зеркало из https://github.com/mozilla/gecko-dev.git
377 строки
12 KiB
Plaintext
377 строки
12 KiB
Plaintext
|
|
# cargo-vet imports lock
|
|
|
|
[[publisher.bhttp]]
|
|
version = "0.3.1"
|
|
when = "2023-02-23"
|
|
user-id = 128763
|
|
user-login = "martinthomson"
|
|
user-name = "Martin Thomson"
|
|
|
|
[[publisher.glean]]
|
|
version = "52.4.2"
|
|
when = "2023-03-15"
|
|
user-id = 48
|
|
user-login = "badboy"
|
|
user-name = "Jan-Erik Rediger"
|
|
|
|
[[publisher.glean-core]]
|
|
version = "52.4.2"
|
|
when = "2023-03-15"
|
|
user-id = 48
|
|
user-login = "badboy"
|
|
user-name = "Jan-Erik Rediger"
|
|
|
|
[[publisher.ohttp]]
|
|
version = "0.3.1"
|
|
when = "2023-02-23"
|
|
user-id = 128763
|
|
user-login = "martinthomson"
|
|
user-name = "Martin Thomson"
|
|
|
|
[[audits.bytecode-alliance.audits.arbitrary]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.1.0"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.arrayref]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.6"
|
|
notes = """
|
|
Unsafe code, but its logic looks good to me. Necessary given what it is
|
|
doing. Well tested, has quickchecks.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.arrayvec]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.7.2"
|
|
notes = """
|
|
Well documented invariants, good assertions for those invariants in unsafe code,
|
|
and tested with MIRI to boot. LGTM.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.atty]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.2.14"
|
|
notes = """
|
|
Contains only unsafe code for what this crate's purpose is and only accesses
|
|
the environment's terminal information when asked. Does its stated purpose and
|
|
no more.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.block-buffer]]
|
|
who = "Benjamin Bouvier <public@benj.me>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.9.0 -> 0.10.2"
|
|
|
|
[[audits.bytecode-alliance.audits.bumpalo]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "3.11.1"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.cc]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.73"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.cfg-if]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.0"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.codespan-reporting]]
|
|
who = "Jamey Sharp <jsharp@fastly.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.11.1"
|
|
notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
|
|
|
|
[[audits.bytecode-alliance.audits.crypto-common]]
|
|
who = "Benjamin Bouvier <public@benj.me>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.3"
|
|
|
|
[[audits.bytecode-alliance.audits.derive_arbitrary]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.1.0"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.form_urlencoded]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.1.0"
|
|
notes = """
|
|
This is a small crate for working with url-encoded forms which doesn't have any
|
|
more than what it says on the tin. Contains one `unsafe` block related to
|
|
performance around utf-8 validation which is fairly easy to verify as correct.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.heck]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.4.0"
|
|
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
|
|
|
|
[[audits.bytecode-alliance.audits.id-arena]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "2.2.1"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.idna]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.0"
|
|
notes = """
|
|
This is a crate without unsafe code or usage of the standard library. The large
|
|
size of this crate comes from the large generated unicode tables file. This
|
|
crate is broadly used throughout the ecosystem and does not contain anything
|
|
suspicious.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.leb128]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.2.5"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.peeking_take_while]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.0"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.percent-encoding]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "2.2.0"
|
|
notes = """
|
|
This crate is a single-file crate that does what it says on the tin. There are
|
|
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
|
|
as correct and otherwise this crate is good to go.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.rustc-demangle]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.21"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.unicase]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "2.6.0"
|
|
notes = """
|
|
This crate contains no `unsafe` code and no unnecessary use of the standard
|
|
library.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.unicode-bidi]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.8"
|
|
notes = """
|
|
This crate has no unsafe code and does not use `std::*`. Skimming the crate it
|
|
does not attempt to out of the bounds of what it's already supposed to be doing.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.unicode-normalization]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.19"
|
|
notes = """
|
|
This crate contains one usage of `unsafe` which I have manually checked to see
|
|
it as correct. This crate's size comes in large part due to the generated
|
|
unicode tables that it contains. This crate is additionally widely used
|
|
throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
|
|
and nothing suspicious.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.wasm-encoder]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.25.0"
|
|
notes = "The Bytecode Alliance is the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.wasm-smith]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-run"
|
|
version = "0.12.5"
|
|
notes = "The Bytecode Alliance is the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.wasmparser]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.102.0"
|
|
notes = "The Bytecode Alliance is the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.wast]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "55.0.0"
|
|
notes = "The Bytecode Alliance is the author of this crate."
|
|
|
|
[[audits.embark-studios.audits.anyhow]]
|
|
who = "Johan Andersson <opensource@embark-studios.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.58"
|
|
|
|
[[audits.embark-studios.audits.cty]]
|
|
who = "Johan Andersson <opensource@embark-studios.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.2.2"
|
|
notes = "Inspected it and is a tiny crate with just type definitions"
|
|
|
|
[[audits.embark-studios.audits.serial_test]]
|
|
who = "Johan Andersson <opensource@embark-studios.com>"
|
|
criteria = "safe-to-run"
|
|
version = "0.6.0"
|
|
|
|
[[audits.embark-studios.audits.serial_test_derive]]
|
|
who = "Johan Andersson <opensource@embark-studios.com>"
|
|
criteria = "safe-to-run"
|
|
version = "0.6.0"
|
|
|
|
[[audits.google.audits.ash]]
|
|
who = "David Koloski <dkoloski@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.37.0+1.3.209"
|
|
notes = "Reviewed on https://fxrev.dev/694269"
|
|
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.fastrand]]
|
|
who = "George Burgess IV <gbiv@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.9.0"
|
|
notes = """
|
|
`does-not-implement-crypto` is certified because this crate explicitly says
|
|
that the RNG here is not cryptographically secure.
|
|
"""
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.h2]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.3.14"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.http]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.2.8"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.http-body]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.4.5"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.httpdate]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "1.0.2"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.hyper]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.14.20"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.pin-project]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "1.0.12"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.pin-project-internal]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "1.0.12"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_urlencoded]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.7.1"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.tokio-stream]]
|
|
who = "David Koloski <dkoloski@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.11"
|
|
notes = "Reviewed on https://fxrev.dev/804724"
|
|
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.tower-service]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.3.2"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.tracing]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.1.35"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.tracing-attributes]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.1.22"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.tracing-core]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.1.29"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.try-lock]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.2.3"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.version_check]]
|
|
who = "George Burgess IV <gbiv@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.9.4"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.want]]
|
|
who = "ChromeOS"
|
|
criteria = "safe-to-run"
|
|
version = "0.3.0"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.isrg.audits.block-buffer]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.9.0"
|
|
|
|
[[audits.mozilla.audits.either]]
|
|
who = "Nika Layzell <nika@thelayzells.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.6.1"
|
|
notes = """
|
|
Straightforward crate providing the Either enum and trait implementations with
|
|
no unsafe code.
|
|
"""
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.lazy_static]]
|
|
who = "Nika Layzell <nika@thelayzells.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.4.0"
|
|
notes = "I have read over the macros, and audited the unsafe code."
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
|