gecko-dev/supply-chain/imports.lock

377 строки
12 KiB
Plaintext

# cargo-vet imports lock
[[publisher.bhttp]]
version = "0.3.1"
when = "2023-02-23"
user-id = 128763
user-login = "martinthomson"
user-name = "Martin Thomson"
[[publisher.glean]]
version = "52.4.2"
when = "2023-03-15"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"
[[publisher.glean-core]]
version = "52.4.2"
when = "2023-03-15"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"
[[publisher.ohttp]]
version = "0.3.1"
when = "2023-02-23"
user-id = 128763
user-login = "martinthomson"
user-name = "Martin Thomson"
[[audits.bytecode-alliance.audits.arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.arrayref]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.6"
notes = """
Unsafe code, but its logic looks good to me. Necessary given what it is
doing. Well tested, has quickchecks.
"""
[[audits.bytecode-alliance.audits.arrayvec]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.7.2"
notes = """
Well documented invariants, good assertions for those invariants in unsafe code,
and tested with MIRI to boot. LGTM.
"""
[[audits.bytecode-alliance.audits.atty]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.14"
notes = """
Contains only unsafe code for what this crate's purpose is and only accesses
the environment's terminal information when asked. Does its stated purpose and
no more.
"""
[[audits.bytecode-alliance.audits.block-buffer]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.2"
[[audits.bytecode-alliance.audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "3.11.1"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.cc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.73"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.cfg-if]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.codespan-reporting]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
version = "0.11.1"
notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."
[[audits.bytecode-alliance.audits.crypto-common]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
version = "0.1.3"
[[audits.bytecode-alliance.audits.derive_arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.form_urlencoded]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = """
This is a small crate for working with url-encoded forms which doesn't have any
more than what it says on the tin. Contains one `unsafe` block related to
performance around utf-8 validation which is fairly easy to verify as correct.
"""
[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
[[audits.bytecode-alliance.audits.id-arena]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "2.2.1"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.idna]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = """
This is a crate without unsafe code or usage of the standard library. The large
size of this crate comes from the large generated unicode tables file. This
crate is broadly used throughout the ecosystem and does not contain anything
suspicious.
"""
[[audits.bytecode-alliance.audits.leb128]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.5"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.peeking_take_while]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""
[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.21"
notes = "I am the author of this crate."
[[audits.bytecode-alliance.audits.unicase]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.6.0"
notes = """
This crate contains no `unsafe` code and no unnecessary use of the standard
library.
"""
[[audits.bytecode-alliance.audits.unicode-bidi]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.8"
notes = """
This crate has no unsafe code and does not use `std::*`. Skimming the crate it
does not attempt to out of the bounds of what it's already supposed to be doing.
"""
[[audits.bytecode-alliance.audits.unicode-normalization]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.19"
notes = """
This crate contains one usage of `unsafe` which I have manually checked to see
it as correct. This crate's size comes in large part due to the generated
unicode tables that it contains. This crate is additionally widely used
throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
and nothing suspicious.
"""
[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.25.0"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.bytecode-alliance.audits.wasm-smith]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.12.5"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.102.0"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "55.0.0"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.embark-studios.audits.anyhow]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.58"
[[audits.embark-studios.audits.cty]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.2.2"
notes = "Inspected it and is a tiny crate with just type definitions"
[[audits.embark-studios.audits.serial_test]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-run"
version = "0.6.0"
[[audits.embark-studios.audits.serial_test_derive]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-run"
version = "0.6.0"
[[audits.google.audits.ash]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.37.0+1.3.209"
notes = "Reviewed on https://fxrev.dev/694269"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.h2]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.3.14"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.http]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.2.8"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.http-body]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.httpdate]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.0.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.hyper]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.14.20"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.pin-project]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.0.12"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.pin-project-internal]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.0.12"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.serde_urlencoded]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.7.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tokio-stream]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.1.11"
notes = "Reviewed on https://fxrev.dev/804724"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
[[audits.google.audits.tower-service]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.3.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tracing]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.1.35"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tracing-attributes]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.1.22"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.tracing-core]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.1.29"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.try-lock]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.2.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.want]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.3.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.isrg.audits.block-buffer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"
[[audits.mozilla.audits.either]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.6.1"
notes = """
Straightforward crate providing the Either enum and trait implementations with
no unsafe code.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.lazy_static]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = "I have read over the macros, and audited the unsafe code."
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"