diff options
Diffstat (limited to 'supply-chain/config.toml')
| -rw-r--r-- | supply-chain/config.toml | 42 |
1 files changed, 18 insertions, 24 deletions
diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 20b62a8210..ceba9cf6d9 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -19,10 +19,18 @@ url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/au [imports.mozilla] url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" +[policy.any_all_workaround] +audit-as-crates-io = true +notes = "This is the upstream code plus the ARM intrinsics workaround from qcms, see bug 1882209." + [policy.autocfg] audit-as-crates-io = true notes = "This is the upstream code plus a few local fixes, see bug 1685697." +[policy."bindgen:0.69.4"] +audit-as-crates-io = true +notes = "This is the upstream code plus a fix for clang trunk. See bug 1894093." + [policy.chardetng] audit-as-crates-io = true notes = "This is a crate Henri wrote which is also published. We should probably update Firefox to tip and certify that." @@ -39,14 +47,6 @@ notes = "This is a pinned version of the upstream code, presumably to get a fix audit-as-crates-io = true notes = "This is upstream plus a warning fix from bug 1823866." -[policy.cssparser] -audit-as-crates-io = true -notes = "Upstream release plus a couple unpublished changes" - -[policy.cssparser-macros] -audit-as-crates-io = true -notes = "Upstream release plus a couple unpublished changes" - [policy.d3d12] audit-as-crates-io = true notes = "Part of the wgpu repository, pinned as the rest of wgpu crates." @@ -72,6 +72,12 @@ notes = "The dependencies on tokio-reactor and tokio-threadpools are just a hack criteria = "safe-to-run" notes = "Used for fuzzing." +[policy.gpu-descriptor] +audit-as-crates-io = true + +[policy.gpu-descriptor-types] +audit-as-crates-io = true + [policy.http3server] criteria = "safe-to-run" notes = "Used for testing." @@ -157,6 +163,10 @@ audit-as-crates-io = false [policy.peek-poke-derive] audit-as-crates-io = false +[policy.plist] +audit-as-crates-io = true +notes = "This is the upstream code plus one local fix, see bug 1874167." + [policy.pulse] audit-as-crates-io = false notes = "This is a first-party crate which is entirely unrelated to the crates.io package of the same name." @@ -269,10 +279,6 @@ criteria = "safe-to-deploy" version = "1.3.3" criteria = "safe-to-deploy" -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.bitreader]] version = "0.3.6" criteria = "safe-to-deploy" @@ -606,10 +612,6 @@ criteria = "safe-to-deploy" version = "0.2.7" criteria = "safe-to-deploy" -[[exemptions.objc_exception]] -version = "0.1.2" -criteria = "safe-to-deploy" - [[exemptions.object]] version = "0.28.4" criteria = "safe-to-deploy" @@ -618,14 +620,6 @@ criteria = "safe-to-deploy" version = "1.12.0" criteria = "safe-to-deploy" -[[exemptions.owning_ref]] -version = "0.4.1" -criteria = "safe-to-deploy" - -[[exemptions.packed_simd]] -version = "0.3.8" -criteria = "safe-to-deploy" - [[exemptions.phf]] version = "0.10.1" criteria = "safe-to-deploy" |