam-utils]]
1096 who = "Mike Hommey <mh+mozilla@glandium.org>"
1097 criteria = "safe-to-deploy"
1098 delta = "0.8.11 -> 0.8.14"
1100 [[audits.crypto-common]]
1101 who = "Mike Hommey <mh+mozilla@glandium.org>"
1102 criteria = "safe-to-deploy"
1103 delta = "0.1.3 -> 0.1.6"
1105 [[audits.cssparser]]
1106 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1107 criteria = "safe-to-deploy"
1110 I've reviewed or authored most of the recent changes to this library, and it
1111 was developed by other mozilla folks. Unsafe code there is reasonable (utf-8
1112 casts for serialization and parsing).
1115 [[audits.cssparser]]
1116 who = "Bobby Holley <bobbyholley@gmail.com>"
1117 criteria = "safe-to-deploy"
1118 delta = "0.29.6 -> 0.31.0"
1120 All the changes in this release were authored by Mozilla staff, except the
1121 uninit_array stuff, which looks fine.
1124 [[audits.cssparser]]
1125 who = "Mike Hommey <mh+mozilla@glandium.org>"
1126 criteria = "safe-to-deploy"
1127 delta = "0.31.0 -> 0.31.2"
1129 [[audits.cssparser]]
1130 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1131 criteria = "safe-to-deploy"
1132 delta = "0.31.2 -> 0.32.0"
1133 notes = "All changes were either authored or reviewed by Mozilla employees."
1135 [[audits.cssparser]]
1136 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1137 criteria = "safe-to-deploy"
1138 delta = "0.32.0 -> 0.33.0"
1140 Mozilla authored. Breaking changes from 0.32 involve splitting color APIs into
1141 their own crate and removing an unused line number offset mechanism.
1144 [[audits.cssparser]]
1145 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1146 criteria = "safe-to-deploy"
1147 delta = "0.33.0 -> 0.33.0@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
1148 notes = "Only one minimal change exposing a previously-private enumeration."
1150 [[audits.cssparser-color]]
1151 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1152 criteria = "safe-to-deploy"
1154 notes = "This code used to live in cssparser's color module. Only moved out. Mozilla-authored."
1156 [[audits.cssparser-macros]]
1157 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1158 criteria = "safe-to-deploy"
1161 Trivial crate with a single proc macro to compute the max length of the inputs
1162 to a match expression.
1165 [[audits.cssparser-macros]]
1166 who = "Mike Hommey <mh+mozilla@glandium.org>"
1167 criteria = "safe-to-deploy"
1168 delta = "0.6.0 -> 0.6.1"
1170 [[audits.cssparser-macros]]
1171 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1172 criteria = "safe-to-deploy"
1173 delta = "0.6.1 -> 0.6.1@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
1174 notes = "No changes from already-certified upstream, but needed because it lives in the same git repo as the cssparser crate."
1177 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
1178 criteria = "safe-to-deploy"
1181 I've reviewed the code of the crate thoroughly. It generates an unsafe block
1182 which is statically guaranteed to be safe. Inputs to the macro have to be
1183 static so there's no uncontrolled input whatsoever.
1187 who = "Mike Hommey <mh+mozilla@glandium.org>"
1188 criteria = "safe-to-deploy"
1189 delta = "0.2.10 -> 0.2.11"
1192 who = "Matthew Gregan <kinetik@flim.org>"
1193 criteria = "safe-to-deploy"
1196 Mozilla-developed package.
1200 who = "Matthew Gregan <kinetik@flim.org>"
1201 criteria = "safe-to-deploy"
1202 delta = "0.10.1 -> 0.10.2"
1205 who = "Mike Hommey <mh+mozilla@glandium.org>"
1206 criteria = "safe-to-deploy"
1207 delta = "0.10.2 -> 0.10.3"
1210 who = "Andreas Pehrson <apehrson@mozilla.com>"
1211 criteria = "safe-to-deploy"
1212 delta = "0.10.3 -> 0.12.0"
1214 [[audits.cubeb-backend]]
1215 who = "Matthew Gregan <kinetik@flim.org>"
1216 criteria = "safe-to-deploy"
1219 Mozilla-developed package.
1222 [[audits.cubeb-backend]]
1223 who = "Matthew Gregan <kinetik@flim.org>"
1224 criteria = "safe-to-deploy"
1225 delta = "0.10.1 -> 0.10.2"
1227 [[audits.cubeb-backend]]
1228 who = "Paul Adenot <paul@paul.cx>"
1229 criteria = "safe-to-deploy"
1230 delta = "0.10.2 -> 0.10.3"
1232 Mozilla-developed package.
1235 [[audits.cubeb-backend]]
1236 who = "Andreas Pehrson <apehrson@mozilla.com>"
1237 criteria = "safe-to-deploy"
1238 delta = "0.10.3 -> 0.10.7"
1240 [[audits.cubeb-backend]]
1241 who = "Andreas Pehrson <apehrson@mozilla.com>"
1242 criteria = "safe-to-deploy"
1243 delta = "0.10.7 -> 0.12.0"
1245 [[audits.cubeb-core]]
1246 who = "Matthew Gregan <kinetik@flim.org>"
1247 criteria = "safe-to-deploy"
1250 Mozilla-developed package.
1253 [[audits.cubeb-core]]
1254 who = "Matthew Gregan <kinetik@flim.org>"
1255 criteria = "safe-to-deploy"
1256 delta = "0.10.1 -> 0.10.2"
1258 [[audits.cubeb-core]]
1259 who = "Paul Adenot <paul@paul.cx>"
1260 criteria = "safe-to-deploy"
1261 delta = "0.10.2 -> 0.10.3"
1263 Mozilla-developed package.
1266 [[audits.cubeb-core]]
1267 who = "Mike Hommey <mh+mozilla@glandium.org>"
1268 criteria = "safe-to-deploy"
1269 delta = "0.10.3 -> 0.10.4"
1271 [[audits.cubeb-core]]
1272 who = "Andreas Pehrson <apehrson@mozilla.com>"
1273 criteria = "safe-to-deploy"
1274 delta = "0.10.4 -> 0.10.7"
1276 [[audits.cubeb-core]]
1277 who = "Andreas Pehrson <apehrson@mozilla.com>"
1278 criteria = "safe-to-deploy"
1279 delta = "0.10.7 -> 0.12.0"
1281 [[audits.cubeb-sys]]
1282 who = "Matthew Gregan <kinetik@flim.org>"
1283 criteria = "safe-to-deploy"
1286 Mozilla-developed package.
1289 [[audits.cubeb-sys]]
1290 who = "Matthew Gregan <kinetik@flim.org>"
1291 criteria = "safe-to-deploy"
1292 delta = "0.10.1 -> 0.10.2"
1294 [[audits.cubeb-sys]]
1295 who = "Paul Adenot <paul@paul.cx>"
1296 criteria = "safe-to-deploy"
1297 delta = "0.10.2 -> 0.10.3"
1299 Mozilla-developed package.
1302 [[audits.cubeb-sys]]
1303 who = "Andreas Pehrson <apehrson@mozilla.com>"
1304 criteria = "safe-to-deploy"
1305 delta = "0.10.3 -> 0.10.7"
1307 [[audits.cubeb-sys]]
1308 who = "Andreas Pehrson <apehrson@mozilla.com>"
1309 criteria = "safe-to-deploy"
1310 delta = "0.10.7 -> 0.12.0"
1313 who = "Jim Blandy <jimb@red-bean.com>"
1314 criteria = "safe-to-deploy"
1315 delta = "0.4.1 -> 0.5.0"
1316 notes = "The commits between 0.4.1 and 0.5.0 were all audited by Dzmitry Malyshau or myself."
1319 who = "Nicolas Silva <nical@fastmail.com>"
1320 criteria = "safe-to-deploy"
1321 delta = "0.5.0 -> 0.7.0"
1325 "Erich Gubler <egubler@mozilla.com>",
1326 "Jim Blandy <jimb@red-bean.com>",
1327 "Nicolas Silva <nical@fastmail.com>",
1328 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
1329 "Erich Gubler <erichdongubler@gmail.com>",
1331 criteria = "safe-to-deploy"
1332 delta = "0.7.0 -> 0.19.0@git:152a94bc6c502226d9871f28e35db0b755ea35bf"
1336 who = "Mike Hommey <mh+mozilla@glandium.org>"
1337 criteria = "safe-to-deploy"
1338 delta = "0.13.4 -> 0.14.2"
1341 who = "Mike Hommey <mh+mozilla@glandium.org>"
1342 criteria = "safe-to-deploy"
1343 delta = "0.14.2 -> 0.14.3"
1346 who = "Mike Hommey <mh+mozilla@glandium.org>"
1347 criteria = "safe-to-deploy"
1348 delta = "0.14.3 -> 0.20.1"
1350 [[audits.darling_core]]
1351 who = "Mike Hommey <mh+mozilla@glandium.org>"
1352 criteria = "safe-to-deploy"
1353 delta = "0.13.4 -> 0.14.2"
1355 [[audits.darling_core]]
1356 who = "Mike Hommey <mh+mozilla@glandium.org>"
1357 criteria = "safe-to-deploy"
1358 delta = "0.14.2 -> 0.14.3"
1360 [[audits.darling_core]]
1361 who = "Mike Hommey <mh+mozilla@glandium.org>"
1362 criteria = "safe-to-deploy"
1363 delta = "0.14.3 -> 0.20.1"
1365 [[audits.darling_macro]]
1366 who = "Mike Hommey <mh+mozilla@glandium.org>"
1367 criteria = "safe-to-deploy"
1368 delta = "0.13.4 -> 0.14.2"
1370 [[audits.darling_macro]]
1371 who = "Mike Hommey <mh+mozilla@glandium.org>"
1372 criteria = "safe-to-deploy"
1373 delta = "0.14.2 -> 0.14.3"
1375 [[audits.darling_macro]]
1376 who = "Mike Hommey <mh+mozilla@glandium.org>"
1377 criteria = "safe-to-deploy"
1378 delta = "0.14.3 -> 0.20.1"
1380 [[audits.data-encoding]]
1381 who = "Mike Hommey <mh+mozilla@glandium.org>"
1382 criteria = "safe-to-deploy"
1383 delta = "2.3.2 -> 2.3.3"
1386 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1387 criteria = "safe-to-deploy"
1389 notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it."
1391 [[audits.derive_arbitrary]]
1392 who = "Mike Hommey <mh+mozilla@glandium.org>"
1393 criteria = "safe-to-run"
1394 delta = "1.1.0 -> 1.1.1"
1396 [[audits.derive_arbitrary]]
1397 who = "Mike Hommey <mh+mozilla@glandium.org>"
1398 criteria = "safe-to-run"
1399 delta = "1.1.1 -> 1.1.3"
1401 [[audits.derive_arbitrary]]
1402 who = "Mike Hommey <mh+mozilla@glandium.org>"
1403 criteria = "safe-to-run"
1404 delta = "1.1.3 -> 1.2.1"
1406 [[audits.derive_arbitrary]]
1407 who = "Mike Hommey <mh+mozilla@glandium.org>"
1408 criteria = "safe-to-run"
1409 delta = "1.2.1 -> 1.2.3"
1411 [[audits.derive_arbitrary]]
1412 who = "Mike Hommey <mh+mozilla@glandium.org>"
1413 criteria = "safe-to-run"
1414 delta = "1.3.0 -> 1.3.1"
1416 [[audits.derive_more]]
1417 who = "Mike Hommey <mh+mozilla@glandium.org>"
1418 criteria = "safe-to-deploy"
1419 delta = "0.99.17 -> 1.0.0-beta.2"
1422 who = "Mike Hommey <mh+mozilla@glandium.org>"
1423 criteria = "safe-to-deploy"
1424 delta = "0.3.4 -> 0.3.5"
1427 who = "Mike Hommey <mh+mozilla@glandium.org>"
1428 criteria = "safe-to-deploy"
1429 delta = "0.3.5 -> 0.3.6"
1432 who = "Mike Hommey <mh+mozilla@glandium.org>"
1433 criteria = "safe-to-deploy"
1434 delta = "0.10.3 -> 0.10.6"
1437 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1438 criteria = "safe-to-deploy"
1440 notes = "This crate is FFI wrapper generator using by ICU4X ffi libraries. This uses unsafe code to convert paramenters, I have reviewed this and generated headers."
1443 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1444 criteria = "safe-to-deploy"
1445 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1448 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1449 criteria = "safe-to-deploy"
1450 delta = "0.5.2 -> 0.7.0"
1452 [[audits.diplomat-runtime]]
1453 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1454 criteria = "safe-to-deploy"
1456 notes = "This crate is FFI wrapper generator runtime using by ICU4X ffi libraries. This uses unsafe code for memory access of FFI. I have reviewed carefully."
1458 [[audits.diplomat-runtime]]
1459 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1460 criteria = "safe-to-deploy"
1461 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1463 [[audits.diplomat-runtime]]
1464 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1465 criteria = "safe-to-deploy"
1466 delta = "0.5.2 -> 0.7.0"
1468 [[audits.diplomat_core]]
1469 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1470 criteria = "safe-to-deploy"
1472 notes = "This crate contains unsafe code, no network and no file access."
1474 [[audits.diplomat_core]]
1475 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1476 criteria = "safe-to-deploy"
1477 delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
1479 [[audits.diplomat_core]]
1480 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1481 criteria = "safe-to-deploy"
1482 delta = "0.5.2 -> 0.7.0"
1484 [[audits.displaydoc]]
1485 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
1486 criteria = "safe-to-deploy"
1489 This crate is convenient macros to implement core::fmt::Display trait.
1490 Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access.
1491 It meets the criteria for safe-to-deploy.
1494 [[audits.displaydoc]]
1495 who = "Mike Hommey <mh+mozilla@glandium.org>"
1496 criteria = "safe-to-deploy"
1497 delta = "0.2.3 -> 0.2.4"
1499 [[audits.document-features]]
1500 who = "Erich Gubler <erichdongubler@gmail.com>"
1501 criteria = "safe-to-deploy"
1505 who = "Sammy Khamis <skhamis@mozilla.com>"
1506 criteria = "safe-to-deploy"
1507 delta = "0.4.0 -> 0.5.0"
1508 notes = "The repository for this crate belongs in the Mozilla org."
1510 [[audits.dtoa-short]]
1511 who = "Bobby Holley <bobbyholley@gmail.com>"
1512 criteria = "safe-to-deploy"
1516 who = "Bobby Holley <bobbyholley@gmail.com>"
1517 criteria = "safe-to-deploy"
1519 notes = "All code written or reviewed by Mozilla staff."
1522 who = "Mike Hommey <mh+mozilla@glandium.org>"
1523 criteria = "safe-to-deploy"
1524 delta = "1.6.1 -> 1.7.0"
1527 who = "Mike Hommey <mh+mozilla@glandium.org>"
1528 criteria = "safe-to-deploy"
1529 delta = "1.7.0 -> 1.8.0"
1532 who = "Mike Hommey <mh+mozilla@glandium.org>"
1533 criteria = "safe-to-deploy"
1534 delta = "1.8.0 -> 1.8.1"
1536 [[audits.embed-manifest]]
1537 who = "Alex Franchuk <afranchuk@mozilla.com>"
1538 criteria = "safe-to-deploy"
1540 notes = "Necessary dependencies, all environment variable access is for build script vars set by cargo."
1542 [[audits.encoding_c]]
1543 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1544 criteria = "safe-to-deploy"
1546 notes = "I, Henri Sivonen, wrote encoding_c for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/issues/79#issuecomment-1211870361"
1548 [[audits.encoding_c_mem]]
1549 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1550 criteria = "safe-to-deploy"
1553 I, Henri Sivonen, wrote encoding_c_mem for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C
1554 ++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/i
1555 ssues/79#issuecomment-1211870361
1558 [[audits.encoding_rs]]
1559 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
1560 criteria = "safe-to-deploy"
1562 notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
1564 [[audits.encoding_rs]]
1565 who = "Mike Hommey <mh+mozilla@glandium.org>"
1566 criteria = "safe-to-deploy"
1567 delta = "0.8.31 -> 0.8.32"
1570 who = "Kershaw Chang <kershaw@mozilla.com>"
1571 criteria = "safe-to-deploy"
1574 [[audits.enum-map-derive]]
1575 who = "Kershaw Chang <kershaw@mozilla.com>"
1576 criteria = "safe-to-deploy"
1579 [[audits.enum-primitive-derive]]
1580 who = "Gabriele Svelto <gsvelto@mozilla.com>"
1581 criteria = "safe-to-deploy"
1585 who = "Mike Hommey <mh+mozilla@glandium.org>"
1586 criteria = "safe-to-deploy"
1587 delta = "1.0.11 -> 1.0.12"
1590 who = "Mike Hommey <mh+mozilla@glandium.org>"
1591 criteria = "safe-to-deploy"
1592 delta = "1.0.12 -> 1.1.2"
1594 [[audits.enumset_derive]]
1595 who = "Mike Hommey <mh+mozilla@glandium.org>"
1596 criteria = "safe-to-deploy"
1597 delta = "0.6.0 -> 0.6.1"
1599 [[audits.enumset_derive]]
1600 who = "Mike Hommey <mh+mozilla@glandium.org>"
1601 criteria = "safe-to-deploy"
1602 delta = "0.6.1 -> 0.8.1"
1604 [[audits.env_logger]]
1605 who = "Mike Hommey <mh+mozilla@glandium.org>"
1606 criteria = "safe-to-deploy"
1607 delta = "0.9.0 -> 0.9.3"
1609 [[audits.env_logger]]
1610 who = "Nicolas Silva <nical@fastmail.com>"
1611 criteria = "safe-to-deploy"
1612 delta = "0.9.3 -> 0.10.0"
1615 who = "Mike Hommey <mh+mozilla@glandium.org>"
1616 criteria = "safe-to-deploy"
1617 delta = "0.3.1 -> 0.3.3"
1620 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
1621 criteria = "safe-to-deploy"
1623 notes = "Inspected the crate and noted that the impl block comes directly from the proc-macro input. If no new code can be added by this crate, I don't think there can be any issues."
1626 who = "Mike Hommey <mh+mozilla@glandium.org>"
1627 criteria = "safe-to-deploy"
1628 delta = "1.1.2 -> 1.2.0"
1630 [[audits.fallible_collections]]
1631 who = "Mike Hommey <mh+mozilla@glandium.org>"
1632 criteria = "safe-to-deploy"
1633 delta = "0.4.4 -> 0.4.5"
1635 [[audits.fallible_collections]]
1636 who = "Mike Hommey <mh+mozilla@glandium.org>"
1637 criteria = "safe-to-deploy"
1638 delta = "0.4.5 -> 0.4.6"
1639 notes = "The changes in this version are mine."
1642 who = "Mike Hommey <mh+mozilla@glandium.org>"
1643 criteria = "safe-to-deploy"
1644 delta = "1.7.0 -> 1.8.0"
1647 who = "Mike Hommey <mh+mozilla@glandium.org>"
1648 criteria = "safe-to-deploy"
1649 delta = "1.8.0 -> 1.9.0"
1652 who = "Mike Hommey <mh+mozilla@glandium.org>"
1653 criteria = "safe-to-deploy"
1654 delta = "1.9.0 -> 2.0.0"
1656 [[audits.filetime_win]]
1657 who = "Nick Alexander <nalexander@mozilla.com>"
1658 criteria = "safe-to-deploy"
1661 filetime_win was written by Adam Gashlin for Mozilla's use. The `unsafe` code
1662 blocks in filetime_win 0.2.0 are straight-forward invocations of `mem::zeroed`
1663 and expected invocations of Win32 APIs (with error handling as appropriate).
1667 who = "Ryan Hunt <rhunt@eqrion.net>"
1668 criteria = "safe-to-deploy"
1670 notes = "Uses no ambient capabilities, vetted the one instance of unsafe."
1673 who = "Mike Hommey <mh+mozilla@glandium.org>"
1674 criteria = "safe-to-deploy"
1675 delta = "1.0.24 -> 1.0.25"
1678 who = "Zibi Braniecki <zibi@unicode.org>"
1679 criteria = "safe-to-deploy"
1682 [[audits.fluent-bundle]]
1683 who = "Zibi Braniecki <zibi@unicode.org>"
1684 criteria = "safe-to-deploy"
1687 [[audits.fluent-fallback]]
1688 who = "Zibi Braniecki <zibi@unicode.org>"
1689 criteria = "safe-to-deploy"
1692 [[audits.fluent-fallback]]
1693 who = "Greg Tatum <tatum.creative@gmail.com>"
1694 criteria = "safe-to-deploy"
1695 delta = "0.6.0 -> 0.7.0"
1697 [[audits.fluent-langneg]]
1698 who = "Zibi Braniecki <zibi@unicode.org>"
1699 criteria = "safe-to-deploy"
1702 [[audits.fluent-pseudo]]
1703 who = "Zibi Braniecki <zibi@unicode.org>"
1704 criteria = "safe-to-deploy"
1707 [[audits.fluent-syntax]]
1708 who = "Zibi Braniecki <zibi@unicode.org>"
1709 criteria = "safe-to-deploy"
1712 [[audits.fluent-testing]]
1713 who = "Zibi Braniecki <zibi@unicode.org>"
1714 criteria = "safe-to-run"
1717 [[audits.fluent-testing]]
1718 who = "Greg Tatum <tatum.creative@gmail.com>"
1719 criteria = "safe-to-run"
1720 delta = "0.0.2 -> 0.0.3"
1723 who = "Bobby Holley <bobbyholley@gmail.com>"
1724 criteria = "safe-to-deploy"
1726 notes = "Simple hasher implementation with no unsafe code."
1728 [[audits.foreign-types]]
1729 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1730 criteria = "safe-to-deploy"
1731 delta = "0.3.2 -> 0.5.0"
1733 [[audits.foreign-types-macros]]
1734 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1735 criteria = "safe-to-deploy"
1738 [[audits.foreign-types-shared]]
1739 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
1740 criteria = "safe-to-deploy"
1741 delta = "0.1.1 -> 0.3.1"
1743 [[audits.form_urlencoded]]
1744 who = "Valentin Gosu <valentin.gosu@gmail.com>"
1745 criteria = "safe-to-deploy"
1748 [[audits.form_urlencoded]]
1749 who = "Valentin Gosu <valentin.gosu@gmail.com>"
1750 criteria = "safe-to-deploy"
1751 delta = "1.2.0 -> 1.2.1"
1754 who = "Mike Hommey <mh+mozilla@glandium.org>"
1755 criteria = "safe-to-deploy"
1756 delta = "2.7.0 -> 2.8.1"
1759 who = "Mike Hommey <mh+mozilla@glandium.org>"
1760 criteria = "safe-to-deploy"
1761 delta = "2.8.1 -> 2.9.0"
1764 who = "Mike Hommey <mh+mozilla@glandium.org>"
1765 criteria = "safe-to-deploy"
1766 delta = "0.3.21 -> 0.3.23"
1769 who = "Mike Hommey <mh+mozilla@glandium.org>"
1770 criteria = "safe-to-deploy"
1771 delta = "0.3.23 -> 0.3.25"
1774 who = "Mike Hommey <mh+mozilla@glandium.org>"
1775 criteria = "safe-to-deploy"
1776 delta = "0.3.25 -> 0.3.26"
1779 who = "Mike Hommey <mh+mozilla@glandium.org>"
1780 criteria = "safe-to-deploy"
1781 delta = "0.3.26 -> 0.3.28"
1783 [[audits.futures-channel]]
1784 who = "Mike Hommey <mh+mozilla@glandium.org>"
1785 criteria = "safe-to-deploy"
1786 delta = "0.3.21 -> 0.3.23"
1788 [[audits.futures-channel]]
1789 who = "Mike Hommey <mh+mozilla@glandium.org>"
1790 criteria = "safe-to-deploy"
1791 delta = "0.3.23 -> 0.3.25"
1793 [[audits.futures-channel]]
1794 who = "Mike Hommey <mh+mozilla@glandium.org>"
1795 criteria = "safe-to-deploy"
1796 delta = "0.3.25 -> 0.3.26"
1798 [[audits.futures-channel]]
1799 who = "Bobby Holley <bobbyholley@gmail.com>"
1800 criteria = "safe-to-deploy"
1801 delta = "0.3.27 -> 0.3.26"
1803 [[audits.futures-channel]]
1804 who = "Mike Hommey <mh+mozilla@glandium.org>"
1805 criteria = "safe-to-deploy"
1806 delta = "0.3.27 -> 0.3.28"
1808 [[audits.futures-core]]
1809 who = "Mike Hommey <mh+mozilla@glandium.org>"
1810 criteria = "safe-to-deploy"
1811 delta = "0.3.21 -> 0.3.23"
1813 [[audits.futures-core]]
1814 who = "Mike Hommey <mh+mozilla@glandium.org>"
1815 criteria = "safe-to-deploy"
1816 delta = "0.3.23 -> 0.3.25"
1818 [[audits.futures-core]]
1819 who = "Mike Hommey <mh+mozilla@glandium.org>"
1820 criteria = "safe-to-deploy"
1821 delta = "0.3.25 -> 0.3.26"
1823 [[audits.futures-core]]
1824 who = "Bobby Holley <bobbyholley@gmail.com>"
1825 criteria = "safe-to-deploy"
1826 delta = "0.3.27 -> 0.3.26"
1828 [[audits.futures-core]]
1829 who = "Mike Hommey <mh+mozilla@glandium.org>"
1830 criteria = "safe-to-deploy"
1831 delta = "0.3.27 -> 0.3.28"
1833 [[audits.futures-executor]]
1834 who = "Mike Hommey <mh+mozilla@glandium.org>"
1835 criteria = "safe-to-deploy"
1836 delta = "0.3.21 -> 0.3.23"
1838 [[audits.futures-executor]]
1839 who = "Mike Hommey <mh+mozilla@glandium.org>"
1840 criteria = "safe-to-deploy"
1841 delta = "0.3.23 -> 0.3.25"
1843 [[audits.futures-executor]]
1844 who = "Mike Hommey <mh+mozilla@glandium.org>"
1845 criteria = "safe-to-deploy"
1846 delta = "0.3.25 -> 0.3.26"
1848 [[audits.futures-executor]]
1849 who = "Bobby Holley <bobbyholley@gmail.com>"
1850 criteria = "safe-to-deploy"
1851 delta = "0.3.27 -> 0.3.23"
1853 [[audits.futures-executor]]
1854 who = "Mike Hommey <mh+mozilla@glandium.org>"
1855 criteria = "safe-to-deploy"
1856 delta = "0.3.27 -> 0.3.28"
1858 [[audits.futures-io]]
1859 who = "Mike Hommey <mh+mozilla@glandium.org>"
1860 criteria = "safe-to-deploy"
1861 delta = "0.3.21 -> 0.3.23"
1863 [[audits.futures-io]]
1864 who = "Mike Hommey <mh+mozilla@glandium.org>"
1865 criteria = "safe-to-deploy"
1866 delta = "0.3.23 -> 0.3.25"
1868 [[audits.futures-io]]
1869 who = "Mike Hommey <mh+mozilla@glandium.org>"
1870 criteria = "safe-to-deploy"
1871 delta = "0.3.25 -> 0.3.26"
1873 [[audits.futures-io]]
1874 who = "Bobby Holley <bobbyholley@gmail.com>"
1875 criteria = "safe-to-deploy"
1876 delta = "0.3.27 -> 0.3.23"
1878 [[audits.futures-io]]
1879 who = "Mike Hommey <mh+mozilla@glandium.org>"
1880 criteria = "safe-to-deploy"
1881 delta = "0.3.27 -> 0.3.28"
1883 [[audits.futures-macro]]
1884 who = "Mike Hommey <mh+mozilla@glandium.org>"
1885 criteria = "safe-to-deploy"
1886 delta = "0.3.21 -> 0.3.23"
1888 [[audits.futures-macro]]
1889 who = "Mike Hommey <mh+mozilla@glandium.org>"
1890 criteria = "safe-to-deploy"
1891 delta = "0.3.23 -> 0.3.25"
1893 [[audits.futures-macro]]
1894 who = "Mike Hommey <mh+mozilla@glandium.org>"
1895 criteria = "safe-to-deploy"
1896 delta = "0.3.25 -> 0.3.26"
1898 [[audits.futures-macro]]
1899 who = "Mike Hommey <mh+mozilla@glandium.org>"
1900 criteria = "safe-to-deploy"
1901 delta = "0.3.26 -> 0.3.28"
1903 [[audits.futures-sink]]
1904 who = "Mike Hommey <mh+mozilla@glandium.org>"
1905 criteria = "safe-to-deploy"
1906 delta = "0.3.21 -> 0.3.23"
1908 [[audits.futures-sink]]
1909 who = "Mike Hommey <mh+mozilla@glandium.org>"
1910 criteria = "safe-to-deploy"
1911 delta = "0.3.23 -> 0.3.25"
1913 [[audits.futures-sink]]
1914 who = "Mike Hommey <mh+mozilla@glandium.org>"
1915 criteria = "safe-to-deploy"
1916 delta = "0.3.25 -> 0.3.26"
1918 [[audits.futures-sink]]
1919 who = "Bobby Holley <bobbyholley@gmail.com>"
1920 criteria = "safe-to-deploy"
1921 delta = "0.3.27 -> 0.3.23"
1923 [[audits.futures-sink]]
1924 who = "Mike Hommey <mh+mozilla@glandium.org>"
1925 criteria = "safe-to-deploy"
1926 delta = "0.3.27 -> 0.3.28"
1928 [[audits.futures-task]]
1929 who = "Mike Hommey <mh+mozilla@glandium.org>"
1930 criteria = "safe-to-deploy"
1931 delta = "0.3.21 -> 0.3.23"
1933 [[audits.futures-task]]
1934 who = "Mike Hommey <mh+mozilla@glandium.org>"
1935 criteria = "safe-to-deploy"
1936 delta = "0.3.23 -> 0.3.25"
1938 [[audits.futures-task]]
1939 who = "Mike Hommey <mh+mozilla@glandium.org>"
1940 criteria = "safe-to-deploy"
1941 delta = "0.3.25 -> 0.3.26"
1943 [[audits.futures-task]]
1944 who = "Mike Hommey <mh+mozilla@glandium.org>"
1945 criteria = "safe-to-deploy"
1946 delta = "0.3.26 -> 0.3.28"
1948 [[audits.futures-util]]
1949 who = "Mike Hommey <mh+mozilla@glandium.org>"
1950 criteria = "safe-to-deploy"
1951 delta = "0.3.21 -> 0.3.23"
1953 [[audits.futures-util]]
1954 who = "Mike Hommey <mh+mozilla@glandium.org>"
1955 criteria = "safe-to-deploy"
1956 delta = "0.3.23 -> 0.3.25"
1958 [[audits.futures-util]]
1959 who = "Mike Hommey <mh+mozilla@glandium.org>"
1960 criteria = "safe-to-deploy"
1961 delta = "0.3.25 -> 0.3.26"
1963 [[audits.futures-util]]
1964 who = "Mike Hommey <mh+mozilla@glandium.org>"
1965 criteria = "safe-to-deploy"
1966 delta = "0.3.26 -> 0.3.28"
1969 who = "Bobby Holley <bobbyholley@gmail.com>"
1970 criteria = "safe-to-deploy"
1972 notes = "Straightforward crate with no unsafe code, does what it says on the tin."
1974 [[audits.generic-array]]
1975 who = "Mike Hommey <mh+mozilla@glandium.org>"
1976 criteria = "safe-to-deploy"
1977 delta = "0.14.5 -> 0.14.6"
1979 [[audits.getrandom]]
1980 who = "Mike Hommey <mh+mozilla@glandium.org>"
1981 criteria = "safe-to-deploy"
1982 delta = "0.2.6 -> 0.2.7"
1984 [[audits.getrandom]]
1985 who = "Mike Hommey <mh+mozilla@glandium.org>"
1986 criteria = "safe-to-deploy"
1987 delta = "0.2.7 -> 0.2.8"
1989 [[audits.getrandom]]
1990 who = "Yannis Juglaret <yjuglaret@mozilla.com>"
1991 criteria = "safe-to-deploy"
1992 delta = "0.2.8 -> 0.2.9"
1994 [[audits.getrandom]]
1995 who = "Simon Friedberger <simon@mozilla.com>"
1996 criteria = "safe-to-deploy"
1997 delta = "0.2.10 -> 0.2.11"
2000 who = "Jamie Nicol <jnicol@mozilla.com>"
2001 criteria = "safe-to-deploy"
2002 delta = "0.13.1 -> 0.15.0"
2005 who = "Mike Hommey <mh+mozilla@glandium.org>"
2006 criteria = "safe-to-deploy"
2007 delta = "0.3.0 -> 0.3.1"
2010 who = "Mike Hommey <mh+mozilla@glandium.org>"
2011 criteria = "safe-to-deploy"
2012 delta = "6.0.1 -> 6.0.2"
2013 notes = "I'm the author of the changes in this version of the crate."
2016 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
2017 criteria = "safe-to-deploy"
2018 delta = "0.1.3 -> 0.5.4"
2019 notes = "Several bugfixes since 2019. This version is also in use by Mozilla's crash reporting tooling, e.g. minidump-writer"
2022 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2023 criteria = "safe-to-deploy"
2024 delta = "0.5.4 -> 0.6.0"
2025 notes = "Mostly bug fixes and some added functionality"
2028 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2029 criteria = "safe-to-deploy"
2030 delta = "0.6.0 -> 0.7.1"
2032 [[audits.gpu-alloc]]
2033 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2034 criteria = "safe-to-deploy"
2035 delta = "0.5.3 -> 0.6.0"
2037 [[audits.gpu-alloc-types]]
2038 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2039 criteria = "safe-to-deploy"
2040 delta = "0.2.0 -> 0.3.0"
2042 [[audits.gpu-allocator]]
2043 who = "Erich Gubler <erichdongubler@gmail.com>"
2044 criteria = "safe-to-deploy"
2047 [[audits.gpu-descriptor]]
2048 who = "Mike Hommey <mh+mozilla@glandium.org>"
2049 criteria = "safe-to-deploy"
2050 delta = "0.2.2 -> 0.2.3"
2053 who = "Bobby Holley <bobbyholley@gmail.com>"
2054 criteria = "safe-to-deploy"
2057 This crate has some unsafe code for the FFI bits, which I've reviewed carefully.
2058 It uses the deprecated mem::uninitialized(), which is generally sketchy. However
2059 the usage is pretty straightforward and while it's technically UB, it seems no
2060 more likely to lead to miscompilation than any other use of mem::uninitialized.
2064 who = "Mike Hommey <mh+mozilla@glandium.org>"
2065 criteria = "safe-to-run"
2066 delta = "0.3.13 -> 0.3.14"
2069 who = "Mike Hommey <mh+mozilla@glandium.org>"
2070 criteria = "safe-to-run"
2071 delta = "0.3.14 -> 0.3.15"
2074 who = "John M. Schanck <jschanck@mozilla.com>"
2075 criteria = "safe-to-deploy"
2078 This crate contains unsafe code for bitwise casts to/from binary16 floating-point
2079 format. I've reviewed these and found no issues. There are no uses of ambient
2083 [[audits.hashbrown]]
2084 who = "Mike Hommey <mh+mozilla@glandium.org>"
2085 criteria = "safe-to-deploy"
2087 notes = "This version is used in rust's libstd, so effectively we're already trusting it"
2090 who = "Mike Hommey <mh+mozilla@glandium.org>"
2091 criteria = "safe-to-deploy"
2092 delta = "0.7.0 -> 0.8.1"
2095 who = "Mike Hommey <mh+mozilla@glandium.org>"
2096 criteria = "safe-to-run"
2097 delta = "0.3.7 -> 0.3.8"
2099 [[audits.headers-core]]
2100 who = "Bobby Holley <bobbyholley@gmail.com>"
2101 criteria = "safe-to-deploy"
2103 notes = "Trivial crate, no unsafe code."
2106 who = "Mike Hommey <mh+mozilla@glandium.org>"
2107 criteria = "safe-to-deploy"
2108 delta = "0.4.0 -> 0.4.1"
2110 [[audits.hermit-abi]]
2111 who = "Mike Hommey <mh+mozilla@glandium.org>"
2112 criteria = "safe-to-deploy"
2113 delta = "0.1.19 -> 0.2.6"
2116 who = "Simon Friedberger <simon@mozilla.com>"
2117 criteria = "safe-to-deploy"
2121 who = "Mike Hommey <mh+mozilla@glandium.org>"
2122 criteria = "safe-to-run"
2123 delta = "0.2.8 -> 0.2.9"
2126 who = "Mike Hommey <mh+mozilla@glandium.org>"
2127 criteria = "safe-to-run"
2128 delta = "1.7.1 -> 1.8.0"
2131 who = "Mike Hommey <mh+mozilla@glandium.org>"
2132 criteria = "safe-to-run"
2133 delta = "0.14.19 -> 0.14.20"
2136 who = "Mike Hommey <mh+mozilla@glandium.org>"
2137 criteria = "safe-to-run"
2138 delta = "0.14.20 -> 0.14.22"
2141 who = "Mike Hommey <mh+mozilla@glandium.org>"
2142 criteria = "safe-to-run"
2143 delta = "0.14.22 -> 0.14.23"
2146 who = "Mike Hommey <mh+mozilla@glandium.org>"
2147 criteria = "safe-to-run"
2148 delta = "0.14.23 -> 0.14.24"
2151 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2152 criteria = "safe-to-deploy"
2154 notes = "This crate is C/C++ FFI for ICU4X using diplomat crate. no unsafe and no file access etc on this crate."
2157 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2158 criteria = "safe-to-deploy"
2159 delta = "1.2.2 -> 1.4.0"
2161 [[audits.icu_collections]]
2162 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2163 criteria = "safe-to-deploy"
2165 notes = "This crate is used by ICU4X for internal data structure. There is no fileaccess and network access. This uses unsafe block, but we confirm data is valid before."
2167 [[audits.icu_collections]]
2168 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2169 criteria = "safe-to-deploy"
2170 delta = "1.2.0 -> 1.4.0"
2172 [[audits.icu_locid]]
2173 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2174 criteria = "safe-to-deploy"
2176 notes = "This has unsafe block to handle ascii string in utf-8 string. I've vetted the one instance of unsafe code."
2178 [[audits.icu_locid]]
2179 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2180 criteria = "safe-to-deploy"
2181 delta = "1.2.0 -> 1.4.0"
2183 [[audits.icu_locid_transform]]
2184 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2185 criteria = "safe-to-deploy"
2187 notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code."
2189 [[audits.icu_locid_transform_data]]
2190 who = "Jonathan Kew <jkew@mozilla.com>"
2191 criteria = "safe-to-deploy"
2193 notes = "Compile-time static for the icu_locid_transform crate."
2195 [[audits.icu_properties]]
2196 who = "Jonathan Kew <jkew@mozilla.com>"
2197 criteria = "safe-to-deploy"
2199 notes = "This is used by ICU4X for character property lookup. The few (4) usages of unsafe have comments clarifying their safety."
2201 [[audits.icu_properties_data]]
2202 who = "Jonathan Kew <jkew@mozilla.com>"
2203 criteria = "safe-to-deploy"
2205 notes = "Compile-time static data for the icu_properties crate."
2207 [[audits.icu_provider]]
2208 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2209 criteria = "safe-to-deploy"
2211 notes = "Although this has unsafe block, this has a commnet why this is safety and I audited code. Also, this doesn't have file access and network access."
2213 [[audits.icu_provider]]
2214 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2215 criteria = "safe-to-deploy"
2216 delta = "1.2.0 -> 1.4.0"
2218 [[audits.icu_provider_adapters]]
2219 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2220 criteria = "safe-to-deploy"
2222 notes = "This is one of ICU4X data provider crates that depends on data type. This has no unsafe code and uses no ambient capabilities."
2224 [[audits.icu_provider_adapters]]
2225 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2226 criteria = "safe-to-deploy"
2227 delta = "1.2.0 -> 1.4.0"
2229 [[audits.icu_provider_macros]]
2230 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2231 criteria = "safe-to-deploy"
2233 notes = "This crate is macros for ICU4X's data provider implementer. This has no unsafe code and uses no ambient capabilities."
2235 [[audits.icu_provider_macros]]
2236 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2237 criteria = "safe-to-deploy"
2238 delta = "1.2.0 -> 1.2.0@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
2240 [[audits.icu_provider_macros]]
2241 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2242 criteria = "safe-to-deploy"
2243 delta = "1.2.0 -> 1.4.0"
2245 [[audits.icu_segmenter]]
2246 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2247 criteria = "safe-to-deploy"
2249 notes = "Original authors are Makoto Kato and Ting-Yu Lin who work at Mozilla. This crate uses unsafe to matrix calculation, but it is safety to check length. And there is no filesystem / network access."
2251 [[audits.icu_segmenter]]
2252 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2253 criteria = "safe-to-deploy"
2254 delta = "1.2.1 -> 1.4.0"
2256 [[audits.icu_segmenter_data]]
2257 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2258 criteria = "safe-to-deploy"
2260 notes = "This crate is data only for icu_segmenter. There is no filesystem / network access."
2263 who = "Bobby Holley <bobbyholley@gmail.com>"
2264 criteria = "safe-to-deploy"
2265 delta = "0.3.0 -> 0.2.3"
2266 notes = "Backwards diff with some algorithm changes, no unsafe code."
2269 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2270 criteria = "safe-to-deploy"
2271 delta = "0.4.0 -> 0.5.0"
2274 who = "Mike Hommey <mh+mozilla@glandium.org>"
2275 criteria = "safe-to-deploy"
2276 delta = "1.8.2 -> 1.9.1"
2279 who = "Mike Hommey <mh+mozilla@glandium.org>"
2280 criteria = "safe-to-deploy"
2281 delta = "1.9.1 -> 1.9.2"
2284 who = "Mike Hommey <mh+mozilla@glandium.org>"
2285 criteria = "safe-to-deploy"
2286 delta = "1.0.1 -> 1.0.2"
2289 who = "Mike Hommey <mh+mozilla@glandium.org>"
2290 criteria = "safe-to-deploy"
2291 delta = "1.0.2 -> 1.0.3"
2294 who = "Mike Hommey <mh+mozilla@glandium.org>"
2295 criteria = "safe-to-deploy"
2296 delta = "1.0.3 -> 1.0.4"
2298 [[audits.inplace_it]]
2299 who = "Mike Hommey <mh+mozilla@glandium.org>"
2300 criteria = "safe-to-deploy"
2301 delta = "0.3.3 -> 0.3.4"
2303 [[audits.intl-memoizer]]
2304 who = "Zibi Braniecki <zibi@unicode.org>"
2305 criteria = "safe-to-deploy"
2308 [[audits.intl_pluralrules]]
2309 who = "Zibi Braniecki <zibi@unicode.org>"
2310 criteria = "safe-to-deploy"
2313 [[audits.intl_pluralrules]]
2314 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2315 criteria = "safe-to-deploy"
2316 delta = "7.0.1 -> 7.0.2"
2318 [[audits.itertools]]
2319 who = "Mike Hommey <mh+mozilla@glandium.org>"
2320 criteria = "safe-to-deploy"
2321 delta = "0.10.3 -> 0.10.5"
2324 who = "Mike Hommey <mh+mozilla@glandium.org>"
2325 criteria = "safe-to-deploy"
2326 delta = "1.0.2 -> 1.0.3"
2329 who = "Mike Hommey <mh+mozilla@glandium.org>"
2330 criteria = "safe-to-deploy"
2331 delta = "1.0.3 -> 1.0.5"
2333 [[audits.jobserver]]
2334 who = "Mike Hommey <mh+mozilla@glandium.org>"
2335 criteria = "safe-to-deploy"
2336 delta = "0.1.24 -> 0.1.25"
2339 who = "Simon Friedberger <simon@mozilla.com>"
2340 criteria = "safe-to-deploy"
2341 delta = "0.1.2 -> 0.1.3"
2343 [[audits.khronos-egl]]
2344 who = "Nicolas Silva <nical@fastmail.com>"
2345 criteria = "safe-to-deploy"
2346 delta = "4.1.0 -> 6.0.0"
2349 who = "Mike Hommey <mh+mozilla@glandium.org>"
2350 criteria = "safe-to-deploy"
2351 delta = "0.2.126 -> 0.2.132"
2354 who = "Mike Hommey <mh+mozilla@glandium.org>"
2355 criteria = "safe-to-deploy"
2356 delta = "0.2.132 -> 0.2.138"
2359 who = "Mike Hommey <mh+mozilla@glandium.org>"
2360 criteria = "safe-to-deploy"
2361 delta = "0.2.138 -> 0.2.139"
2364 who = "Mike Hommey <mh+mozilla@glandium.org>"
2365 criteria = "safe-to-deploy"
2366 delta = "0.2.147 -> 0.2.148"
2368 [[audits.libloading]]
2369 who = "Mike Hommey <mh+mozilla@glandium.org>"
2370 criteria = "safe-to-deploy"
2371 delta = "0.7.3 -> 0.7.4"
2374 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2375 criteria = "safe-to-deploy"
2377 notes = "This crate uses unsafe block, but this doesn't have network and file access. I audited code."
2379 [[audits.libsqlite3-sys]]
2380 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2381 criteria = "safe-to-deploy"
2382 delta = "0.25.2 -> 0.26.0"
2384 [[audits.libsqlite3-sys]]
2385 who = "Mark Hammond <mhammond@mozilla.com>"
2386 criteria = "safe-to-deploy"
2387 delta = "0.26.0 -> 0.27.0"
2389 [[audits.linked-hash-map]]
2390 who = "Aria Beingessner <a.beingessner@gmail.com>"
2391 criteria = "safe-to-deploy"
2393 notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
2395 [[audits.linked-hash-map]]
2396 who = "Alex Franchuk <afranchuk@mozilla.com>"
2397 criteria = "safe-to-deploy"
2398 delta = "0.5.4 -> 0.5.6"
2399 notes = "New unsafe code has debug assertions and meets invariants. All other changes are formatting-related."
2401 [[audits.linked-hash-map]]
2402 who = "Mike Hommey <mh+mozilla@glandium.org>"
2403 criteria = "safe-to-run"
2404 delta = "0.5.4 -> 0.5.6"
2407 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2408 criteria = "safe-to-deploy"
2410 notes = "This crete has no unsafe code, no file acceess and no network access."
2413 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
2414 criteria = "safe-to-deploy"
2415 delta = "0.7.0 -> 0.7.2"
2418 who = "Erich Gubler <erichdongubler@gmail.com>"
2419 criteria = "safe-to-deploy"
2423 who = "Bobby Holley <bobbyholley@gmail.com>"
2424 criteria = "safe-to-deploy"
2426 notes = "Victor and Myk developed this crate at Mozilla."
2429 who = "Mike Hommey <mh+mozilla@glandium.org>"
2430 criteria = "safe-to-deploy"
2431 delta = "0.4.7 -> 0.4.9"
2434 who = "Mike Hommey <mh+mozilla@glandium.org>"
2435 criteria = "safe-to-deploy"
2439 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2440 criteria = "safe-to-deploy"
2443 [[audits.malloc_buf]]
2444 who = "Bobby Holley <bobbyholley@gmail.com>"
2445 criteria = "safe-to-deploy"
2448 Very small crate for managing malloc-ed buffers, primarily for use in the objc crate.
2449 There is an edge-case condition that passes slice::from_raw_parts(0x1, 0) which I'm
2450 not entirely certain is technically sound, but in either case I am reasonably confident
2451 it's not exploitable.
2454 [[audits.malloc_size_of_derive]]
2455 who = "Bobby Holley <bobbyholley@gmail.com>"
2456 criteria = "safe-to-deploy"
2459 This was originally servo code which I put on crates.io some years ago but didn't
2460 examine at the time, so I examined it now. I didn't perform a full logic review
2461 but convinced myself that any generated code will be entirely safe to deploy.
2465 who = "Bobby Holley <bobbyholley@gmail.com>"
2466 criteria = "safe-to-deploy"
2468 notes = "This is a trivial crate."
2471 who = "Mike Hommey <mh+mozilla@glandium.org>"
2472 criteria = "safe-to-deploy"
2473 delta = "0.1.9 -> 0.1.10"
2476 who = "Dana Keeler <dkeeler@mozilla.com>"
2477 criteria = "safe-to-deploy"
2481 who = "Mike Hommey <mh+mozilla@glandium.org>"
2482 criteria = "safe-to-deploy"
2483 delta = "0.5.4 -> 0.5.7"
2486 who = "Mike Hommey <mh+mozilla@glandium.org>"
2487 criteria = "safe-to-deploy"
2488 delta = "0.5.7 -> 0.5.8"
2491 who = "Mike Hommey <mh+mozilla@glandium.org>"
2492 criteria = "safe-to-deploy"
2493 delta = "0.5.8 -> 0.5.9"
2496 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2497 criteria = "safe-to-deploy"
2498 delta = "0.5.9 -> 0.8.0"
2501 who = "Mike Hommey <mh+mozilla@glandium.org>"
2502 criteria = "safe-to-deploy"
2503 delta = "0.8.0 -> 0.9.3"
2505 [[audits.memoffset]]
2506 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2507 criteria = "safe-to-deploy"
2508 delta = "0.6.5 -> 0.7.1"
2510 [[audits.memoffset]]
2511 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2512 criteria = "safe-to-deploy"
2513 delta = "0.8.0 -> 0.9.0"
2516 who = "Jim Blandy <jimb@red-bean.com>"
2517 criteria = "safe-to-deploy"
2519 notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer."
2522 who = "Jim Blandy <jimb@red-bean.com>"
2523 criteria = "safe-to-deploy"
2524 delta = "0.23.1 -> 0.24.0"
2525 notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer."
2528 who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
2529 criteria = "safe-to-deploy"
2530 delta = "0.24.0 -> 0.25.0"
2533 who = "Erich Gubler <egubler@mozilla.com>"
2534 criteria = "safe-to-deploy"
2535 delta = "0.25.0 -> 0.26.0"
2538 who = "Nicolas Silva <nical@fastmail.com>, Jim Blandy <jimb@red-bean.com>"
2539 criteria = "safe-to-deploy"
2540 delta = "0.26.0 -> 0.27.0"
2543 who = "Bobby Holley <bobbyholley@gmail.com>"
2544 criteria = "safe-to-deploy"
2545 delta = "0.7.0 -> 0.7.0@git:519e651241e867af3391db08f9ae6400bc023e18"
2548 who = "Mike Hommey <mh+mozilla@glandium.org>"
2549 criteria = "safe-to-deploy"
2550 delta = "0.7.0 -> 0.7.0@git:85156e360a37d851734118104619f86bd18e94c6"
2553 [[audits.minidump-common]]
2554 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2555 criteria = "safe-to-deploy"
2557 notes = "The code in this crate was written or reviewed by Mozilla employees."
2559 [[audits.minidump-common]]
2560 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2561 criteria = "safe-to-deploy"
2562 delta = "0.15.2 -> 0.17.0"
2564 [[audits.minidump-common]]
2565 who = "Mike Hommey <mh+mozilla@glandium.org>"
2566 criteria = "safe-to-deploy"
2567 delta = "0.17.0 -> 0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545"
2569 [[audits.minidump-common]]
2570 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2571 criteria = "safe-to-deploy"
2572 delta = "0.17.0 -> 0.19.1"
2573 notes = "All the changes have been authored or reviewed by Mozilla employees"
2575 [[audits.minidump-common]]
2576 who = "Mike Hommey <mh+mozilla@glandium.org>"
2577 criteria = "safe-to-deploy"
2578 delta = "0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545 -> 0.17.0@git:6ae42a7f992e8a88ebee661bc77bcedb95cd671f"
2580 [[audits.minidump-writer]]
2581 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2582 criteria = "safe-to-deploy"
2584 notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko."
2586 [[audits.minidump-writer]]
2587 who = "Alex Franchuk <afranchuk@mozilla.com>"
2588 criteria = "safe-to-deploy"
2589 delta = "0.7.0 -> 0.8.0"
2590 notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko."
2592 [[audits.minidump-writer]]
2593 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2594 criteria = "safe-to-deploy"
2595 delta = "0.8.0 -> 0.8.1"
2597 [[audits.minidump-writer]]
2598 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2599 criteria = "safe-to-deploy"
2600 delta = "0.8.1 -> 0.8.1@git:491eb330e78e310c32927e5cc3bd2350af1e93f8"
2601 notes = "All the changes were written by a Mozilla employee (me)"
2603 [[audits.minidump-writer]]
2604 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2605 criteria = "safe-to-deploy"
2606 delta = "0.8.1 -> 0.8.3"
2607 notes = "All changes were authored or reviewed by Mozilla employees"
2609 [[audits.miniz_oxide]]
2610 who = "Mike Hommey <mh+mozilla@glandium.org>"
2611 criteria = "safe-to-deploy"
2612 delta = "0.5.3 -> 0.6.2"
2615 who = "Bobby Holley <bobbyholley@gmail.com>"
2616 criteria = "safe-to-run"
2617 delta = "0.6.21 -> 0.6.23"
2620 who = "Mike Hommey <mh+mozilla@glandium.org>"
2621 criteria = "safe-to-deploy"
2622 delta = "0.8.0 -> 0.8.6"
2625 who = "Mike Hommey <mh+mozilla@glandium.org>"
2626 criteria = "safe-to-deploy"
2627 delta = "0.8.8 -> 0.8.8@git:9a2ef335c366044ffe73b1c4acabe50a1daefe05"
2631 who = "Bobby Holley <bobbyholley@gmail.com>"
2632 criteria = "safe-to-deploy"
2634 notes = "Developed by Mozilla staff."
2637 who = "Dzmitry Malyshau <kvark@fastmail.com>"
2638 criteria = "safe-to-deploy"
2641 This crate, up through the indicated version, was written or reviewed
2642 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
2643 Mozilla at the beginning of February 2022. This audit statement was
2644 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
2645 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
2649 who = "Jim Blandy <jimb@red-bean.com>"
2650 criteria = "safe-to-deploy"
2651 delta = "0.8.0 -> 0.9.0"
2654 who = "Jim Blandy <jimb@red-bean.com>"
2655 criteria = "safe-to-deploy"
2656 delta = "0.9.0 -> 0.10.0"
2659 who = "Nicolas Silva <nical@fastmail.com>"
2660 criteria = "safe-to-deploy"
2661 delta = "0.10.0 -> 0.11.0"
2664 who = "Nicolas Silva <nical@fastmail.com>"
2665 criteria = "safe-to-deploy"
2666 delta = "0.11.0 -> 0.12.0"
2669 who = "Nicolas Silva <nical@fastmail.com>"
2670 criteria = "safe-to-deploy"
2671 delta = "0.12.0 -> 0.13.0"
2674 who = "Nicolas Silva <nical@fastmail.com>"
2675 criteria = "safe-to-deploy"
2676 delta = "0.13.0 -> 0.14.0"
2680 "Jim Blandy <jimb@red-bean.com>",
2681 "Nicolas Silva <nical@fastmail.com>",
2682 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
2683 "Erich Gubler <erichdongubler@gmail.com>",
2685 criteria = "safe-to-deploy"
2686 delta = "0.14.0 -> 0.19.0@git:152a94bc6c502226d9871f28e35db0b755ea35bf"
2690 who = "Mike Hommey <mh+mozilla@glandium.org>"
2691 criteria = "safe-to-run"
2692 delta = "0.2.37 -> 0.2.38"
2694 [[audits.new_debug_unreachable]]
2695 who = "Bobby Holley <bobbyholley@gmail.com>"
2696 criteria = "safe-to-deploy"
2698 notes = "This is a trivial crate."
2701 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2702 criteria = "safe-to-deploy"
2703 delta = "0.15.0 -> 0.25.0"
2704 notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions."
2707 who = "Mike Hommey <mh+mozilla@glandium.org>"
2708 criteria = "safe-to-deploy"
2709 delta = "0.25.0 -> 0.25.1"
2712 who = "Mike Hommey <mh+mozilla@glandium.org>"
2713 criteria = "safe-to-deploy"
2714 delta = "0.25.1 -> 0.26.2"
2717 who = "Gabriele Svelto <gsvelto@mozilla.com>"
2718 criteria = "safe-to-deploy"
2719 delta = "0.26.2 -> 0.27.1"
2722 who = "Mike Hommey <mh+mozilla@glandium.org>"
2723 criteria = "safe-to-deploy"
2724 delta = "7.1.1 -> 7.1.3"
2726 [[audits.nss-gk-api]]
2727 who = "John M. Schanck <jschanck@mozilla.com>"
2728 criteria = "safe-to-deploy"
2730 notes = "Maintained by the CryptoEng team at Mozilla."
2733 who = "Mike Hommey <mh+mozilla@glandium.org>"
2734 criteria = "safe-to-deploy"
2735 delta = "0.3.7 -> 0.4.0"
2738 who = "Josh Stone <jistone@redhat.com>"
2739 criteria = "safe-to-deploy"
2741 notes = "All code written or reviewed by Josh Stone."
2743 [[audits.num-bigint]]
2744 who = "Josh Stone <jistone@redhat.com>"
2745 criteria = "safe-to-deploy"
2747 notes = "All code written or reviewed by Josh Stone."
2749 [[audits.num-bigint]]
2750 who = "Josh Stone <jistone@redhat.com>"
2751 criteria = "safe-to-deploy"
2753 notes = "All code written or reviewed by Josh Stone."
2755 [[audits.num-complex]]
2756 who = "Josh Stone <jistone@redhat.com>"
2757 criteria = "safe-to-deploy"
2759 notes = "All code written or reviewed by Josh Stone."
2761 [[audits.num-derive]]
2762 who = "Josh Stone <jistone@redhat.com>"
2763 criteria = "safe-to-deploy"
2765 notes = "All code written or reviewed by Josh Stone."
2767 [[audits.num-derive]]
2768 who = "Mike Hommey <mh+mozilla@glandium.org>"
2769 criteria = "safe-to-deploy"
2770 delta = "0.3.3 -> 0.4.0"
2772 [[audits.num-integer]]
2773 who = "Josh Stone <jistone@redhat.com>"
2774 criteria = "safe-to-deploy"
2776 notes = "All code written or reviewed by Josh Stone."
2779 who = "Josh Stone <jistone@redhat.com>"
2780 criteria = "safe-to-deploy"
2782 notes = "All code written or reviewed by Josh Stone."
2784 [[audits.num-macros]]
2785 who = "Josh Stone <jistone@redhat.com>"
2786 criteria = "safe-to-deploy"
2788 notes = "All code written or reviewed by Josh Stone."
2790 [[audits.num-rational]]
2791 who = "Josh Stone <jistone@redhat.com>"
2792 criteria = "safe-to-deploy"
2794 notes = "All code written or reviewed by Josh Stone."
2796 [[audits.num-traits]]
2797 who = "Josh Stone <jistone@redhat.com>"
2798 criteria = "safe-to-deploy"
2800 notes = "All code written or reviewed by Josh Stone."
2803 who = "Mike Hommey <mh+mozilla@glandium.org>"
2804 criteria = "safe-to-deploy"
2805 delta = "1.13.1 -> 1.14.0"
2808 who = "Mike Hommey <mh+mozilla@glandium.org>"
2809 criteria = "safe-to-deploy"
2810 delta = "1.14.0 -> 1.15.0"
2813 who = "Mike Hommey <mh+mozilla@glandium.org>"
2814 criteria = "safe-to-deploy"
2815 delta = "0.28.4 -> 0.30.0"
2818 who = "Mike Hommey <mh+mozilla@glandium.org>"
2819 criteria = "safe-to-deploy"
2820 delta = "0.30.0 -> 0.30.3"
2822 [[audits.once_cell]]
2823 who = "Mike Hommey <mh+mozilla@glandium.org>"
2824 criteria = "safe-to-deploy"
2825 delta = "1.12.0 -> 1.13.1"
2827 [[audits.once_cell]]
2828 who = "Mike Hommey <mh+mozilla@glandium.org>"
2829 criteria = "safe-to-deploy"
2830 delta = "1.13.1 -> 1.16.0"
2832 [[audits.once_cell]]
2833 who = "Mike Hommey <mh+mozilla@glandium.org>"
2834 criteria = "safe-to-deploy"
2835 delta = "1.16.0 -> 1.17.1"
2838 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2839 criteria = "safe-to-deploy"
2841 notes = "Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years."
2844 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2845 criteria = "safe-to-deploy"
2846 version = "0.1.5@git:1f3c657c8073aec4f0b6ebac7be33b4851644745"
2848 Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years.
2850 The git branch is my fork of the official code that removes the `loom` target to avoid pulling in that crate and its dependencies into moz-central.
2851 This doesn't change any of the functionality -- the `loom` target is only used for testing.
2854 [[audits.oneshot-uniffi]]
2855 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
2856 criteria = "safe-to-deploy"
2858 notes = "This is the essentially same code as `oneshot version 0.1.5` which has already been audited. The only difference is that it won't pull in `loom` and related dependencies when `mach vendor rust` is run."
2860 [[audits.ordered-float]]
2861 who = "Mike Hommey <mh+mozilla@glandium.org>"
2862 criteria = "safe-to-deploy"
2863 delta = "3.0.0 -> 3.4.0"
2865 [[audits.origin-trial-token]]
2866 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
2867 criteria = "safe-to-deploy"
2870 I'm the author of the crate. The only unsafe code is a view over a byte array
2871 which is properly validated.
2873 Cryptography shenanigans are delegated to the caller so there's no possible
2877 [[audits.os_str_bytes]]
2878 who = "Mike Hommey <mh+mozilla@glandium.org>"
2879 criteria = "safe-to-deploy"
2880 delta = "6.1.0 -> 6.3.0"
2882 [[audits.os_str_bytes]]
2883 who = "Mike Hommey <mh+mozilla@glandium.org>"
2884 criteria = "safe-to-deploy"
2885 delta = "6.3.0 -> 6.4.1"
2887 [[audits.oxilangtag]]
2888 who = "Jonathan Kew <jkew@mozilla.com>"
2889 criteria = "safe-to-deploy"
2892 I have reviewed all the code in this (small) crate.
2893 There is no unsafe code present.
2896 [[audits.packed_simd]]
2897 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
2898 criteria = "safe-to-deploy"
2899 delta = "0.3.8 -> 0.3.9"
2900 notes = "The update from 0.3.8 to 0.3.9 makes mechanical changes to accommodate renaming, compiler updates, and CI service updates."
2902 [[audits.packed_simd]]
2903 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
2904 criteria = "safe-to-deploy"
2905 delta = "0.3.9 -> 0.3.9@git:e588ceb568878e1a3156ea9ce551d5b63ef0cdc4"
2906 notes = "The patch on top of crates.io version 0.3.9 merely deletes code for a feature that Firefox does not use."
2908 [[audits.packed_simd_2]]
2909 who = "Mike Hommey <mh+mozilla@glandium.org>"
2910 criteria = "safe-to-deploy"
2911 delta = "0.3.7 -> 0.3.8"
2913 [[audits.packed_simd_2]]
2914 who = "Bobby Holley <bobbyholley@gmail.com>"
2915 criteria = "safe-to-deploy"
2916 delta = "0.3.8 -> 0.3.8@git:412f9a0aa556611de021bde89dee8fefe6e0fbbd"
2918 [[audits.parking_lot_core]]
2919 who = "Mike Hommey <mh+mozilla@glandium.org>"
2920 criteria = "safe-to-deploy"
2921 delta = "0.8.5 -> 0.8.6"
2924 who = "Mike Hommey <mh+mozilla@glandium.org>"
2925 criteria = "safe-to-deploy"
2926 delta = "1.0.7 -> 1.0.8"
2929 who = "Mike Hommey <mh+mozilla@glandium.org>"
2930 criteria = "safe-to-deploy"
2931 delta = "1.0.8 -> 1.0.11"
2933 [[audits.peeking_take_while]]
2934 who = "Bobby Holley <bobbyholley@gmail.com>"
2935 criteria = "safe-to-deploy"
2936 delta = "1.0.0 -> 0.1.2"
2937 notes = "Small refactor of some simple iterator logic, no unsafe code or capabilities."
2939 [[audits.percent-encoding]]
2940 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2941 criteria = "safe-to-deploy"
2942 delta = "2.2.0 -> 2.3.0"
2944 [[audits.percent-encoding]]
2945 who = "Valentin Gosu <valentin.gosu@gmail.com>"
2946 criteria = "safe-to-deploy"
2947 delta = "2.3.0 -> 2.3.1"
2950 who = "Mike Hommey <mh+mozilla@glandium.org>"
2951 criteria = "safe-to-deploy"
2952 delta = "0.10.1 -> 0.11.2"
2954 [[audits.phf_codegen]]
2955 who = "Mike Hommey <mh+mozilla@glandium.org>"
2956 criteria = "safe-to-deploy"
2957 delta = "0.10.0 -> 0.11.2"
2959 [[audits.phf_generator]]
2960 who = "Mike Hommey <mh+mozilla@glandium.org>"
2961 criteria = "safe-to-deploy"
2962 delta = "0.10.0 -> 0.11.2"
2964 [[audits.phf_macros]]
2965 who = "Mike Hommey <mh+mozilla@glandium.org>"
2966 criteria = "safe-to-deploy"
2967 delta = "0.10.0 -> 0.11.2"
2969 [[audits.phf_shared]]
2970 who = "Mike Hommey <mh+mozilla@glandium.org>"
2971 criteria = "safe-to-deploy"
2972 delta = "0.10.0 -> 0.11.2"
2974 [[audits.pin-project]]
2975 who = "Mike Hommey <mh+mozilla@glandium.org>"
2976 criteria = "safe-to-run"
2977 delta = "1.0.10 -> 1.0.12"
2979 [[audits.pin-project]]
2980 who = "Mike Hommey <mh+mozilla@glandium.org>"
2981 criteria = "safe-to-run"
2982 delta = "1.0.12 -> 1.1.0"
2984 [[audits.pin-project-internal]]
2985 who = "Mike Hommey <mh+mozilla@glandium.org>"
2986 criteria = "safe-to-run"
2987 delta = "1.0.10 -> 1.0.12"
2989 [[audits.pin-project-internal]]
2990 who = "Mike Hommey <mh+mozilla@glandium.org>"
2991 criteria = "safe-to-run"
2992 delta = "1.0.12 -> 1.1.0"
2994 [[audits.pkcs11-bindings]]
2995 who = "Dana Keeler <dkeeler@mozilla.com>"
2996 criteria = "safe-to-deploy"
2999 This crate consists of declarations of types and constants that are
3000 auto-generated by running bindgen on the PKCS#11 specification headers. Other
3001 than the tests generated by bindgen, it consists of no runnable code.
3004 [[audits.pkcs11-bindings]]
3005 who = "John M. Schanck <jmschanck@gmail.com>"
3006 criteria = "safe-to-deploy"
3009 [[audits.pkcs11-bindings]]
3010 who = "Mike Hommey <mh+mozilla@glandium.org>"
3011 criteria = "safe-to-deploy"
3012 delta = "0.1.1 -> 0.1.4"
3014 [[audits.pkcs11-bindings]]
3015 who = "Mike Hommey <mh+mozilla@glandium.org>"
3016 criteria = "safe-to-deploy"
3017 delta = "0.1.4 -> 0.1.5"
3019 [[audits.pkg-config]]
3020 who = "Mike Hommey <mh+mozilla@glandium.org>"
3021 criteria = "safe-to-deploy"
3022 delta = "0.3.25 -> 0.3.26"
3024 [[audits.plane-split]]
3025 who = "Nicolas Silva <nical@fastmail.com>"
3026 criteria = "safe-to-deploy"
3028 notes = "Mozilla-developed package, no unsafe code, no access to file system, network or other far reaching APIs."
3030 [[audits.ppv-lite86]]
3031 who = "Mike Hommey <mh+mozilla@glandium.org>"
3032 criteria = "safe-to-deploy"
3033 delta = "0.2.16 -> 0.2.17"
3035 [[audits.precomputed-hash]]
3036 who = "Bobby Holley <bobbyholley@gmail.com>"
3037 criteria = "safe-to-deploy"
3039 notes = "This is a trivial crate."
3042 who = "Simon Friedberger <simon@mozilla.com>"
3043 criteria = "safe-to-deploy"
3045 notes = "The crate does not use any unsafe code or ambient capabilities and thus meets the criteria for safe-to-deploy. The cryptography itself should be considered experimental at this phase and is currently undergoing a thorough audit organized by Cloudflare."
3048 who = "Simon Friedberger <simon@mozilla.com>"
3049 criteria = "safe-to-deploy"
3052 [[audits.proc-macro-hack]]
3053 who = "Mike Hommey <mh+mozilla@glandium.org>"
3054 criteria = "safe-to-deploy"
3055 delta = "0.5.19 -> 0.5.20+deprecated"
3057 [[audits.proc-macro2]]
3058 who = "Nika Layzell <nika@thelayzells.com>"
3059 criteria = "safe-to-deploy"
3062 `proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
3063 `proc_macro` crate, or as a fallback implementation of the crate, depending on
3066 If using this crate on older versions of rustc (1.56 and earlier), it will
3067 temporarily replace the panic handler while initializing in order to detect if
3068 it is running within a `proc_macro`, which could lead to surprising behaviour.
3069 This should not be an issue for more recent compiler versions, which support
3070 `proc_macro::is_available()`.
3072 The `proc-macro2` crate's fallback behaviour is not identical to the complex
3073 behaviour of the rustc compiler (e.g. it does not perform unicode normalization
3074 for identifiers), however it behaves well enough for its intended use-case
3075 (tests and scripts processing rust code).
3077 `proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
3078 allow bypassing checks in the fallback implementation when constructing
3079 `Literal` using `from_str_unchecked`. This was intended to only be used by the
3080 `quote!` macro, however it has been removed
3081 (https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
3082 and is likely completely unused. Even when used, this API shouldn't be able to
3086 [[audits.proc-macro2]]
3087 who = "Mike Hommey <mh+mozilla@glandium.org>"
3088 criteria = "safe-to-deploy"
3089 delta = "1.0.39 -> 1.0.43"
3091 [[audits.proc-macro2]]
3092 who = "Mike Hommey <mh+mozilla@glandium.org>"
3093 criteria = "safe-to-deploy"
3094 delta = "1.0.43 -> 1.0.49"
3096 [[audits.proc-macro2]]
3097 who = "Mike Hommey <mh+mozilla@glandium.org>"
3098 criteria = "safe-to-deploy"
3099 delta = "1.0.49 -> 1.0.51"
3101 [[audits.procfs-core]]
3102 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3103 criteria = "safe-to-deploy"
3104 version = "0.16.0-RC1"
3106 [[audits.procfs-core]]
3107 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3108 criteria = "safe-to-deploy"
3109 delta = "0.16.0-RC1 -> 0.16.0"
3111 [[audits.profiling]]
3112 who = "Mike Hommey <mh+mozilla@glandium.org>"
3113 criteria = "safe-to-deploy"
3114 delta = "1.0.6 -> 1.0.7"
3117 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3118 criteria = "safe-to-deploy"
3119 delta = "0.8.0 -> 0.11.9"
3120 notes = "Mostly internal refactorings. Minimal new unsafe code, but with the invariants explicitly checked in code"
3123 who = "Drew Willcoxon <adw@mozilla.com>"
3124 criteria = "safe-to-deploy"
3125 delta = "0.11.9 -> 0.12.1"
3127 [[audits.prost-derive]]
3128 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3129 criteria = "safe-to-deploy"
3130 delta = "0.8.0 -> 0.11.9"
3131 notes = "Documentation and internal refactoring changes only"
3133 [[audits.prost-derive]]
3134 who = "Mike Hommey <mh+mozilla@glandium.org>"
3135 criteria = "safe-to-deploy"
3136 delta = "0.11.9 -> 0.11.9@git:95964e9d33df3c2a9c3f14285e262867cab6f96b"
3137 notes = "Changes against 0.11.9 are mine."
3139 [[audits.prost-derive]]
3140 who = "Drew Willcoxon <adw@mozilla.com>"
3141 criteria = "safe-to-deploy"
3142 delta = "0.11.9 -> 0.12.1"
3145 who = "Kershaw Chang <kershaw@mozilla.com>"
3146 criteria = "safe-to-deploy"
3150 who = "Kershaw Chang <kershaw@mozilla.com>"
3151 criteria = "safe-to-deploy"
3152 delta = "0.9.0 -> 0.11.0"
3155 who = "Kershaw Chang <kershaw@mozilla.com>"
3156 criteria = "safe-to-deploy"
3157 delta = "0.11.0 -> 0.12.0"
3160 who = "Nika Layzell <nika@thelayzells.com>"
3161 criteria = "safe-to-deploy"
3164 `quote` is a utility crate used by proc-macros to generate TokenStreams
3165 conveniently from source code. The bulk of the logic is some complex
3166 interlocking `macro_rules!` macros which are used to parse and build the
3167 `TokenStream` within the proc-macro.
3169 This crate contains no unsafe code, and the internal logic, while difficult to
3170 read, is generally straightforward. I have audited the the quote macros, ident
3171 formatter, and runtime logic.
3175 who = "Mike Hommey <mh+mozilla@glandium.org>"
3176 criteria = "safe-to-deploy"
3177 delta = "1.0.18 -> 1.0.21"
3180 who = "Mike Hommey <mh+mozilla@glandium.org>"
3181 criteria = "safe-to-deploy"
3182 delta = "1.0.21 -> 1.0.23"
3185 who = "Nika Layzell <nika@thelayzells.com>"
3186 criteria = "safe-to-deploy"
3189 I am no longer the primary maintainer of `radium`, however I have audited the
3190 code to ensure it is still correct. The implementation contains no `unsafe`
3191 logic, and will not abstract away `Sync` trait bounds.
3193 The core logic is very simple, and acts as an abstraction trait for `Cell<T>`
3197 [[audits.rand_core]]
3198 who = "Mike Hommey <mh+mozilla@glandium.org>"
3199 criteria = "safe-to-deploy"
3200 delta = "0.6.3 -> 0.6.4"
3202 [[audits.range-alloc]]
3203 who = "Bobby Holley <bobbyholley@gmail.com>"
3204 criteria = "safe-to-deploy"
3206 notes = "Dzmitry authored this crate while he was staff at Mozilla."
3208 [[audits.range-alloc]]
3209 who = "Mike Hommey <mh+mozilla@glandium.org>"
3210 criteria = "safe-to-deploy"
3211 delta = "0.1.2 -> 0.1.3"
3213 [[audits.range-map]]
3214 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3215 criteria = "safe-to-deploy"
3218 [[audits.raw-window-handle]]
3219 who = "Jim Blandy <jimb@red-bean.com>"
3220 criteria = "safe-to-deploy"
3222 notes = "I looked through all the sources of the v0.5.0 crate."
3224 [[audits.raw-window-handle]]
3225 who = "Mike Hommey <mh+mozilla@glandium.org>"
3226 criteria = "safe-to-deploy"
3227 delta = "0.5.0 -> 0.5.2"
3229 [[audits.raw-window-handle]]
3230 who = "Nicolas Silva <nical@fastmail.com>"
3231 criteria = "safe-to-deploy"
3232 delta = "0.5.2 -> 0.6.0"
3235 who = "Josh Stone <jistone@redhat.com>"
3236 criteria = "safe-to-deploy"
3238 notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
3241 who = "Mike Hommey <mh+mozilla@glandium.org>"
3242 criteria = "safe-to-deploy"
3243 delta = "1.5.3 -> 1.6.1"
3245 [[audits.rayon-core]]
3246 who = "Josh Stone <jistone@redhat.com>"
3247 criteria = "safe-to-deploy"
3249 notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
3251 [[audits.rayon-core]]
3252 who = "Mike Hommey <mh+mozilla@glandium.org>"
3253 criteria = "safe-to-deploy"
3254 delta = "1.9.3 -> 1.10.1"
3256 [[audits.rayon-core]]
3257 who = "Mike Hommey <mh+mozilla@glandium.org>"
3258 criteria = "safe-to-deploy"
3259 delta = "1.10.1 -> 1.10.2"
3261 [[audits.redox_syscall]]
3262 who = "Mike Hommey <mh+mozilla@glandium.org>"
3263 criteria = "safe-to-deploy"
3264 delta = "0.2.13 -> 0.2.16"
3267 who = "Mike Hommey <mh+mozilla@glandium.org>"
3268 criteria = "safe-to-deploy"
3269 delta = "1.5.6 -> 1.6.0"
3272 who = "Mike Hommey <mh+mozilla@glandium.org>"
3273 criteria = "safe-to-deploy"
3274 delta = "1.6.0 -> 1.7.0"
3277 who = "Mike Hommey <mh+mozilla@glandium.org>"
3278 criteria = "safe-to-deploy"
3279 delta = "1.7.0 -> 1.7.1"
3281 [[audits.regex-syntax]]
3282 who = "Mike Hommey <mh+mozilla@glandium.org>"
3283 criteria = "safe-to-deploy"
3284 delta = "0.6.26 -> 0.6.27"
3286 [[audits.regex-syntax]]
3287 who = "Mike Hommey <mh+mozilla@glandium.org>"
3288 criteria = "safe-to-deploy"
3289 delta = "0.6.27 -> 0.6.28"
3292 who = "Chris H-C <chutten@mozilla.com>"
3293 criteria = "safe-to-deploy"
3295 notes = "Maintained by Jan-Erik and :krosylight."
3298 who = "Chris H-C <chutten@mozilla.com>"
3299 criteria = "safe-to-deploy"
3303 who = "Mike Hommey <mh+mozilla@glandium.org>"
3304 criteria = "safe-to-deploy"
3305 delta = "0.7.0 -> 0.7.1"
3308 who = "Jim Blandy <jimb@red-bean.com>"
3309 criteria = "safe-to-deploy"
3310 delta = "0.7.1 -> 0.8.0"
3313 who = "Mike Hommey <mh+mozilla@glandium.org>"
3314 criteria = "safe-to-deploy"
3315 delta = "0.8.0 -> 0.8.1"
3318 who = "Nika Layzell <nika@thelayzells.com>"
3319 criteria = "safe-to-deploy"
3322 This is a fairly straightforward FFI wrapper crate for `regex`, maintained by
3323 the `regex` developers in the same repository.
3325 This crate is explicitly designed for FFI use, and should not be used directly
3326 by Rust code. The exported `extern \"C\"` functions are not marked as `unsafe`,
3327 meaning that it is technically incorrect to use them from within Rust code,
3328 however they are reasonable to use from C code.
3330 The unsafe code in this crate heavily depends on the C caller maintaining
3331 invariants, however these invariants are clearly documented in the `rure.h`
3332 file, bundled with the crate.
3334 I have checked the signatures of each function both in C++ and in the Rust to
3335 ensure they match. In some places, the c `rure.h` header file is missing a
3336 `const` qualifier which could be present given the Rust code, however this will
3337 have no impact on ABI, and is fairly normal for FFI crates.
3339 Panics are handled in all Rust FFI methods, meaning that projects which do not
3340 disable unwinding will still consistently abort (using `libc::abort()`) if a
3341 panic occurs in the Rust code.
3345 who = "Mike Hommey <mh+mozilla@glandium.org>"
3346 criteria = "safe-to-deploy"
3347 delta = "0.27.0 -> 0.28.0"
3350 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
3351 criteria = "safe-to-deploy"
3352 delta = "0.28.0 -> 0.29.0"
3355 who = "Mark Hammond <mhammond@mozilla.com>"
3356 criteria = "safe-to-deploy"
3357 delta = "0.29.0 -> 0.30.0"
3359 [[audits.rust_cascade]]
3360 who = "Mike Hommey <mh+mozilla@glandium.org>"
3361 criteria = "safe-to-deploy"
3362 delta = "1.4.0 -> 1.5.0"
3364 [[audits.rust_decimal]]
3365 who = "Mike Hommey <mh+mozilla@glandium.org>"
3366 criteria = "safe-to-deploy"
3367 delta = "1.24.0 -> 1.25.0"
3369 [[audits.rust_decimal]]
3370 who = "Mike Hommey <mh+mozilla@glandium.org>"
3371 criteria = "safe-to-deploy"
3372 delta = "1.25.0 -> 1.26.1"
3374 [[audits.rust_decimal]]
3375 who = "Mike Hommey <mh+mozilla@glandium.org>"
3376 criteria = "safe-to-deploy"
3377 delta = "1.26.1 -> 1.27.0"
3379 [[audits.rust_decimal]]
3380 who = "Mike Hommey <mh+mozilla@glandium.org>"
3381 criteria = "safe-to-deploy"
3382 delta = "1.27.0 -> 1.28.1"
3384 [[audits.rustc-hash]]
3385 who = "Bobby Holley <bobbyholley@gmail.com>"
3386 criteria = "safe-to-deploy"
3388 notes = "Straightforward crate with no unsafe code, does what it says on the tin."
3390 [[audits.rustc_version]]
3391 who = "Nika Layzell <nika@thelayzells.com>"
3392 criteria = "safe-to-run"
3395 Straightforward crate which runs `$RUSTC -vV` and parses the output into a
3396 machine-interpretable form for build scripts.
3399 [[audits.rustversion]]
3400 who = "Bobby Holley <bobbyholley@gmail.com>"
3401 criteria = "safe-to-deploy"
3404 This crate has a build-time component and procedural macro logic, which I looked
3405 at enough to convince myself it wasn't going to do anything dramatically wrong.
3406 I don't think logic bugs in the version parsing etc can realistically introduce
3407 a security vulnerability.
3410 [[audits.rustversion]]
3411 who = "Mike Hommey <mh+mozilla@glandium.org>"
3412 criteria = "safe-to-run"
3413 delta = "1.0.9 -> 1.0.11"
3416 who = "Mike Hommey <mh+mozilla@glandium.org>"
3417 criteria = "safe-to-deploy"
3418 delta = "1.0.10 -> 1.0.11"
3421 who = "Mike Hommey <mh+mozilla@glandium.org>"
3422 criteria = "safe-to-deploy"
3423 delta = "1.0.11 -> 1.0.12"
3426 who = "Bobby Holley <bobbyholley@gmail.com>"
3427 criteria = "safe-to-run"
3429 notes = "I didn't review the allocation code carefully but it's not malicious."
3431 [[audits.scoped-tls]]
3432 who = "Mike Hommey <mh+mozilla@glandium.org>"
3433 criteria = "safe-to-run"
3434 delta = "1.0.0 -> 1.0.1"
3437 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3438 criteria = "safe-to-deploy"
3439 delta = "0.10.2 -> 0.11.0"
3440 notes = "Small changes to exposed traits, that look reasonable and have additional buffer boundary checks. No unsafe code touched."
3442 [[audits.scroll_derive]]
3443 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
3444 criteria = "safe-to-deploy"
3445 delta = "0.10.5 -> 0.11.0"
3446 notes = "No code changes. Tagged together with its parent crate scroll."
3448 [[audits.scroll_derive]]
3449 who = "Mike Hommey <mh+mozilla@glandium.org>"
3450 criteria = "safe-to-deploy"
3451 delta = "0.11.0 -> 0.11.1"
3453 [[audits.selectors]]
3454 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3455 criteria = "safe-to-deploy"
3458 This crate is basically developed in-tree. Mozilla employees have either
3459 reviewed or written virtually all of the code.
3463 who = "Mike Hommey <mh+mozilla@glandium.org>"
3464 criteria = "safe-to-deploy"
3465 delta = "1.0.9 -> 1.0.10"
3468 who = "Mike Hommey <mh+mozilla@glandium.org>"
3469 criteria = "safe-to-deploy"
3470 delta = "1.0.10 -> 1.0.13"
3473 who = "Mike Hommey <mh+mozilla@glandium.org>"
3474 criteria = "safe-to-deploy"
3475 delta = "1.0.13 -> 1.0.16"
3478 who = "Bobby Holley <bobbyholley@gmail.com>"
3479 criteria = "safe-to-deploy"
3480 delta = "1.0.17 -> 1.0.16"
3483 who = "Mike Hommey <mh+mozilla@glandium.org>"
3484 criteria = "safe-to-deploy"
3485 delta = "1.0.137 -> 1.0.143"
3488 who = "Mike Hommey <mh+mozilla@glandium.org>"
3489 criteria = "safe-to-deploy"
3490 delta = "1.0.143 -> 1.0.144"
3493 who = "Mike Hommey <mh+mozilla@glandium.org>"
3494 criteria = "safe-to-deploy"
3495 delta = "1.0.144 -> 1.0.151"
3498 who = "Mike Hommey <mh+mozilla@glandium.org>"
3499 criteria = "safe-to-deploy"
3500 delta = "1.0.151 -> 1.0.152"
3502 [[audits.serde_bytes]]
3503 who = "Mike Hommey <mh+mozilla@glandium.org>"
3504 criteria = "safe-to-deploy"
3505 delta = "0.11.6 -> 0.11.7"
3507 [[audits.serde_bytes]]
3508 who = "Mike Hommey <mh+mozilla@glandium.org>"
3509 criteria = "safe-to-deploy"
3510 delta = "0.11.7 -> 0.11.8"
3512 [[audits.serde_bytes]]
3513 who = "Mike Hommey <mh+mozilla@glandium.org>"
3514 criteria = "safe-to-deploy"
3515 delta = "0.11.8 -> 0.11.9"
3517 [[audits.serde_cbor]]
3518 who = "R. Martinho Fernandes <bugs@rmf.io>"
3519 criteria = "safe-to-deploy"
3522 [[audits.serde_cbor]]
3523 who = "John M. Schanck <jschanck@mozilla.com>"
3524 criteria = "safe-to-deploy"
3525 delta = "0.11.1 -> 0.11.2"
3527 [[audits.serde_derive]]
3528 who = "Mike Hommey <mh+mozilla@glandium.org>"
3529 criteria = "safe-to-deploy"
3530 delta = "1.0.137 -> 1.0.143"
3532 [[audits.serde_derive]]
3533 who = "Mike Hommey <mh+mozilla@glandium.org>"
3534 criteria = "safe-to-deploy"
3535 delta = "1.0.143 -> 1.0.144"
3537 [[audits.serde_derive]]
3538 who = "Mike Hommey <mh+mozilla@glandium.org>"
3539 criteria = "safe-to-deploy"
3540 delta = "1.0.144 -> 1.0.151"
3542 [[audits.serde_derive]]
3543 who = "Mike Hommey <mh+mozilla@glandium.org>"
3544 criteria = "safe-to-deploy"
3545 delta = "1.0.151 -> 1.0.152"
3547 [[audits.serde_json]]
3548 who = "Mike Hommey <mh+mozilla@glandium.org>"
3549 criteria = "safe-to-deploy"
3550 delta = "1.0.81 -> 1.0.83"
3552 [[audits.serde_json]]
3553 who = "Mike Hommey <mh+mozilla@glandium.org>"
3554 criteria = "safe-to-deploy"
3555 delta = "1.0.83 -> 1.0.85"
3557 [[audits.serde_json]]
3558 who = "Mike Hommey <mh+mozilla@glandium.org>"
3559 criteria = "safe-to-deploy"
3560 delta = "1.0.85 -> 1.0.91"
3562 [[audits.serde_json]]
3563 who = "Mike Hommey <mh+mozilla@glandium.org>"
3564 criteria = "safe-to-deploy"
3565 delta = "1.0.91 -> 1.0.93"
3567 [[audits.serde_path_to_error]]
3568 who = "Ben Dean-Kawamura <bdk@mozilla.com>"
3569 criteria = "safe-to-deploy"
3572 [[audits.serde_repr]]
3573 who = "Mike Hommey <mh+mozilla@glandium.org>"
3574 criteria = "safe-to-run"
3575 delta = "0.1.8 -> 0.1.9"
3577 [[audits.serde_repr]]
3578 who = "Mike Hommey <mh+mozilla@glandium.org>"
3579 criteria = "safe-to-run"
3580 delta = "0.1.9 -> 0.1.10"
3582 [[audits.serde_with]]
3583 who = "Mike Hommey <mh+mozilla@glandium.org>"
3584 criteria = "safe-to-deploy"
3585 delta = "1.14.0 -> 3.0.0"
3587 [[audits.serde_with_macros]]
3588 who = "Mike Hommey <mh+mozilla@glandium.org>"
3589 criteria = "safe-to-deploy"
3590 delta = "1.5.2 -> 3.0.0"
3592 [[audits.serde_yaml]]
3593 who = "Mike Hommey <mh+mozilla@glandium.org>"
3594 criteria = "safe-to-run"
3595 delta = "0.8.24 -> 0.8.26"
3597 [[audits.servo_arc]]
3598 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3599 criteria = "safe-to-deploy"
3601 notes = "Developed in-tree, effectively."
3604 who = "Mike Hommey <mh+mozilla@glandium.org>"
3605 criteria = "safe-to-deploy"
3606 delta = "0.9.2 -> 0.9.3"
3609 who = "Dana Keeler <dkeeler@mozilla.com>"
3610 criteria = "safe-to-deploy"
3614 who = "Mike Hommey <mh+mozilla@glandium.org>"
3615 criteria = "safe-to-run"
3616 delta = "0.10.0 -> 0.10.5"
3619 who = "Mike Hommey <mh+mozilla@glandium.org>"
3620 criteria = "safe-to-deploy"
3621 delta = "0.10.2 -> 0.10.6"
3624 who = "Simon Friedberger <simon@mozilla.com>"
3625 criteria = "safe-to-deploy"
3626 delta = "0.10.6 -> 0.10.7"
3629 who = "Mike Hommey <mh+mozilla@glandium.org>"
3630 criteria = "safe-to-deploy"
3631 delta = "0.4.6 -> 0.4.7"
3634 who = "Mike Hommey <mh+mozilla@glandium.org>"
3635 criteria = "safe-to-deploy"
3636 delta = "0.4.7 -> 0.4.8"
3638 [[audits.smallbitvec]]
3639 who = "Bobby Holley <bobbyholley@gmail.com>"
3640 criteria = "safe-to-deploy"
3642 notes = "All code written or reviewed by Mozilla staff."
3644 [[audits.smallbitvec]]
3645 who = "Bobby Holley <bobbyholley@gmail.com>"
3646 criteria = "safe-to-deploy"
3647 delta = "2.5.0 -> 2.5.1"
3650 who = "Mike Hommey <mh+mozilla@glandium.org>"
3651 criteria = "safe-to-deploy"
3652 delta = "1.8.0 -> 1.9.0"
3655 who = "Mike Hommey <mh+mozilla@glandium.org>"
3656 criteria = "safe-to-deploy"
3657 delta = "1.9.0 -> 1.10.0"
3659 [[audits.smart-default]]
3660 who = "Gabriele Svelto <gsvelto@mozilla.com>"
3661 criteria = "safe-to-deploy"
3664 [[audits.smart-default]]
3665 who = "Mike Hommey <mh+mozilla@glandium.org>"
3666 criteria = "safe-to-deploy"
3667 delta = "0.6.0 -> 0.7.1"
3670 who = "Mike Hommey <mh+mozilla@glandium.org>"
3671 criteria = "safe-to-deploy"
3672 delta = "0.4.4 -> 0.4.7"
3675 who = "Nicolas Silva <nical@fastmail.com>"
3676 criteria = "safe-to-deploy"
3677 delta = "0.2.0+1.5.4 -> 0.3.0+sdk-1.3.268.0"
3680 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3681 criteria = "safe-to-deploy"
3683 notes = "This crate uses unsafe lock to keep invariant. I auditted code. Also, this doesn't have file access and network access."
3685 [[audits.strck_ident]]
3686 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3687 criteria = "safe-to-deploy"
3689 notes = "This crate doesn't use unsafe block, network access and filesystem access."
3692 who = "Simon Friedberger <simon@mozilla.com>"
3693 criteria = "safe-to-deploy"
3695 notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
3698 who = "Bobby Holley <bobbyholley@gmail.com>"
3699 criteria = "safe-to-deploy"
3701 notes = "Simple string processing with no unsafe code or ambient capability usage."
3704 who = "Mike Hommey <mh+mozilla@glandium.org>"
3705 criteria = "safe-to-deploy"
3706 delta = "1.0.96 -> 1.0.99"
3709 who = "Mike Hommey <mh+mozilla@glandium.org>"
3710 criteria = "safe-to-deploy"
3711 delta = "1.0.99 -> 1.0.107"
3713 [[audits.synstructure]]
3714 who = "Nika Layzell <nika@thelayzells.com>"
3715 criteria = "safe-to-deploy"
3718 I am the primary author of the `synstructure` crate, and its current
3719 maintainer. The one use of `unsafe` is unnecessary, but documented and
3720 harmless. It will be removed in the next version.
3723 [[audits.synstructure]]
3724 who = "Mike Hommey <mh+mozilla@glandium.org>"
3725 criteria = "safe-to-deploy"
3726 delta = "0.12.6 -> 0.13.0"
3729 who = "Mike Hommey <mh+mozilla@glandium.org>"
3730 criteria = "safe-to-deploy"
3731 delta = "3.6.0 -> 3.8.0"
3734 who = "Mike Hommey <mh+mozilla@glandium.org>"
3735 criteria = "safe-to-deploy"
3736 delta = "3.8.0 -> 3.9.0"
3738 [[audits.termcolor]]
3739 who = "Mike Hommey <mh+mozilla@glandium.org>"
3740 criteria = "safe-to-deploy"
3741 delta = "1.1.3 -> 1.2.0"
3744 who = "Mike Hommey <mh+mozilla@glandium.org>"
3745 criteria = "safe-to-deploy"
3746 delta = "0.15.0 -> 0.15.2"
3749 who = "Mike Hommey <mh+mozilla@glandium.org>"
3750 criteria = "safe-to-deploy"
3751 delta = "0.15.2 -> 0.16.0"
3754 who = "Aria Beingessner <a.beingessner@gmail.com>"
3755 criteria = "safe-to-deploy"
3757 notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."
3760 who = "Mike Hommey <mh+mozilla@glandium.org>"
3761 criteria = "safe-to-deploy"
3762 delta = "0.2.5 -> 0.2.7"
3765 who = "Mike Hommey <mh+mozilla@glandium.org>"
3766 criteria = "safe-to-deploy"
3767 delta = "0.2.7 -> 0.2.12"
3769 [[audits.thiserror]]
3770 who = "Mike Hommey <mh+mozilla@glandium.org>"
3771 criteria = "safe-to-deploy"
3772 delta = "1.0.31 -> 1.0.32"
3774 [[audits.thiserror]]
3775 who = "Mike Hommey <mh+mozilla@glandium.org>"
3776 criteria = "safe-to-deploy"
3777 delta = "1.0.32 -> 1.0.38"
3779 [[audits.thiserror-impl]]
3780 who = "Mike Hommey <mh+mozilla@glandium.org>"
3781 criteria = "safe-to-deploy"
3782 delta = "1.0.31 -> 1.0.32"
3784 [[audits.thiserror-impl]]
3785 who = "Mike Hommey <mh+mozilla@glandium.org>"
3786 criteria = "safe-to-deploy"
3787 delta = "1.0.32 -> 1.0.38"
3789 [[audits.threadbound]]
3790 who = "Mike Hommey <mh+mozilla@glandium.org>"
3791 criteria = "safe-to-deploy"
3792 delta = "0.1.3 -> 0.1.4"
3794 [[audits.threadbound]]
3795 who = "Mike Hommey <mh+mozilla@glandium.org>"
3796 criteria = "safe-to-deploy"
3797 delta = "0.1.4 -> 0.1.5"
3800 who = "Mike Hommey <mh+mozilla@glandium.org>"
3801 criteria = "safe-to-deploy"
3802 delta = "0.1.44 -> 0.1.45"
3805 who = "Kershaw Chang <kershaw@mozilla.com>"
3806 criteria = "safe-to-deploy"
3807 delta = "0.1.45 -> 0.3.17"
3810 who = "Mike Hommey <mh+mozilla@glandium.org>"
3811 criteria = "safe-to-run"
3812 delta = "0.3.9 -> 0.3.17"
3815 who = "Kershaw Chang <kershaw@mozilla.com>"
3816 criteria = "safe-to-deploy"
3817 delta = "0.3.17 -> 0.3.23"
3819 [[audits.time-core]]
3820 who = "Kershaw Chang <kershaw@mozilla.com>"
3821 criteria = "safe-to-deploy"
3824 [[audits.time-core]]
3825 who = "Mike Hommey <mh+mozilla@glandium.org>"
3826 criteria = "safe-to-run"
3829 [[audits.time-core]]
3830 who = "Kershaw Chang <kershaw@mozilla.com>"
3831 criteria = "safe-to-deploy"
3832 delta = "0.1.0 -> 0.1.1"
3834 [[audits.time-macros]]
3835 who = "Kershaw Chang <kershaw@mozilla.com>"
3836 criteria = "safe-to-deploy"
3839 [[audits.time-macros]]
3840 who = "Mike Hommey <mh+mozilla@glandium.org>"
3841 criteria = "safe-to-run"
3842 delta = "0.2.4 -> 0.2.6"
3844 [[audits.time-macros]]
3845 who = "Kershaw Chang <kershaw@mozilla.com>"
3846 criteria = "safe-to-deploy"
3847 delta = "0.2.6 -> 0.2.10"
3850 who = "Zibi Braniecki <zibi@unicode.org>"
3851 criteria = "safe-to-deploy"
3855 who = "Zibi Braniecki <zibi@unicode.org>"
3856 criteria = "safe-to-deploy"
3860 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3861 criteria = "safe-to-deploy"
3863 notes = "One of original auther was Zibi Braniecki who worked at Mozilla and maintained by ICU4X developers (Google and Mozilla). I've vetted the one instance of unsafe code."
3866 who = "Mike Hommey <mh+mozilla@glandium.org>"
3867 criteria = "safe-to-deploy"
3868 delta = "0.7.0 -> 0.7.1"
3871 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3872 criteria = "safe-to-deploy"
3873 delta = "0.7.1 -> 0.7.4"
3875 [[audits.tokio-macros]]
3876 who = "Mike Hommey <mh+mozilla@glandium.org>"
3877 criteria = "safe-to-run"
3878 delta = "1.8.0 -> 1.8.2"
3880 [[audits.tokio-stream]]
3881 who = "Mike Hommey <mh+mozilla@glandium.org>"
3882 criteria = "safe-to-run"
3883 delta = "0.1.9 -> 0.1.11"
3885 [[audits.tokio-stream]]
3886 who = "Mike Hommey <mh+mozilla@glandium.org>"
3887 criteria = "safe-to-run"
3888 delta = "0.1.11 -> 0.1.12"
3891 who = "Bobby Holley <bobbyholley@gmail.com>"
3892 criteria = "safe-to-deploy"
3893 delta = "0.5.7 -> 0.5.9"
3896 who = "Mike Hommey <mh+mozilla@glandium.org>"
3897 criteria = "safe-to-deploy"
3898 delta = "0.5.9 -> 0.5.10"
3901 who = "Mike Hommey <mh+mozilla@glandium.org>"
3902 criteria = "safe-to-deploy"
3903 delta = "0.5.10 -> 0.5.11"
3905 [[audits.topological-sort]]
3906 who = "Bobby Holley <bobbyholley@gmail.com>"
3907 criteria = "safe-to-deploy"
3909 notes = "Simple algorithm crate with no unsafe code or capability usage."
3911 [[audits.tower-service]]
3912 who = "Mike Hommey <mh+mozilla@glandium.org>"
3913 criteria = "safe-to-run"
3914 delta = "0.3.1 -> 0.3.2"
3917 who = "Mike Hommey <mh+mozilla@glandium.org>"
3918 criteria = "safe-to-run"
3919 delta = "0.1.35 -> 0.1.36"
3922 who = "Mike Hommey <mh+mozilla@glandium.org>"
3923 criteria = "safe-to-run"
3924 delta = "0.1.36 -> 0.1.37"
3926 [[audits.tracing-attributes]]
3927 who = "Mike Hommey <mh+mozilla@glandium.org>"
3928 criteria = "safe-to-run"
3929 delta = "0.1.21 -> 0.1.22"
3931 [[audits.tracing-attributes]]
3932 who = "Mike Hommey <mh+mozilla@glandium.org>"
3933 criteria = "safe-to-run"
3934 delta = "0.1.22 -> 0.1.23"
3936 [[audits.tracing-attributes]]
3937 who = "Mike Hommey <mh+mozilla@glandium.org>"
3938 criteria = "safe-to-run"
3939 delta = "0.1.23 -> 0.1.24"
3941 [[audits.tracing-core]]
3942 who = "Mike Hommey <mh+mozilla@glandium.org>"
3943 criteria = "safe-to-run"
3944 delta = "0.1.27 -> 0.1.29"
3946 [[audits.tracing-core]]
3947 who = "Mike Hommey <mh+mozilla@glandium.org>"
3948 criteria = "safe-to-run"
3949 delta = "0.1.29 -> 0.1.30"
3952 who = "Glenn Watson <git@intuitionlibrary.com>"
3953 criteria = "safe-to-deploy"
3957 who = "Mike Hommey <mh+mozilla@glandium.org>"
3958 criteria = "safe-to-run"
3959 delta = "0.2.3 -> 0.2.4"
3961 [[audits.typed-arena-nomut]]
3962 who = "Lee Salzman <lsalzman@gmail.com>"
3963 criteria = "safe-to-deploy"
3967 who = "Mike Hommey <mh+mozilla@glandium.org>"
3968 criteria = "safe-to-deploy"
3969 delta = "1.15.0 -> 1.16.0"
3972 who = "Emilio Cobos Álvarez <emilio@crisal.io>"
3973 criteria = "safe-to-deploy"
3976 I've reviewed multiple patches in this crate, including the initial
3977 implementation back in the day. It has no unsafe code at all nowadays.
3980 [[audits.unic-langid]]
3981 who = "Zibi Braniecki <zibi@unicode.org>"
3982 criteria = "safe-to-deploy"
3985 [[audits.unic-langid]]
3986 who = "Mike Hommey <mh+mozilla@glandium.org>"
3987 criteria = "safe-to-deploy"
3988 delta = "0.9.0 -> 0.9.1"
3990 [[audits.unic-langid-impl]]
3991 who = "Zibi Braniecki <zibi@unicode.org>"
3992 criteria = "safe-to-deploy"
3995 [[audits.unic-langid-impl]]
3996 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
3997 criteria = "safe-to-deploy"
3998 delta = "0.9.0 -> 0.9.1"
4000 [[audits.unic-langid-macros]]
4001 who = "Zibi Braniecki <zibi@unicode.org>"
4002 criteria = "safe-to-deploy"
4005 [[audits.unic-langid-macros]]
4006 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4007 criteria = "safe-to-deploy"
4008 delta = "0.9.0 -> 0.9.1"
4010 [[audits.unic-langid-macros-impl]]
4011 who = "Zibi Braniecki <zibi@unicode.org>"
4012 criteria = "safe-to-deploy"
4015 [[audits.unic-langid-macros-impl]]
4016 who = "Mike Hommey <mh+mozilla@glandium.org>"
4017 criteria = "safe-to-deploy"
4018 delta = "0.9.0 -> 0.9.1"
4020 [[audits.unicode-bidi]]
4021 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4022 criteria = "safe-to-deploy"
4023 delta = "0.3.8 -> 0.3.13"
4025 [[audits.unicode-bidi]]
4026 who = "Jonathan Kew <jkew@mozilla.com>"
4027 criteria = "safe-to-deploy"
4028 delta = "0.3.13 -> 0.3.14"
4029 notes = "I am the author of the bulk of the upstream changes in this version, and also checked the remaining post-0.3.13 changes."
4031 [[audits.unicode-bidi]]
4032 who = "Jonathan Kew <jfkthame@gmail.com>"
4033 criteria = "safe-to-deploy"
4034 delta = "0.3.14 -> 0.3.15"
4036 [[audits.unicode-bidi]]
4037 who = "Jonathan Kew <jfkthame@gmail.com>"
4038 criteria = "safe-to-deploy"
4039 delta = "0.3.15 -> 0.3.15@git:ca612daf1c08c53abe07327cb3e6ef6e0a760f0c"
4042 [[audits.unicode-ident]]
4043 who = "Mike Hommey <mh+mozilla@glandium.org>"
4044 criteria = "safe-to-deploy"
4045 delta = "1.0.0 -> 1.0.1"
4047 [[audits.unicode-ident]]
4048 who = "Mike Hommey <mh+mozilla@glandium.org>"
4049 criteria = "safe-to-deploy"
4050 delta = "1.0.1 -> 1.0.3"
4052 [[audits.unicode-ident]]
4053 who = "Mike Hommey <mh+mozilla@glandium.org>"
4054 criteria = "safe-to-deploy"
4055 delta = "1.0.3 -> 1.0.6"
4057 [[audits.unicode-normalization]]
4058 who = "Mike Hommey <mh+mozilla@glandium.org>"
4059 criteria = "safe-to-deploy"
4060 delta = "0.1.19 -> 0.1.20"
4061 notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
4063 [[audits.unicode-normalization]]
4064 who = "Mike Hommey <mh+mozilla@glandium.org>"
4065 criteria = "safe-to-deploy"
4066 delta = "0.1.20 -> 0.1.21"
4068 [[audits.unicode-normalization]]
4069 who = "Mike Hommey <mh+mozilla@glandium.org>"
4070 criteria = "safe-to-deploy"
4071 delta = "0.1.21 -> 0.1.22"
4073 [[audits.unicode-segmentation]]
4074 who = "Mike Hommey <mh+mozilla@glandium.org>"
4075 criteria = "safe-to-deploy"
4076 delta = "1.9.0 -> 1.10.0"
4078 [[audits.unicode-width]]
4079 who = "Mike Hommey <mh+mozilla@glandium.org>"
4080 criteria = "safe-to-deploy"
4081 delta = "0.1.9 -> 0.1.10"
4083 [[audits.unicode-xid]]
4084 who = "Mike Hommey <mh+mozilla@glandium.org>"
4085 criteria = "safe-to-deploy"
4086 delta = "0.2.3 -> 0.2.4"
4089 who = "Travis Long <tlong@mozilla.com>"
4090 criteria = "safe-to-deploy"
4092 notes = "Maintained by the Glean and Application Services teams"
4095 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4096 criteria = "safe-to-deploy"
4097 delta = "0.19.3 -> 0.19.6"
4098 notes = "Maintained by the Glean and Application Services team."
4101 who = "Perry McManis <pmcmanis@mozilla.com>"
4102 criteria = "safe-to-deploy"
4103 delta = "0.19.6 -> 0.20.0"
4106 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4107 criteria = "safe-to-deploy"
4108 delta = "0.20.0 -> 0.21.0"
4109 notes = "Maintained by the Glean and Application Services team."
4112 who = "Mike Hommey <mh+mozilla@glandium.org>"
4113 criteria = "safe-to-deploy"
4114 delta = "0.21.0 -> 0.21.1"
4115 notes = "No changes."
4118 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4119 criteria = "safe-to-deploy"
4120 delta = "0.21.1 -> 0.23.0"
4121 notes = "Maintained by the Glean and Application Services team."
4123 [[audits.uniffi_bindgen]]
4124 who = "Travis Long <tlong@mozilla.com>"
4125 criteria = "safe-to-deploy"
4127 notes = "Maintained by the Glean and Application Services teams."
4129 [[audits.uniffi_bindgen]]
4130 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4131 criteria = "safe-to-deploy"
4132 delta = "0.19.3 -> 0.19.6"
4133 notes = "Maintained by the Glean and Application Services team."
4135 [[audits.uniffi_bindgen]]
4136 who = "Perry McManis <pmcmanis@mozilla.com>"
4137 criteria = "safe-to-deploy"
4138 delta = "0.19.6 -> 0.20.0"
4140 [[audits.uniffi_bindgen]]
4141 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4142 criteria = "safe-to-deploy"
4143 delta = "0.20.0 -> 0.21.0"
4144 notes = "Maintained by the Glean and Application Services team."
4146 [[audits.uniffi_bindgen]]
4147 who = "Mike Hommey <mh+mozilla@glandium.org>"
4148 criteria = "safe-to-deploy"
4149 delta = "0.21.0 -> 0.21.1"
4150 notes = "I authored the changes in this version."
4152 [[audits.uniffi_bindgen]]
4153 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4154 criteria = "safe-to-deploy"
4155 delta = "0.21.1 -> 0.23.0"
4156 notes = "Maintained by the Glean and Application Services team."
4158 [[audits.uniffi_build]]
4159 who = "Travis Long <tlong@mozilla.com>"
4160 criteria = "safe-to-deploy"
4162 notes = "Maintained by the Glean and Application Services teams."
4164 [[audits.uniffi_build]]
4165 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4166 criteria = "safe-to-deploy"
4167 delta = "0.19.3 -> 0.19.6"
4168 notes = "Maintained by the Glean and Application Services team."
4170 [[audits.uniffi_build]]
4171 who = "Perry McManis <pmcmanis@mozilla.com>"
4172 criteria = "safe-to-deploy"
4173 delta = "0.19.6 -> 0.20.0"
4175 [[audits.uniffi_build]]
4176 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4177 criteria = "safe-to-deploy"
4178 delta = "0.20.0 -> 0.21.0"
4179 notes = "Maintained by the Glean and Application Services team."
4181 [[audits.uniffi_build]]
4182 who = "Mike Hommey <mh+mozilla@glandium.org>"
4183 criteria = "safe-to-deploy"
4184 delta = "0.21.0 -> 0.21.1"
4185 notes = "No changes."
4187 [[audits.uniffi_build]]
4188 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4189 criteria = "safe-to-deploy"
4190 delta = "0.21.1 -> 0.23.0"
4191 notes = "Maintained by the Glean and Application Services team."
4193 [[audits.uniffi_checksum_derive]]
4194 who = "Mike Hommey <mh+mozilla@glandium.org>"
4195 criteria = "safe-to-deploy"
4197 notes = "I authored this crate."
4199 [[audits.uniffi_checksum_derive]]
4200 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4201 criteria = "safe-to-deploy"
4202 delta = "0.21.1 -> 0.23.0"
4203 notes = "Maintained by the Glean and Application Services team."
4205 [[audits.uniffi_core]]
4206 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4207 criteria = "safe-to-deploy"
4209 notes = "Maintained by the Glean and Application Services teams."
4211 [[audits.uniffi_macros]]
4212 who = "Travis Long <tlong@mozilla.com>"
4213 criteria = "safe-to-deploy"
4215 notes = "Maintained by the Glean and Application Services teams."
4217 [[audits.uniffi_macros]]
4218 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4219 criteria = "safe-to-deploy"
4220 delta = "0.19.3 -> 0.19.6"
4221 notes = "Maintained by the Glean and Application Services team."
4223 [[audits.uniffi_macros]]
4224 who = "Perry McManis <pmcmanis@mozilla.com>"
4225 criteria = "safe-to-deploy"
4226 delta = "0.19.6 -> 0.20.0"
4228 [[audits.uniffi_macros]]
4229 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4230 criteria = "safe-to-deploy"
4231 delta = "0.20.0 -> 0.21.0"
4232 notes = "Maintained by the Glean and Application Services team."
4234 [[audits.uniffi_macros]]
4235 who = "Mike Hommey <mh+mozilla@glandium.org>"
4236 criteria = "safe-to-deploy"
4237 delta = "0.21.0 -> 0.21.1"
4238 notes = "No changes."
4240 [[audits.uniffi_macros]]
4241 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4242 criteria = "safe-to-deploy"
4243 delta = "0.21.1 -> 0.23.0"
4244 notes = "Maintained by the Glean and Application Services team."
4246 [[audits.uniffi_meta]]
4247 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4248 criteria = "safe-to-deploy"
4250 notes = "Maintained by the Glean and Application Services team."
4252 [[audits.uniffi_meta]]
4253 who = "Perry McManis <pmcmanis@mozilla.com>"
4254 criteria = "safe-to-deploy"
4255 delta = "0.19.6 -> 0.20.0"
4257 [[audits.uniffi_meta]]
4258 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4259 criteria = "safe-to-deploy"
4260 delta = "0.20.0 -> 0.21.0"
4261 notes = "Maintained by the Glean and Application Services team."
4263 [[audits.uniffi_meta]]
4264 who = "Mike Hommey <mh+mozilla@glandium.org>"
4265 criteria = "safe-to-deploy"
4266 delta = "0.21.0 -> 0.21.1"
4267 notes = "I authored the changes in this version."
4269 [[audits.uniffi_meta]]
4270 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4271 criteria = "safe-to-deploy"
4272 delta = "0.21.1 -> 0.23.0"
4273 notes = "Maintained by the Glean and Application Services team."
4275 [[audits.uniffi_testing]]
4276 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4277 criteria = "safe-to-deploy"
4279 notes = "Maintained by the Glean and Application Services team."
4282 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4283 criteria = "safe-to-deploy"
4287 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4288 criteria = "safe-to-deploy"
4289 delta = "2.4.0 -> 2.4.1"
4292 who = "Valentin Gosu <valentin.gosu@gmail.com>"
4293 criteria = "safe-to-deploy"
4294 delta = "2.4.1 -> 2.5.0"
4297 who = "Gabriele Svelto <gsvelto@mozilla.com>"
4298 criteria = "safe-to-deploy"
4299 delta = "0.8.2 -> 1.2.2"
4302 who = "Mike Hommey <mh+mozilla@glandium.org>"
4303 criteria = "safe-to-deploy"
4304 delta = "1.2.2 -> 1.3.0"
4307 who = "Bobby Holley <bobbyholley@gmail.com>"
4308 criteria = "safe-to-deploy"
4310 notes = "Very small crate, just hosts the Void type for easier cross-crate interfacing."
4313 who = "Mike Hommey <mh+mozilla@glandium.org>"
4314 criteria = "safe-to-run"
4315 delta = "0.3.2 -> 0.3.3"
4318 who = "Bobby Holley <bobbyholley@gmail.com>"
4319 criteria = "safe-to-run"
4320 delta = "0.3.3 -> 0.3.3@git:4af45fae95bc98b0eba1ef0db17e1dac471bb23d"
4323 who = "Mike Hommey <mh+mozilla@glandium.org>"
4324 criteria = "safe-to-run"
4325 delta = "0.3.6 -> 0.3.6@git:9d081461ae1167eb321585ce424f4fef6cf0092b"
4327 [[audits.wasm-encoder]]
4328 who = "Ryan Hunt <rhunt@eqrion.net>"
4329 criteria = "safe-to-deploy"
4331 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. This has no unsafe code and uses no ambient capabilities."
4333 [[audits.wasm-encoder]]
4334 who = "Ryan Hunt <rhunt@eqrion.net>"
4335 criteria = "safe-to-deploy"
4336 delta = "0.7.0 -> 0.14.0"
4337 notes = "wasm-encoder has no unsafe code and uses no ambient capabilities."
4339 [[audits.wasm-encoder]]
4340 who = "Yury Delendik <ydelendik@mozilla.com>"
4341 criteria = "safe-to-deploy"
4342 delta = "0.14.0 -> 0.15.0"
4344 [[audits.wasm-encoder]]
4345 who = "Yury Delendik <ydelendik@mozilla.com>"
4346 criteria = "safe-to-deploy"
4347 delta = "0.16.0 -> 0.17.0"
4349 [[audits.wasm-encoder]]
4350 who = "Ryan Hunt <rhunt@eqrion.net>"
4351 criteria = "safe-to-deploy"
4352 delta = "0.19.0 -> 0.19.1"
4354 [[audits.wasm-smith]]
4355 who = "Ryan Hunt <rhunt@eqrion.net>"
4356 criteria = "safe-to-deploy"
4358 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code."
4360 [[audits.wasm-smith]]
4361 who = "Yury Delendik <ydelendik@mozilla.com>"
4362 criteria = "safe-to-run"
4363 delta = "0.11.2 -> 0.11.3"
4365 [[audits.wasm-smith]]
4366 who = "Yury Delendik <ydelendik@mozilla.com>"
4367 criteria = "safe-to-run"
4368 delta = "0.11.4 -> 0.11.5"
4370 [[audits.wasm-smith]]
4371 who = "Ryan Hunt <rhunt@eqrion.net>"
4372 criteria = "safe-to-run"
4373 delta = "0.11.7 -> 0.11.8"
4375 [[audits.wasmparser]]
4376 who = "Ryan Hunt <rhunt@eqrion.net>"
4377 criteria = "safe-to-deploy"
4379 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code."
4381 [[audits.wasmparser]]
4382 who = "Yury Delendik <ydelendik@mozilla.com>"
4383 criteria = "safe-to-deploy"
4384 delta = "0.87.0 -> 0.88.0"
4386 [[audits.wasmparser]]
4387 who = "Yury Delendik <ydelendik@mozilla.com>"
4388 criteria = "safe-to-deploy"
4389 delta = "0.89.1 -> 0.91.0"
4391 [[audits.wasmparser]]
4392 who = "Ryan Hunt <rhunt@eqrion.net>"
4393 criteria = "safe-to-deploy"
4394 delta = "0.93.0 -> 0.94.0"
4397 who = "Ryan Hunt <rhunt@eqrion.net>"
4398 criteria = "safe-to-deploy"
4402 who = "Ryan Hunt <rhunt@eqrion.net>"
4403 criteria = "safe-to-deploy"
4405 notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. wast has no unsafe code and the only ambient capability it uses is to read the full contents of a file that is given to it."
4408 who = "Yury Delendik <ydelendik@mozilla.com>"
4409 criteria = "safe-to-deploy"
4410 delta = "44.0.0 -> 45.0.0"
4413 who = "Yury Delendik <ydelendik@mozilla.com>"
4414 criteria = "safe-to-deploy"
4415 delta = "46.0.0 -> 47.0.0"
4418 who = "Ryan Hunt <rhunt@eqrion.net>"
4419 criteria = "safe-to-deploy"
4420 delta = "48.0.0 -> 49.0.0"
4423 who = "Ben Visness <bvisness@mozilla.com>"
4424 criteria = "safe-to-deploy"
4425 delta = "55.0.0 -> 56.0.0"
4427 [[audits.webrtc-sdp]]
4428 who = "Byron Campen <docfaraday@gmail.com>"
4429 criteria = "safe-to-deploy"
4430 delta = "0.3.9 -> 0.3.10"
4432 [[audits.webrtc-sdp]]
4433 who = "Nicolas Grunbaum <ngrunbaum@mozilla.com>"
4434 criteria = "safe-to-deploy"
4435 delta = "0.3.10 -> 0.3.11"
4438 who = "Travis Long <tlong@mozilla.com>"
4439 criteria = "safe-to-deploy"
4441 notes = "Maintained by the Glean and Application Services teams."
4444 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4445 criteria = "safe-to-deploy"
4446 delta = "3.0.0 -> 4.0.0"
4447 notes = "Maintained by the Glean and Application Services team."
4449 [[audits.wgpu-core]]
4450 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4451 criteria = "safe-to-deploy"
4454 This crate, up through the indicated version, was written or reviewed
4455 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4456 Mozilla at the beginning of February 2022. This audit statement was
4457 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4458 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4461 [[audits.wgpu-core]]
4462 who = "Jim Blandy <jimb@mozilla.com>"
4463 criteria = "safe-to-deploy"
4464 delta = "0.12.0 -> 0.13.0"
4466 [[audits.wgpu-core]]
4467 who = "Jim Blandy <jimb@red-bean.com>"
4468 criteria = "safe-to-deploy"
4469 delta = "0.13.0 -> 0.14.0"
4470 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4472 [[audits.wgpu-core]]
4473 who = "Nicolas Silva <nical@fastmail.com>"
4474 criteria = "safe-to-deploy"
4475 delta = "0.14.0 -> 0.15.0"
4477 [[audits.wgpu-core]]
4478 who = "Nicolas Silva <nical@fastmail.com>"
4479 criteria = "safe-to-deploy"
4480 delta = "0.15.0 -> 0.16.0"
4482 [[audits.wgpu-core]]
4483 who = "Nicolas Silva <nical@fastmail.com>"
4484 criteria = "safe-to-deploy"
4485 delta = "0.16.0 -> 0.17.0"
4487 [[audits.wgpu-core]]
4488 who = "Nicolas Silva <nical@fastmail.com>"
4489 criteria = "safe-to-deploy"
4490 delta = "0.17.0 -> 0.18.0"
4492 [[audits.wgpu-core]]
4494 "Jim Blandy <jimb@red-bean.com>",
4495 "Nicolas Silva <nical@fastmail.com>",
4496 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4497 "Erich Gubler <erichdongubler@gmail.com>",
4499 criteria = "safe-to-deploy"
4500 delta = "0.18.0 -> 0.19.0@git:152a94bc6c502226d9871f28e35db0b755ea35bf"
4504 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4505 criteria = "safe-to-deploy"
4508 This crate, up through the indicated version, was written or reviewed
4509 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4510 Mozilla at the beginning of February 2022. This audit statement was
4511 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4512 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4516 who = "Jim Blandy <jimb@mozilla.com>"
4517 criteria = "safe-to-deploy"
4518 delta = "0.12.0 -> 0.13.0"
4521 who = "Jim Blandy <jimb@red-bean.com>"
4522 criteria = "safe-to-deploy"
4523 delta = "0.13.0 -> 0.14.0"
4524 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4527 who = "Nicolas Silva <nical@fastmail.com>"
4528 criteria = "safe-to-deploy"
4529 delta = "0.14.0 -> 0.15.0"
4532 who = "Nicolas Silva <nical@fastmail.com>"
4533 criteria = "safe-to-deploy"
4534 delta = "0.15.0 -> 0.16.0"
4537 who = "Nicolas Silva <nical@fastmail.com>"
4538 criteria = "safe-to-deploy"
4539 delta = "0.16.0 -> 0.17.0"
4542 who = "Nicolas Silva <nical@fastmail.com>"
4543 criteria = "safe-to-deploy"
4544 delta = "0.17.0 -> 0.18.0"
4548 "Jim Blandy <jimb@red-bean.com>",
4549 "Nicolas Silva <nical@fastmail.com>",
4550 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4551 "Erich Gubler <erichdongubler@gmail.com>",
4553 criteria = "safe-to-deploy"
4554 delta = "0.18.0 -> 0.19.0@git:152a94bc6c502226d9871f28e35db0b755ea35bf"
4557 [[audits.wgpu-types]]
4558 who = "Dzmitry Malyshau <kvark@fastmail.com>"
4559 criteria = "safe-to-deploy"
4562 This crate, up through the indicated version, was written or reviewed
4563 by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
4564 Mozilla at the beginning of February 2022. This audit statement was
4565 collected by Jim Blandy, a Mozilla employee, over email in July 2022:
4566 Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
4569 [[audits.wgpu-types]]
4570 who = "Jim Blandy <jimb@mozilla.com>"
4571 criteria = "safe-to-deploy"
4572 delta = "0.12.0 -> 0.13.0"
4574 [[audits.wgpu-types]]
4575 who = "Jim Blandy <jimb@red-bean.com>"
4576 criteria = "safe-to-deploy"
4577 delta = "0.13.0 -> 0.14.0"
4578 notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia."
4580 [[audits.wgpu-types]]
4581 who = "Nicolas Silva <nical@fastmail.com>"
4582 criteria = "safe-to-deploy"
4583 delta = "0.14.0 -> 0.15.0"
4585 [[audits.wgpu-types]]
4586 who = "Nicolas Silva <nical@fastmail.com>"
4587 criteria = "safe-to-deploy"
4588 delta = "0.15.0 -> 0.16.0"
4590 [[audits.wgpu-types]]
4591 who = "Nicolas Silva <nical@fastmail.com>"
4592 criteria = "safe-to-deploy"
4593 delta = "0.16.0 -> 0.17.0"
4595 [[audits.wgpu-types]]
4596 who = "Nicolas Silva <nical@fastmail.com>"
4597 criteria = "safe-to-deploy"
4598 delta = "0.17.0 -> 0.18.0"
4600 [[audits.wgpu-types]]
4602 "Jim Blandy <jimb@red-bean.com>",
4603 "Nicolas Silva <nical@fastmail.com>",
4604 "Teodor Tanasoaia <ttanasoaia@mozilla.com>",
4605 "Erich Gubler <erichdongubler@gmail.com>",
4607 criteria = "safe-to-deploy"
4608 delta = "0.18.0 -> 0.19.0@git:152a94bc6c502226d9871f28e35db0b755ea35bf"
4612 who = "Bobby Holley <bobbyholley@gmail.com>"
4613 criteria = "safe-to-deploy"
4616 Contains platform-specific FFI code for apple, mac, and windows. The windows code
4617 also contains a small C file compiled at build-time. I audited all of it and it
4622 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
4623 criteria = "safe-to-deploy"
4624 delta = "0.1.2 -> 0.3.1"
4625 notes = "Maintained by me. I have written or reviewed all of the code."
4628 who = "Ray Kraesig <rkraesig@mozilla.com>"
4629 criteria = "safe-to-run"
4632 This crate uses a lot of `unsafe`; not all of it is necessary, and not all of it
4633 is correct. (In particular, the alignment of data buffers does not seem to be
4634 correctly ensured at type-conversion time.) However, the code is not deceptive,
4635 and any more subtle issues do not appear to be exploitable -- certainly not from
4639 [[audits.wpf-gpu-raster]]
4640 who = "Lee Salzman <lsalzman@mozilla.com>"
4641 criteria = "safe-to-deploy"
4643 notes = "Written and maintained by Gfx team at Mozilla."
4645 [[audits.writeable]]
4646 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4647 criteria = "safe-to-deploy"
4649 notes = "writeable is a variation of fmt::Write with sink version. This uses `unsafe` block to handle potentially-invalid UTF-8 character. I've vetted the one instance of unsafe code."
4651 [[audits.writeable]]
4652 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4653 criteria = "safe-to-deploy"
4654 delta = "0.5.2 -> 0.5.4"
4657 who = "Henri Sivonen <hsivonen@hsivonen.fi>"
4658 criteria = "safe-to-deploy"
4660 notes = "I, Henri Sivonen, wrote this crate myself for Gecko even though it's published on crates.io."
4663 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4664 criteria = "safe-to-deploy"
4666 notes = "This crate is for zero-copy serialization for ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, I audited code."
4669 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4670 criteria = "safe-to-deploy"
4671 delta = "0.7.1 -> 0.7.3"
4673 [[audits.yoke-derive]]
4674 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4675 criteria = "safe-to-deploy"
4676 version = "0.7.1@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4677 notes = "This crate is a helper for yoke crate that is ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, all has the comment why this uses unsafe and I audited code."
4679 [[audits.yoke-derive]]
4680 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4681 criteria = "safe-to-deploy"
4685 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4686 criteria = "safe-to-deploy"
4688 notes = "This crate is zero-copy version of \"From\". This has no unsafe code and uses no ambient capabilities."
4690 [[audits.zerofrom-derive]]
4691 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4692 criteria = "safe-to-deploy"
4693 version = "0.1.2@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4694 notes = "This is custom derives for `ZeroFrom` that is from zerofrom crate. This has no unsafe code and uses no ambient capabilities."
4696 [[audits.zerofrom-derive]]
4697 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4698 criteria = "safe-to-deploy"
4702 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4703 criteria = "safe-to-deploy"
4705 notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code."
4708 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4709 criteria = "safe-to-deploy"
4710 delta = "0.9.4 -> 0.10.1"
4712 [[audits.zerovec-derive]]
4713 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4714 criteria = "safe-to-deploy"
4715 version = "0.9.4@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873"
4716 notes = "This is custom derives for `ZeroVec` that is from zerovec crate. Although this uses unsafe block for zero-copy, this has a comment in code why this uses unsafe and I audited code."
4718 [[audits.zerovec-derive]]
4719 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
4720 criteria = "safe-to-deploy"
4724 who = "Alex Franchuk <afranchuk@mozilla.com>"
4725 criteria = "safe-to-deploy"
4728 No unsafe code nor unwarranted dependencies. Side-effectful std usage is only
4729 present where expected (zip archive reading/writing and unpacking)
4733 who = "Mike Hommey <mh+mozilla@glandium.org>"
4734 criteria = "safe-to-run"
4735 delta = "0.6.2 -> 0.6.3"
4738 who = "Mike Hommey <mh+mozilla@glandium.org>"
4739 criteria = "safe-to-run"
4740 delta = "0.6.3 -> 0.6.4"
4742 [[trusted.aho-corasick]]
4743 criteria = "safe-to-deploy"
4744 user-id = 189 # Andrew Gallant (BurntSushi)
4745 start = "2019-03-28"
4749 criteria = "safe-to-deploy"
4750 user-id = 6743 # Ed Page (epage)
4751 start = "2022-05-18"
4754 [[trusted.async-trait]]
4755 criteria = "safe-to-deploy"
4756 user-id = 3618 # David Tolnay (dtolnay)
4757 start = "2019-07-23"
4761 criteria = "safe-to-deploy"
4762 user-id = 2915 # Amanieu d'Antras (Amanieu)
4763 start = "2019-02-22"
4766 [[trusted.byteorder]]
4767 criteria = "safe-to-deploy"
4768 user-id = 189 # Andrew Gallant (BurntSushi)
4769 start = "2019-06-09"
4773 criteria = "safe-to-deploy"
4774 user-id = 6741 # Alice Ryhl (Darksonn)
4775 start = "2021-01-11"
4779 criteria = "safe-to-deploy"
4780 user-id = 2915 # Amanieu d'Antras (Amanieu)
4781 start = "2024-02-20"
4785 criteria = "safe-to-deploy"
4786 user-id = 6743 # Ed Page (epage)
4787 start = "2021-12-08"
4790 [[trusted.clap_builder]]
4791 criteria = "safe-to-deploy"
4792 user-id = 6743 # Ed Page (epage)
4793 start = "2023-03-28"
4796 [[trusted.clap_derive]]
4797 criteria = "safe-to-deploy"
4798 user-id = 6743 # Ed Page (epage)
4799 start = "2021-12-08"
4802 [[trusted.clap_lex]]
4803 criteria = "safe-to-deploy"
4804 user-id = 6743 # Ed Page (epage)
4805 start = "2022-04-15"
4809 criteria = "safe-to-deploy"
4810 user-id = 3618 # David Tolnay (dtolnay)
4811 start = "2019-05-02"
4814 [[trusted.equivalent]]
4815 criteria = "safe-to-deploy"
4816 user-id = 539 # Josh Stone (cuviper)
4817 start = "2023-02-05"
4821 criteria = "safe-to-deploy"
4822 user-id = 6825 # Dan Gohman (sunfishcode)
4823 start = "2023-08-29"
4827 criteria = "safe-to-deploy"
4828 user-id = 4333 # Josh Triplett (joshtriplett)
4829 start = "2020-09-30"
4833 criteria = "safe-to-deploy"
4834 user-id = 359 # Sean McArthur (seanmonstar)
4835 start = "2019-03-13"
4838 [[trusted.hashbrown]]
4839 criteria = "safe-to-deploy"
4840 user-id = 2915 # Amanieu d'Antras (Amanieu)
4841 start = "2019-04-02"
4845 criteria = "safe-to-deploy"
4846 user-id = 359 # Sean McArthur (seanmonstar)
4847 start = "2019-09-09"
4850 [[trusted.httparse]]
4851 criteria = "safe-to-deploy"
4852 user-id = 359 # Sean McArthur (seanmonstar)
4853 start = "2019-07-03"
4856 [[trusted.indexmap]]
4857 criteria = "safe-to-deploy"
4858 user-id = 539 # Josh Stone (cuviper)
4859 start = "2020-01-15"
4862 [[trusted.inherent]]
4863 criteria = "safe-to-deploy"
4864 user-id = 3618 # David Tolnay (dtolnay)
4865 start = "2019-07-14"
4869 criteria = "safe-to-deploy"
4870 user-id = 10 # Carl Lerche (carllerche)
4871 start = "2019-10-09"
4875 criteria = "safe-to-deploy"
4876 user-id = 3618 # David Tolnay (dtolnay)
4877 start = "2019-05-02"
4880 [[trusted.jobserver]]
4881 criteria = "safe-to-deploy"
4882 user-id = 1 # Alex Crichton (alexcrichton)
4883 start = "2019-03-15"
4887 criteria = "safe-to-deploy"
4888 user-id = 2915 # Amanieu d'Antras (Amanieu)
4889 start = "2021-01-27"
4893 criteria = "safe-to-deploy"
4894 user-id = 51017 # Yuki Okushi (JohnTitor)
4895 start = "2020-03-17"
4898 [[trusted.linux-raw-sys]]
4899 criteria = "safe-to-deploy"
4900 user-id = 6825 # Dan Gohman (sunfishcode)
4901 start = "2021-06-12"
4904 [[trusted.lock_api]]
4905 criteria = "safe-to-deploy"
4906 user-id = 2915 # Amanieu d'Antras (Amanieu)
4907 start = "2019-05-04"
4911 criteria = "safe-to-deploy"
4912 user-id = 189 # Andrew Gallant (BurntSushi)
4913 start = "2019-07-07"
4917 criteria = "safe-to-deploy"
4918 user-id = 359 # Sean McArthur (seanmonstar)
4919 start = "2019-09-09"
4923 criteria = "safe-to-deploy"
4924 user-id = 10 # Carl Lerche (carllerche)
4925 start = "2019-05-15"
4928 [[trusted.num_cpus]]
4929 criteria = "safe-to-deploy"
4930 user-id = 359 # Sean McArthur (seanmonstar)
4931 start = "2019-06-10"
4934 [[trusted.ordered-float]]
4935 criteria = "safe-to-deploy"
4936 user-id = 2017 # Matt Brubeck (mbrubeck)
4937 start = "2019-03-13"
4940 [[trusted.parking_lot]]
4941 criteria = "safe-to-deploy"
4942 user-id = 2915 # Amanieu d'Antras (Amanieu)
4943 start = "2019-05-04"
4946 [[trusted.parking_lot_core]]
4947 criteria = "safe-to-deploy"
4948 user-id = 2915 # Amanieu d'Antras (Amanieu)
4949 start = "2019-05-04"
4953 criteria = "safe-to-deploy"
4954 user-id = 3618 # David Tolnay (dtolnay)
4955 start = "2019-03-19"
4958 [[trusted.proc-macro-hack]]
4959 criteria = "safe-to-deploy"
4960 user-id = 3618 # David Tolnay (dtolnay)
4961 start = "2019-04-16"
4964 [[trusted.proc-macro2]]
4965 criteria = "safe-to-deploy"
4966 user-id = 3618 # David Tolnay (dtolnay)
4967 start = "2019-04-23"
4971 criteria = "safe-to-deploy"
4972 user-id = 3618 # David Tolnay (dtolnay)
4973 start = "2019-04-09"
4977 criteria = "safe-to-deploy"
4978 user-id = 189 # Andrew Gallant (BurntSushi)
4979 start = "2019-02-27"
4982 [[trusted.regex-automata]]
4983 criteria = "safe-to-deploy"
4984 user-id = 189 # Andrew Gallant (BurntSushi)
4985 start = "2019-02-25"
4988 [[trusted.regex-syntax]]
4989 criteria = "safe-to-deploy"
4990 user-id = 189 # Andrew Gallant (BurntSushi)
4991 start = "2019-03-30"
4995 criteria = "safe-to-deploy"
4996 user-id = 6825 # Dan Gohman (sunfishcode)
4997 start = "2021-10-29"
5001 criteria = "safe-to-deploy"
5002 user-id = 3618 # David Tolnay (dtolnay)
5003 start = "2019-05-02"
5006 [[trusted.same-file]]
5007 criteria = "safe-to-deploy"
5008 user-id = 189 # Andrew Gallant (BurntSushi)
5009 start = "2019-07-16"
5012 [[trusted.scopeguard]]
5013 criteria = "safe-to-deploy"
5014 user-id = 2915 # Amanieu d'Antras (Amanieu)
5015 start = "2020-02-16"
5019 criteria = "safe-to-deploy"
5020 user-id = 3618 # David Tolnay (dtolnay)
5021 start = "2019-03-01"
5024 [[trusted.serde_bytes]]
5025 criteria = "safe-to-deploy"
5026 user-id = 3618 # David Tolnay (dtolnay)
5027 start = "2019-02-25"
5030 [[trusted.serde_derive]]
5031 criteria = "safe-to-deploy"
5032 user-id = 3618 # David Tolnay (dtolnay)
5033 start = "2019-03-01"
5036 [[trusted.serde_json]]
5037 criteria = "safe-to-deploy"
5038 user-id = 3618 # David Tolnay (dtolnay)
5039 start = "2019-02-28"
5042 [[trusted.serde_repr]]
5043 criteria = "safe-to-deploy"
5044 user-id = 3618 # David Tolnay (dtolnay)
5045 start = "2019-04-26"
5048 [[trusted.serde_yaml]]
5049 criteria = "safe-to-deploy"
5050 user-id = 3618 # David Tolnay (dtolnay)
5051 start = "2019-05-02"
5054 [[trusted.smallvec]]
5055 criteria = "safe-to-deploy"
5056 user-id = 2017 # Matt Brubeck (mbrubeck)
5057 start = "2019-10-28"
5061 criteria = "safe-to-deploy"
5062 user-id = 3618 # David Tolnay (dtolnay)
5063 start = "2019-03-01"
5066 [[trusted.termcolor]]
5067 criteria = "safe-to-deploy"
5068 user-id = 189 # Andrew Gallant (BurntSushi)
5069 start = "2019-06-04"
5072 [[trusted.thiserror]]
5073 criteria = "safe-to-deploy"
5074 user-id = 3618 # David Tolnay (dtolnay)
5075 start = "2019-10-09"
5078 [[trusted.thiserror-impl]]
5079 criteria = "safe-to-deploy"
5080 user-id = 3618 # David Tolnay (dtolnay)
5081 start = "2019-10-09"
5084 [[trusted.threadbound]]
5085 criteria = "safe-to-deploy"
5086 user-id = 3618 # David Tolnay (dtolnay)
5087 start = "2020-06-16"
5090 [[trusted.tokio-macros]]
5091 criteria = "safe-to-deploy"
5092 user-id = 6741 # Alice Ryhl (Darksonn)
5093 start = "2020-10-26"
5096 [[trusted.tokio-util]]
5097 criteria = "safe-to-deploy"
5098 user-id = 6741 # Alice Ryhl (Darksonn)
5099 start = "2021-01-12"
5103 criteria = "safe-to-deploy"
5104 user-id = 1 # Alex Crichton (alexcrichton)
5105 start = "2019-05-16"
5108 [[trusted.unicode-ident]]
5109 criteria = "safe-to-deploy"
5110 user-id = 3618 # David Tolnay (dtolnay)
5111 start = "2021-10-02"
5115 criteria = "safe-to-deploy"
5116 user-id = 189 # Andrew Gallant (BurntSushi)
5117 start = "2019-06-09"
5121 criteria = "safe-to-deploy"
5122 user-id = 359 # Sean McArthur (seanmonstar)
5123 start = "2019-03-20"
5127 criteria = "safe-to-deploy"
5128 user-id = 1 # Alex Crichton (alexcrichton)
5129 start = "2020-06-03"
5132 [[trusted.winapi-util]]
5133 criteria = "safe-to-deploy"
5134 user-id = 189 # Andrew Gallant (BurntSushi)
5135 start = "2020-01-11"
5139 criteria = "safe-to-deploy"
5140 user-id = 64539 # Kenny Kerr (kennykerr)
5141 start = "2021-01-15"
5144 [[trusted.windows-core]]
5145 criteria = "safe-to-deploy"
5146 user-id = 64539 # Kenny Kerr (kennykerr)
5147 start = "2021-11-15"
5150 [[trusted.windows-sys]]
5151 criteria = "safe-to-deploy"
5152 user-id = 64539 # Kenny Kerr (kennykerr)
5153 start = "2021-11-15"