[criteria.crypto-safe]
description = """
All crypto algorithms in this crate have been reviewed by a relevant expert.

**Note**: If a crate does not implement crypto, use `does-not-implement-crypto`,
which implies `crypto-safe`, but does not require expert review in order to
audit for."""

[criteria.does-not-implement-crypto]
description = """
Inspection reveals that the crate in question does not attempt to implement any
cryptographic algorithms on its own.

Note that certification of this does not require an expert on all forms of
cryptography: it's expected for crates we import to be \"good enough\" citizens,
so they'll at least be forthcoming if they try to implement something
cryptographic. When in doubt, please ask an expert."""
implies = "crypto-safe"

[criteria.ub-risk-0]
description = """
No unsafe code.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0
"""
implies = "ub-risk-1"

[criteria.ub-risk-1]
description = """
Excellent soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1
"""
implies = "ub-risk-2"

[criteria.ub-risk-1-thorough]
description = """
Excellent soundness (established in a thorough review).

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1-thorough
"""
implies = "ub-risk-1"

[criteria.ub-risk-2]
description = """
Negligible unsoundness or average soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2
"""
implies = "ub-risk-3"

[criteria.ub-risk-2-thorough]
description = """
Negligible unsoundness or average soundness (established in a thorough review).

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2-thorough
"""
implies = "ub-risk-2"

[criteria.ub-risk-3]
description = """
Mild unsoundness or suboptimal soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
"""
implies = "ub-risk-4"

[criteria.ub-risk-4]
description = """
Extreme unsoundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
"""

[[audits.alloc-no-stdlib]]
who = [
    "Luca Versari <veluca@google.com>",
    "Manish Goregaokar <manishearth@google.com>"
]
criteria = ["ub-risk-4"]
version = "2.0.4"
notes = """Reviewed in CL 636730294
Issues found:
 - unsafe functions have no documented safety invariants
 - CallocBackingStore returns uninitialized memory
"""

[[audits.alloc-stdlib]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.2"
notes = "Reviewed in CL 636730499"

[[audits.android_logger]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.13.3"
notes = "Reviewed in CL 559548165"

[[audits.anstream]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.2"
notes = "Reviewed in CL 559376670"

[[audits.anstream]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.6.5"
notes = """Reviewed in CL 596713982
Issues found:
 - https://github.com/rust-cli/anstyle/issues/156
 - Exhaustive review of utf8 soundness not performed
"""

[[audits.anstyle]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "1.0.0"
notes = "Reviewed in CL 559404826"

[[audits.anstyle_query]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "1.0.0"
notes = "Reviewed in CL 559375925"

[[audits.anstyle-parse]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.1"
notes = "Reviewed in CL 559131783"

[[audits.anymap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.0.0-beta2"
notes = "Reviewed in CL 558118223"

[[audits.archery]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.2.1"
notes = "Reviewed in CL 689387930"

[[audits.argminmax]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.2"
notes = "Reviewed in CL 645900200"

[[audits.array-init-cursor]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.0"
notes = """Reviewed in CL 702364774
Could have more comments. into_buf can probably be written safely.
"""

[[audits.arrayref]]
who = [
    "Luca Versari <veluca@google.com>",
    "Manish Goregaokar <manishearth@google.com>"
]
criteria = ["ub-risk-3"]
version = "0.3.7"
notes = """Reviewed in CL 636647431
Issues found:
 - Macros do not overflow check before adding pre/post and can cause hard-to-trigger UB. https://github.com/droundy/arrayref/issues/26
"""

[[audits.arrayref]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.3.7 -> 0.3.9"
notes = """Reviewed in CL 693504716
Diff fixes https://github.com/droundy/arrayref/issues/26
"""

[[audits.arrow_select]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "53.1.0"
notes = """Reviewed in CL 683334337
Issues found:
 - filter_run_end_array needs a patch to check its preconditions https://github.com/apache/arrow-rs/issues/6569
"""

[[audits.arrow-buffer]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "51.0.0"
notes = "Reviewed in CL 637904132"

[[audits.arrow-cast]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "51.0.0"
notes = "Reviewed in CL 638739847"

[[audits.arrow-data]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3"]
version = "51.0.0"
notes = "Reviewed in CL 638739833"

[[audits.arrow-select]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-3"]
version = "51.0.0"
notes = "Reviewed in CL 638739853"

[[audits.askama_derive]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.13.1"
notes = "Reviewed in CL 751078334"

[[audits.askama_parser]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.13.0"
notes = "Reviewed in "

[[audits.async_stream]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.6"
notes = "Reviewed in CL 814718864"

[[audits.async-executor]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "1.13.1"
notes = "Reviewed in CL 737846535"

[[audits.async-lock]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "3.4.0"
notes = "Reviewed in CL 740466573"

[[audits.base64ct]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.6.0"
notes = "Reviewed in CL 592910669"

[[audits.beef]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.5.0"
notes = "Reviewed in CL 742874865"

[[audits.bit-set]]
who = [
    "Manish Goregaokar <manishearth@google.com>",
    "Augie Fackler <augie@google.com>"
]
criteria = ["ub-risk-2"]
version = "0.5.3"
notes = """Reviewed in CL 615008047
Uses unsafe operations from bit-vec that are not actually unsafe.
"""

[[audits.bitflags]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "2.3.3"
notes = "Reviewed in CL 545304270"

[[audits.bitmaps]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "2.1.0"
notes = """Reviewed in CL 755933866
This has incorrect usage of target_feature: https://github.com/bodil/bitmaps/issues/31
"""

[[audits.bitmaps]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "3.2.1"
notes = """Reviewed in CL 755933866
Issues found:
 - Incorrect use of target_feature https://github.com/bodil/bitmaps/issues/31
 - Incorrect layout assumptions around bool https://github.com/bodil/bitmaps/issues/29
"""

[[audits.boxcar]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.10"
notes = "Reviewed in CL 736485432"

[[audits.brotli]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "3.5.0"
notes = "Reviewed in CL 641306142"

[[audits.btoi]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-0", "does-not-implement-crypto"]
version = "0.4.3"
notes = "Reviewed in CL 581228675"

[[audits.bulletproofs]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "5.0.0"
notes = """Reviewed in CL 666491560
Only unsafe is in tests
"""

[[audits.bumpalo]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "3.14.0"
notes = "Reviewed in CL 574186321"

[[audits.bytecount]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.6.7"
notes = """Reviewed in CL 596699465
Is sound, but needs safety docs
"""

[[audits.bytemuck]]
who = [
    "Manish Goregaokar <manishearth@google.com>",
    "Łukasz Anforowicz <lukasza@google.com>"
]
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "1.13.1"
notes = "Reviewed in CL 561111794"

[[audits.byteorder]]
who = "Alyssa Haroldsen <kupiakos@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.4.3"
notes = """Reviewed in CL 559206679
Issues found:
 - https://github.com/BurntSushi/byteorder/issues/194
"""

[[audits.bzip2]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.1"
notes = "Reviewed in CL 828354407"

[[audits.caliptra_cfi]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.1.0"
notes = """Reviewed in CL 609792409
Rating is ub-risk-4 because this crate makes assumptions about single-threadedness.
However, on the platform it is intended for, this is fine and can be treated as having ub-risk-3.
Issues found: https://github.com/chipsalliance/caliptra-cfi/pull/10
"""

[[audits.castaway]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.3"
notes = "Reviewed in CL 683065028"

[[audits.chacha20]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-2"]
version = "0.9.1"
notes = "Reviewed in CL 640124703"

[[audits.chalk_ir]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.92.0"
notes = "Reviewed in CL 558137822"

[[audits.chalk_ir]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "0.95.0"
notes = "Reviewed in CL 599467162"

[[audits.clap_lex]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.5.0"
notes = """Reviewed in CL 559377426
Issues:
 - Unsound transmutes from OsStr to [u8] (https://github.com/clap-rs/clap/issues/5280)
 - (optional) Incorrect safety comment (https://github.com/clap-rs/clap/pull/5281)
"""

[[audits.clap_lex]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.5.1 -> 0.6.0"
notes = """Reviewed in CL 596708333
Issues:
 - Unsound transmutes from OsStr to [u8] (https://github.com/clap-rs/clap/issues/5280)
 - (optional) Incorrect safety comment (https://github.com/clap-rs/clap/pull/5281)
"""

[[audits.clap_lex]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.7.2 -> 0.7.3"
notes = "Reviewed in CL 701531434"

[[audits.clap_lex]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.7.3 -> 0.7.4"
notes = """Reviewed in CL 709087295
No change since previous review
"""

[[audits.clear_on_drop]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.5"
notes = """Reviewed in CL 666491561
Issues:
 - Could use some safety comments
 - Clear::clear() would ideally discard the &mut self and only work with raw pointers to avoid tripping anything around reference validity. Impl is *probably* fine given the way T-opsem is leaning
"""

[[audits.clru]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.6.1"
notes = "Reviewed in CL 581562557"

[[audits.command_group]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "2.0.1"
notes = """Reviewed in CL 561009596
Issues found:
 - https://github.com/watchexec/command-group/issues/20
 - https://github.com/watchexec/command-group/issues/19
"""

[[audits.compact_str]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.1"
notes = "Reviewed in CL 639198555"

[[audits.console]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
version = "0.15.8"
notes = "Reviewed in CL 683999046"

[[audits.constant_time_eq]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.3.0"
notes = "Reviewed in CL 587904821"

[[audits.constcat]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.1"
notes = "Reviewed in CL 706930648"

[[audits.core-foundation]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.10.0"
notes = """Reviewed in CL 711537864
FFI crate
"""

[[audits.core-foundation-sys]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.8.7"
notes = "Reviewed in CL 711535914"

[[audits.countme]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "3.0.1"
notes = "Reviewed in CL 558181122"

[[audits.crabbyavif]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.0"
notes = "Reviewed in CL 781088700"

[[audits.cranelift-entity]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.113.1"
notes = "Reviewed in CL 698407144"

[[audits.cranelift-entity]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
delta = "1.113.1 -> 1.114.0"
notes = """Reviewed in CL 699228957
No change in unsafe code since last import
"""

[[audits.crc32c]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.6.5"
notes = """Reviewed in CL 608991681
Does not have much unsafe (some use of hardware intrinsics, one bit of pointer manipulation). However, the unsafe isn't documented enough. Can be upgraded to a rating 2 or 1 with some unsafe documentation.
"""

[[audits.crc32fast]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.3.2"
notes = "Reviewed in CL 558895300"

[[audits.crossterm]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.26.1"
notes = """Reviewed in CL 562140151
Issues:
 - Internal API permits buffer overruns (https://github.com/crossterm-rs/crossterm/pull/821)
"""

[[audits.crossterm]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
delta = "0.26.1 -> 0.27.0"
notes = """Reviewed in CL 566337315
Issues:
 - Internal API permits buffer overruns (https://github.com/crossterm-rs/crossterm/pull/821)
"""

[[audits.cstream]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.1"
notes = "Reviewed in CL 805553961"

[[audits.ctor]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.2.4"
notes = """Reviewed in CL 552861146
Issues found:
 - https://github.com/mmastrac/rust-ctor/pull/294
 - https://github.com/mmastrac/rust-ctor/pull/293
"""

[[audits.ctrlc]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "3.4.0"
notes = "Reviewed in CL 587904024"

[[audits.curve25519-dalek]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "4.0.0"
notes = "Reviewed in CL 557134163"

[[audits.curve25519-dalek-derive]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.1.0"
notes = """Reviewed in CL 557129495
Issues found:
 - https://github.com/dalek-cryptography/curve25519-dalek/issues/563
"""

[[audits.daemonize]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.0"
notes = "Reviewed in CL 670551760"

[[audits.dary_heap]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.3.7"
notes = "Reviewed in CL 778340537"

[[audits.deduplicating_array]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.7"
notes = """Reviewed in CL 700071397
Safe, but needs safety comments
"""

[[audits.deranged]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.0"
notes = "Reviewed in CL 683999039"

[[audits.deranged]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.3.9"
notes = "Reviewed in CL 579385986"

[[audits.derive_builder]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "0.20.0"
notes = "Reviewed in CL 644303353"

[[audits.dispatch2]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.3.0"
notes = "Reviewed in CL 752745648"

[[audits.dyn-clone]]
who = [
    "Ben Saunders <bsaunders@google.com>",
    "Augie Fackler <augie@google.com>",
    "Luca Versari <veluca@google.com>"
]
criteria = ["ub-risk-2"]
version = "1.0.17"
notes = "Reviewed in CL 637023476"

[[audits.dyn-stack]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
delta = "0.9.0 -> 0.11.0"
notes = "Reviewed in CL 754079845"

[[audits.educe]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.4.23"
notes = """Reviewed in CL 778349439
Issues found:
 - https://github.com/magiclen/educe/issues/45
"""

[[audits.encode_unicode]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.0"
notes = "Reviewed in CL 683999023"

[[audits.encoding_rs]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.8.33"
notes = """Reviewed in CL 605370461
Needs extensive safety comments:
 - https://github.com/hsivonen/encoding_rs/pull/101
"""

[[audits.enum-ordinalize]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
version = "3.1.15"
notes = "Reviewed in CL 778348618"

[[audits.enumflags2]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.7.8"
notes = "Reviewed in CL 603523557"

[[audits.equator-macro]]
who = "<devinj@google.com>"
criteria = ["ub-risk-4"]
version = "0.4.2"
notes = """Reviewed in CL 752779890
The unsafe code is a transmute from a user-provided type to a user-provided type, so it is trivially unsound. Would be better if e.g. the proc macro was renamed unsafe_assert, and had a safety comment describing the preconditions. (It is currently named `assert`, and undocumented.)
"""

[[audits.errno]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.8"
notes = "Reviewed in CL 567624402"

[[audits.error-chain]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.12.4"
notes = "Reviewed in CL 545732008"

[[audits.etcetera]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.10.0"
notes = "Reviewed in CL 750960146"

[[audits.etherparse]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.18.0"
notes = "Reviewed in CL 775556814"

[[audits.ethnum]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "1.5.0"
notes = """Reviewed in CL 624267108
Issues found:
 - error.rs: Unsoundly transmutes into std error types, making assumptions about stability and layout
 - fmt.rs: GenericRadix trait should be unsafe
 - fmt.rs: fmt_u256 has safety comments that are incorrect
"""

[[audits.euclid]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.22.11"
notes = "Reviewed in CL 719023061"

[[audits.fast-float]]
who = [
    "Augie Fackler <augie@google.com>",
    "< manishearth@google.com>"
]
criteria = ["ub-risk-4"]
version = "0.2.0"
notes = """Reviewed in
Issues found:
 - https://github.com/aldanor/fast-float-rust/issues/37 (multiple issues)
"""

[[audits.faster-hex]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.1"
notes = """Reviewed in CL 579318683
Issues found:
- https://github.com/nervosnetwork/faster-hex/pull/39
"""

[[audits.fdt]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.5"
notes = """Reviewed in CL 565675584
No usage of unsafe; one public unsafe function with documented invariants.
"""

[[audits.filedescriptor]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.8.2"
notes = "Reviewed in CL 715944931"

[[audits.filetime]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.2.19"
notes = "Reviewed in CL 559795004"

[[audits.find-msvc-tools]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3"]
version = "0.1.2"
notes = "Reviewed in CL 810860514"

[[audits.fixedbitset]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.0"
notes = "Reviewed in CL 559071858"

[[audits.flatbuffers]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "23.5.26"
notes = "Reviewed in CL 638739860"

[[audits.flate2]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "1.0.24"
notes = """Reviewed in CL 558916134
Issues found:
 - Uninitialized memory: https://github.com/rust-lang/flate2-rs/pull/373
Minor code quality suggestions:
 - Defense in depth on dangling pointers (https://github.com/rust-lang/flate2-rs/issues/379)
 - set_len usage relies on tricky undocumented invariants (incidentally fixed by PR #373)
"""

[[audits.flate2]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
delta = "1.0.24 -> 1.0.27"
notes = """Reviewed in CL 572611911
Same review as previous
"""

[[audits.flate2]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "1.0.27 -> 1.0.28"
notes = """Reviewed in CL 573223148
Issues from previous review (#379, #220) fixed (PRs #380, #373).
"""

[[audits.fleetspeak]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.4.0"
notes = """Reviewed in CL 551181045
Opens files from file descriptors obtained from potentially untrusted sources. This may be okay depending on your use case, and is a common pattern for IPC, but should be included in your project with care since opening the wrong mmaped fd may cause UB.
"""

[[audits.font-types]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.5.0"
notes = "Reviewed in CL 617547813"

[[audits.font-types]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.8.2"
notes = "Reviewed in CL 718913459"

[[audits.fragile]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "2.0.0"
notes = """Reviewed in CL 655309625
Issues found:
 - https://github.com/mitsuhiko/fragile/issues/34
"""

[[audits.fs-set-times]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.20.3"
notes = "Reviewed in CL 778504445"

[[audits.fs4]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.13.1"
notes = "Reviewed in CL 771980548"

[[audits.fsevent-sys]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "4.1.0"
notes = """Reviewed in CL 726605958
FFI crate with some simple wrappers
"""

[[audits.futf]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.5"
notes = "Reviewed in CL 810913099"

[[audits.getifaddrs]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.1.5"
notes = """Reviewed in CL 772629745
Issues found:
 - Iterator for InterfaceIterator impl unconditionally derefs potentially-null current_unicast pointer
"""

[[audits.getrandom]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.1"
notes = """Reviewed in CL 731774826
Tons of unsafe for backend specific syscalls. The MaybeUninit invariant of `fill_inner` is upheld nonlocally and is not tracked in comments. Potentially would be nicer to have `fn fill_inner(&mut [MaybeUninit]) -> &mut [u8]`, and have individual backends do their own `assume_init()` invariant asserting comments.
"""

[[audits.gif]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.12.1"
notes = "Reviewed in CL 637680029"

[[audits.gimli]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.26.2"
notes = """Reviewed in CL 694412583
Based off of existing review for 0.31, diff reviewed was *backwards*.
"""

[[audits.gimli]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.31.0"
notes = """Reviewed in CL 675488712
Could have better documented invariants.
"""

[[audits.gix]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.55.2"
notes = """Reviewed in CL 581562516
Issues found:
 - Unsafe transmute of lifetime (https://github.com/Byron/gitoxide/pull/1154)
 - Interrupt handler function should be unsafe
"""

[[audits.gix_packetline]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.17.5"
notes = "Reviewed in CL 651814949"

[[audits.gix-attributes]]
who = "<devinj@google.com>"
criteria = ["ub-risk-4"]
version = "0.22.2"
notes = """Reviewed in CL 653264864
Issues found:
 - https://github.com/Byron/gitoxide/issues/1460
"""

[[audits.gix-commitgraph]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.22.0"
notes = "Reviewed in CL 581562496"

[[audits.gix-config-value]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.14.0"
notes = "Reviewed in CL 581042137"

[[audits.gix-features]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.30.0 -> 0.40.0"
notes = "Reviewed in CL 720029078"

[[audits.gix-features]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.36.0"
notes = """Reviewed in CL 580908504
Issues:
 - Illegal mutable aliasing (https://github.com/Byron/gitoxide/pull/1115)
"""

[[audits.gix-filter]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.11.2"
notes = "Reviewed in CL 652491636"

[[audits.gix-filter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.11.3 -> 0.13.0"
notes = """Reviewed in CL 666834466
No change to unsafe code
"""

[[audits.gix-hash]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.13.1"
notes = "Reviewed in CL 580781568"

[[audits.gix-index]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2-thorough", "does-not-implement-crypto"]
version = "0.26.0"
notes = """Reviewed in CL 581562538
Relies on mmap'd file being untouched externally.
"""

[[audits.gix-index]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.27.1 -> 0.33.0"
notes = "Reviewed in CL 636423069"

[[audits.gix-pack]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.44.0"
notes = """Reviewed in CL 581562540
Issues:
 - https://github.com/Byron/gitoxide/pull/113
 - https://github.com/Byron/gitoxide/pull/1115
 - https://github.com/Byron/gitoxide/pull/1116
"""

[[audits.gix-pack]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
delta = "0.44.0 -> 0.45.0"
notes = """Reviewed in CL 594331347
Issues found:
 - https://github.com/Byron/gitoxide/pull/1230
 - https://github.com/Byron/gitoxide/issues/1231
(previously found issues have been fixed)
"""

[[audits.gix-ref]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2-thorough"]
version = "0.38.0"
notes = "Reviewed in CL 581562488"

[[audits.gix-ref]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.47.0"
notes = """Reviewed in CL 666834467
Uses mmap, otherwise minimal use of unsafe, well commented
"""

[[audits.gix-revision]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.23.0"
notes = "Reviewed in CL 581562502"

[[audits.gix-revision]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.23.0 -> 0.24.0"
notes = "Reviewed in CL 594331337"

[[audits.gix-revision]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.29.0"
notes = "Reviewed in CL 666885060"

[[audits.gix-sec]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.10.0"
notes = "Reviewed in CL 581046394"

[[audits.gix-tempfile]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "11.0.0"
notes = "Reviewed in CL 581562529"

[[audits.gix-tempfile]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "11.0.1 -> 14.0.0"
notes = "Reviewed in CL 636941982"

[[audits.goblin]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.8.0"
notes = "Reviewed in CL 642006818"

[[audits.half]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.8.2"
notes = """Reviewed in CL 590192561
Issues found:
 - The `set_len`s in slice.rs and vec.rs are premature and create uninitialized vectors
 - (internal safety) f16x4_to_f32x4 and f16x4_to_f32x4_x86_f16c do not enforce i.len() > 4. Should be marked unsafe
(no issues filed, all of the issues appear to be fixed on GitHub main)
"""

[[audits.half]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "1.8.3"
notes = "Reviewed in CL 590192561"

[[audits.half]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "2.4.0"
notes = "Reviewed in CL 610738461"

[[audits.halfbrown]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-4"]
version = "0.2.5"
notes = "Reviewed in CL 659834502"

[[audits.hashlink]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-2"]
version = "0.9.0"
notes = "Reviewed in CL 649389159"

[[audits.highway]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "1.3.0"
notes = "Reviewed in CL 794944624"

[[audits.home]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.4"
notes = "Reviewed in CL 559796554"

[[audits.home]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
delta = "0.5.4 -> 0.5.5"
notes = "Reviewed in CL 566644164"

[[audits.hoot]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.1.3"
notes = """Reviewed in CL 607320079
Issues found:
 - https://github.com/algesten/hoot/issues/2 (fixed in https://github.com/algesten/hoot/pull/3)
"""

[[audits.hoot]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.1.4"
notes = "Reviewed in CL 607320079"

[[audits.hostname]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.0"
notes = "Reviewed in CL 707926879"

[[audits.hound]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "3.5.0"
notes = """Reviewed in CL 564508706
Issues found:
 - https://github.com/ruuda/hound/pull/58
"""

[[audits.html-escape]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.2.13"
notes = """Reviewed in CL 612354454
Issues found:
 - decode_impl macro should have "unsafe" in its name and document the safety at callsites
 - write_hex_to_vec: The Vec::set_len is UB and should only be called after filling the buffer.
"""

[[audits.http]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.49.0"
notes = "Reviewed in CL 588379811"

[[audits.httparse]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
delta = "1.8.0 -> 1.9.4"
notes = """Reviewed in CL 648994349
Issues found:
 - https://github.com/seanmonstar/httparse/issues/177
 -Parsing code would be improved with an API that combines peeking and advancing
"""

[[audits.hyper]]
who = [
    "Manish Goregaokar <manishearth@google.com>",
    "Augie Fackler <augie@google.com>"
]
criteria = ["ub-risk-4"]
version = "1.0.1"
notes = """Reviewed in CL 588384310
Issues found:
 - https://github.com/hyperium/hyper/pull/3498
 - https://github.com/hyperium/hyper/issues/3556
 - https://github.com/hyperium/hyper/issues/3500
(probably not a real issue)
 - https://github.com/hyperium/hyper/issues/3554 (documentation)
"""

[[audits.hyper-util]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.3"
notes = "Reviewed in CL 605631967"

[[audits.igvm]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.3.0"
notes = "Reviewed in CL 660125968"

[[audits.image]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.24.6"
notes = "Reviewed in CL 559198279"

[[audits.imara_diff]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.7"
notes = "Reviewed in CL 657293942"

[[audits.imara-diff]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.1.5"
notes = "Reviewed in CL 581562578"

[[audits.indexmap]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "2.2.6"
notes = "Reviewed in CL 629033781"

[[audits.inotify]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.9.6"
notes = "Reviewed in CL 562731461"

[[audits.inst]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "1.40.0 -> 1.41.1"
notes = """Reviewed in CL 698174008
One usage of unsafe, could have safety comments
"""

[[audits.insta]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "1.29.0"
notes = "Reviewed in CL 554440331"

[[audits.insta]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.42.0"
notes = """Reviewed in CL 718829060
Only use of unsafe is bind_async, which does a straightforward projection. Can be removed with https://github.com/mitsuhiko/insta/pull/711
"""

[[audits.intaglio]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "1.11.0"
notes = "Reviewed in CL 821787257"

[[audits.intrusive-collections]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.9.6"
notes = "Reviewed in CL 638226392"

[[audits.io-close]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.7"
notes = "Reviewed in CL 733421084"

[[audits.io-extras]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.18.4"
notes = "Reviewed in CL 799517019"

[[audits.is_executable]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.4"
notes = "Reviewed in CL 696533953"

[[audits.is-terminal]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.13"
notes = "Reviewed in CL 666758546"

[[audits.isolang]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "2.4.0"
notes = "Reviewed in CL 710664600"

[[audits.itertools]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.11.0"
notes = "Reviewed in CL 566337310"

[[audits.itoap]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.1"
notes = "Reviewed in CL 649662185"

[[audits.jaq]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3"]
version = "2.2.0"
notes = "Reviewed in CL 778639304"

[[audits.jiff]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.0"
notes = "Reviewed in CL 666672133"

[[audits.jiff]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.1.0 -> 0.1.24"
notes = """Reviewed in CL 717066700
New Android system APIs, otherwise no change to unsafe code since last review
"""

[[audits.jiter]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.0.6"
notes = "Reviewed in CL 615051835"

[[audits.jj_cli]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.11.0"
notes = "Reviewed in CL 586453800"

[[audits.jj_cli]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.8.0"
notes = "Reviewed in CL 558944141"

[[audits.jj_lib]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.11.0"
notes = "Reviewed in CL 586453800"

[[audits.jj-cli]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.8.0"
notes = "Reviewed in CL 554583176"

[[audits.js-sys]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.69"
notes = "Reviewed in CL 652404154"

[[audits.js-sys]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.3.69 -> 0.3.70"
notes = """Reviewed in CL 696447614
Minor changes since last review
"""

[[audits.json_writer]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.0"
notes = "Reviewed in CL 809112751"

[[audits.jxl]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["ub-risk-1"]
version = "0.1.1"
notes = "Reviewed in "

[[audits.kamadak-exif]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.6.1"
notes = "Reviewed in CL 827439468"

[[audits.keccak]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.5"
notes = "Reviewed in CL 636605237"

[[audits.kstring]]
who = "<devinj@google.com>"
criteria = ["ub-risk-3"]
version = "2.0.0"
notes = """Reviewed in CL 653263733
Issues found:
 - Should use repr(C) union to get correct layout: https://github.com/cobalt-org/kstring/pull/77.
 - Ideally the HeapStr trait should be unsafe, but this is a local issue since the trait is sealed.
"""

[[audits.kstring]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
delta = "2.0.0 -> 2.0.1"
notes = "Reviewed in CL 655475274"

[[audits.kvm-ioctls]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.14.0"
notes = "Reviewed in CL 549307303"

[[audits.kvm-ioctls]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.14.0"
notes = "Reviewed in CL 565655079"

[[audits.kvm-ioctls]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.15.0 -> 0.17.0"
notes = "Reviewed in CL 634689649"

[[audits.lab]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.11.0"
notes = "Reviewed in CL 716390760"

[[audits.lebe]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.5.2"
notes = "Reviewed in CL 793627519"

[[audits.lexical]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "6.1.1"
notes = """Reviewed in CL 545304248
Many issues found across the `lexical` family of crates:
 - https://github.com/Alexhuszagh/rust-lexical/pull/103
 - https://github.com/Alexhuszagh/rust-lexical/issues/104
 - https://github.com/Alexhuszagh/rust-lexical/issues/101
 - https://github.com/Alexhuszagh/rust-lexical/issues/95
 - Beyond the above issues, review was not completed on the unchecked indexing
"""

[[audits.lexical_parse_integer]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.6"
notes = """Reviewed in CL 545304272
See notes on lexical crate.
"""

[[audits.lexical_parse_integer]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.6"
notes = """Reviewed in CL 545304281
See notes on lexical crate.
"""

[[audits.lexical_util]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.5"
notes = """Reviewed in CL 545304267
See notes on lexical crate.
"""

[[audits.lexical_write_float]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.5"
notes = """Reviewed in CL 545304258
See notes on lexical crate.
"""

[[audits.lexical-core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.8.5"
notes = """Reviewed in CL 545304290
See notes on lexical crate.
"""

[[audits.lexical-write-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.8.5"
notes = """Reviewed in CL 545304293
See notes on lexical crate.
"""

[[audits.libafl_bolts]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-4"]
version = "0.14.1"
notes = "Reviewed in CL 752209217"

[[audits.libc]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
delta = "0.2.150 -> 0.2.153"
notes = "Reviewed in CL 622219230"

[[audits.libc-print]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.20"
notes = "Reviewed in CL 779126414"

[[audits.libfuzz-sys]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
delta = "0.4.4 -> 0.4.5"
notes = """Reviewed in CL 562889777
Issues found:
- https://github.com/rust-fuzz/libfuzzer/issues/112
- https://github.com/rust-fuzz/libfuzzer/issues/113
"""

[[audits.libfuzzer-sys]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.4.7"
notes = "Reviewed in CL 564731033"

[[audits.libloading]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.8.0"
notes = "Reviewed in CL 562765830"

[[audits.liblzma]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.1"
notes = "Reviewed in CL 767514298"

[[audits.liblzma-sys]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.4.3"
notes = "Reviewed in CL 767507325"

[[audits.libproc]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.14.8"
notes = """Reviewed in CL 650620517
Issues found:
 - `pidinfo` buffer is inferred as `c_void` and is therefore too small
 - `PIDFDInfo` and `PIDRUsage` should be `unsafe trait`s
"""

[[audits.libshpool]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.3"
notes = "Reviewed in CL 580903771"

[[audits.libshpool]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.0"
notes = "Reviewed in CL 609436265"

[[audits.libsqlite3-sys]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-2"]
version = "0.28.0"
notes = "Reviewed in CL 649389160"

[[audits.line-index]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.0"
notes = "Reviewed in CL 562882288"

[[audits.line-index]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.1"
notes = "Reviewed in CL 599482318"

[[audits.linkme]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-4"]
version = "0.3.32"
notes = "Reviewed in CL 758190959"

[[audits.linkme-impl]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-4"]
version = "0.3.32"
notes = "Reviewed in CL 758190960 (but see the review for linkme)"

[[audits.linux-loader]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.9.0"
notes = "Reviewed in CL 548095317"

[[audits.linux-loader]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.9.0 -> 0.10.0"
notes = "Reviewed in CL 600836074"

[[audits.linux-raw-sys]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.4.10"
notes = "Reviewed in CL 581059097"

[[audits.lock_api]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
delta = "0.4.9 -> 0.4.10"
notes = "Reviewed in CL 563851550"

[[audits.log]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.4.20"
notes = "Reviewed in CL 563853923"

[[audits.logos]]
who = "<devinj@google.com>"
criteria = ["ub-risk-0"]
version = "0.15.0"
notes = "Reviewed in CL 742874864"

[[audits.logos-codegen]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.15.0"
notes = "Reviewed in CL 742874863"

[[audits.mac_address]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.1.7"
notes = """Reviewed in CL 718900394
winapi code
"""

[[audits.malloced]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "1.3.1"
notes = "Reviewed in CL 604812730"

[[audits.matchers]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.0"
notes = """Reviewed in CL 639804665
Has relatively straightforward invariant, but invariant could be documented further. Filed PR: https://github.com/hawkw/matchers/pull/9
"""

[[audits.mathcal]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.6.9"
notes = "Reviewed in CL 770938969"

[[audits.memchr]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "2.6.3"
notes = """Reviewed in CL 563868651
Second review would be appreciated.
"""

[[audits.memfd]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.6.4"
notes = "Reviewed in CL 703568697"

[[audits.memoffset]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.9.0"
notes = "Reviewed in CL 555491937"

[[audits.merlin]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "3.0.0"
notes = """Reviewed in CL 660103172
Issues found:
 - https://github.com/zkcrypto/merlin/pull/7
"""

[[audits.minifier]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.2.3"
notes = """Reviewed in CL 577203072
Issues found:
 - https://github.com/GuillaumeGomez/minifier-rs/issues/105
"""

[[audits.mmx]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3"]
version = "0.1.32"
notes = "Reviewed in CL 769615692"

[[audits.nanorand]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.7.0"
notes = "Reviewed in CL 562503105"

[[audits.netlink-packet-core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "0.7.0"
notes = "Reviewed in CL 772208218"

[[audits.netlink-sys]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.8.0"
notes = "Reviewed in CL 772197803"

[[audits.nix]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.26.1 -> 0.28.0"
notes = """Reviewed in CL 622222105
(The rating differs from the previous once since I feel that the crate needs much more safety comments)
"""

[[audits.nix]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.26.2"
notes = "Reviewed in CL 552861153"

[[audits.notify]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "6.1.1"
notes = "Reviewed in CL 562731464"

[[audits.nu_ansi_term]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.49.0"
notes = "Reviewed in CL 585090965"

[[audits.num_enum_derive]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.2"
notes = "Reviewed in CL 647708155"

[[audits.num_traits]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.15"
notes = "Reviewed in CL 558869499"

[[audits.num_traits]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
delta = "0.2.15 -> 0.2.16"
notes = "Reviewed in CL 562140156"

[[audits.num-bigint-dig]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.8.4"
notes = """Reviewed in CL 598457101
Issues found:
 - to_str_radix_reversed is required to return a valid string by unsafe code, but this is not documented, nor is it easy to verify. It should probably return a String (at least internally), and have better safety documentation, or a double check when converting from UTF8
"""

[[audits.numpy]]
who = "<devinj@google.com>"
criteria = ["ub-risk-4"]
delta = "0.20.0 -> 0.21.0"
notes = """Reviewed in CL 683848897
Issues found:
 - to_owned_array needs to be unsafe as it can introduce aliasing UB
 - Review incomplete: pervasive undocumented unsafety
"""

[[audits.object]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-1"]
version = "0.32.0"
notes = "Reviewed in CL 558738698"

[[audits.os_pipe]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.2.1"
notes = "Reviewed in CL 715231802"

[[audits.owo-colors]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "3.5.0"
notes = """Reviewed in CL 683999019
Issues found:
 - Unsafe code relies on const promotion. This *may* actually be sound in a const context, however it's not a huge deal since it's easy to patch: https://github.com/jam1garner/owo-colors/pull/131
"""

[[audits.owo-colors]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "4.1.0"
notes = """Reviewed in CL 683999019
Issues found:
 - Unsafe code relies on const promotion. This *may* actually be sound in a const context, however it's not a huge deal since it's easy to patch: https://github.com/jam1garner/owo-colors/pull/131
"""

[[audits.p9]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.2"
notes = "Reviewed in CL 713823916"

[[audits.parquet]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "51.0.0"
notes = "Reviewed in CL 642798209"

[[audits.parquet]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "54.0.0"
notes = """Reviewed in CL 712680846
Skipped all the `arrow` parts of this crate as we won't use them.
"""

[[audits.partial-io]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.4"
notes = "Reviewed in CL 767496248"

[[audits.pcap]]
who = "<devinj@google.com>"
criteria = ["ub-risk-3"]
version = "2.2.0"
notes = "Reviewed in CL 772184300"

[[audits.perf_event]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.8"
notes = "Reviewed in CL 583996666"

[[audits.perf-event-open-sys]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "4.0.0"
notes = "Reviewed in CL 583996664"

[[audits.petgraph]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.5.1"
notes = """Reviewed in CL 558142733
Issues found:
- https://github.com/petgraph/petgraph/pull/404
- https://github.com/petgraph/petgraph/issues/582
"""

[[audits.planus]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.1"
notes = """Reviewed in CL 702424963
Issues found:
 - Some traits should be unsafe https://github.com/planus-org/planus/issues/276
"""

[[audits.polars]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "0.38.3"
notes = """Reviewed in CL 645917709
No unsafe code outside of tests.
"""

[[audits.polars-arrow-format]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.0"
notes = "Reviewed in CL 703108664"

[[audits.polars-ffi]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.48.1"
notes = "Reviewed in CL 774758919"

[[audits.polars-io]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.38.3"
notes = """Reviewed in CL 645900171
No actual unsoundness was found, however this crate was rather hard to review, with a lot of usages of unsafe in the CSV parser that seemed gratuitous, and uncommented. Rating can be lowered when someone can find the time to review this.
"""

[[audits.polars-json]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.38.3"
notes = """Reviewed in CL 671839126
issues found:
 - Unsafe code relies on entirely undocumented invariants pervasive in code around only ever producing UTF8 bytes. Code should be updated to use `&mut String`
 - https://github.com/pola-rs/polars/pull/18725
"""

[[audits.polars-parquet]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.44.2"
notes = "Reviewed in CL 704268862"

[[audits.polars-plan]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.38.3"
notes = """Reviewed in CL 653608525
Issues found:
 - Unprotected public `static mut`s read in safe code
 - Review incomplete: pervasive undocumented unsafety
"""

[[audits.polars-row]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-3"]
version = "0.38.3"
notes = "Reviewed in CL 644011025"

[[audits.polars-stream]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-4"]
version = "0.48.1"
notes = "Reviewed in CL 771500385"

[[audits.polars-time]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.38.3"
notes = """Reviewed in CL 645900204
mem::transmute of ParseError is unsound and unnecessary.
"""

[[audits.polars-time]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.38.3"
notes = "Reviewed in CL 645900204"

[[audits.polars-utils]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.38.3"
notes = "Reviewed in CL 636679479"

[[audits.pollster]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.0"
notes = """Reviewed in CL 581562576
Usage of unsafe is fine, but crate can be 100% safe: https://github.com/zesterer/pollster/pull/23
"""

[[audits.portable-atomic-util]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.2.4"
notes = "Reviewed in CL 772168486"

[[audits.postcard]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "1.0.10 -> 1.1.1"
notes = "Reviewed in CL 707054899"

[[audits.postcard]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "1.0.2 -> 1.0.10"
notes = "Reviewed in CL 698047950"

[[audits.powerfmt]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.2.0"
notes = "Reviewed in CL 578897702"

[[audits.process-wrap]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-3"]
version = "8.0.2"
notes = "Reviewed in CL 640811587"

[[audits.proptest]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.10.1"
notes = """Reviewed in CL 615011355
Not safe with hardware_rng feature on platforms without RDRAND support. Should bubble up the invariant or have a feature test assertion
"""

[[audits.pulldown_cmark]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.8.0"
notes = "Reviewed in CL 669013210"

[[audits.pulldown-cmark]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.9.3"
notes = "Reviewed in CL 555491415"

[[audits.pulldown-cmark-escape]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.11.0"
notes = "Reviewed in CL 658107045"

[[audits.pulldown-latex]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.1"
notes = """Reviewed in CL 764665483
Ideally can use fmt::Writer instead of io::Writer.
"""

[[audits.pyo3_macros]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-0"]
version = "0.20.3"
notes = "Reviewed in CL 616043931"

[[audits.pyo3_macros_backend]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.23.1"
notes = "Reviewed in CL 697590460"

[[audits.ra_ap_ide_db]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
version = "0.0.241"
notes = "Reviewed in CL 694853573"

[[audits.ra_ap_proc_macro_srv]]
who = "<devinj@google.com>"
criteria = ["ub-risk-4"]
version = "0.0.241"
notes = """Reviewed in CL 719871627
Issues found:
 - https://github.com/rust-lang/rust-analyzer/issues/19342
"""

[[audits.ra_ap_rust-analyzer]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.0.241"
notes = "Reviewed in CL 694923973"

[[audits.ra_ap_rustc_abi]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.75.0"
notes = "Reviewed in CL 693823235"

[[audits.ra_ap_salsa]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.0.241"
notes = "Reviewed in CL 694114488"

[[audits.ra_ap_stdx]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.0.241"
notes = "Reviewed in CL 694057205"

[[audits.radix_fmt]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.0"
notes = """Reviewed in CL 762469621
One use of unsafe to build up an ASCII alphanumeric string.
"""

[[audits.rand]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.9.1"
notes = "Reviewed in CL 755137509"

[[audits.rand_xorshift]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.0"
notes = "Reviewed in CL 615005895"

[[audits.read-fonts]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.15.6"
notes = "Reviewed in CL 611302616"

[[audits.realfft]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "3.3.0"
notes = "Reviewed in CL 564478712"

[[audits.ref-cast]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.20"
notes = "Reviewed in CL 585449372"

[[audits.ref-cast-impl]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.20"
notes = "Reviewed in CL 585449373"

[[audits.referencing]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.29.1"
notes = """Reviewed in CL 831131871
This crate seems to use unsafe code in a very underdocumented way to achieve self-referencing. Self-referencing is very tricky to get right, and while I'm not 100% sure I think this crate does it wrong.
https://github.com/Stranger6667/jsonschema/issues/851
"""

[[audits.regex_automata]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.3.8"
notes = "Reviewed in CL 563876644"

[[audits.regex_automata]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
delta = "0.3.8 -> 0.4.3"
notes = "Reviewed in CL 576161259"

[[audits.regex-automata]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-1"]
delta = "0.4.8 -> 0.4.9"
notes = """Reviewed in CL 701879630
Built on top of previous diff reviews
"""

[[audits.relative-path]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "1.9.3"
notes = "Reviewed in CL 820550361"

[[audits.rinja_derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.5"
notes = """Reviewed in CL 691465402
The unsafe code is mostly in from_utf8_unchecked calls. It does not appear to be particularly performance-necessary, and the crate could use clearer tracking of these invariants. One bit of unsafe code relies on code in rinja_parser continuing to be ASCII-only.
"""

[[audits.rinja_parser]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.5"
notes = """Reviewed in CL 691465401
Review done alongside rinja_derive.
The unsafe code is mostly in from_utf8_unchecked calls. It does not appear to be particularly performance-necessary, and the crate could use clearer tracking of these invariants. One bit of unsafe code relies on code in rinja_parser continuing to be ASCII-only.
"""

[[audits.rlsf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.1"
notes = """Reviewed in CL 710142550
Custom allocator crate doing a bunch of pointer math. Decent safety comments.
"""

[[audits.roman-numerals-rs]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "3.1.0"
notes = "Reviewed in CL 762479504"

[[audits.rpassword]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "7.3.1"
notes = "Reviewed in CL 702377827"

[[audits.rubato]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.14.1"
notes = "Reviewed in CL 570228314"

[[audits.rusqlite]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-3"]
version = "0.32.0"
notes = """Reviewed in CL 649389163
Issues found:
 - https://github.com/rusqlite/rusqlite/issues/1546
 - Technically, free_boxed_value should use catch_unwind (minor)
"""

[[audits.rustix-linux-procfs]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.1.1"
notes = "Reviewed in CL 778504452"

[[audits.rustybuzz]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-0"]
version = "0.12.0"
notes = """Reviewed in CL 649338374
Only unsafe is in examples
"""

[[audits.ruzstd]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.0"
notes = """Reviewed in CL 557876502
Issues found:
 - https://github.com/KillingSpark/zstd-rs/issues/44
 - extend_from_within_unchecked_branchless is hard to review but it's currently dead code
"""

[[audits.ruzstd]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.0"
notes = "Reviewed in CL 615772489"

[[audits.ryu-js]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.2.2"
notes = """Reviewed in CL 589126213
Issues found:
 - Internal unsoundness around the invariants of q and i in f2s_intrinsics.rs
 - Unclear bounds checking around get_unchecked in s2d.rs
"""

[[audits.safe_arch]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "0.7.4"
notes = "Reviewed in CL 796208907"

[[audits.sapling-streampager]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.10.3"
notes = """Reviewed in CL 719162422
Issues found:
 - BufferWrite::written() must clamp
"""

[[audits.scopeguard]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.2.0"
notes = """Reviewed in CL 728831450
Implements a drop guard, unsafe code around ptr::read/ManuallyDrop and Sync impl. Rather clearly commented.
"""

[[audits.scroll]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.12.0"
notes = "Reviewed in CL 642006817"

[[audits.seccompiler]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1", "does-not-implement-crypto"]
version = "0.3.0"
notes = "Reviewed in CL 547754248"

[[audits.security-framework-sys]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "2.13.0"
notes = """Reviewed in CL 711542463
FFI
"""

[[audits.serde_bser]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.0"
notes = "Reviewed in CL 696305035"

[[audits.serde_core]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.228"
notes = "Reviewed in CL 816638143"

[[audits.serde_jcs]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.1.0"
notes = "Reviewed in CL 590122717"

[[audits.serde_yml]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.0.12"
notes = """Reviewed in https://github.com/sebastienrousseau/libyml
DO NOT USE, ported from libyml using c2rust, and then "fixed" by an LLM, with unsound code like https://github.com/sebastienrousseau/libyml/blob/2d23ead2742c196b0e65004a9ed353bc30bea6ad/src/document.rs#L711-L715
Should be strongly avoided.
"""

[[audits.sha1_smol]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.0"
notes = "Reviewed in CL 581562531"

[[audits.shlex]]
who = [
    "Manish Goregaokar <manishearth@google.com>",
    "Augie Fackler <augie@google.com>"
]
criteria = ["ub-risk-3"]
version = "1.3.0"
notes = """Reviewed in CL 600742555
This crate appears safe, but it's not clear that the unchecked utf8 stuff is necessary given the use case, and it relies on undocumented invariants from the bytes iterator code. Would be nice to have these properties documented and fuzz tested.
"""

[[audits.shpool_pty]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.1.0"
notes = """Reviewed in CL 578198476
Issues:
 - Data race in Fork::new
"""

[[audits.shpool_pty]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.2.1"
notes = "Reviewed in CL 578198476"

[[audits.shpool_pty]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2-thorough", "does-not-implement-crypto"]
version = "0.3.0"
notes = "Reviewed in CL 578198476"

[[audits.simd-json]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.13.10"
notes = """Reviewed in CL 661175961
Issues found:
 - Review incomplete: Pervasive undocumented unsafety.
"""

[[audits.simple_logger]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "4.3.3"
notes = """Reviewed in CL 706757224
Uses unsafe for interfacing with Windows tty APIs
"""

[[audits.skiplist]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.1"
notes = "Reviewed in CL 769416918"

[[audits.skrifa]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.16.0"
notes = "Reviewed in CL 614825012"

[[audits.slotmap]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "1.0.6"
notes = "Reviewed in CL 647314509"

[[audits.smallstr]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.0"
notes = "Reviewed in CL 740466574"

[[audits.smallvec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.11.0"
notes = "Reviewed in CL 552492992"

[[audits.smol_str]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.0"
notes = "Reviewed in CL 558187227"

[[audits.speedate]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.13.0"
notes = """Reviewed in CL 614967252
Would be rather straightforward to add safety comments
"""

[[audits.sptr]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.2"
notes = "Reviewed in CL 660053567"

[[audits.stable-deref-trait]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "1.2.0"
notes = """Reviewed in
Purely a trait, crates using this should be carefully vetted since self-referential stuff can be super tricky around various unsafe rust edges.
"""

[[audits.strck]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-1"]
version = "1.0.0"
notes = "Reviewed in CL 685732460"

[[audits.swc_atoms]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.5.7"
notes = "Reviewed in CL 547104864"

[[audits.swc_common]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.31.17"
notes = """Reviewed in CL 547720673
Issues found:
 - https://github.com/swc-project/swc/issues/7709
"""

[[audits.swc_ecma_ast]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.107.0"
notes = "Reviewed in CL 545304253"

[[audits.swc_ecma_parser]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.137.1"
notes = """Reviewed in CL 545304254
Issues found:
 - https://github.com/swc-project/swc/issues/7797
 - https://github.com/swc-project/swc/issues/7752
"""

[[audits.swc_visit]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.5.7"
notes = "Reviewed in CL 546872016"

[[audits.sxd-document]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.3.2"
notes = """Reviewed in CL 764633109
Issues found:
 - Large quantities of mostly undocumented, difficult-to-audit raw pointer manipulation, but these seem to all bake down to sound use of arena-owned memory.
"""

[[audits.syn]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "2.0.29"
notes = "Reviewed in CL 559769881"

[[audits.sync_wrapper]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.1.2"
notes = "Reviewed in CL 605332043"

[[audits.tar]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.0"
notes = "Reviewed in CL 627536088"

[[audits.tar]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.4.40 -> 0.4.42"
notes = "Reviewed in CL 688729490"

[[audits.terminal_size]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.4.2"
notes = "Reviewed in CL 756344022"

[[audits.termios]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.3.3"
notes = """Reviewed in CL 715944917
Issues found:
 - mem::uninitialized (https://github.com/dcuddeback/termios-rs/pull/28)
"""

[[audits.termwiz]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.22.0"
notes = "Reviewed in CL 715944910"

[[audits.tfhe]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.1"
notes = """Reviewed in CL 557823618
Issues found:
 - https://github.com/zama-ai/tfhe-rs/issues/526
"""

[[audits.tfhe-csprng]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.0"
notes = "Reviewed in CL 758730716"

[[audits.tfhe-ntt]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.0"
notes = "Reviewed in CL 761105022"

[[audits.tiff]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.9.0"
notes = "Reviewed in CL 745174015"

[[audits.tiktoken]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3"]
version = "0.12.0"
notes = "Reviewed in CL 817400202"

[[audits.time]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.3.37"
notes = """Reviewed in CL 735478267
Uses unsafe to maintain calendrical invariants (is this necessary?)
The comments are rather deficient: the underlying invariants are not tracked consistently and the math needs to be hand checked at times.
"""

[[audits.time-macros]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.15"
notes = "Reviewed in CL 580962188"

[[audits.tokenizers]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.19.1"
notes = """Reviewed in CL 684450749
Issues found:
 - UB with static mut https://github.com/huggingface/tokenizers/issues/1491
 - underdocumented safety invariants in cases that need more documentation (PR in https://github.com/huggingface/tokenizers/pull/1651)
"""

[[audits.tokenizers]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.20.1"
notes = """Reviewed in CL 684450749
Issues found:
 - underdocumented safety invariants in cases that need more documentation (PR in https://github.com/huggingface/tokenizers/pull/1651)
"""

[[audits.tokenizers]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
delta = "0.20.1 -> 0.20.4"
notes = "Reviewed in CL 706934375"

[[audits.tokenizers-python]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.20.1"
notes = "Reviewed in CL 687963248"

[[audits.toml_edit]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.22.12"
notes = """Reviewed in CL 628398549
Issues found:
 - Better documented safety: https://github.com/toml-rs/toml/pull/720
 - Unclear on mll_quotes and mlb_quotes being safe
"""

[[audits.tracing]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.1.39"
notes = """Reviewed in CL 573852894
Issues found:
 - https://github.com/tokio-rs/tracing/pull/2765
"""

[[audits.tracing]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.1.40 -> 0.1.41"
notes = """Reviewed in CL 709456617
Previous UB was fixed. Small amount of unsafe, well-commented.
"""

[[audits.tracing-core]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.30"
notes = "Reviewed in CL 555490997"

[[audits.tracing-core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.1.30 -> 0.1.32"
notes = "Reviewed in CL 573852436"

[[audits.tracing-log]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.0"
notes = "Reviewed in CL 585090968"

[[audits.transpose]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.2"
notes = "Reviewed in CL 551680548"

[[audits.triomphe]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.1.8"
notes = """Reviewed in CL 545304280
Issues found:
- https://github.com/Manishearth/triomphe/pull/62
"""

[[audits.triomphe]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.9"
notes = "Reviewed in CL 545304280"

[[audits.twox-hash]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "2.1.0"
notes = """Reviewed in CL 735469359
Unsafe found:
 - Some unchecked indexing based on internal invariants
 - A bunch of target specific simd and simple asm
 - Some unsafe traits
 - Some casting between different integer buffer types, correctly handling alignment
"""

[[audits.typed-arena]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "2.0.2"
notes = "Reviewed in CL 545304268"

[[audits.typeid]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.0.2"
notes = "Reviewed in CL 707957977"

[[audits.typewit]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
version = "1.11.0"
notes = "Reviewed in CL 746362951"

[[audits.uds]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "0.2.6"
notes = """Reviewed in CL 552861165
Issues found:
- https://github.com/tormol/uds/issues/11
- https://github.com/tormol/uds/pull/9, https://github.com/tormol/uds/pull/10
- https://github.com/tormol/uds/issues/12
"""

[[audits.uds]]
who = [
    "Manish Goregaokar <manishearth@google.com>",
    "Augie Fackler <augie@google.com>",
    "<mmaurer@google.com>"
]
criteria = ["ub-risk-4"]
version = "0.4.1"
notes = """Reviewed in CL 568546769
Issues found:
 - https://github.com/tormol/uds/pull/14
 - https://github.com/tormol/uds/pull/15
 - https://github.com/tormol/uds/issues/16
 - https://github.com/tormol/uds/issues/17
"""

[[audits.ufmt]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.0"
notes = "Reviewed in CL 587894431"

[[audits.ufmt-write]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.1.0"
notes = """Reviewed in CL 587772035
Issues found:
- https://github.com/japaric/ufmt/pull/60
"""

[[audits.unicode-bom]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "2.0.2"
notes = "Reviewed in CL 581562581"

[[audits.unicode-reverse]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-1"]
version = "1.0.8"
notes = "Reviewed in CL 622744657"

[[audits.uniffi_macros]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-3"]
version = "0.29.1"
notes = "Reviewed in CL 752709844"

[[audits.urlencoding]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "2.1.3"
notes = "Reviewed in CL 778639303"

[[audits.utf8parse]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-3"]
version = "0.2.1"
notes = "Reviewed in CL 559131770"

[[audits.vfio-bindings]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.3.1"
notes = "Reviewed in CL 545971960"

[[audits.vfio-ioctls]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.1.0"
notes = "Reviewed in CL 545971961"

[[audits.vhost]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.0"
notes = "Reviewed in CL 546255068"

[[audits.vhost]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.8.0"
notes = """Reviewed in CL 559359624
Issues found:
 - https://github.com/rust-vmm/vhost/pull/184
"""

[[audits.vhost]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.8.1"
notes = "Reviewed in CL 559359624"

[[audits.vhost-user-backend]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.10.1"
notes = "Reviewed in CL 559122379"

[[audits.virtio]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.2.1"
notes = "Reviewed in CL 557159752"

[[audits.virtio-queue]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.12.0 -> 0.14.0"
notes = """Reviewed in CL 717945204
No change to unsafe since last review
"""

[[audits.virtio-queue]]
who = "Augie Fackler <augie@google.com>"
criteria = ["ub-risk-2"]
delta = "0.9.0 -> 0.12.0"
notes = "Reviewed in CL 634659048"

[[audits.virtiofsd]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3", "does-not-implement-crypto"]
version = "1.6.1"
notes = """Reviewed in CL 548811972
Issues found:
 - https://gitlab.com/virtio-fs/virtiofsd/-/issues/113 (only an issue for library users)
"""

[[audits.vm-memory]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.12.1"
notes = """Reviewed in CL 556862067
Issues found:
 - https://github.com/rust-vmm/vm-memory/issues/250
"""

[[audits.vm-memory]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.12.1"
notes = """Reviewed in CL 556862067
Issues from previous review fixed
"""

[[audits.vm-memory]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4", "does-not-implement-crypto"]
version = "0.13.1"
notes = """Reviewed in CL 595684339
Issues found:
- https://github.com/rust-vmm/vm-memory/issues/281
"""

[[audits.vmm_sys_util]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.12.1"
notes = "Reviewed in CL 599627630"

[[audits.vte]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-4"]
version = "0.12.0"
notes = """Reviewed in CL 579243289
Issues found:
 - https://github.com/alacritty/vte/pull/102
"""

[[audits.vte]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
delta = "0.12.0 -> 0.12.1"
notes = """Reviewed in CL 725665450
Issues found in previous audit fixed. Not reaudited to check if it qualifies for ub-risk-2 or above, but appears to need more unsafe comments.
"""

[[audits.vtparse]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.2"
notes = "Reviewed in CL 716291286"

[[audits.wasefire-applet-api]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.0"
notes = "Reviewed in CL 699241799"

[[audits.wasefire-applet-api-desc]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.2.1"
notes = """Reviewed in CL 699230688
Would be nice to have comments
"""

[[audits.wasm-bindgen]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.92"
notes = "Reviewed in CL 643989424"

[[audits.wasm-bindgen]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.2.92 -> 0.2.93"
notes = """Reviewed in CL 695250202
Not much unsafe diff from last review
"""

[[audits.wasm-bindgen-backend]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.92"
notes = "Reviewed in CL 643989422"

[[audits.wasm-bindgen-backend]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
delta = "0.2.92 -> 0.2.93"
notes = "Reviewed in CL 695250202"

[[audits.wasm-bindgen-futures]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2"]
version = "0.4.43"
notes = "Reviewed in CL 696456463"

[[audits.wasm-bindgen-macro]]
who = "<mmaurer@google.com>"
criteria = ["ub-risk-1"]
version = "0.2.92"
notes = "Reviewed in CL 643989420"

[[audits.wasmparser]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.214.0"
notes = "Reviewed in CL 737530206"

[[audits.wasmtime-cache]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
version = "27.0.0"
notes = "Reviewed in CL 722783271"

[[audits.wezterm-color-types]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2"]
version = "0.3.0"
notes = "Reviewed in CL 716390757"

[[audits.wezterm-dynamic]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.2.0"
notes = "Reviewed in CL 716296241"

[[audits.wide]]
who = "<teddykatz@google.com>"
criteria = ["ub-risk-2"]
version = "0.7.33"
notes = "Reviewed in CL 796208909"

[[audits.winnow]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
version = "0.5.19"
notes = "Reviewed in CL 581220347"

[[audits.xlsynth]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.0.11"
notes = """Reviewed in CL 644646753
- Uses dlsym for FFI, could use more safety docs separating dlsym unsafety from C API unsafety
"""

[[audits.xlsynth]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-4"]
version = "0.29.0"
notes = "Reviewed in CL 684413090"

[[audits.xlsynth-sys]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-2"]
delta = "0.0.181 -> 0.0.184"
notes = "Reviewed in CL 807825913"

[[audits.xxhash-rust]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.8.15"
notes = "Reviewed in CL 747784964"

[[audits.xxhash-rust]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-4"]
version = "0.8.6"
notes = """Reviewed in CL 552861145
Many internal functions that are `unsafe` to call are not marked `unsafe`.
See https://github.com/DoumanAsh/xxhash-rust/issues/29
"""

[[audits.yansi]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "1.0.1"
notes = "Reviewed in CL 705950806"

[[audits.yansi-term]]
who = "<devinj@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.2"
notes = "Reviewed in CL 701084302"

[[audits.yoke]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
version = "0.7.4"
notes = """Reviewed in https://github.com/unicode-org/icu4x/pull/5046
Review performed as PR: https://github.com/unicode-org/icu4x/pull/5046. Minor docs improvements, plus known currently-unsolvable issue around potential future noalias UB (https://github.com/unicode-org/icu4x/issues/2095)
"""

[[audits.yoke]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-2", "does-not-implement-crypto"]
delta = "0.7.4 -> 0.7.5"
notes = """Reviewed in CL 700087030
Patches from last review all applied
"""

[[audits.yrs]]
who = "Ben Saunders <bsaunders@google.com>"
criteria = ["ub-risk-4"]
version = "0.23.0"
notes = """Reviewed in CL 740466576
Issues found:
 - Unsoundness in AtomicRef::update, ItemPtr, BranchPtr, ...
 - Review left incomplete
"""

[[audits.zerocopy]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.6.1"
notes = "Reviewed in CL 592374439"

[[audits.zerocopy]]
who = "Taylor Cramer <cramertj@google.com>"
criteria = ["ub-risk-1"]
version = "0.8.14"
notes = "Reviewed in CL 714029246"

[[audits.zerotrie]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-2"]
version = "0.1.2"
notes = "Reviewed in https://github.com/unicode-org/icu4x/pull/2722/"

[[audits.zlib-sys]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["ub-risk-3"]
version = "0.4.2"
notes = """Reviewed in CL 730913141
Partial review performed: Mostly SIMD and allocator stuff. Seems correct enough for ub-risk-3.
"""

[[audits.zune-jpeg]]
who = "Luca Versari <veluca@google.com>"
criteria = ["ub-risk-3"]
version = "0.4.19"
notes = "Reviewed in CL 782822780"