[criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" implies = "crypto-safe" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [criteria.rule-of-two-safe-to-deploy] description = """ This is a stronger requirement than the built-in safe-to-deploy criteria, motivated by Chromium's rule-of-two related requirements: https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md#unsafe-code-in-safe-languages This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. Auditors are not required to perform a full logic review of the entire crate. Rather, they must review enough to fully reason about the behavior of all unsafe blocks and usage of powerful imports. For any reasonable usage of the crate in real-world software, an attacker must not be able to manipulate the runtime behavior of these sections in an exploitable or surprising way. Ideally, ambient capabilities (e.g. filesystem access) are hardened against manipulation and consistent with the advertised behavior of the crate. However, some discretion is permitted. In such cases, the nature of the discretion should be recorded in the `notes` field of the audit record. Any unsafe code in this crate must, in general, be kept well-contained, and documentation must exist to describe how Rust's invariants are being upheld despite the unsafe block(s). Nontrivial uses of unsafe must be reviewed by an expert in Rust's unsafety guarantees/non-guarantees. For crates which generate deployed code (e.g. build dependencies or procedural macros), reasonable usage of the crate should output code which meets the above criteria.""" implies = "safe-to-deploy" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [criteria.ub-risk-0] description = """ No unsafe code. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 """ implies = "ub-risk-1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [criteria.ub-risk-1] description = """ Excellent soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 """ implies = "ub-risk-2" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [criteria.ub-risk-1-thorough] description = """ Excellent soundness (established in a thorough review). Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1-thorough """ implies = "ub-risk-1" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [criteria.ub-risk-2] description = """ Negligible unsoundness or average soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 """ implies = "ub-risk-3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [criteria.ub-risk-2-thorough] description = """ Negligible unsoundness or average soundness (established in a thorough review). Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2-thorough """ implies = "ub-risk-2" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [criteria.ub-risk-3] description = """ Mild unsoundness or suboptimal soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 """ implies = "ub-risk-4" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [criteria.ub-risk-4] description = """ Extreme unsoundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits."0.7.11"]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-1"] version = "0.7.15" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.addr2line]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.19.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.addr2line]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.19.0 -> 0.20.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.addr2line]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.20.0 -> 0.21.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.aes]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.7.5 -> 0.8.2" notes = """ Note for reviewers of future updates to this crate: There exist internal APIs such as [1] which are safe but have undocumented safety invariants. [1] https://fuchsia-review.git.corp.google.com/c/fuchsia/+/711365/comment/7a8cdc16_9e9f45ca/ """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.aes]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-1"] delta = "0.8.2 -> 0.8.4" notes = "Audited at https://fxrev.dev/987054" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.aes-gcm]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.9.4 -> 0.8.2" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.aes-gcm-siv]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.10.3 -> 0.11.1" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.ahash]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.3" notes = """ Note on does-not-implement-crypto: the aHash documentation explicitly states it is not a cryptographically secure hash. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ahash]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.8.3 -> 0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ahash]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.8.3 -> 0.8.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.aho-corasick]] who = "Android Legacy" criteria = "safe-to-run" version = "0.7.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.aho-corasick]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.aho-corasick]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.aho-corasick]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.2 -> 1.1.3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.android_logger]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.13.3" notes = "Reviewed in CL 559548165" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ansi_term]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.12.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anstream]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "1.64.0" notes = "Reviewed in CL 559376670" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.anstyle]] who = "Yu-An Wang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anstyle]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.4" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.anstyle]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.4 -> 1.0.6" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.anstyle]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "1.0.0" notes = "Reviewed in CL 559404826" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.anstyle-parse]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.2.1" notes = "Reviewed in CL 559131783" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.anstyle_query]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "1.0.0" notes = "Reviewed in CL 559375925" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.anyhow]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.68" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.68 -> 1.0.70" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.70 -> 1.0.71" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.71 -> 1.0.72" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.72 -> 1.0.75" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.anyhow]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.75 -> 1.0.79" notes = """ 1.0.75 has been previously audited as \"safe-to-run\", \"does-not-implement-crypto\" - see https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L277-L305 The \"1.0.75 -> 1.0.79\" delta meets the same criteria. This is an incremental/delta audit - we don't claim any particular `ub-risk-N` level for the baseline or for the final version. OTOH note that additional uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the **delta** was evaluated as `ub-risk-3` - no known unsoundness but: * Little safety comments to explain why a particular usage of `unsafe` is safe and/or necessary * Safety analysis couldn't be done locally, but required considering the whole crate (e.g. checking if the public `Ref.ptr` is mutated anywhere) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.anyhow]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.79 -> 1.0.80" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.anyhow]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.80 -> 1.0.81" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.anymap]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "1.0.0-beta2" notes = "Reviewed in CL 558118223" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.arbitrary]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.arbitrary]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.arbitrary]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.arbitrary]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.2.3 -> 1.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.10 -> 0.1.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh_derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh_derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.10 -> 0.1.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh_shared]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.argh_shared]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.10 -> 0.1.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.arrayvec]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ascii]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ash]] who = "David Koloski " criteria = ["ub-risk-4", "safe-to-deploy"] version = "0.37.0+1.3.209" notes = "Reviewed on https://fxrev.dev/694269" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.assert_matches]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.4 -> 0.3.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream]] who = "Tyler Mandry " criteria = ["ub-risk-2", "safe-to-deploy"] version = "0.3.4" notes = "Reviewed on https://fxrev.dev/761470" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.async-stream]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-0"] delta = "0.3.4 -> 0.3.5" notes = "Reviewed on https://fxrev.dev/906795" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.async-stream-impl]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream-impl]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream-impl]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.4 -> 0.3.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-stream-impl]] who = "Tyler Mandry " criteria = ["ub-risk-2", "safe-to-deploy"] version = "0.3.4" notes = "Reviewed on https://fxrev.dev/761470" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.async-stream-impl]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-0"] delta = "0.3.4 -> 0.3.5" notes = "Reviewed on https://fxrev.dev/906795" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.async-task]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.48" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "Android Legacy" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.61" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.64" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.66" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.66 -> 0.1.68" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.68 -> 0.1.69" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.69 -> 0.1.73" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.async-trait]] who = "David Koloski " criteria = "safe-to-deploy" delta = "0.1.56 -> 0.1.68" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.atomic-polyfill]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.atomic-polyfill]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.11 -> 1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.atty]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.atty]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.autocfg]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.autocfg]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.1.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for reasonable, client-controlled usage of `std::fs` in `AutoCfg::with_dir`. This crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb The CL description contains a link to a Google-internal document with audit details. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.axum]] who = "ChromeOS" criteria = "safe-to-run" version = "0.5.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.axum]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.17" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.axum-core]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.axum-core]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.backtrace]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.67" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.backtrace]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.67 -> 0.3.68" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.backtrace]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.68 -> 0.3.69" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bare-metal]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bare-metal]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.5 -> 1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.base64]] who = "Android Legacy" criteria = "safe-to-run" version = "0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.base64]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.13.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.base64]] who = "Adam Langley " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.13.1" notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bindgen]] who = "Android Legacy" criteria = "safe-to-run" version = "0.57.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bindgen]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.60.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bindgen]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.63.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bindgen]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.63.0 -> 0.64.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bindgen]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.64.0 -> 0.68.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bit_field]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.10.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "Android Legacy" criteria = "safe-to-run" version = "1.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.3.2 -> 2.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.2.1 -> 2.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.3.1 -> 2.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.3.2 -> 2.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitflags]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] version = "2.4.2" notes = """ Audit notes: * I've checked for any discussion in Google-internal cl/546819168 (where audit of version 2.3.3 happened) * `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` * There are 2 cases of `unsafe` in `src/external.rs` but they seem to be correct in a straightforward way - they just propagate the marker trait's impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type * Additional discussion and/or notes may be found in https://crrev.com/c/5238056 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bitflags]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.4.2 -> 2.5.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bitflags]] who = "Taylor Cramer " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "2.3.3" notes = "Reviewed in CL 545304270" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.bitreader]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitreader]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bitvec]] who = "ChromeOS" criteria = "safe-to-run" version = "0.19.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.btoi]] who = "Ben Saunders " criteria = ["ub-risk-0", "does-not-implement-crypto"] version = "0.4.3" notes = "Reviewed in CL 581228675" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.built]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bumpalo]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "3.14.0" notes = "Reviewed in CL 574186321" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.bytemuck]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bytemuck]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.13.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.14.3" notes = "Additional review notes may be found in https://crrev.com/c/5362675." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bytemuck]] who = "Lukasz Anforowicz " criteria = ["does-not-implement-crypto", "ub-risk-2"] delta = "1.13.1 -> 1.14.3" notes = "Additional review notes may be found in https://crrev.com/c/5362675." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bytemuck]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.14.3 -> 1.15.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bytemuck]] who = [ "Manish Goregaokar ", "Ɓukasz Anforowicz ", ] criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "1.13.1" notes = "Reviewed in CL 561111794" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.bytemuck_derive]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.byteorder]] who = "Alyssa Haroldsen " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "1.4.3" notes = """ Reviewed in CL 559206679 Issues found: - https://github.com/BurntSushi/byteorder/issues/194 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.bytes]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bytes]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bytes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.bytes]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.4.0 -> 1.5.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.bytes]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.5.0 -> 1.6.0" notes = "Update removes some unsafe, and includes verifiable safety comments for newly-added unsafe." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.capnp]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.14.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cargo-lock]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "8.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cbindgen]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.24.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.79" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.79 -> 1.0.82" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.82 -> 1.0.83" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cexpr]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cexpr]] who = "Android Legacy" criteria = "safe-to-run" version = "0.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cfg-if]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cfg-if]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cfg-if]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.0" notes = ''' I grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. This is a really small crate (only `lib.rs` which is less than 200 lines + one end-to-end test) so I also skimmed through the macro's definition and everything looks okay to me. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.chacha20]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.8.1 -> 0.9.0" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.chalk_ir]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.92.0" notes = "Reviewed in CL 558137822" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.chrono]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.23" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.chrono]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.23 -> 0.4.24" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.chrono]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.24 -> 0.4.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.chrono]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.26 -> 0.4.34" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.chunked_transfer]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clang-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clang-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.6.0" notes = "No attempt was made to audit the DSO(s) this links to; only the Rust code was looked at." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clang-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.6.0 -> 1.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "Android Legacy" criteria = "safe-to-run" version = "2.33.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.34.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.22" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.23" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.0.32" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.0.32 -> 4.1.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.4.8" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "4.5.0" notes = "No `unsafe`" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.8 -> 4.4.14" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.14 -> 4.5.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.0 -> 4.5.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.1 -> 4.5.2" notes = "Reviewed in https://crrev.com/c/5362201" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.2 -> 4.5.3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.1.14" notes = """ This was a diff audit between clap 4.0.32 sources, and sources in clap_builder 4.1.14. clap_builder is primarily stuff refactored out of `clap`. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_builder]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.4.8" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "4.5.0" notes = "No `unsafe`" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.8 -> 4.4.14" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.14 -> 4.5.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.0 -> 4.5.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_builder]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.1 -> 4.5.2" notes = "Reviewed in https://crrev.com/c/5362201" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_derive]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.2.18 -> 4.0.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.0.18 -> 4.0.21" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.0.21 -> 4.1.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_lex]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_lex]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.clap_lex]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_lex]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.0 -> 0.7.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.clap_lex]] who = "Ben Saunders " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.5.0" notes = """ Reviewed in CL 559377426 Issues: - Unsound transmutes from OsStr to [u8] (https://github.com/clap-rs/clap/issues/5280) - (optional) Incorrect safety comment (https://github.com/clap-rs/clap/pull/5281) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.clru]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.6.1" notes = "Reviewed in CL 581562557" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.cmake]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.45" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cmake]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.48" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cmake]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.49" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cmake]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.49 -> 0.1.50" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.codespan-reporting]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.color_quant]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.colored]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.colored]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.0.4 -> 2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.com_logger]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.command_group]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "2.0.1" notes = """ Reviewed in CL 561009596 Issues found: - https://github.com/watchexec/command-group/issues/20 - https://github.com/watchexec/command-group/issues/19 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.configparser]] who = "ChromeOS" criteria = "safe-to-run" version = "3.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.configparser]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "3.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.console]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.15.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.console]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.15.5 -> 0.15.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cortex-m]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cortex-m-rtic]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cortex-m-rtic-macros]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.countme]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "3.0.1" notes = "Reviewed in CL 558181122" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.cpufeatures]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cpufeatures]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.8 -> 0.2.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crc]] who = "Bastian Kersting " criteria = ["safe-to-run", "crypto-safe"] delta = "2.1.0 -> 3.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crc-catalog]] who = "Bastian Kersting " criteria = "does-not-implement-crypto" delta = "1.1.1 -> 2.2.0" notes = "This crate exposes a catalog of types that represent read-only versions of algorithms. There is no line of code that actually does something within this crate, but rather information about the algorithms as Rust types-" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crc-catalog]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.1 -> 2.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crc32fast]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "1.3.2" notes = "Reviewed in CL 558895300" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.critical-section]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.critical-section]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.1 -> 1.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-codecs]] who = "Alexandre Courbot " criteria = "does-not-implement-crypto" version = "0.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-codecs]] who = "Alexandre Courbot " criteria = "safe-to-run" version = "0.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-codecs]] who = "Alexandre Courbot " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.0.2 -> 0.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-codecs]] who = "Alexandre Courbot " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.0.3 -> 0.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-libva]] who = "Alexandre Courbot " criteria = "does-not-implement-crypto" version = "0.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-libva]] who = "Alexandre Courbot " criteria = "safe-to-run" version = "0.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cros-libva]] who = "Alexandre Courbot " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.0.3 -> 0.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-channel]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-channel]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.5.7 -> 0.5.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-deque]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-epoch]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-epoch]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.9.14 -> 0.9.15" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-utils]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.15" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossbeam-utils]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.8.15 -> 0.8.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.crossterm]] who = "Ben Saunders " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.26.1" notes = """ Reviewed in CL 562140151 Issues: - Internal API permits buffer overruns (https://github.com/crossterm-rs/crossterm/pull/821) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.crossterm]] who = "Ben Saunders " criteria = ["ub-risk-3", "does-not-implement-crypto"] delta = "0.26.1 -> 0.27.0" notes = """ Reviewed in CL 566337315 Issues: - Internal API permits buffer overruns (https://github.com/crossterm-rs/crossterm/pull/821) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.cstr_core]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ctor]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ctor]] who = "Ben Saunders " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.2.4" notes = """ Reviewed in CL 552861146 Issues found: - https://github.com/mmastrac/rust-ctor/pull/294 - https://github.com/mmastrac/rust-ctor/pull/293 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ctrlc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ctrlc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.2.4 -> 3.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ctrlc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.3.0 -> 3.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ctrlc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.4.0 -> 3.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cty]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.curve25519-dalek]] who = "Ben Saunders " criteria = "ub-risk-1" version = "4.0.0" notes = "Reviewed in CL 557134163" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.curve25519-dalek-derive]] who = "Ben Saunders " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.1.0" notes = """ Reviewed in CL 557129495 Issues found: - https://github.com/dalek-cryptography/curve25519-dalek/issues/563 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.cxx]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.42" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.92" notes = """ There is an implementation of SipHash in cxx/ at src/sip.rs. This hash is not considered cryptographically secure, and is not used within a context where cryptographic security is critical. Hence, it's not considered to be an \"implementation of crypto\". More directly, its current usage is just in HashMap, and its purposes are: - randomness and speed suitable for use as a HashMap hasher - difficult to DoS with attacker-controlled inputs For more, see comments on https://crrev.com/c/4411368 . """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.92 -> 1.0.94" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.94 -> 1.0.97" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.97 -> 1.0.106" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.106 -> 1.0.107" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxx]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.116" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.117" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "1.0.110 -> 1.0.115" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxx]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxx]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.110 -> 1.0.115" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.115 -> 1.0.116" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.116 -> 1.0.117" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.117 -> 1.0.118" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.118 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362136" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-cmd]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.119 -> 1.0.120" notes = "Version bump only." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.42" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.92" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "1.0.92 -> 1.0.94" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.94 -> 1.0.97" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.97 -> 1.0.106" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "1.0.106 -> 1.0.107" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.116" notes = 'Grepped for \"crypt\", \"cipher\" - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.117" notes = """ I grepped for \"crypt\", \"cipher\", \"fs\", \"net\", \"unsafe\" - there were no hits. The crate is very straightforward - it just defines a `pub const STD: &str`. The crate was added to Chromium in https://crrev.com/c/5029701. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "1.0.110 -> 1.0.115" notes = 'Grepped for \"crypt\", \"cipher\" - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-flags]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.42" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.92" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.92 -> 1.0.94" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.94 -> 1.0.97" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.97 -> 1.0.106" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.106 -> 1.0.107" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.cxxbridge-macro]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.dashmap]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "5.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dasp_frame]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dasp_interpolate]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dasp_ring_buffer]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus]] who = "ChromeOS Legacy" criteria = "safe-to-run" version = "0.9.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus-crossroads]] who = "ChromeOS" criteria = "safe-to-run" version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus-crossroads]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus-tokio]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus-tokio]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dbus-tokio]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.deqp-runner]] who = "Matt Turner " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.13.1 -> 0.18.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.deranged]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "0.3.9" notes = "Reviewed in CL 579385986" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.difflib]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.dirs-sys-next]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.document-features]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.document-features]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.2.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.downcast]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ecdsa]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.13.4 -> 0.14.8" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.ed25519-compact]] who = "George Burgess IV " criteria = "safe-to-run" version = "1.0.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.either]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.8.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.either]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.8.1 -> 1.9.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.either]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.9.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.either]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.9.0 -> 1.10.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.elliptic-curve]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.11.12 -> 0.12.3" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.endian-type]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.endian-type]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumflags2]] who = "Zhengping Jiang " criteria = "does-not-implement-crypto" version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumflags2]] who = "Zhengping Jiang " criteria = "safe-to-run" version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumflags2_derive]] who = "Zhengping Jiang " criteria = "does-not-implement-crypto" version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumflags2_derive]] who = "Zhengping Jiang " criteria = "safe-to-run" version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumn]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumn]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "0.1.8 -> 0.1.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumn]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "0.1.10 -> 0.1.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.enumn]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "0.1.11 -> 0.1.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.env_logger]] who = "Android Legacy" criteria = "safe-to-run" version = "0.8.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.env_logger]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.env_logger]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.9.3 -> 0.8.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.equivalent]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.errno]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.errno]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.8 -> 0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.errno]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.1 -> 0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.errno]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.2 -> 0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.errno]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.2.8" notes = "Reviewed in CL 567624402" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.error-chain]] who = "ChromeOS" criteria = "safe-to-run" version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.error-chain]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.12.4" notes = "Reviewed in CL 545732008" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.euclid]] who = "ChromeOS" criteria = "safe-to-run" version = "0.22.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.euclid]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.22.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ext-trait]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ext-trait-proc_macros]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ext2]] who = "Edward O'Callaghan " criteria = ["safe-to-run", "crypto-safe"] version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.extension-traits]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.faster-hex]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.1" notes = """ Reviewed in CL 579318683 Issues found: - https://github.com/nervosnetwork/faster-hex/pull/39 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.fastrand]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.9.0" notes = """ `does-not-implement-crypto` is certified because this crate explicitly says that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fd-lock]] who = "ChromeOS" criteria = "safe-to-run" version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fd-lock]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fd-lock]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.0.9 -> 3.0.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fd-lock]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "3.0.9 -> 3.0.13" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fdt]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.1.5" notes = """ Reviewed in CL 565675584 No usage of unsafe; one public unsafe function with documented invariants. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.filetime]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.22" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.filetime]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.2.19" notes = "Reviewed in CL 559795004" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.fixedbitset]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fixedbitset]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.2.0" notes = "Reviewed in CL 559071858" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.flate2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.flate2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.26 -> 1.0.27" notes = """ There is a CRC implementation in here, but those are not considered crypto. Further, it's only used in tests internal to this crate. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.flate2]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "1.0.24" notes = """ Reviewed in CL 558916134 Issues found: - Uninitialized memory: https://github.com/rust-lang/flate2-rs/pull/373 Minor code quality suggestions: - Defense in depth on dangling pointers (https://github.com/rust-lang/flate2-rs/issues/379) - set_len usage relies on tricky undocumented invariants (incidentally fixed by PR #373) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.flate2]] who = "Manish Goregaokar " criteria = "ub-risk-4" delta = "1.0.24 -> 1.0.27" notes = """ Reviewed in CL 572611911 Same review as previous """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.flate2]] who = "Manish Goregaokar " criteria = "ub-risk-3" delta = "1.0.27 -> 1.0.28" notes = """ Reviewed in CL 573223148 Issues from previous review (#379, #220) fixed (PRs #380, #373). """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.fleetspeak]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.4.0" notes = "Reviewed in CL 551181045" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.float-cmp]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fnv]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.7" notes = """ fnv explicitly documents that it does not attempt to be crypto-secure, nor does it try to guard against collisions. Hence, this does not implement crypto. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.font-types]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.4.2" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. The initial version of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/a59c3c448941f92f870d0c18c6d53d5c6104ab72 The CL description contains a link to a Google-internal document with audit details. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.font-types]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] delta = "0.4.2 -> 0.4.3" notes = "Reviewed in https://crrev.com/c/5362378. No new use of unsafe." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.foreign-types]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.foreign-types-shared]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.form_urlencoded]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.form_urlencoded]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.0 -> 1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.fragile]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.funty]] who = "ChromeOS" criteria = "safe-to-run" version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.28" notes = """ `futures` has no logic other than tests - it simply `pub use`s things from other crates. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-channel]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-channel]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-core]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-core]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-executor]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-executor]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-io]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-io]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-macro]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-macro]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-sink]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-sink]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-task]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-task]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-util]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.futures-util]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.28" notes = """ There's a custom xorshift-based `random::shuffle` implementation in src/async_await/random.rs. This is `doc(hidden)` and seems to exist just so that `futures-macro::select` can be unbiased. Sicne xorshift is explicitly not intended to be a cryptographically secure algorithm, it is not considered crypto. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gag]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gdbstub]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gdbstub]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.6 -> 0.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gdbstub_arch]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.4 -> 0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.getrandom]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.getrandom]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.getrandom]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.10" notes = """ While this crate provides crypto methods, they all defer to system or hardware crypto implementations. Hence, this crate does not implement crypto. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.getrandom]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.11" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.getrandom]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "0.2.11 -> 0.2.12" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.getrandom]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.2.2 -> 0.2.12" notes = "Audited at https://fxrev.dev/932979" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.ghost]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ghost]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.9 -> 0.1.13" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ghost]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.13 -> 0.1.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gimli]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.27.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gimli]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.27.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gimli]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.27.3 -> 0.28.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gix-commitgraph]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.22.0" notes = "Reviewed in CL 581562496" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-config-value]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.14.0" notes = "Reviewed in CL 581042137" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-features]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.36.0" notes = """ Reviewed in CL 580908504 Issues: - Illegal mutable aliasing (https://github.com/Byron/gitoxide/pull/1115) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-hash]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.13.1" notes = "Reviewed in CL 580781568" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-index]] who = "Ben Saunders " criteria = ["ub-risk-2-thorough", "does-not-implement-crypto"] version = "0.26.0" notes = """ Reviewed in CL 581562538 Relies on mmap'd file being untouched externally. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-pack]] who = "Taylor Cramer " criteria = "ub-risk-4" version = "0.44.0" notes = """ Reviewed in CL 581562540 Issues: - https://github.com/Byron/gitoxide/pull/113 - https://github.com/Byron/gitoxide/pull/1115 - https://github.com/Byron/gitoxide/pull/1116 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-ref]] who = "Manish Goregaokar " criteria = "ub-risk-2-thorough" version = "0.38.0" notes = "Reviewed in CL 581562488" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-revision]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.23.0" notes = "Reviewed in CL 581562502" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-sec]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.10.0" notes = "Reviewed in CL 581046394" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.gix-tempfile]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "11.0.0" notes = "Reviewed in CL 581562529" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.glob]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.glob]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gpt_disk_io]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.15.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gpt_disk_io]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.15.0 -> 0.16.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gpt_disk_types]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.15.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.gpt_disk_types]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.15.0 -> 0.16.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio]] who = "Android Legacy" criteria = "safe-to-run" version = "0.8.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio]] who = "Android Legacy" criteria = "safe-to-run" version = "0.9.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.9.1 -> 0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-compiler]] who = "Android Legacy" criteria = "safe-to-run" version = "0.6.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-compiler]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.0 -> 0.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-compiler]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.0 -> 0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "0.8.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "0.9.1+1.38.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.grpcio-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "0.13.0+1.56.2-patched" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.18 -> 0.3.19" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.19 -> 0.3.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.20 -> 0.3.21" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.h2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.21 -> 0.3.24" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hashbrown]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.13.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hashbrown]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.13.2 -> 0.14.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.heapless]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.17" notes = """ does-not-implement-crypto: Hashing containers (e.g., IndexMap) defer to other machinery like the hash32 crate for hashing. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.heck]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.heck]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.0 -> 0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.heck]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.0 -> 0.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.heck]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.4.1" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. `heck` (version `0.3.3`) has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.hex]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hex-literal]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.hkdf]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.11.0 -> 0.12.3" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.hmac]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.11.0 -> 0.12.1" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.home]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.5.4" notes = "Reviewed in CL 559796554" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.home]] who = "Augie Fackler " criteria = ["ub-risk-2", "does-not-implement-crypto"] delta = "0.5.4 -> 0.5.5" notes = "Reviewed in CL 566644164" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.hostname]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hound]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "3.5.0" notes = """ Reviewed in CL 564508706 Issues found: - https://github.com/ruuda/hound/pull/58 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.http]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.http]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.http-body]] who = "ChromeOS" criteria = "safe-to-run" version = "0.4.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.http-body]] who = "Erick Tryzelaar " criteria = ["ub-risk-2", "safe-to-run"] version = "0.4.4" notes = "Reviewed on https://fxrev.dev/611683" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.http-range-header]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.http-range-header]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.httparse]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.httpdate]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.httpdate]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hyper]] who = "ChromeOS" criteria = "safe-to-run" version = "0.14.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hyper]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.14.27" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.hyper-timeout]] who = "ChromeOS" criteria = "safe-to-run" version = "0.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.iana-time-zone]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.53" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.iana-time-zone]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.53 -> 0.1.56" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.iana-time-zone]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.1.56 -> 0.1.57" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.idna]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.image]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.23.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.image]] who = "Chih-Yao Chuang " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.23.14 -> 0.24.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.image]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.24.6" notes = "Reviewed in CL 559198279" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.imara-diff]] who = "Taylor Cramer " criteria = "ub-risk-4" version = "0.1.5" notes = "Reviewed in CL 581562578" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.include_dir]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.include_dir_impl]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.6.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.indexmap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.9.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.indexmap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.9.3 -> 2.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.indoc]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.6" notes = """ This crate simply reexports indoc_impl. There's therefore no code specific to this crate to audit. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.indoc-impl]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.3.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.inflections]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.inotify]] who = "ChromeOS" criteria = "safe-to-run" version = "0.9.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.inotify]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.inotify]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.9.6" notes = "Reviewed in CL 562731461" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.inotify-sys]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.insta]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "1.29.0" notes = "Reviewed in CL 554440331" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.instant]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.instant]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.intrusive-collections]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.inventory-impl]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.io-lifetimes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.io-lifetimes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.io-lifetimes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.10 -> 1.0.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.io-uring]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.13" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ioctl-rs]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.is-terminal]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.is-terminal]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.2 -> 0.4.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itertools]] who = "ChromeOS" criteria = "safe-to-run" version = "0.9.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itertools]] who = "ChromeOS" criteria = "safe-to-run" version = "0.10.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itertools]] who = "Yu-An Wang " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.10.5 -> 0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itertools]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" notes = """ This is 12K lines of code, plus 6K lines of tests and benchmarks. It has minimal use of unsafe and so I have paged though it all with \"::\" highlighted and paid attention to which imported functions are being called. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.itertools]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.11.0" notes = "Reviewed in CL 566337310" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.itoa]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itoa]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itoa]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.5 -> 1.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itoa]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.6 -> 1.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.itoa]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.10" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. There are a few places where `unsafe` is used. Unsafe review notes can be found in https://crrev.com/c/5350697. Version 1.0.1 of this crate has been added to Chromium in https://crrev.com/c/3321896. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.jj-cli]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.8.0" notes = "Reviewed in CL 554583176" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.jj_cli]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "0.8.0" notes = "Reviewed in CL 558944141" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.jobserver]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.kernlog]] who = "Matthias Kaehlcke " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.kvm-ioctls]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.14.0" notes = "Reviewed in CL 549307303" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.kvm-ioctls]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.14.0" notes = "Reviewed in CL 565655079" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lazy_static]] who = "Android Legacy" criteria = "safe-to-run" version = "1.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lazy_static]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.4.0" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. There are two places where `unsafe` is used. Unsafe review notes can be found in https://crrev.com/c/5347418. This crate has been added to Chromium in https://crrev.com/c/3321895. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.lazycell]] who = "Android Legacy" criteria = "safe-to-run" version = "1.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lexical]] who = "Taylor Cramer " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "6.1.1" notes = """ Reviewed in CL 545304248 Many issues found across the `lexical` family of crates: - https://github.com/Alexhuszagh/rust-lexical/pull/103 - https://github.com/Alexhuszagh/rust-lexical/issues/104 - https://github.com/Alexhuszagh/rust-lexical/issues/101 - https://github.com/Alexhuszagh/rust-lexical/issues/95 - Beyond the above issues, review was not completed on the unchecked indexing """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical-core]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in CL 545304290 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical-write-integer]] who = "Manish Goregaokar " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in CL 545304293 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical_parse_integer]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.6" notes = """ Reviewed in CL 545304272 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical_parse_integer]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.6" notes = """ Reviewed in CL 545304281 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical_util]] who = "Manish Goregaokar " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in CL 545304267 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.lexical_write_float]] who = "Manish Goregaokar " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in CL 545304258 See notes on lexical crate. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.libc]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.86" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.146" notes = """ Much like the getrandom crate, this exports interfaces to APIs which perform crypto, but does not implement any crypto itself. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.146 -> 0.2.147" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libc]] who = "Lukasz Anforowicz " criteria = "ub-risk-4" version = "0.2.152" notes = """ Discussions related to the `unsafe` audit can be found in https://crrev.com/c/5178771. (This audit covered multiple crates that have been rolled when processing a backlog of crate updates - `libc` was one of them.) The audit found an unsound usage of `unsafe` when the `extra_traits` feature of the `libc` crate is enabled. See https://github.com/rust-lang/libc/issues/3560 for more details. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.libc]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.2.142 -> 0.2.149" notes = "Audited at https://fxrev.dev/932979" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.libdbus-sys]] who = "ChromeOS Legacy" criteria = "safe-to-run" version = "0.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libdbus-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.5" notes = """ This audit does **not** include an audit of the `vendor/` directory, which contains a full copy of dbus, but is only built when the `vendored` feature is enabled. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libfuzz-sys]] who = "Taylor Cramer " criteria = "ub-risk-3" delta = "0.4.4 -> 0.4.5" notes = """ Reviewed in CL 562889777 Issues found: - https://github.com/rust-fuzz/libfuzzer/issues/112 - https://github.com/rust-fuzz/libfuzzer/issues/113 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.libfuzzer-sys]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libfuzzer-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.4 -> 0.4.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libfuzzer-sys]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.4.7" notes = "Reviewed in CL 564731033" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.libloading]] who = "Android Legacy" criteria = "safe-to-run" version = "0.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libloading]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libloading]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.8.0" notes = "Reviewed in CL 562765830" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.libshpool]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.3.3" notes = "Reviewed in CL 580903771" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.libslirp-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.2.1" notes = "No audit of the slirp DSO this is intended to link to was done." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libtest-mimic]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.0" notes = "Used in tests only" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libtest-mimic]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.0 -> 0.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libz-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libz-sys]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libz-sys]] who = "ChromeOS" criteria = "safe-to-run" version = "1.1.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.libz-sys]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.12" notes = """ The bundled zlib C sources were not audited as a part of this. However, I did compare the vendored sources present in this crate with their upstream repos. There was no diff between zlib/ and https://zlib.net/fossils/zlib-1.2.11.tar.gz. zlib-ng did not provide a version, so I ran diff across everything in zlib-ng's commit history. The closest upstream SHA was cf89cf35037f152ce7adfeca864656de5d33ea1e with 8 lines of output from `diff --recursive . ../../libz-sys-1.1.12/src/zlib-ng/`. All of these referenced files that were only present in libz-sys, and they're all presumably irrelevant (CI configuration files, .git files, linter config) """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.line-index]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.1.0" notes = "Reviewed in CL 562882288" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.link-cplusplus]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.link-cplusplus]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.9" notes = """ This crate exists simply to link with libcxx or libstdcxx. No assertions are made about the safety of either of those libraries. :) """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.linux-loader]] who = "Taylor Cramer " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.9.0" notes = "Reviewed in CL 548095317" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.linux-raw-sys]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.4.10" notes = "Reviewed in CL 581059097" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.litrs]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lock_api]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lock_api]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lock_api]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lock_api]] who = "Taylor Cramer " criteria = "ub-risk-2" delta = "0.4.9 -> 0.4.10" notes = "Reviewed in CL 563851550" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.log]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.log]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.17" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.log]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.17 -> 0.4.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.log]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.20 -> 0.4.21" notes = """ I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. I also skimmed through the 0.4.20 => 0.4.21 delta and there was no new crypto-related code AFAICT. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.log]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.4.20" notes = "Reviewed in CL 563853923" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.log-panics]] who = "Howard Chung " criteria = ["safe-to-run", "crypto-safe"] version = "2.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.loom]] who = "David Koloski " criteria = "safe-to-run" delta = "0.5.6 -> 0.7.0" notes = "Reviewed on https://fxrev.dev/907709." aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.lz4_flex]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.1" notes = "Frequently makes use of unsafe for performance reasons. Most behind feature flags, but not all. Not entirely sure how memory safe those optimizations are." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.lzma-sys]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.match_cfg]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.matchit]] who = "ChromeOS" criteria = "safe-to-run" version = "0.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.md-5]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-1"] version = "0.10.5" notes = "Reviewed on https://fxrev.dev/712372." aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.memchr]] who = "Android Legacy" criteria = "safe-to-run" version = "2.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memchr]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memchr]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.6.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memchr]] who = "Manish Goregaokar " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "2.6.3" notes = """ Reviewed in CL 563868651 Second review would be appreciated. """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.memoffset]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.5 -> 0.7.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memoffset]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.1 -> 0.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memoffset]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.8.0 -> 0.9.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.memoffset]] who = "Taylor Cramer " criteria = "ub-risk-3" version = "0.9.0" notes = "Reviewed in CL 555491937" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.merge]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.merge_derive]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.merge_derive]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mime]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.minifier]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "0.2.3" notes = """ Reviewed in CL 577203072 Issues found: - https://github.com/GuillaumeGomez/minifier-rs/issues/105 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.minimal-lexical]] who = "danakj@chromium.org" criteria = "ub-risk-3" version = "0.2.1" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4977110 - Unsound unsafe blocks present. - Safe traits that can cause soundness bugs. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.4 -> 0.3.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.5.4 -> 0.4.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.2 -> 0.5.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.2 -> 0.7.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mio]] who = "Android Legacy" criteria = "safe-to-run" version = "0.7.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mio]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mio]] who = "Vovo Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mio]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.8.5 -> 0.8.9" notes = "Audited at https://fxrev.dev/946305" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.mockall]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mockall]] who = "Yu-An Wang " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.11.4 -> 0.12.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mockall_derive]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mockall_derive]] who = "Yu-An Wang " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.11.4 -> 0.12.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mocktopus]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.mocktopus_macros]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.multi_log]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.named-lock]] who = "crosvm" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nanorand]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.7.0" notes = "Reviewed in CL 562503105" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.nb]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nb]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "1.0.0 -> 0.1.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nb]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "1.0.0 -> 1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nibble_vec]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "Android Legacy" criteria = "safe-to-run" version = "0.19.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "Android Legacy" criteria = "safe-to-run" version = "0.20.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.24.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.23.1 -> 0.23.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.25.0 -> 0.26.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.26.2 -> 0.27.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nix]] who = "David Koloski " criteria = ["ub-risk-3", "safe-to-run"] version = "0.26.2" notes = """ Reviewed on https://fxrev.dev/780283 Issues: - https://github.com/nix-rust/nix/issues/1975 - https://github.com/nix-rust/nix/issues/1977 - https://github.com/nix-rust/nix/pull/1978 - https://github.com/nix-rust/nix/pull/1979 - https://github.com/nix-rust/nix/issues/1980 - https://github.com/nix-rust/nix/issues/1981 - https://github.com/nix-rust/nix/pull/1983 - https://github.com/nix-rust/nix/issues/1990 - https://github.com/nix-rust/nix/pull/1992 - https://github.com/nix-rust/nix/pull/1993 """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.nix]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.26.2" notes = "Reviewed in CL 552861153" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.nom]] who = "Android Legacy" criteria = "safe-to-run" version = "5.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nom]] who = "Android Legacy" criteria = "safe-to-run" version = "6.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.nom]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-1"] version = "7.1.3" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.normalize-line-endings]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.notify]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "6.1.1" notes = "Reviewed in CL 562731464" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.nu_ansi_term]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.49.0" notes = "Reviewed in CL 585090965" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.num]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.2.1" notes = "This crate just reexports subcrates, so it's trivially safe in isolation." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num-complex]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.4 -> 0.4.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num-derive]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num-traits]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num-traits]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.15" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num-traits]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.15 -> 0.2.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num_cpus]] who = "Android Legacy" criteria = "safe-to-run" version = "1.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num_threads]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.num_traits]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.2.15" notes = "Reviewed in CL 558869499" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.num_traits]] who = "Taylor Cramer " criteria = "ub-risk-2" delta = "0.2.15 -> 0.2.16" notes = "Reviewed in CL 562140156" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.number_prefix]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.object]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.30.3" notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.object]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.30.3 -> 0.30.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.object]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.30.3 -> 0.31.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.object]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.31.1 -> 0.32.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.object]] who = "Manish Goregaokar " criteria = "ub-risk-1" version = "0.32.0" notes = "Reviewed in CL 558738698" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.once_cell]] who = "crosvm" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.17.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.once_cell]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.17.0 -> 1.18.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.open-enum]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.open-enum-derive]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.openssl-macros]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.openssl-macros]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "0.1.0 -> 0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.os_str_bytes]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "6.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.os_str_bytes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "6.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.os_str_bytes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "6.4.1 -> 6.5.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.owning_ref]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.p256]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.10.1 -> 0.11.1" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.p9]] who = "Dennis Kempin " criteria = ["safe-to-deploy", "does-not-implement-crypto"] version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.p9_wire_format_derive]] who = "Dennis Kempin " criteria = ["safe-to-deploy", "does-not-implement-crypto"] version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.panic-halt]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.parking_lot]] who = "Android Legacy" criteria = "safe-to-run" version = "0.11.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.parking_lot]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.parking_lot]] who = "George Burgess IV " criteria = "does-not-implement-crypto" delta = "0.11.2 -> 0.11.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.parking_lot_core]] who = "Android Legacy" criteria = "safe-to-run" version = "0.8.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.password-hash]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.3.2 -> 0.4.2" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.paste]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.paste-impl]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pbkdf2]] who = "Joshua Liebow-Feeser " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.9.0 -> 0.11.0" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.pdl-compiler]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.2" notes = "Google first-party code (source already has rule of two enforced)." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pdl-runtime]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.2" notes = "Google first-party code (source already has rule of two enforced)." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.peeking_take_while]] who = "George Burgess IV " criteria = "does-not-implement-crypto" version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.peeking_take_while]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.percent-encoding]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.percent-encoding]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.2.0 -> 2.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.perf-event-open-sys]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "4.0.0" notes = "Reviewed in CL 583996664" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.perf_event]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.4.8" notes = "Reviewed in CL 583996666" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.pest]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pest_derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pest_generator]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pest_meta]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.petgraph]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.petgraph]] who = "Taylor Cramer " criteria = "ub-risk-3" version = "0.5.1" notes = """ Reviewed in CL 558142733 Issues found: - https://github.com/petgraph/petgraph/pull/404 - https://github.com/petgraph/petgraph/issues/582 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.pin-project]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pin-project-internal]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.12" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pin-project-lite]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pin-project-lite]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pin-project-lite]] who = "David Koloski " criteria = ["ub-risk-1", "safe-to-deploy"] version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.pin-project-lite]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.2.9 -> 0.2.13" notes = "Audited at https://fxrev.dev/946396" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.pin-utils]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pin-utils]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pkg-config]] who = "Alexandre Courbot " criteria = "does-not-implement-crypto" version = "0.3.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pkg-config]] who = "Alexandre Courbot " criteria = "safe-to-run" version = "0.3.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pollster]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.3.0" notes = """ Reviewed in CL 581562576 Usage of unsafe is fine, but crate can be 100% safe: https://github.com/zesterer/pollster/pull/23 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.powerfmt]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "0.2.0" notes = "Reviewed in CL 578897702" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ppv-lite86]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ppv-lite86]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.17" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.predicates]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.1.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.predicates]] who = "Yu-An Wang " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.1.5 -> 3.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.predicates-core]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.predicates-tree]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prettyplease]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.20" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prettyplease]] who = "Harshad Phule " criteria = "does-not-implement-crypto" version = "0.1.25" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prettyplease]] who = "Harshad Phule " criteria = "safe-to-run" version = "0.1.25" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.primal-check]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.printf-compat]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro-crate]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro-hack]] who = "Android Legacy" criteria = "safe-to-run" version = "0.5.19" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro-nested]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro-nested]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Chrome OS Toolchain" criteria = "safe-to-run" version = "1.0.29" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.49" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.49 -> 1.0.56" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.56 -> 1.0.59" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.59 -> 1.0.66" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.66 -> 1.0.69" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.78" notes = """ Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits (except for a benign \"fs\" hit in a doc comment) Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.69 -> 1.0.76" notes = """ 1.0.69 has been previously audited as \"safe-to-run\", \"does-not-implement-crypto\" - see https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L3939-L3979 The \"1.0.69 -> 1.0.76\" delta meets the same criteria. This is an incremental/delta audit - we don't claim any particular `ub-risk-N` level for the baseline or for the final version. OTOH note that additional uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the **delta** was evaluated as `ub-risk-2`. There are some new `unsafe` blocks but they seem sound - additional `unsafe` audit notes can be found in https://crrev.com/c/5178771/comment/32dbab4e_c7402137 and https://crrev.com/c/5178771/4/third_party/rust/chromium_crates_io/vendor/proc-macro2-1.0.76/src/wrapper.rs#783 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.proc-macro2]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.78 -> 1.0.79" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.procfs]] who = "Youssef Esmat " criteria = "does-not-implement-crypto" version = "0.15.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.procfs]] who = "Youssef Esmat " criteria = "safe-to-run" version = "0.15.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prost]] who = "ChromeOS" criteria = "safe-to-run" version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prost]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.12.3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.prost-build]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prost-derive]] who = "ChromeOS" criteria = "safe-to-run" version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.prost-derive]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.12.3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.prost-types]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf]] who = "Android Legacy" criteria = "safe-to-run" version = "2.22.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf]] who = "ChromeOS Audio" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.27.1 -> 2.28.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf-codegen]] who = "Android Legacy" criteria = "safe-to-run" version = "2.22.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf-codegen]] who = "ChromeOS Audio" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf-codegen]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.27.1 -> 2.28.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf-parse]] who = "ChromeOS Audio" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protobuf-support]] who = "ChromeOS Audio" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "2.27.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.27.1 -> 2.28.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc-grpcio]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc-grpcio]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.0.0 -> 3.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc-rust]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "2.27.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.protoc-rust]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.27.1 -> 2.28.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ptr_meta]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ptr_meta_derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.pulldown-cmark]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.9.3" notes = "Reviewed in CL 555491415" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.pyo3-macros]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.13.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.qr_code]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "2.0.0" notes = """ * This crate was imported into Chromium back in May 2023: - CL: https://crrev.com/c/4497329 - Google-internal audit notes: go/qr-code-chromium-security-review * Certification today is mostly based on the old audit. The only checks performed today are: - `grep`ped for `unsafe` and verified that the only hit comes from `#![forbid(unsafe_code)]` """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.qrcode]] who = "Chih-Yao Chuang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.23" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.23 -> 1.0.26" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.26 -> 1.0.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.28 -> 1.0.31" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.31 -> 1.0.32" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.quote]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.0.33" notes = 'Grepped for `\bunsafe\b` - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.quote]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.35" notes = """ Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits (except for benign \"net\" hit in tests and \"fs\" hit in README.md) """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.r0]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.r0]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.2 -> 1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.radium]] who = "ChromeOS" criteria = "safe-to-run" version = "0.5.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.radix_trie]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand]] who = "Android Legacy" criteria = "safe-to-run" version = "0.8.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rand_chacha]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand_chacha]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand_core]] who = "Android Legacy" criteria = "safe-to-run" version = "0.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand_core]] who = "Android Legacy" criteria = "safe-to-run" version = "0.6.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand_pcg]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rand_pcg]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rand_xorshift]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" notes = """ The rand_xorshift algorithm is not intended to be cryptographically secure in any real sense, so `does-not-implement-crypto` is selected here. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rayon]] who = [ "Adam Perry ", "Dan Johnson ", "David Koloski ", "Joseph Ryan ", "Manish Goregaokar ", "Tyler Mandry ", ] criteria = ["ub-risk-2", "safe-to-deploy"] delta = "1.3.0 -> 1.5.3" notes = "Reviewed on https://fxrev.dev/753625" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.realfft]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "3.3.0" notes = "Reviewed in CL 564478712" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ref-cast]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "1.0.20" notes = "Reviewed in CL 585449372" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ref-cast-impl]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "1.0.20" notes = "Reviewed in CL 585449373" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.regex]] who = "Android Legacy" criteria = "safe-to-run" version = "1.5.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.regex]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.10.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.10.2 -> 1.10.3" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.10.3 -> 1.10.4" notes = "Docs changes only." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex-automata]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.3" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex-automata]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.3 -> 0.4.5" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex-automata]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.5 -> 0.4.6" notes = "Reviewed in https://crrev.com/c/5362200" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex-syntax]] who = "Android Legacy" criteria = "safe-to-run" version = "0.6.25" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.regex-syntax]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.regex_automata]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "0.3.8" notes = "Reviewed in CL 563876644" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ring]] who = "Laura Peskin " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.16.12 -> 0.16.20" notes = """ Reviewed on: https://fxrev.dev/923001 (0.16.13 -> 0.16.20) Reviewed on: https://fxrev.dev/716624 (0.16.12 -> 0.16.13) """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.riscv-rt-macros]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.riscv-target]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rstest]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.17.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rstest_macros]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.17.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rstest_reuse]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.5.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rtic-core]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rtic-monotonic]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rtic-syntax]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rubato]] who = "Taylor Cramer " criteria = "ub-risk-3" version = "0.14.1" notes = "Reviewed in CL 570228314" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.rustc-demangle]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustc-demangle]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.23" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rustc-demangle-capi]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustc-hash]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustc_version]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustc_version]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rustfft]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "6.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustix]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.36.7" notes = """ Precompiled files in `src/backend/linux_raw/arch/outline` were not audited. I'm also at all familiar with PowerPC asm, but the instructions seemed inoffensive. This crate provides random functions, but they simply proxy libc's, so no crypto is truly implemented here. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustix]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.36.7 -> 0.38.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustversion]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.0.14" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for: * Using trivially-safe `unsafe` in test code: ``` tests/test_const.rs:unsafe fn _unsafe() {} tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; ``` * Using `unsafe` in a string: ``` src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe, ``` * Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` which is later read back via `include!` used in `src/lib.rs`. Version `1.0.6` of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.rustyline]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "10.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustyline-derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.rustyline-derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.0 -> 0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ruzstd]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.4.0" notes = """ Reviewed in CL 557876502 Issues found: - https://github.com/KillingSpark/zstd-rs/issues/44 - extend_from_within_unchecked_branchless is hard to review but it's currently dead code """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.ryu]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.same-file]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.sbat]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.scoped-tls]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.scopeguard]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.scudo]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.2" notes = "Scudo itself was not audited as a part of this review" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.seccompiler]] who = "Ben Saunders " criteria = ["ub-risk-1", "does-not-implement-crypto"] version = "0.3.0" notes = "Reviewed in CL 547754248" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.semver]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.16" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.semver]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.20" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.semver]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.20 -> 1.0.21" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.semver]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.21 -> 1.0.22" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.126" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.152" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.197" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. There were some hits for `net`, but they were related to serialization and not actually opening any connections or anything like that. There were 2 hits of `unsafe` when grepping: * In `fn as_str` in `impl Buf` * In `fn serialize` in `impl Serialize for net::Ipv4Addr` Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this review also covered `serde_json_lenient`). Version 1.0.130 of the crate has been added to Chromium in https://crrev.com/c/3265545. The CL description contains a link to a (Google-internal, sorry) document with a mini security review. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde-tuple-vec-map]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde_derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.152" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.0.193" notes = 'Grepped for `\bunsafe\b` - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.195" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.196" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.197" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.64" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde_json]] who = "Harshad Phule " criteria = "does-not-implement-crypto" version = "1.0.96" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde_json]] who = "Harshad Phule " criteria = "safe-to-run" version = "1.0.96" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serde_json]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.108" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.108 -> 1.0.111" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.111 -> 1.0.113" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.113 -> 1.0.114" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json_lenient]] who = "danakj@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "0.1.8" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. There were some hits for `fs` and `net`, but they were in comments. Unsafe review comments can be found in https://crrev.com/c/5350573/2. There were 8 hits of `unsafe` when grepping. Version 0.1.4 of the crate was added to Chromium in https://crrev.com/c/3511416. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json_lenient]] who = "danakj@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "0.1.8 -> 0.2.0" notes = """ Reviewed in https://crrev.com/c/5361256 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_json_lenient]] who = "djmitche@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "0.2.0 -> 0.2.1" notes = """ Reviewed in https://crrev.com/c/5385822 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.serde_urlencoded]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serial_test]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.serial_test_derive]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.sha1]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-1"] version = "0.10.5" notes = "Reviewed on https://fxrev.dev/712371." aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.sha1_smol]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "1.0.0" notes = "Reviewed in CL 581562531" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.shlex]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.shlex]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.shlex]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.shlex]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.0 -> 1.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.shpool_pty]] who = "Ben Saunders " criteria = "ub-risk-4" version = "0.1.0" notes = """ Reviewed in CL 578198476 Issues: - Data race in Fork::new """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.shpool_pty]] who = "Ben Saunders " criteria = ["ub-risk-4", "does-not-implement-crypto"] version = "0.2.1" notes = "Reviewed in CL 578198476" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.shpool_pty]] who = "Ben Saunders " criteria = ["ub-risk-2-thorough", "does-not-implement-crypto"] version = "0.3.0" notes = "Reviewed in CL 578198476" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.skrifa]] who = "drott@chromium.org" criteria = ["ub-risk-1", "safe-to-deploy", "does-not-implement-crypto"] delta = "0.15.2 -> 0.15.4" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.slab]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.slab]] who = "Android Legacy" criteria = "safe-to-run" version = "0.4.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.small_ctor]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.smallvec]] who = "Android Legacy" criteria = "safe-to-run" version = "1.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.smallvec]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "1.11.0" notes = "Reviewed in CL 552492992" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.smol_str]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.2.0" notes = "Reviewed in CL 558187227" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.socket2]] who = "Vovo Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.socket2]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.4.4 -> 0.5.5" notes = "Reviewed at https://fxrev.dev/946307" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.spin]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.9.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.stable_deref_trait]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.static_assertions]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.static_assertions]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] version = "1.1.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` and there were no hits except for one `unsafe`. The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code never runs) and is only introduced for some compile-time checks. Additional unsafe review comments can be found in https://crrev.com/c/5353376. This crate has been added to Chromium in https://crrev.com/c/3736562. The CL description contains a link to a document with an additional security review. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.strength_reduce]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.strsim]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.10.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.strsim]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "0.11.0" notes = "No `unsafe`" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.strsim]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.10.0 -> 0.11.0" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.strum]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.25.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.strum_macros]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.25.3" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.swc_atoms]] who = "Manish Goregaokar " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.5.7" notes = "Reviewed in CL 547104864" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.swc_common]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.31.17" notes = """ Reviewed in CL 547720673 Issues found: - https://github.com/swc-project/swc/issues/7709 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.swc_ecma_ast]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.107.0" notes = "Reviewed in CL 545304253" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.swc_ecma_parser]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "0.137.1" notes = """ Reviewed in CL 545304254 Issues found: - https://github.com/swc-project/swc/issues/7797 - https://github.com/swc-project/swc/issues/7752 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.swc_visit]] who = "Taylor Cramer " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.5.7" notes = "Reviewed in CL 546872016" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.syn]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.69" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "ChromeOS" criteria = "safe-to-run" version = "1.0.80" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.107" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.107 -> 2.0.14" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.0.14 -> 2.0.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.0.18 -> 2.0.28" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.0.28 -> 2.0.38" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syn]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.109" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.syn]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.0.52 -> 2.0.53" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.syn]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.0.53 -> 2.0.55" notes = "Mostly clippy, test changes - no changed unsafe." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.syn]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "2.0.29" notes = "Reviewed in CL 559769881" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.sync_wrapper]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.sync_wrapper]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.syslog_rfc5424]] who = "Edward O'Callaghan " criteria = ["safe-to-run", "crypto-safe"] version = "0.9.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.take_mut]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] version = "0.2.2" notes = "Reviewed on https://fxrev.dev/883543" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tar]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.40" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tempfile]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "3.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.termcolor]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.termcolor]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.termcolor]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.termcolor]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.4.0" notes = "No `unsafe`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.termcolor]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.4.0 -> 1.4.1" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.termtree]] who = "Max Lee " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.textwrap]] who = "Android Legacy" criteria = "safe-to-run" version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.textwrap]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.15.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.textwrap]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.15.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.textwrap]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.16.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tfhe]] who = "Taylor Cramer " criteria = "ub-risk-3" version = "0.3.1" notes = """ Reviewed in CL 557823618 Issues found: - https://github.com/zama-ai/tfhe-rs/issues/526 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.thiserror]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.23" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.thiserror]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.50" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.thiserror-impl]] who = "Android Legacy" criteria = "safe-to-run" version = "1.0.23" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.thiserror-impl]] who = "Abhishek Pandit-Subedi " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.50" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.thread_local]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "1.0.1 -> 1.1.7" notes = "Reviewed on https://fxrev.dev/906819" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.threadpool]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.8.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.time-macros]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.2.15" notes = "Reviewed in CL 580962188" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.timeout-readwrite]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tinyvec]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.6.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for some \"unsafe\" appearing in comments: ``` src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this src/lib.rs://! crate* introduces no new `unsafe` code into your project. src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code ``` This crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.tinyvec_macros]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio]] who = "Android Legacy" criteria = "safe-to-run" version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio]] who = "Vovo Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.29.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "1.19.2 -> 1.20.5" notes = "Reviewed on http://fxrev.dev/904806" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tokio]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "1.20.5 -> 1.25.2" notes = "Reviewed at https://fxrev.dev/906324" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tokio-io-timeout]] who = "ChromeOS" criteria = "safe-to-run" version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio-macros]] who = "Android Legacy" criteria = "safe-to-run" version = "1.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio-macros]] who = "Vovo Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio-stream]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tokio-stream]] who = "David Koloski " criteria = ["ub-risk-1", "safe-to-deploy"] version = "0.1.11" notes = "Reviewed on https://fxrev.dev/804724" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tokio-stream]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-0"] delta = "0.1.11 -> 0.1.14" notes = "Reviewed on https://fxrev.dev/907732." aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tokio-util]] who = "ChromeOS" criteria = "safe-to-run" version = "0.7.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.toml]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tonic]] who = "ChromeOS" criteria = "safe-to-run" version = "0.8.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tonic-build]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tower]] who = "ChromeOS" criteria = "safe-to-run" version = "0.4.13" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tower-http]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tower-layer]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tower-service]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tracing]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.35" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tracing]] who = "Taylor Cramer " criteria = "ub-risk-4" version = "0.1.39" notes = """ Reviewed in CL 573852894 Issues found: - https://github.com/tokio-rs/tracing/pull/2765 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.tracing-attributes]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.22" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tracing-core]] who = "ChromeOS" criteria = "safe-to-run" version = "0.1.29" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tracing-core]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.1.21 -> 0.1.31" notes = "Reviewed on https://fxrev.dev/906816" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.tracing-core]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.1.30" notes = "Reviewed in CL 555490997" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.tracing-core]] who = "Manish Goregaokar " criteria = "ub-risk-2" delta = "0.1.30 -> 0.1.32" notes = "Reviewed in CL 573852436" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.tracing-futures]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.tracing-subscriber]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.3.1 -> 0.3.15" notes = "Reviewed on https://fxrev.dev/907708" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.transpose]] who = "Li-Yu Yu " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.transpose]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.2 -> 0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.transpose]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.2.2" notes = "Reviewed in CL 551680548" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.triomphe]] who = "Taylor Cramer " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.1.8" notes = """ Reviewed in CL 545304280 Issues found: - https://github.com/Manishearth/triomphe/pull/62 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.triomphe]] who = "Taylor Cramer " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.1.9" notes = "Reviewed in CL 545304280" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.try-lock]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.try-lock]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.twox-hash]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.6.3" notes = "Non-cyptographic hashing function" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.typed-arena]] who = "Taylor Cramer " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "2.0.2" notes = "Reviewed in CL 545304268" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.uart_16550]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.18" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ucs2]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uds]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "0.2.6" notes = """ Reviewed in CL 552861165 Issues found: - https://github.com/tormol/uds/issues/11 - https://github.com/tormol/uds/pull/9, https://github.com/tormol/uds/pull/10 - https://github.com/tormol/uds/issues/12 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.uds]] who = [ "Manish Goregaokar ", "Augie Fackler ", "", ] criteria = "ub-risk-4" version = "0.4.1" notes = """ Reviewed in CL 568546769 Issues found: - https://github.com/tormol/uds/pull/14 - https://github.com/tormol/uds/pull/15 - https://github.com/tormol/uds/issues/16 - https://github.com/tormol/uds/issues/17 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.uefi]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.19.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.20.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.23.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.25.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi]] who = "Joseph Sussman " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.25.0 -> 0.27.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-macros]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.10.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-macros]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-macros]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.12.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-macros]] who = "Joseph Sussman " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.12.0 -> 0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-raw]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-raw]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-raw]] who = "Joseph Sussman " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.0 -> 0.5.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-services]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.16.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-services]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.17.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-services]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.20.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-services]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.22.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uefi-services]] who = "Joseph Sussman " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.22.0 -> 0.24.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.ufmt-write]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uguid]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uguid]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uguid]] who = "Nicholas Bishop " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uguid]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "2.1.0 -> 2.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uhid-virt]] who = "Zhengping Jiang " criteria = "does-not-implement-crypto" version = "0.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uhid-virt]] who = "Zhengping Jiang " criteria = "safe-to-run" version = "0.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uhidrs-sys]] who = "Zhengping Jiang " criteria = "does-not-implement-crypto" version = "1.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uhidrs-sys]] who = "Zhengping Jiang " criteria = "safe-to-run" version = "1.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-bom]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "2.0.2" notes = "Reviewed in CL 581562581" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.unicode-ident]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-ident]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.12" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. All two functions from the public API of this crate use `unsafe` to avoid bound checks for an array access. Cross-module analysis shows that the offsets can be statically proven to be within array bounds. More details can be found in the unsafe review CL at https://crrev.com/c/5350386. This crate has been added to Chromium in https://crrev.com/c/3891618. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.unicode-linebreak]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.1.5" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. Version `0.1.2` of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb The CL description contains a link to a Google-internal document with audit details. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.unicode-normalization]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.22" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-segmentation]] who = "Android Legacy" criteria = "safe-to-run" version = "1.7.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-segmentation]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-width]] who = "Android Legacy" criteria = "safe-to-run" version = "0.1.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-width]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-width]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.11" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.unicode-xid]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-xid]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-xid]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.2.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unicode-xid]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] delta = "0.1.0 -> 0.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.unindent]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.1.10" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.uninit]] who = "Howard Yang " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.url]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.5.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.5.0 -> 0.7.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd]] who = "Shintaro Kawamura " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.0 -> 0.8.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd-sys]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd-sys]] who = "Dennis Kempin " criteria = ["safe-to-deploy", "does-not-implement-crypto"] delta = "0.4.2 -> 0.5.0" notes = "First party code managed by Googlers on github" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.userfaultfd-sys]] who = "Dennis Kempin " criteria = ["safe-to-deploy", "does-not-implement-crypto"] delta = "0.4.2 -> 0.5.0" notes = "First party code, managed by Googlers on GitHub" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.utf8parse]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.utf8parse]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] version = "0.2.1" notes = "Reviewed on https://fxrev.dev/904811" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" [[audits.utf8parse]] who = "Augie Fackler " criteria = "ub-risk-3" version = "0.2.1" notes = "Reviewed in CL 559131770" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.uuid]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.3.0" notes = "Randomness and hashing involved in UUID generation is sourced from other crates." aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.vcell]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.vcpkg]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.version_check]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.vfio-bindings]] who = "Taylor Cramer " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.3.1" notes = "Reviewed in CL 545971960" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vfio-ioctls]] who = "Ben Saunders " criteria = ["ub-risk-2", "does-not-implement-crypto"] version = "0.1.0" notes = "Reviewed in CL 545971961" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vhost]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.7.0" notes = "Reviewed in CL 546255068" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vhost]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "0.8.0" notes = """ Reviewed in CL 559359624 Issues found: - https://github.com/rust-vmm/vhost/pull/184 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vhost]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.8.1" notes = "Reviewed in CL 559359624" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vhost-user-backend]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.10.1" notes = "Reviewed in CL 559122379" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.virtio]] who = "Taylor Cramer " criteria = "ub-risk-1" version = "0.2.1" notes = "Reviewed in CL 557159752" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.virtiofsd]] who = "Manish Goregaokar " criteria = ["ub-risk-3", "does-not-implement-crypto"] version = "1.6.1" notes = """ Reviewed in CL 548811972 Issues found: - https://gitlab.com/virtio-fs/virtiofsd/-/issues/113 (only an issue for library users) """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vm-memory]] who = "Manish Goregaokar " criteria = "ub-risk-3" version = "0.12.1" notes = """ Reviewed in CL 556862067 Issues found: - https://github.com/rust-vmm/vm-memory/issues/250 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.vm-memory]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.12.1" notes = """ Reviewed in CL 556862067 Issues from previous review fixed """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.void]] who = "George Burgess IV " criteria = ["does-not-implement-crypto", "rule-of-two-safe-to-deploy"] version = "1.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.volatile-register]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.vsock]] who = "Dennis Kempin " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.0" notes = """ The crate provides a simple wrapper to mimick the TcpListener/TcpStream APIs with vsock sockets. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.vte]] who = "Manish Goregaokar " criteria = "ub-risk-4" version = "0.12.0" notes = """ Reviewed in CL 579243289 Issues found: - https://github.com/alacritty/vte/pull/102 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.walkdir]] who = "Android Legacy" criteria = "safe-to-run" version = "2.3.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.walkdir]] who = "Android Legacy" criteria = "safe-to-run" version = "2.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.want]] who = "ChromeOS" criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.which]] who = "Android Legacy" criteria = "safe-to-run" version = "3.1.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.which]] who = "Android Legacy" criteria = "safe-to-run" version = "4.0.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.winapi]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.9" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.winapi-util]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.6" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.winnow]] who = "Taylor Cramer " criteria = "ub-risk-2" version = "0.5.19" notes = "Reviewed in CL 581220347" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.wycheproof]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.wyz]] who = "ChromeOS" criteria = "safe-to-run" version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.xattr]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.xxhash-rust]] who = "Taylor Cramer " criteria = "ub-risk-4" version = "0.8.6" notes = """ Reviewed in CL 552861145 Many internal functions that are `unsafe` to call are not marked `unsafe`. See https://github.com/DoumanAsh/xxhash-rust/issues/29 """ aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.xz2]] who = "Bastian Kersting " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.7" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.7.0-alpha.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.0-alpha.1 -> 0.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.0-alpha.1 -> 0.6.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.0-alpha.1 -> 0.7.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.8 -> 0.7.32" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy-derive]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.2" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy-derive]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.3.2 -> 0.7.8" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy-derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.8 -> 0.6.6" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerocopy-derive]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.7.8 -> 0.7.32" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zerotrie]] who = "Manish Goregaokar " criteria = "ub-risk-2" version = "0.1.2" notes = "Reviewed in https://github.com/unicode-org/icu4x/pull/2722/" aggregated-from = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml" [[audits.zstd]] who = "Matt Turner " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.13.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zstd-safe]] who = "Matt Turner " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "7.0.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.zstd-sys]] who = "Matt Turner " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "2.0.9+zstd.1.5.5" notes = "Includes an implementation of xxhash (a non-cyptographic hashing function) as part of the zstd C sources" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"