2 # cargo-vet imports lock
4 [[publisher.aho-corasick]]
8 user-login = "BurntSushi"
9 user-name = "Andrew Gallant"
18 [[publisher.arbitrary]]
22 user-login = "fitzgen"
23 user-name = "Nick Fitzgerald"
25 [[publisher.async-trait]]
29 user-login = "dtolnay"
30 user-name = "David Tolnay"
36 user-login = "Amanieu"
37 user-name = "Amanieu d'Antras"
39 [[publisher.audio_thread_priority]]
43 user-login = "padenot"
44 user-name = "Paul Adenot"
46 [[publisher.audio_thread_priority]]
50 user-login = "padenot"
51 user-name = "Paul Adenot"
53 [[publisher.authenticator]]
54 version = "0.4.0-alpha.24"
57 user-login = "jschanck"
58 user-name = "John Schanck"
64 user-login = "martinthomson"
65 user-name = "Martin Thomson"
67 [[publisher.byteorder]]
71 user-login = "BurntSushi"
72 user-name = "Andrew Gallant"
78 user-login = "Darksonn"
79 user-name = "Alice Ryhl"
86 user-name = "Emilio Cobos Álvarez"
95 [[publisher.clap_builder]]
100 user-name = "Ed Page"
102 [[publisher.clap_derive]]
107 user-name = "Ed Page"
109 [[publisher.clap_lex]]
114 user-name = "Ed Page"
116 [[publisher.core-foundation]]
120 user-login = "jrmuizel"
121 user-name = "Jeff Muizelaar"
123 [[publisher.core-foundation-sys]]
128 user-name = "Josh Matthews"
130 [[publisher.core-graphics]]
134 user-login = "jrmuizel"
135 user-name = "Jeff Muizelaar"
137 [[publisher.core-graphics-types]]
142 user-name = "Josh Matthews"
144 [[publisher.core-text]]
148 user-login = "jrmuizel"
149 user-name = "Jeff Muizelaar"
151 [[publisher.derive_arbitrary]]
155 user-login = "fitzgen"
156 user-name = "Nick Fitzgerald"
162 user-login = "linabutler"
163 user-name = "Lina Butler"
169 user-login = "dtolnay"
170 user-name = "David Tolnay"
172 [[publisher.encoding_rs]]
176 user-login = "hsivonen"
177 user-name = "Henri Sivonen"
183 user-login = "sunfishcode"
184 user-name = "Dan Gohman"
186 [[publisher.etagere]]
191 user-name = "Nicolas Silva"
198 user-name = "Nicolas Silva"
204 user-login = "joshtriplett"
205 user-name = "Josh Triplett"
207 [[publisher.freetype]]
212 user-name = "Josh Matthews"
218 user-login = "jrmuizel"
219 user-name = "Jeff Muizelaar"
225 user-login = "badboy"
226 user-name = "Jan-Erik Rediger"
228 [[publisher.glean-core]]
232 user-login = "badboy"
233 user-name = "Jan-Erik Rediger"
235 [[publisher.glslopt]]
239 user-login = "jamienicol"
240 user-name = "Jamie Nicol"
246 user-login = "seanmonstar"
247 user-name = "Sean McArthur"
249 [[publisher.headers]]
253 user-login = "seanmonstar"
254 user-name = "Sean McArthur"
256 [[publisher.httparse]]
260 user-login = "seanmonstar"
261 user-name = "Sean McArthur"
263 [[publisher.indexmap]]
267 user-login = "cuviper"
268 user-name = "Josh Stone"
270 [[publisher.inherent]]
274 user-login = "dtolnay"
275 user-name = "David Tolnay"
281 user-login = "carllerche"
282 user-name = "Carl Lerche"
288 user-login = "dtolnay"
289 user-name = "David Tolnay"
291 [[publisher.jobserver]]
295 user-login = "alexcrichton"
296 user-name = "Alex Crichton"
302 user-login = "JohnTitor"
303 user-name = "Yuki Okushi"
309 user-login = "JohnTitor"
310 user-name = "Yuki Okushi"
312 [[publisher.linux-raw-sys]]
316 user-login = "sunfishcode"
317 user-name = "Dan Gohman"
319 [[publisher.linux-raw-sys]]
323 user-login = "sunfishcode"
324 user-name = "Dan Gohman"
326 [[publisher.lock_api]]
330 user-login = "Amanieu"
331 user-name = "Amanieu d'Antras"
337 user-login = "BurntSushi"
338 user-name = "Andrew Gallant"
344 user-login = "seanmonstar"
345 user-name = "Sean McArthur"
351 user-login = "carllerche"
352 user-name = "Carl Lerche"
354 [[publisher.nss-gk-api]]
358 user-login = "jschanck"
359 user-name = "John Schanck"
361 [[publisher.num_cpus]]
365 user-login = "seanmonstar"
366 user-name = "Sean McArthur"
372 user-login = "martinthomson"
373 user-name = "Martin Thomson"
375 [[publisher.ordered-float]]
379 user-login = "mbrubeck"
380 user-name = "Matt Brubeck"
382 [[publisher.parking_lot]]
386 user-login = "Amanieu"
387 user-name = "Amanieu d'Antras"
389 [[publisher.parking_lot_core]]
393 user-login = "Amanieu"
394 user-name = "Amanieu d'Antras"
396 [[publisher.parking_lot_core]]
400 user-login = "Amanieu"
401 user-name = "Amanieu d'Antras"
407 user-login = "dtolnay"
408 user-name = "David Tolnay"
414 user-login = "divviup-github-automation"
416 [[publisher.proc-macro2]]
420 user-login = "dtolnay"
421 user-name = "David Tolnay"
427 user-login = "jrmuizel"
428 user-name = "Jeff Muizelaar"
434 user-login = "dtolnay"
435 user-name = "David Tolnay"
441 user-login = "BurntSushi"
442 user-name = "Andrew Gallant"
444 [[publisher.regex-automata]]
448 user-login = "BurntSushi"
449 user-name = "Andrew Gallant"
451 [[publisher.regex-syntax]]
455 user-login = "BurntSushi"
456 user-name = "Andrew Gallant"
458 [[publisher.rust_cascade]]
462 user-login = "mozkeeler"
463 user-name = "Dana Keeler"
469 user-login = "sunfishcode"
470 user-name = "Dan Gohman"
476 user-login = "sunfishcode"
477 user-name = "Dan Gohman"
483 user-login = "dtolnay"
484 user-name = "David Tolnay"
486 [[publisher.same-file]]
490 user-login = "BurntSushi"
491 user-name = "Andrew Gallant"
493 [[publisher.scopeguard]]
497 user-login = "Amanieu"
498 user-name = "Amanieu d'Antras"
504 user-login = "dtolnay"
505 user-name = "David Tolnay"
507 [[publisher.serde_bytes]]
511 user-login = "dtolnay"
512 user-name = "David Tolnay"
514 [[publisher.serde_derive]]
518 user-login = "dtolnay"
519 user-name = "David Tolnay"
521 [[publisher.serde_json]]
525 user-login = "dtolnay"
526 user-name = "David Tolnay"
528 [[publisher.serde_repr]]
532 user-login = "dtolnay"
533 user-name = "David Tolnay"
535 [[publisher.serde_yaml]]
539 user-login = "dtolnay"
540 user-name = "David Tolnay"
542 [[publisher.smallvec]]
546 user-login = "mbrubeck"
547 user-name = "Matt Brubeck"
553 user-login = "dtolnay"
554 user-name = "David Tolnay"
556 [[publisher.termcolor]]
560 user-login = "BurntSushi"
561 user-name = "Andrew Gallant"
563 [[publisher.termcolor]]
567 user-login = "BurntSushi"
568 user-name = "Andrew Gallant"
570 [[publisher.thiserror]]
574 user-login = "dtolnay"
575 user-name = "David Tolnay"
577 [[publisher.thiserror-impl]]
581 user-login = "dtolnay"
582 user-name = "David Tolnay"
584 [[publisher.threadbound]]
588 user-login = "dtolnay"
589 user-name = "David Tolnay"
591 [[publisher.tokio-util]]
595 user-login = "Darksonn"
596 user-name = "Alice Ryhl"
602 user-login = "alexcrichton"
603 user-name = "Alex Crichton"
605 [[publisher.unicode-ident]]
609 user-login = "dtolnay"
610 user-name = "David Tolnay"
612 [[publisher.unicode-width]]
616 user-login = "Manishearth"
617 user-name = "Manish Goregaokar"
619 [[publisher.unicode-xid]]
623 user-login = "Manishearth"
624 user-name = "Manish Goregaokar"
632 [[publisher.uniffi_bindgen]]
638 [[publisher.uniffi_build]]
644 [[publisher.uniffi_checksum_derive]]
650 [[publisher.uniffi_core]]
656 [[publisher.uniffi_macros]]
662 [[publisher.uniffi_meta]]
668 [[publisher.uniffi_testing]]
674 [[publisher.uniffi_udl]]
680 [[publisher.utf8_iter]]
684 user-login = "hsivonen"
685 user-name = "Henri Sivonen"
687 [[publisher.walkdir]]
691 user-login = "BurntSushi"
692 user-name = "Andrew Gallant"
698 user-login = "seanmonstar"
699 user-name = "Sean McArthur"
702 version = "0.11.0+wasi-snapshot-preview1"
705 user-login = "alexcrichton"
706 user-name = "Alex Crichton"
708 [[publisher.wasm-encoder]]
712 user-login = "alexcrichton"
713 user-name = "Alex Crichton"
715 [[publisher.wasm-encoder]]
719 user-login = "alexcrichton"
720 user-name = "Alex Crichton"
722 [[publisher.wasm-encoder]]
726 user-login = "alexcrichton"
727 user-name = "Alex Crichton"
729 [[publisher.wasm-smith]]
733 user-login = "alexcrichton"
734 user-name = "Alex Crichton"
736 [[publisher.wasm-smith]]
740 user-login = "alexcrichton"
741 user-name = "Alex Crichton"
743 [[publisher.wasm-smith]]
747 user-login = "alexcrichton"
748 user-name = "Alex Crichton"
754 user-login = "alexcrichton"
755 user-name = "Alex Crichton"
761 user-login = "alexcrichton"
762 user-name = "Alex Crichton"
768 user-login = "alexcrichton"
769 user-name = "Alex Crichton"
771 [[publisher.winapi-util]]
775 user-login = "BurntSushi"
776 user-name = "Andrew Gallant"
778 [[publisher.windows-sys]]
782 user-login = "kennykerr"
783 user-name = "Kenny Kerr"
785 [[publisher.windows-sys]]
789 user-login = "kennykerr"
790 user-name = "Kenny Kerr"
792 [[publisher.zeitstempel]]
796 user-login = "badboy"
797 user-name = "Jan-Erik Rediger"
799 [[audits.bytecode-alliance.wildcard-audits.arbitrary]]
800 who = "Nick Fitzgerald <fitzgen@gmail.com>"
801 criteria = "safe-to-deploy"
802 user-id = 696 # Nick Fitzgerald (fitzgen)
805 notes = "I am an author of this crate."
807 [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]]
808 who = "Nick Fitzgerald <fitzgen@gmail.com>"
809 criteria = "safe-to-deploy"
810 user-id = 696 # Nick Fitzgerald (fitzgen)
813 notes = "I am an author of this crate"
815 [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
816 who = "Alex Crichton <alex@alexcrichton.com>"
817 criteria = "safe-to-deploy"
818 user-id = 1 # Alex Crichton (alexcrichton)
822 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
823 repository of which I'm one of the primary maintainers and publishers for.
824 I am employed by a member of the Bytecode Alliance and plan to continue doing
825 so and will actively maintain this crate over time.
828 [[audits.bytecode-alliance.wildcard-audits.wasm-smith]]
829 who = "Alex Crichton <alex@alexcrichton.com>"
830 criteria = "safe-to-deploy"
831 user-id = 1 # Alex Crichton (alexcrichton)
835 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
836 repository of which I'm one of the primary maintainers and publishers for.
837 I am employed by a member of the Bytecode Alliance and plan to continue doing
838 so and will actively maintain this crate over time.
841 [[audits.bytecode-alliance.wildcard-audits.wasmparser]]
842 who = "Alex Crichton <alex@alexcrichton.com>"
843 criteria = "safe-to-deploy"
844 user-id = 1 # Alex Crichton (alexcrichton)
848 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
849 repository of which I'm one of the primary maintainers and publishers for.
850 I am employed by a member of the Bytecode Alliance and plan to continue doing
851 so and will actively maintain this crate over time.
854 [[audits.bytecode-alliance.wildcard-audits.wast]]
855 who = "Alex Crichton <alex@alexcrichton.com>"
856 criteria = "safe-to-deploy"
857 user-id = 1 # Alex Crichton (alexcrichton)
861 This is a Bytecode Alliance authored crate maintained in the `wasm-tools`
862 repository of which I'm one of the primary maintainers and publishers for.
863 I am employed by a member of the Bytecode Alliance and plan to continue doing
864 so and will actively maintain this crate over time.
867 [[audits.bytecode-alliance.audits.adler]]
868 who = "Alex Crichton <alex@alexcrichton.com>"
869 criteria = "safe-to-deploy"
871 notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."
873 [[audits.bytecode-alliance.audits.arrayref]]
874 who = "Nick Fitzgerald <fitzgen@gmail.com>"
875 criteria = "safe-to-deploy"
878 Unsafe code, but its logic looks good to me. Necessary given what it is
879 doing. Well tested, has quickchecks.
882 [[audits.bytecode-alliance.audits.arrayvec]]
883 who = "Nick Fitzgerald <fitzgen@gmail.com>"
884 criteria = "safe-to-deploy"
887 Well documented invariants, good assertions for those invariants in unsafe code,
888 and tested with MIRI to boot. LGTM.
891 [[audits.bytecode-alliance.audits.base64]]
892 who = "Pat Hickey <phickey@fastly.com>"
893 criteria = "safe-to-deploy"
895 notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."
897 [[audits.bytecode-alliance.audits.bitflags]]
898 who = "Jamey Sharp <jsharp@fastly.com>"
899 criteria = "safe-to-deploy"
900 delta = "2.1.0 -> 2.2.1"
902 This version adds unsafe impls of traits from the bytemuck crate when built
903 with that library enabled, but I believe the impls satisfy the documented
904 safety requirements for bytemuck. The other changes are minor.
907 [[audits.bytecode-alliance.audits.bitflags]]
908 who = "Alex Crichton <alex@alexcrichton.com>"
909 criteria = "safe-to-deploy"
910 delta = "2.3.2 -> 2.3.3"
912 Nothing outside the realm of what one would expect from a bitflags generator,
916 [[audits.bytecode-alliance.audits.block-buffer]]
917 who = "Benjamin Bouvier <public@benj.me>"
918 criteria = "safe-to-deploy"
919 delta = "0.9.0 -> 0.10.2"
921 [[audits.bytecode-alliance.audits.bumpalo]]
922 who = "Nick Fitzgerald <fitzgen@gmail.com>"
923 criteria = "safe-to-deploy"
925 notes = "I am the author of this crate."
927 [[audits.bytecode-alliance.audits.cargo-platform]]
928 who = "Pat Hickey <phickey@fastly.com>"
929 criteria = "safe-to-deploy"
931 notes = "no build, no ambient capabilities, no unsafe"
933 [[audits.bytecode-alliance.audits.cc]]
934 who = "Alex Crichton <alex@alexcrichton.com>"
935 criteria = "safe-to-deploy"
937 notes = "I am the author of this crate."
939 [[audits.bytecode-alliance.audits.cfg-if]]
940 who = "Alex Crichton <alex@alexcrichton.com>"
941 criteria = "safe-to-deploy"
943 notes = "I am the author of this crate."
945 [[audits.bytecode-alliance.audits.codespan-reporting]]
946 who = "Jamey Sharp <jsharp@fastly.com>"
947 criteria = "safe-to-deploy"
949 notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
951 [[audits.bytecode-alliance.audits.cpufeatures]]
952 who = "Alex Crichton <alex@alexcrichton.com>"
953 criteria = "safe-to-deploy"
954 delta = "0.2.2 -> 0.2.7"
956 This is a minor update that looks to add some more detected CPU features and
957 various other minor portability fixes such as MIRI support.
960 [[audits.bytecode-alliance.audits.crypto-common]]
961 who = "Benjamin Bouvier <public@benj.me>"
962 criteria = "safe-to-deploy"
965 [[audits.bytecode-alliance.audits.errno]]
966 who = "Dan Gohman <dev@sunfishcode.online>"
967 criteria = "safe-to-deploy"
969 notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
971 [[audits.bytecode-alliance.audits.errno]]
972 who = "Dan Gohman <dev@sunfishcode.online>"
973 criteria = "safe-to-deploy"
974 delta = "0.3.0 -> 0.3.1"
975 notes = "Just a dependency version bump and a bug fix for redox"
977 [[audits.bytecode-alliance.audits.errno-dragonfly]]
978 who = "Jamey Sharp <jsharp@fastly.com>"
979 criteria = "safe-to-deploy"
981 notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
983 [[audits.bytecode-alliance.audits.fallible-iterator]]
984 who = "Alex Crichton <alex@alexcrichton.com>"
985 criteria = "safe-to-deploy"
986 delta = "0.2.0 -> 0.3.0"
988 This major version update has a few minor breaking changes but everything
989 this crate has to do with iterators and `Result` and such. No `unsafe` or
990 anything like that, all looks good.
993 [[audits.bytecode-alliance.audits.foreign-types]]
994 who = "Pat Hickey <phickey@fastly.com>"
995 criteria = "safe-to-deploy"
997 notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."
999 [[audits.bytecode-alliance.audits.foreign-types-shared]]
1000 who = "Pat Hickey <phickey@fastly.com>"
1001 criteria = "safe-to-deploy"
1004 [[audits.bytecode-alliance.audits.futures-channel]]
1005 who = "Pat Hickey <phickey@fastly.com>"
1006 criteria = "safe-to-deploy"
1008 notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)"
1010 [[audits.bytecode-alliance.audits.futures-core]]
1011 who = "Pat Hickey <phickey@fastly.com>"
1012 criteria = "safe-to-deploy"
1014 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
1016 [[audits.bytecode-alliance.audits.futures-executor]]
1017 who = "Pat Hickey <phickey@fastly.com>"
1018 criteria = "safe-to-deploy"
1020 notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."
1022 [[audits.bytecode-alliance.audits.futures-io]]
1023 who = "Pat Hickey <phickey@fastly.com>"
1024 criteria = "safe-to-deploy"
1027 [[audits.bytecode-alliance.audits.futures-sink]]
1028 who = "Pat Hickey <phickey@fastly.com>"
1029 criteria = "safe-to-deploy"
1032 [[audits.bytecode-alliance.audits.heck]]
1033 who = "Alex Crichton <alex@alexcrichton.com>"
1034 criteria = "safe-to-deploy"
1036 notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
1038 [[audits.bytecode-alliance.audits.id-arena]]
1039 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1040 criteria = "safe-to-deploy"
1042 notes = "I am the author of this crate."
1044 [[audits.bytecode-alliance.audits.idna]]
1045 who = "Alex Crichton <alex@alexcrichton.com>"
1046 criteria = "safe-to-deploy"
1049 This is a crate without unsafe code or usage of the standard library. The large
1050 size of this crate comes from the large generated unicode tables file. This
1051 crate is broadly used throughout the ecosystem and does not contain anything
1055 [[audits.bytecode-alliance.audits.leb128]]
1056 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1057 criteria = "safe-to-deploy"
1059 notes = "I am the author of this crate."
1061 [[audits.bytecode-alliance.audits.memoffset]]
1062 who = "Alex Crichton <alex@alexcrichton.com>"
1063 criteria = "safe-to-deploy"
1064 delta = "0.7.1 -> 0.8.0"
1065 notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."
1067 [[audits.bytecode-alliance.audits.miniz_oxide]]
1068 who = "Alex Crichton <alex@alexcrichton.com>"
1069 criteria = "safe-to-deploy"
1072 This crate is a Rust implementation of zlib compression/decompression and has
1073 been used by default by the Rust standard library for quite some time. It's also
1074 a default dependency of the popular `backtrace` crate for decompressing debug
1075 information. This crate forbids unsafe code and does not otherwise access system
1076 resources. It's originally a port of the `miniz.c` library as well, and given
1077 its own longevity should be relatively hardened against some of the more common
1078 compression-related issues.
1081 [[audits.bytecode-alliance.audits.mio]]
1082 who = "Alex Crichton <alex@alexcrichton.com>"
1083 criteria = "safe-to-deploy"
1084 delta = "0.8.6 -> 0.8.8"
1085 notes = "Mostly OS portability updates along with some minor bugfixes."
1087 [[audits.bytecode-alliance.audits.object]]
1088 who = "Alex Crichton <alex@alexcrichton.com>"
1089 criteria = "safe-to-deploy"
1090 delta = "0.30.3 -> 0.31.1"
1091 notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."
1093 [[audits.bytecode-alliance.audits.object]]
1094 who = "Alex Crichton <alex@alexcrichton.com>"
1095 criteria = "safe-to-deploy"
1096 delta = "0.31.1 -> 0.32.0"
1097 notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."
1099 [[audits.bytecode-alliance.audits.peeking_take_while]]
1100 who = "Nick Fitzgerald <fitzgen@gmail.com>"
1101 criteria = "safe-to-deploy"
1103 notes = "I am the author of this crate."
1105 [[audits.bytecode-alliance.audits.percent-encoding]]
1106 who = "Alex Crichton <alex@alexcrichton.com>"
1107 criteria = "safe-to-deploy"
1110 This crate is a single-file crate that does what it says on the tin. There are
1111 a few `unsafe` blocks related to utf-8 validation which are locally verifiable
1112 as correct and otherwise this crate is good to go.
1115 [[audits.bytecode-alliance.audits.pin-utils]]
1116 who = "Pat Hickey <phickey@fastly.com>"
1117 criteria = "safe-to-deploy"
1120 [[audits.bytecode-alliance.audits.pkg-config]]
1121 who = "Pat Hickey <phickey@fastly.com>"
1122 criteria = "safe-to-deploy"
1124 notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
1126 [[audits.bytecode-alliance.audits.rustc-demangle]]
1127 who = "Alex Crichton <alex@alexcrichton.com>"
1128 criteria = "safe-to-deploy"
1130 notes = "I am the author of this crate."
1132 [[audits.bytecode-alliance.audits.semver]]
1133 who = "Pat Hickey <phickey@fastly.com>"
1134 criteria = "safe-to-deploy"
1136 notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
1138 [[audits.bytecode-alliance.audits.slab]]
1139 who = "Pat Hickey <phickey@fastly.com>"
1140 criteria = "safe-to-deploy"
1142 notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
1144 [[audits.bytecode-alliance.audits.socket2]]
1145 who = "Alex Crichton <alex@alexcrichton.com>"
1146 criteria = "safe-to-deploy"
1147 delta = "0.4.7 -> 0.4.9"
1148 notes = "Minor OS compat updates but otherwise nothing major here."
1150 [[audits.bytecode-alliance.audits.tempfile]]
1151 who = "Pat Hickey <phickey@fastly.com>"
1152 criteria = "safe-to-deploy"
1153 delta = "3.3.0 -> 3.5.0"
1155 [[audits.bytecode-alliance.audits.tempfile]]
1156 who = "Alex Crichton <alex@alexcrichton.com>"
1157 criteria = "safe-to-deploy"
1158 delta = "3.5.0 -> 3.6.0"
1159 notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."
1161 [[audits.bytecode-alliance.audits.unicase]]
1162 who = "Alex Crichton <alex@alexcrichton.com>"
1163 criteria = "safe-to-deploy"
1166 This crate contains no `unsafe` code and no unnecessary use of the standard
1170 [[audits.bytecode-alliance.audits.unicode-bidi]]
1171 who = "Alex Crichton <alex@alexcrichton.com>"
1172 criteria = "safe-to-deploy"
1175 This crate has no unsafe code and does not use `std::*`. Skimming the crate it
1176 does not attempt to out of the bounds of what it's already supposed to be doing.
1179 [[audits.bytecode-alliance.audits.unicode-normalization]]
1180 who = "Alex Crichton <alex@alexcrichton.com>"
1181 criteria = "safe-to-deploy"
1184 This crate contains one usage of `unsafe` which I have manually checked to see
1185 it as correct. This crate's size comes in large part due to the generated
1186 unicode tables that it contains. This crate is additionally widely used
1187 throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
1188 and nothing suspicious.
1191 [[audits.embark-studios.audits.anyhow]]
1192 who = "Johan Andersson <opensource@embark-studios.com>"
1193 criteria = "safe-to-deploy"
1196 [[audits.embark-studios.audits.cfg_aliases]]
1197 who = "Johan Andersson <opensource@embark-studios.com>"
1198 criteria = "safe-to-deploy"
1200 notes = "No unsafe usage or ambient capabilities"
1202 [[audits.embark-studios.audits.derive_more]]
1203 who = "Johan Andersson <opensource@embark-studios.com>"
1204 criteria = "safe-to-deploy"
1206 notes = "No unsafe usage or ambient capabilities"
1208 [[audits.embark-studios.audits.ident_case]]
1209 who = "Johan Andersson <opensource@embark-studios.com>"
1210 criteria = "safe-to-deploy"
1212 notes = "No unsafe usage or ambient capabilities"
1214 [[audits.embark-studios.audits.idna]]
1215 who = "Johan Andersson <opensource@embark-studios.com>"
1216 criteria = "safe-to-deploy"
1217 delta = "0.3.0 -> 0.4.0"
1218 notes = "No unsafe usage or ambient capabilities"
1220 [[audits.embark-studios.audits.line-wrap]]
1221 who = "Johan Andersson <opensource@embark-studios.com>"
1222 criteria = "safe-to-deploy"
1224 notes = "No unsafe usage or ambient capabilities"
1226 [[audits.embark-studios.audits.yaml-rust]]
1227 who = "Johan Andersson <opensource@embark-studios.com>"
1228 criteria = "safe-to-deploy"
1230 notes = "No unsafe usage or ambient capabilities"
1232 [[audits.google.audits.ash]]
1233 who = "David Koloski <dkoloski@google.com>"
1234 criteria = "safe-to-deploy"
1235 version = "0.37.0+1.3.209"
1236 notes = "Reviewed on https://fxrev.dev/694269"
1237 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1239 [[audits.google.audits.fastrand]]
1240 who = "George Burgess IV <gbiv@google.com>"
1241 criteria = "safe-to-deploy"
1244 `does-not-implement-crypto` is certified because this crate explicitly says
1245 that the RNG here is not cryptographically secure.
1247 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1249 [[audits.google.audits.futures]]
1250 who = "George Burgess IV <gbiv@google.com>"
1251 criteria = "safe-to-deploy"
1254 `futures` has no logic other than tests - it simply `pub use`s things from
1257 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1259 [[audits.google.audits.glob]]
1260 who = "George Burgess IV <gbiv@google.com>"
1261 criteria = "safe-to-deploy"
1263 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1265 [[audits.google.audits.http]]
1267 criteria = "safe-to-run"
1269 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1271 [[audits.google.audits.http-body]]
1273 criteria = "safe-to-run"
1275 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1277 [[audits.google.audits.httpdate]]
1279 criteria = "safe-to-run"
1281 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1283 [[audits.google.audits.hyper]]
1285 criteria = "safe-to-run"
1287 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1289 [[audits.google.audits.pin-project]]
1291 criteria = "safe-to-run"
1293 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1295 [[audits.google.audits.pin-project-internal]]
1297 criteria = "safe-to-run"
1299 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1301 [[audits.google.audits.pin-project-lite]]
1302 who = "David Koloski <dkoloski@google.com>"
1303 criteria = "safe-to-deploy"
1305 notes = "Reviewed on https://fxrev.dev/824504"
1306 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1308 [[audits.google.audits.scoped-tls]]
1309 who = "George Burgess IV <gbiv@google.com>"
1310 criteria = "safe-to-run"
1312 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1314 [[audits.google.audits.serde_urlencoded]]
1316 criteria = "safe-to-run"
1318 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1320 [[audits.google.audits.tokio]]
1321 who = "Vovo Yang <vovoy@google.com>"
1322 criteria = "safe-to-run"
1324 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1326 [[audits.google.audits.tokio-stream]]
1327 who = "David Koloski <dkoloski@google.com>"
1328 criteria = "safe-to-deploy"
1330 notes = "Reviewed on https://fxrev.dev/804724"
1331 aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
1333 [[audits.google.audits.tower-service]]
1335 criteria = "safe-to-run"
1337 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1339 [[audits.google.audits.tracing]]
1341 criteria = "safe-to-run"
1343 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1345 [[audits.google.audits.tracing-attributes]]
1347 criteria = "safe-to-run"
1349 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1351 [[audits.google.audits.tracing-core]]
1353 criteria = "safe-to-run"
1355 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1357 [[audits.google.audits.try-lock]]
1359 criteria = "safe-to-run"
1361 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1363 [[audits.google.audits.version_check]]
1364 who = "George Burgess IV <gbiv@google.com>"
1365 criteria = "safe-to-deploy"
1367 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1369 [[audits.google.audits.want]]
1371 criteria = "safe-to-run"
1373 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1375 [[audits.isrg.wildcard-audits.prio]]
1376 who = "David Cook <dcook@divviup.org>"
1377 criteria = "safe-to-deploy"
1378 user-id = 213776 # divviup-github-automation
1379 start = "2020-09-28"
1382 [[audits.isrg.audits.base64]]
1383 who = "Tim Geoghegan <timg@letsencrypt.org>"
1384 criteria = "safe-to-deploy"
1385 delta = "0.21.0 -> 0.21.1"
1387 [[audits.isrg.audits.base64]]
1388 who = "Brandon Pitman <bran@bran.land>"
1389 criteria = "safe-to-deploy"
1390 delta = "0.21.1 -> 0.21.2"
1392 [[audits.isrg.audits.base64]]
1393 who = "David Cook <dcook@divviup.org>"
1394 criteria = "safe-to-deploy"
1395 delta = "0.21.2 -> 0.21.3"
1397 [[audits.isrg.audits.block-buffer]]
1398 who = "David Cook <dcook@divviup.org>"
1399 criteria = "safe-to-deploy"
1402 [[audits.isrg.audits.getrandom]]
1403 who = "Tim Geoghegan <timg@letsencrypt.org>"
1404 criteria = "safe-to-deploy"
1405 delta = "0.2.9 -> 0.2.10"
1406 notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."
1408 [[audits.isrg.audits.keccak]]
1409 who = "David Cook <dcook@divviup.org>"
1410 criteria = "safe-to-deploy"
1413 [[audits.isrg.audits.keccak]]
1414 who = "Brandon Pitman <bran@bran.land>"
1415 criteria = "safe-to-deploy"
1416 delta = "0.1.3 -> 0.1.4"
1418 [[audits.isrg.audits.once_cell]]
1419 who = "Brandon Pitman <bran@bran.land>"
1420 criteria = "safe-to-deploy"
1421 delta = "1.17.1 -> 1.17.2"
1423 [[audits.isrg.audits.once_cell]]
1424 who = "David Cook <dcook@divviup.org>"
1425 criteria = "safe-to-deploy"
1426 delta = "1.17.2 -> 1.18.0"
1428 [[audits.isrg.audits.once_cell]]
1429 who = "Brandon Pitman <bran@bran.land>"
1430 criteria = "safe-to-deploy"
1431 delta = "1.18.0 -> 1.19.0"
1433 [[audits.isrg.audits.rand_chacha]]
1434 who = "David Cook <dcook@divviup.org>"
1435 criteria = "safe-to-deploy"
1438 [[audits.isrg.audits.rand_core]]
1439 who = "David Cook <dcook@divviup.org>"
1440 criteria = "safe-to-deploy"
1443 [[audits.isrg.audits.rayon-core]]
1444 who = "Brandon Pitman <bran@bran.land>"
1445 criteria = "safe-to-deploy"
1446 delta = "1.10.2 -> 1.11.0"
1448 [[audits.isrg.audits.rayon-core]]
1449 who = "David Cook <dcook@divviup.org>"
1450 criteria = "safe-to-deploy"
1451 delta = "1.11.0 -> 1.12.0"
1453 [[audits.isrg.audits.sha2]]
1454 who = "David Cook <dcook@divviup.org>"
1455 criteria = "safe-to-deploy"
1458 [[audits.isrg.audits.sha3]]
1459 who = "David Cook <dcook@divviup.org>"
1460 criteria = "safe-to-deploy"
1463 [[audits.isrg.audits.sha3]]
1464 who = "Brandon Pitman <bran@bran.land>"
1465 criteria = "safe-to-deploy"
1466 delta = "0.10.7 -> 0.10.8"
1468 [[audits.mozilla.wildcard-audits.zeitstempel]]
1469 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1470 criteria = "safe-to-deploy"
1471 user-id = 48 # Jan-Erik Rediger (badboy)
1472 start = "2021-03-03"
1474 notes = "Maintained by me"
1475 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1477 [[audits.mozilla.audits.askama]]
1478 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1479 criteria = "safe-to-deploy"
1480 delta = "0.11.1 -> 0.12.0"
1481 notes = "No new unsafe usage, mostly dependency updates and smaller API changes"
1482 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1484 [[audits.mozilla.audits.askama_derive]]
1485 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1486 criteria = "safe-to-deploy"
1487 delta = "0.11.2 -> 0.12.1"
1488 notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use."
1489 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1491 [[audits.mozilla.audits.basic-toml]]
1492 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1493 criteria = "safe-to-deploy"
1495 notes = "TOML parser, forked from toml 0.5"
1496 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1498 [[audits.mozilla.audits.bitflags]]
1499 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
1500 criteria = "safe-to-deploy"
1501 delta = "2.4.0 -> 2.4.1"
1502 notes = "Only allowing new clippy lints"
1503 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
1505 [[audits.mozilla.audits.either]]
1506 who = "Nika Layzell <nika@thelayzells.com>"
1507 criteria = "safe-to-deploy"
1510 Straightforward crate providing the Either enum and trait implementations with
1513 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
1515 [[audits.mozilla.audits.lazy_static]]
1516 who = "Nika Layzell <nika@thelayzells.com>"
1517 criteria = "safe-to-deploy"
1519 notes = "I have read over the macros, and audited the unsafe code."
1520 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"