# cargo-vet imports lock [[publisher.aho-corasick]] version = "1.1.0" when = "2023-09-18" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.anstyle]] version = "1.0.3" when = "2023-09-11" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.arbitrary]] version = "1.3.0" when = "2023-03-13" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.async-trait]] version = "0.1.68" when = "2023-03-24" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.atomic]] version = "0.4.6" when = "2020-07-05" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.audio_thread_priority]] version = "0.31.0" when = "2024-01-17" user-id = 1258 user-login = "padenot" user-name = "Paul Adenot" [[publisher.authenticator]] version = "0.4.0-alpha.24" when = "2023-11-29" user-id = 175410 user-login = "jschanck" user-name = "John Schanck" [[publisher.bhttp]] version = "0.3.1" when = "2023-02-23" user-id = 128763 user-login = "martinthomson" user-name = "Martin Thomson" [[publisher.byteorder]] version = "1.4.3" when = "2021-03-10" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.bytes]] version = "1.4.0" when = "2023-01-31" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.cc]] version = "1.0.89" when = "2024-03-04" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.cexpr]] version = "0.6.0" when = "2021-10-11" user-id = 3788 user-login = "emilio" user-name = "Emilio Cobos Álvarez" [[publisher.clap]] version = "4.4.5" when = "2023-09-25" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_builder]] version = "4.4.5" when = "2023-09-25" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_derive]] version = "4.4.2" when = "2023-08-31" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.clap_lex]] version = "0.5.1" when = "2023-08-24" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.core-foundation]] version = "0.9.3" when = "2022-02-07" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.core-foundation-sys]] version = "0.8.3" when = "2021-10-12" user-id = 2396 user-login = "jdm" user-name = "Josh Matthews" [[publisher.core-graphics]] version = "0.22.3" when = "2021-11-02" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.core-graphics-types]] version = "0.1.1" when = "2020-09-15" user-id = 2396 user-login = "jdm" user-name = "Josh Matthews" [[publisher.core-text]] version = "19.2.0" when = "2021-02-14" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.derive_arbitrary]] version = "1.3.0" when = "2023-03-13" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.dogear]] version = "0.4.0" when = "2019-09-16" user-id = 27901 user-login = "linabutler" user-name = "Lina Butler" [[publisher.dtoa]] version = "0.4.8" when = "2021-03-29" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.encoding_rs]] version = "0.8.33" when = "2023-08-23" user-id = 4484 user-login = "hsivonen" user-name = "Henri Sivonen" [[publisher.errno]] version = "0.3.8" when = "2023-11-28" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.etagere]] version = "0.2.7" when = "2022-05-04" user-id = 1281 user-login = "nical" user-name = "Nicolas Silva" [[publisher.euclid]] version = "0.22.7" when = "2022-04-04" user-id = 1281 user-login = "nical" user-name = "Nicolas Silva" [[publisher.flate2]] version = "1.0.26" when = "2023-04-28" user-id = 4333 user-login = "joshtriplett" user-name = "Josh Triplett" [[publisher.freetype]] version = "0.7.0" when = "2020-07-14" user-id = 2396 user-login = "jdm" user-name = "Josh Matthews" [[publisher.gleam]] version = "0.15.0" when = "2023-04-21" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.glean]] version = "58.1.0" when = "2024-03-12" user-id = 48 user-login = "badboy" user-name = "Jan-Erik Rediger" [[publisher.glean-core]] version = "58.1.0" when = "2024-03-12" user-id = 48 user-login = "badboy" user-name = "Jan-Erik Rediger" [[publisher.glslopt]] version = "0.1.10" when = "2024-02-13" user-id = 84794 user-login = "jamienicol" user-name = "Jamie Nicol" [[publisher.h2]] version = "0.3.22" when = "2023-11-15" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.headers]] version = "0.3.9" when = "2023-08-31" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.httparse]] version = "1.8.0" when = "2022-08-30" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.indexmap]] version = "1.9.3" when = "2023-03-24" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.inherent]] version = "1.0.7" when = "2023-03-25" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.iovec]] version = "0.1.4" when = "2019-10-09" user-id = 10 user-login = "carllerche" user-name = "Carl Lerche" [[publisher.itoa]] version = "1.0.5" when = "2022-12-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.jobserver]] version = "0.1.25" when = "2022-09-23" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.libc]] version = "0.2.152" when = "2024-01-07" user-id = 51017 user-login = "JohnTitor" user-name = "Yuki Okushi" [[publisher.linux-raw-sys]] version = "0.4.12" when = "2023-11-30" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.lock_api]] version = "0.4.9" when = "2022-09-20" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.memchr]] version = "2.5.0" when = "2022-04-30" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.mime]] version = "0.3.16" when = "2020-01-07" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.mio]] version = "0.6.21" when = "2019-11-27" user-id = 10 user-login = "carllerche" user-name = "Carl Lerche" [[publisher.nss-gk-api]] version = "0.3.0" when = "2023-06-14" user-id = 175410 user-login = "jschanck" user-name = "John Schanck" [[publisher.num_cpus]] version = "1.15.0" when = "2022-12-20" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.ohttp]] version = "0.3.1" when = "2023-02-23" user-id = 128763 user-login = "martinthomson" user-name = "Martin Thomson" [[publisher.ordered-float]] version = "3.4.0" when = "2022-11-06" user-id = 2017 user-login = "mbrubeck" user-name = "Matt Brubeck" [[publisher.parking_lot]] version = "0.12.1" when = "2022-05-31" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.parking_lot_core]] version = "0.9.9" when = "2023-10-17" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.paste]] version = "1.0.11" when = "2022-12-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.presser]] version = "0.3.1" when = "2022-10-16" user-id = 52553 user-login = "embark-studios" [[publisher.prio]] version = "0.15.3" when = "2023-10-03" user-id = 213776 user-login = "divviup-github-automation" [[publisher.proc-macro2]] version = "1.0.74" when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.qcms]] version = "0.3.0" when = "2024-01-09" user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.quote]] version = "1.0.35" when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.regex]] version = "1.9.4" when = "2023-08-26" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.regex-automata]] version = "0.3.7" when = "2023-08-26" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.regex-syntax]] version = "0.7.5" when = "2023-08-26" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.rust_cascade]] version = "1.5.0" when = "2023-04-05" user-id = 57462 user-login = "mozkeeler" user-name = "Dana Keeler" [[publisher.rustix]] version = "0.38.28" when = "2023-12-09" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.ryu]] version = "1.0.12" when = "2022-12-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.same-file]] version = "1.0.6" when = "2020-01-11" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.scopeguard]] version = "1.1.0" when = "2020-02-16" user-id = 2915 user-login = "Amanieu" user-name = "Amanieu d'Antras" [[publisher.serde]] version = "1.0.197" when = "2024-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_bytes]] version = "0.11.9" when = "2023-02-05" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_derive]] version = "1.0.197" when = "2024-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_json]] version = "1.0.93" when = "2023-02-08" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_repr]] version = "0.1.12" when = "2023-03-18" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_yaml]] version = "0.8.26" when = "2022-07-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.smallvec]] version = "1.13.1" when = "2024-01-19" user-id = 2017 user-login = "mbrubeck" user-name = "Matt Brubeck" [[publisher.syn]] version = "2.0.46" when = "2024-01-02" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.termcolor]] version = "1.4.1" when = "2024-01-10" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.thiserror]] version = "1.0.57" when = "2024-02-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.thiserror-impl]] version = "1.0.57" when = "2024-02-11" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.threadbound]] version = "0.1.5" when = "2022-12-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.tokio-util]] version = "0.7.2" when = "2022-05-15" user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" [[publisher.toml]] version = "0.5.7" when = "2020-10-11" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.unicode-ident]] version = "1.0.6" when = "2022-12-17" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.unicode-width]] version = "0.1.10" when = "2022-09-13" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.unicode-xid]] version = "0.2.4" when = "2022-09-15" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.uniffi]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_bindgen]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_build]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_checksum_derive]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_core]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_macros]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_meta]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_testing]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.uniffi_udl]] version = "0.25.3" when = "2023-12-07" user-id = 127697 user-login = "bendk" [[publisher.utf8_iter]] version = "1.0.3" when = "2022-09-09" user-id = 4484 user-login = "hsivonen" user-name = "Henri Sivonen" [[publisher.walkdir]] version = "2.3.2" when = "2021-03-22" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.warp]] version = "0.3.6" when = "2023-09-27" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.wasi]] version = "0.11.0+wasi-snapshot-preview1" when = "2022-01-19" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-encoder]] version = "0.40.0" when = "2024-01-24" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasm-smith]] version = "0.15.0" when = "2024-01-24" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wast]] version = "70.0.1" when = "2024-01-24" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.winapi-util]] version = "0.1.5" when = "2020-04-20" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.windows]] version = "0.52.0" when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-core]] version = "0.52.0" when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-sys]] version = "0.52.0" when = "2023-11-15" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.zeitstempel]] version = "0.1.1" when = "2021-03-18" user-id = 48 user-login = "badboy" user-name = "Jan-Erik Rediger" [[audits.bytecode-alliance.wildcard-audits.arbitrary]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" user-id = 696 # Nick Fitzgerald (fitzgen) start = "2020-01-14" end = "2024-04-21" notes = "I am an author of this crate." [[audits.bytecode-alliance.wildcard-audits.derive_arbitrary]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" user-id = 696 # Nick Fitzgerald (fitzgen) start = "2020-01-14" end = "2024-04-27" notes = "I am an author of this crate" [[audits.bytecode-alliance.wildcard-audits.wasm-encoder]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2020-12-11" end = "2024-04-14" notes = """ This is a Bytecode Alliance authored crate maintained in the `wasm-tools` repository of which I'm one of the primary maintainers and publishers for. I am employed by a member of the Bytecode Alliance and plan to continue doing so and will actively maintain this crate over time. """ [[audits.bytecode-alliance.wildcard-audits.wasm-smith]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2020-09-03" end = "2024-04-14" notes = """ This is a Bytecode Alliance authored crate maintained in the `wasm-tools` repository of which I'm one of the primary maintainers and publishers for. I am employed by a member of the Bytecode Alliance and plan to continue doing so and will actively maintain this crate over time. """ [[audits.bytecode-alliance.wildcard-audits.wast]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2019-10-16" end = "2024-04-14" notes = """ This is a Bytecode Alliance authored crate maintained in the `wasm-tools` repository of which I'm one of the primary maintainers and publishers for. I am employed by a member of the Bytecode Alliance and plan to continue doing so and will actively maintain this crate over time. """ [[audits.bytecode-alliance.audits.adler]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.2" notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm." [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.3.6" notes = """ Unsafe code, but its logic looks good to me. Necessary given what it is doing. Well tested, has quickchecks. """ [[audits.bytecode-alliance.audits.arrayvec]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.7.2" notes = """ Well documented invariants, good assertions for those invariants in unsafe code, and tested with MIRI to boot. LGTM. """ [[audits.bytecode-alliance.audits.base64]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." [[audits.bytecode-alliance.audits.bitflags]] who = "Jamey Sharp " criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.1" notes = """ This version adds unsafe impls of traits from the bytemuck crate when built with that library enabled, but I believe the impls satisfy the documented safety requirements for bytemuck. The other changes are minor. """ [[audits.bytecode-alliance.audits.bitflags]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.3.2 -> 2.3.3" notes = """ Nothing outside the realm of what one would expect from a bitflags generator, all as expected. """ [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" [[audits.bytecode-alliance.audits.bumpalo]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "3.11.1" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.cargo-platform]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.2" notes = "no build, no ambient capabilities, no unsafe" [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.codespan-reporting]] who = "Jamey Sharp " criteria = "safe-to-deploy" version = "0.11.1" notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O." [[audits.bytecode-alliance.audits.cpufeatures]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.7" notes = """ This is a minor update that looks to add some more detected CPU features and various other minor portability fixes such as MIRI support. """ [[audits.bytecode-alliance.audits.crypto-common]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" version = "0.1.3" [[audits.bytecode-alliance.audits.fallible-iterator]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.3.0" notes = """ This major version update has a few minor breaking changes but everything this crate has to do with iterators and `Result` and such. No `unsafe` or anything like that, all looks good. """ [[audits.bytecode-alliance.audits.foreign-types]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.2" notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well." [[audits.bytecode-alliance.audits.foreign-types-shared]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.1" [[audits.bytecode-alliance.audits.futures-channel]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)" [[audits.bytecode-alliance.audits.futures-core]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." [[audits.bytecode-alliance.audits.futures-executor]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods." [[audits.bytecode-alliance.audits.futures-io]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" [[audits.bytecode-alliance.audits.futures-sink]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.4.0" notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." [[audits.bytecode-alliance.audits.id-arena]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "2.2.1" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.idna]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.3.0" notes = """ This is a crate without unsafe code or usage of the standard library. The large size of this crate comes from the large generated unicode tables file. This crate is broadly used throughout the ecosystem and does not contain anything suspicious. """ [[audits.bytecode-alliance.audits.leb128]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.2.5" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.memoffset]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes." [[audits.bytecode-alliance.audits.miniz_oxide]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.7.1" notes = """ This crate is a Rust implementation of zlib compression/decompression and has been used by default by the Rust standard library for quite some time. It's also a default dependency of the popular `backtrace` crate for decompressing debug information. This crate forbids unsafe code and does not otherwise access system resources. It's originally a port of the `miniz.c` library as well, and given its own longevity should be relatively hardened against some of the more common compression-related issues. """ [[audits.bytecode-alliance.audits.mio]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.8" notes = "Mostly OS portability updates along with some minor bugfixes." [[audits.bytecode-alliance.audits.object]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.30.3 -> 0.31.1" notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." [[audits.bytecode-alliance.audits.object]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.31.1 -> 0.32.0" notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good." [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "2.2.0" notes = """ This crate is a single-file crate that does what it says on the tin. There are a few `unsafe` blocks related to utf-8 validation which are locally verifiable as correct and otherwise this crate is good to go. """ [[audits.bytecode-alliance.audits.pin-utils]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" [[audits.bytecode-alliance.audits.pkg-config]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.25" notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.21" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.semver]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.17" notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct" [[audits.bytecode-alliance.audits.slab]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.4.6" notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods." [[audits.bytecode-alliance.audits.socket2]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.4.7 -> 0.4.9" notes = "Minor OS compat updates but otherwise nothing major here." [[audits.bytecode-alliance.audits.tempfile]] who = "Pat Hickey " criteria = "safe-to-deploy" delta = "3.3.0 -> 3.5.0" [[audits.bytecode-alliance.audits.tempfile]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "3.5.0 -> 3.6.0" notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal." [[audits.bytecode-alliance.audits.unicase]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "2.6.0" notes = """ This crate contains no `unsafe` code and no unnecessary use of the standard library. """ [[audits.bytecode-alliance.audits.unicode-bidi]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.3.8" notes = """ This crate has no unsafe code and does not use `std::*`. Skimming the crate it does not attempt to out of the bounds of what it's already supposed to be doing. """ [[audits.bytecode-alliance.audits.unicode-normalization]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.19" notes = """ This crate contains one usage of `unsafe` which I have manually checked to see it as correct. This crate's size comes in large part due to the generated unicode tables that it contains. This crate is additionally widely used throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs and nothing suspicious. """ [[audits.embark-studios.wildcard-audits.presser]] who = "Gray Olson " criteria = "safe-to-deploy" user-id = 52553 # embark-studios start = "2021-01-01" end = "2024-05-23" notes = """ Small crate with no dependencies and no ambient capabilities. The safe interface of the crate is gated behind unsafe implementation of a core trait, and care must be taken to ensure that the relevant invariants are guaranteed when doing so. Maintained by the Ark team at Embark and used in production. """ [[audits.embark-studios.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.58" [[audits.embark-studios.audits.cfg_aliases]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.1.1" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.derive_more]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.99.17" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.ident_case]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.1" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.idna]] who = "Johan Andersson " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.line-wrap]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.1.1" notes = "No unsafe usage or ambient capabilities" [[audits.embark-studios.audits.yaml-rust]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.4.5" notes = "No unsafe usage or ambient capabilities" [[audits.google.audits.ash]] who = "David Koloski " criteria = "safe-to-deploy" version = "0.37.0+1.3.209" notes = "Reviewed on https://fxrev.dev/694269" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.fastrand]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.9.0" notes = """ `does-not-implement-crypto` is certified because this crate explicitly says that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.futures]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.3.28" notes = """ `futures` has no logic other than tests - it simply `pub use`s things from other crates. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.http]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.http-body]] who = "ChromeOS" criteria = "safe-to-run" version = "0.4.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.httpdate]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.hyper]] who = "ChromeOS" criteria = "safe-to-run" version = "0.14.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.nom]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "7.1.3" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.pin-project]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-internal]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.scoped-tls]] who = "George Burgess IV " criteria = "safe-to-run" version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.serde_urlencoded]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.static_assertions]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.1.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` and there were no hits except for one `unsafe`. The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code never runs) and is only introduced for some compile-time checks. Additional unsafe review comments can be found in https://crrev.com/c/5353376. This crate has been added to Chromium in https://crrev.com/c/3736562. The CL description contains a link to a document with an additional security review. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.strsim]] who = "danakj@chromium.org" criteria = "safe-to-deploy" version = "0.10.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.tokio]] who = "Vovo Yang " criteria = "safe-to-run" version = "1.29.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.tokio-stream]] who = "David Koloski " criteria = "safe-to-deploy" version = "0.1.11" notes = "Reviewed on https://fxrev.dev/804724" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.tower-service]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.tracing]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.35" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.tracing-attributes]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.22" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.tracing-core]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.29" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.try-lock]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.version_check]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.want]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.isrg.wildcard-audits.prio]] who = "David Cook " criteria = "safe-to-deploy" user-id = 213776 # divviup-github-automation start = "2020-09-28" end = "2025-02-12" [[audits.isrg.audits.base64]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" [[audits.isrg.audits.base64]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.21.2" [[audits.isrg.audits.base64]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.21.2 -> 0.21.3" [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy" version = "0.9.0" [[audits.isrg.audits.getrandom]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.10" notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`." [[audits.isrg.audits.keccak]] who = "David Cook " criteria = "safe-to-deploy" version = "0.1.2" [[audits.isrg.audits.keccak]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.4" [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.17.1 -> 1.17.2" [[audits.isrg.audits.once_cell]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.17.2 -> 1.18.0" [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.18.0 -> 1.19.0" [[audits.isrg.audits.rand_chacha]] who = "David Cook " criteria = "safe-to-deploy" version = "0.3.1" [[audits.isrg.audits.rand_core]] who = "David Cook " criteria = "safe-to-deploy" version = "0.6.3" [[audits.isrg.audits.rayon-core]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.10.2 -> 1.11.0" [[audits.isrg.audits.rayon-core]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.11.0 -> 1.12.0" [[audits.isrg.audits.sha2]] who = "David Cook " criteria = "safe-to-deploy" version = "0.10.2" [[audits.isrg.audits.sha3]] who = "David Cook " criteria = "safe-to-deploy" version = "0.10.6" [[audits.isrg.audits.sha3]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.10.8" [[audits.mozilla.wildcard-audits.zeitstempel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 # Jan-Erik Rediger (badboy) start = "2021-03-03" end = "2024-05-10" notes = "Maintained by me" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.askama]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.12.0" notes = "No new unsafe usage, mostly dependency updates and smaller API changes" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.askama_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.2 -> 0.12.1" notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.basic-toml]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.1.2" notes = "TOML parser, forked from toml 0.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.4.0 -> 2.4.1" notes = "Only allowing new clippy lints" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.either]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.6.1" notes = """ Straightforward crate providing the Either enum and trait implementations with no unsafe code. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.log]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.4.17 -> 0.4.18" notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.log]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" delta = "0.4.18 -> 0.4.20" notes = "Only cfg attribute and internal macro changes and module refactorings" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.rkv]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" delta = "0.18.4 -> 0.19.0" notes = "Maintained by Mozilla, no addition of unsafe blocks" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"