зеркало из https://github.com/mozilla/gecko-dev.git
98 строки
3.3 KiB
TOML
98 строки
3.3 KiB
TOML
|
|
# cargo-vet audits file
|
|
|
|
[[audits.arbitrary]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-run"
|
|
delta = "1.1.0 -> 1.1.1"
|
|
|
|
[[audits.atomic_refcell]]
|
|
who = "Bobby Holley <bholley@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.8"
|
|
notes = "I maintain this crate and have reviewed every line."
|
|
|
|
[[audits.bit-set]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.5.2"
|
|
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
|
|
|
|
[[audits.bit-vec]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.6.3"
|
|
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
|
|
|
|
[[audits.clap_lex]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.2.0 -> 0.2.2"
|
|
|
|
[[audits.derive_arbitrary]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-run"
|
|
delta = "1.1.0 -> 1.1.1"
|
|
|
|
[[audits.dogear]]
|
|
who = "Sammy Khamis <skhamis@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.4.0 -> 0.5.0"
|
|
notes = "The repository for this crate belongs in the Mozilla org."
|
|
|
|
[[audits.getrandom]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.2.6 -> 0.2.7"
|
|
|
|
[[audits.glean]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "50.1.0"
|
|
notes = "Maintained by the Glean team at Mozilla"
|
|
|
|
[[audits.glean-core]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "50.1.0"
|
|
notes = "Maintained by the Glean team at Mozilla"
|
|
|
|
[[audits.linked-hash-map]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.5.4"
|
|
notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
|
|
|
|
[[audits.log]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.4.17"
|
|
|
|
[[audits.rust_decimal]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.24.0 -> 1.25.0"
|
|
|
|
[[audits.semver]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.9 -> 1.0.10"
|
|
|
|
[[audits.thin-vec]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.2.5"
|
|
notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."
|
|
|
|
[[audits.unicode-ident]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.0 -> 1.0.1"
|
|
|
|
[[audits.unicode-normalization]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.1.19 -> 0.1.20"
|
|
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
|
|
|