-
Notifications
You must be signed in to change notification settings - Fork 250
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
47 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -918,6 +918,13 @@ instead (see also https://crrev.com/c/5771867). | |
| """ | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.byteorder]] | ||
| who = "danakj <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "1.5.0" | ||
| notes = "Unsafe review in https://crrev.com/c/5838022" | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.cast]] | ||
| who = "George Burgess IV <[email protected]>" | ||
| criteria = "safe-to-run" | ||
|
|
@@ -1091,12 +1098,6 @@ criteria = "safe-to-run" | |
| delta = "0.4.2 -> 0.4.9" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.itertools]] | ||
| who = "ChromeOS" | ||
| criteria = "safe-to-run" | ||
| version = "0.10.5" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.itoa]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -1872,6 +1873,12 @@ criteria = "safe-to-deploy" | |
| delta = "0.8.7 -> 0.8.11" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.allocator-api2]] | ||
| who = "Nicolas Silva <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "0.2.18" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.android_system_properties]] | ||
| who = "Nicolas Silva <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2324,6 +2331,12 @@ criteria = "safe-to-deploy" | |
| delta = "0.6.27 -> 0.6.28" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.strsim]] | ||
| who = "Ben Dean-Kawamura <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.10.0 -> 0.11.1" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.subtle]] | ||
| who = "Simon Friedberger <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2433,6 +2446,17 @@ criteria = "safe-to-deploy" | |
| delta = "0.5.10 -> 0.5.11" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.tracing-core]] | ||
| who = "Alex Franchuk <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "0.1.30" | ||
| notes = """ | ||
| Most unsafe code is in implementing non-std sync primitives. Unsafe impls are | ||
| logically correct and justified in comments, and unsafe code is sound and | ||
| justified in comments. | ||
| """ | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.zerocopy]] | ||
| who = "Alex Franchuk <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2466,12 +2490,6 @@ criteria = "safe-to-deploy" | |
| delta = "1.1.2 -> 1.1.3" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.allocator-api2]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.2.16 -> 0.2.18" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.anyhow]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2525,24 +2543,6 @@ delta = "0.3.69 -> 0.3.71" | |
| notes = "This crate inherently requires a lot of `unsafe` code, but the changes look plausible." | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.base64]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.21.3 -> 0.21.4" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.base64]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.21.4 -> 0.21.5" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.base64]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.21.5 -> 0.21.7" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.blake2b_simd]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -3350,6 +3350,23 @@ criteria = "safe-to-deploy" | |
| delta = "0.6.2 -> 0.6.3" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.tracing-core]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.1.30 -> 0.1.31" | ||
| notes = """ | ||
| The only new `unsafe` block is to intentionally leak a scoped subscriber onto | ||
| the heap when setting it as the global default dispatcher. I checked that the | ||
| global default can only be set once and is never dropped. | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.tracing-core]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.1.31 -> 0.1.32" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash.audits.tracing-subscriber]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
||