Bug 1824671 - patch 7 - Add icu_properties & dependencies to audits.toml and to package license whitelist, to enable it to be vendored. r=glandium,supply-chain-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D198445

python/mozbuild/mozbuild/vendor/vendor_rust.py

@@ -333,6 +333,9 @@ Please commit or stash these changes before vendoring, or re-run with `--ignore-
         "icu_collections": ICU4X_LICENSE_SHA256,
         "icu_locid": ICU4X_LICENSE_SHA256,
         "icu_locid_transform": ICU4X_LICENSE_SHA256,
+        "icu_locid_transform_data": ICU4X_LICENSE_SHA256,
+        "icu_properties": ICU4X_LICENSE_SHA256,
+        "icu_properties_data": ICU4X_LICENSE_SHA256,
         "icu_provider": ICU4X_LICENSE_SHA256,
         "icu_provider_adapters": ICU4X_LICENSE_SHA256,
         "icu_provider_macros": ICU4X_LICENSE_SHA256,

supply-chain/audits.toml

@@ -2114,6 +2114,24 @@ criteria = "safe-to-deploy"
 version = "1.4.0"
 notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code."
 
+[[audits.icu_locid_transform_data]]
+who = "Jonathan Kew <jkew@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "1.4.0"
+notes = "Compile-time static for the icu_locid_transform crate."
+
+[[audits.icu_properties]]
+who = "Jonathan Kew <jkew@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "1.4.0"
+notes = "This is used by ICU4X for character property lookup. The few (4) usages of unsafe have comments clarifying their safety."
+
+[[audits.icu_properties_data]]
+who = "Jonathan Kew <jkew@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "1.4.0"
+notes = "Compile-time static data for the icu_properties crate."
+
 [[audits.icu_provider]]
 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"