From 3fd3c7fb852da47e0935d62d2e5241abd4d33b82 Mon Sep 17 00:00:00 2001
From: Bobby Holley <bobbyholley@gmail.com>
Date: Fri, 26 Aug 2022 04:06:55 +0000
Subject: [PATCH] Bug 1787306 - Add a delta audit to leverage the BA's audit of
 bumpalo. r=supply-chain-reviewers,nika

Differential Revision: https://phabricator.services.mozilla.com/D155640
---
 supply-chain/audits.toml | 10 ++++++++++
 supply-chain/config.toml |  4 ----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index dcbc8eaace26..f92f49596f24 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -118,6 +118,16 @@ who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
 criteria = "safe-to-deploy"
 version = "0.1.2"
 
+[[audits.bumpalo]]
+who = "Bobby Holley <bobbyholley@gmail.com>"
+criteria = "safe-to-run"
+delta = "3.9.1 -> 3.10.0"
+notes = """
+Some nontrivial functional changes but certainly meets the no-malware bar of
+safe-to-run. If we needed safe-to-deploy for this in m-c I'd ask Nick to re-
+certify this version, but we don't, so this is fine for now.
+"""
+
 [[audits.bytes]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
index 571cf1dad3e2..eae6ed124b77 100644
--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@@ -279,10 +279,6 @@ criteria = "safe-to-deploy"
 version = "0.10.2"
 criteria = "safe-to-deploy"
 
-[[exemptions.bumpalo]]
-version = "3.10.0"
-criteria = "safe-to-run"
-
 [[exemptions.byteorder]]
 version = "1.4.3"
 criteria = "safe-to-deploy"