[[wildcard-audits.audio_thread_priority]] who = "Paul Adenot " criteria = "safe-to-deploy" user-id = 1258 start = "2019-05-09" end = "2026-02-01" notes = """ I've written most of this crate, the rest has been either written and in any case has been reviewed by Mozilla developers. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.authenticator]] who = "John M. Schanck " criteria = "safe-to-deploy" user-id = 175410 start = "2022-11-15" end = "2026-09-25" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.bhttp]] who = "Martin Thomson " criteria = "safe-to-deploy" user-id = 128763 start = "2022-08-04" end = "2026-02-01" notes = "Though the code is safe to run and deploy, the code for processing HTTP/1.1 messages (the `read-http` feature, specifically) is not suited for deployment in real applications, either clients or servers. Some features necessary for live deployment are not implemented, such as the proper handling of some types of response (e.g., a response to a HEAD request). Software that processes HTTP/1.1 messages requires a large number of compatibility tweaks if it is to be deployed interoperably. This feature only exists to support basic validation tools and is unlikely to be widely compatible." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.breakpad-symbols]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 72814 start = "2022-11-30" end = "2026-02-01" notes = "This crate is written and maintained by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cachemap2]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 106639 start = "2023-03-21" end = "2025-02-28" notes = "This crate is written and solely maintained by a mozilla employee." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cexpr]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" user-id = 3788 start = "2021-06-21" end = "2024-04-21" notes = "No unsafe code, rather straight-forward parser." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.chardetng]] who = "Henri Sivonen " criteria = "safe-to-deploy" user-id = 4484 start = "2019-06-12" end = "2026-08-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.chardetng_c]] who = "Henri Sivonen " criteria = "safe-to-deploy" user-id = 4484 start = "2019-12-05" end = "2026-08-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.clubcard]] who = "John M. Schanck " criteria = "safe-to-deploy" user-id = 175410 start = "2024-10-01" end = "2025-10-01" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.clubcard-crlite]] who = "John M. Schanck " criteria = "safe-to-deploy" user-id = 175410 start = "2024-10-01" end = "2025-10-01" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cocoa]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-07-23" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cocoa]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2022-11-01" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cocoa-foundation]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2020-07-20" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.cocoa-foundation]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2023-03-16" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-foundation]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-11-12" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-foundation]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2019-03-29" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-11-12" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2020-10-14" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-graphics]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-10-28" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-graphics]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2020-12-08" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-graphics-types]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2020-07-20" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-text]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-03-29" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.core-text]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2021-02-14" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.dogear]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 27901 start = "2019-03-04" end = "2024-05-05" notes = "Lina developed this crate as Mozilla staff." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.encoding_rs]] who = "Henri Sivonen " criteria = "safe-to-deploy" user-id = 4484 start = "2019-02-26" end = "2025-10-23" notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.etagere]] who = "Nicolas Silva " criteria = "safe-to-deploy" user-id = 1281 start = "2020-11-12" end = "2025-06-01" notes = "I am the author of this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.euclid]] who = "Nicolas Silva " criteria = "safe-to-deploy" user-id = 1281 start = "2019-03-14" end = "2027-01-15" notes = "I wrote most of the commits in the euclid reprository and review every change that is not produced by me." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.framehop]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 20227 start = "2022-03-12" end = "2026-02-01" notes = "This crate is written and solely maintained by a mozilla employee." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.freetype]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2020-02-28" end = "2023-05-04" renew = false notes = "All code written or reviewed by Mozilla staff." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.gleam]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 1039 start = "2019-03-01" end = "2023-05-04" renew = false notes = "All code written or reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.gleam]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-03-18" end = "2023-05-04" renew = false notes = "All code written or reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.gleam]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 5946 start = "2023-04-21" end = "2023-05-04" renew = false notes = "All code written or reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.glean]] who = "Chris H-C " criteria = "safe-to-deploy" user-id = 48 start = "2020-11-10" end = "2026-02-01" notes = "The Glean SDKs are maintained by the Glean Team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.glean]] who = "Travis Long " criteria = "safe-to-deploy" user-id = 66068 start = "2024-02-12" end = "2026-02-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.glean-core]] who = "Chris H-C " criteria = "safe-to-deploy" user-id = 48 start = "2019-09-24" end = "2026-02-01" notes = "The Glean SDKs are maintained by the Glean Team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.glean-core]] who = "Travis Long " criteria = "safe-to-deploy" user-id = 66068 start = "2020-07-10" end = "2026-02-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.glslopt]] who = "Jamie Nicol " criteria = "safe-to-deploy" user-id = 84794 start = "2020-04-07" end = "2025-08-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.hawk]] who = "Ryan Safaeian " criteria = "safe-to-deploy" user-id = 158511 start = "2022-05-05" end = "2026-04-24" notes = "Hawk is written and maintained by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.io-surface]] who = "Bobby Holley " criteria = "safe-to-deploy" user-id = 2396 start = "2019-07-23" end = "2023-05-04" renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.jsonschema-valid]] who = "Jan-Erik Rediger " criteria = "safe-to-run" user-id = 48 start = "2020-02-26" end = "2026-01-13" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.macho-unwind-info]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 20227 start = "2022-01-31" end = "2026-02-01" notes = "This crate is written and solely maintained by a mozilla employee." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.marionette]] who = "Henrik Skupin " criteria = "safe-to-run" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.minidump]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 72814 start = "2022-11-30" end = "2026-02-01" notes = "This crate is written and maintained by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.minidump-common]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 72814 start = "2022-11-30" end = "2026-02-01" notes = "This crate is written and maintained by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.minidump-unwind]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 72814 start = "2023-05-17" end = "2026-02-01" notes = "This crate is written and maintained by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.mozdevice]] who = "Henrik Skupin " criteria = "safe-to-run" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.mozprofile]] who = "Henrik Skupin " criteria = "safe-to-deploy" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.mozrunner]] who = "Henrik Skupin " criteria = "safe-to-deploy" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.mozversion]] who = "Henrik Skupin " criteria = "safe-to-run" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.mtu]] who = "Max Leonard Inden " criteria = "safe-to-deploy" user-id = 83100 start = "2025-01-29" end = "2026-09-24" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.nss-gk-api]] who = "John M. Schanck " criteria = "safe-to-deploy" user-id = 175410 start = "2022-11-14" end = "2024-06-20" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.ohttp]] who = "Martin Thomson " criteria = "safe-to-deploy" user-id = 128763 start = "2022-08-04" end = "2026-02-01" notes = "This code contains two cryptographic back ends. No unsafe code is contained if the Rust `hpke` crate is used (the `rust-hpke` feature). Using NSS (the `nss` feature) involves extensive use of bindings to the native code provided by NSS. This interface uses wrappers that attempt to add safety to a fundamentally very dangerous library, but those wrappers have only been validated for use following the needs of this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.pe-unwind-info]] who = "Alex Franchuk " criteria = "safe-to-deploy" user-id = 106639 start = "2023-07-25" end = "2026-11-13" notes = "This crate is written and solely maintained by a mozilla employee." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.qcms]] who = "Jeff Muizelaar " criteria = "safe-to-deploy" user-id = 5946 start = "2020-11-05" end = "2025-01-09" notes = "Maintained by the Graphics team at Mozilla in mozilla-central." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.rust_cascade]] who = "Dana Keeler " criteria = "safe-to-deploy" user-id = 57462 start = "2019-11-15" end = "2024-04-24" notes = "Written and maintained by the security engineering team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.unicode-normalization]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 start = "2019-11-06" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.unicode-segmentation]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 start = "2019-05-15" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.unicode-width]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 start = "2019-12-05" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.unicode-xid]] who = "Manish Goregaokar " criteria = "safe-to-deploy" user-id = 1139 start = "2019-07-25" end = "2026-02-01" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2021-11-22" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_bindgen]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2021-11-22" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_build]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2021-11-22" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_checksum_derive]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_checksum_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-12-16" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_checksum_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_checksum_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2023-11-20" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_checksum_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_core]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2023-06-21" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2023-11-20" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_internal_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2025-03-18" end = "2026-03-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_internal_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2025-02-06" end = "2026-03-14" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_macros]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2021-11-22" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_meta]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2022-09-13" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-08-31" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-08-31" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2023-11-20" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2022-09-13" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_pipeline]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2021-10-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_pipeline]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2025-10-08" end = "2027-01-14" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_testing]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_testing]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-12-16" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_testing]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2022-05-05" end = "2026-07-02" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_testing]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2023-11-20" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_testing]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2023-01-27" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_udl]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" user-id = 127697 start = "2023-10-18" end = "2026-02-01" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.uniffi_udl]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 111105 start = "2023-11-20" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.uniffi_udl]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2023-10-18" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.utf8_iter]] who = "Makoto Kato " criteria = "safe-to-deploy" user-id = 4484 start = "2022-04-19" end = "2024-06-16" notes = "Maintained by Henri Sivonen who works at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.webdriver]] who = "Henrik Skupin " criteria = "safe-to-deploy" user-id = 22262 start = "2020-11-03" end = "2026-02-01" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[wildcard-audits.weedle2]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 127697 start = "2022-06-16" end = "2026-03-14" notes = "Maintained by Mozilla" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.wr_malloc_size_of]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2025-04-11" end = "2026-04-11" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[wildcard-audits.zeitstempel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" user-id = 48 start = "2021-03-03" end = "2026-07-02" notes = "Maintained by me" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [audits] objc = [] [[audits.aa-stroke]] who = "Lee Salzman " criteria = "safe-to-deploy" version = "0.1.0" notes = "Written and maintained by Gfx team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.adler2]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ahash]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.6 -> 0.7.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ahash]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.7 -> 0.8.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.aho-corasick]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.18 -> 0.7.20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.allocator-api2]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.2.18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.allocator-api2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.20 -> 0.2.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.alsa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.3 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.alsa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.alsa]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.9.1" notes = "Most changes are safe and related to error handling, new unsafe blocks and ioctl() calls appear sound." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android-tzdata]] who = "Mark Hammond " criteria = "safe-to-deploy" version = "0.1.1" notes = "Small crate parsing a file. No unsafe code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_logger]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.11.0" notes = "Small crate, wrapping Android log functionality, reviewed by janerik" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_logger]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.11.1" notes = "Small crate, wrapping Android log functionality, now switched to properly using MaybeUninit" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_logger]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.11.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_logger]] who = "Chris H-C " criteria = "safe-to-deploy" delta = "0.11.3 -> 0.12.0" notes = "Small wrapper crate. This update fixes log level filtering." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.1.2" notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_system_properties]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.android_system_properties]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.any_all_workaround]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.1.0" notes = "The little code that is in this crate I reviewed and modified from packed_simd (which has previously been vendored in full instead of just this small part)." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.57 -> 1.0.61" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "1.0.58 -> 1.0.57" notes = "No functional differences, just CI config and docs." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.61 -> 1.0.62" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.62 -> 1.0.68" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.68 -> 1.0.69" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.anyhow]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.71 -> 1.0.95" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.app_units]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.7.1" notes = """ I'm pretty familiar with this crate. It provides a fixed-point numeric type. The code is pretty straight-forward, there's no unsafe code at all. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.app_units]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.7.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.app_units]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.7.2" notes = "Adding repr(transparent) plus a couple minor clean-ups, no functional changes from 0.7.1." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.app_units]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.7.3 -> 0.7.8" notes = "Relatively minor changes, no unsafety, only minor rounding API additions, malloc-size-of integration, tests, and formatting." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.0 -> 1.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.1 -> 1.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.3 -> 1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.2.0 -> 1.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arraydeque]] who = "Lars Eggert " criteria = "safe-to-deploy" version = "0.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arraystring]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.arrayvec]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.2 -> 0.7.6" notes = "Manually verified new unsafe pointer arithmetic." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.as-slice]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ascii]] who = "Glenn Watson " criteria = "safe-to-deploy" version = "1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ash]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.37.0+1.3.209 -> 0.37.1+1.3.235" notes = """ Nicolas Silva, Jim Blandy, and Teodor Tanasoaia audited ash master branch commits from e43e9c0c to 6bd82768 inclusive. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ash]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.37.1+1.3.235 -> 0.37.2+1.3.238" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ash]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.37.2+1.3.238 -> 0.37.3+1.3.251" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ash]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.37.3+1.3.251 -> 0.38.0+1.3.281" notes = """ There are many sweeping changes to code generation that make this review intimidating, at first. However, I have audited all hand-written code, and vetted changes to the code generator (with some auditing of generated output to ensure correspondence to my mental model). Vulkan is an inherently unsafe API, but this crate makes many of the preparatory steps for calling Vulkan APIs safer and easier to use. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ashmem]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.1.2" notes = """ Small unsafe wrapper around Android 8.0's ASharedMemory native API that falls back to older private ioctl-based API at runtime on earlier OS releases. The shim code is small and doesn't inspect the API arguments, so is unlikely to expose any safety issues beyond those presented by the native OS API. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.askama]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.11.1" notes = """ Just contains some traits and re-exports for use by a broader package of related crates. No unsafe code or ambient capability usage. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.askama]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.13.1" notes = """ Template crate. This is only used to generate the Rust/JS code for UniFFI. We used to use askama, then we switched to rinja which was a fork. Now rinja and askama have merged again. The differences from askama 0.12, are pretty straightforward and don't seem risky to me. There's some unsafe code and macros, but nothing that complicated. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.askama]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.12.0" notes = "No new unsafe usage, mostly dependency updates and smaller API changes" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.askama]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.13.1 -> 0.14.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.askama_derive]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.13.1" notes = """ Template crate. This is only used to generate the Rust/JS code for UniFFI. We used to use askama, then we switched to rinja which was a fork. Now rinja and askama have merged again. I did a quick scan of the current code and couldn't find any issues. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.askama_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.2 -> 0.12.1" notes = "Dependency updates, a new toml dependency and some API changes. No unsafe use." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.askama_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.13.1 -> 0.14.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.askama_parser]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.13.0" notes = """ Template crate. This is only used to generate the Rust/JS code for UniFFI. We used to use askama, then we switched to rinja which was a fork. Now rinja and askama have merged again. I did a quick scan of the current code and couldn't find any issues. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.askama_parser]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.14.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.async-task]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "4.0.3 -> 4.0.3@git:f6488e35beccb26eb6e85847b02aa78a42cd3d0e" notes = "Recorded by bholley, confirmed over slack." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.async-task]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "4.0.3 -> 4.3.0" notes = "Main addition is the new FallibleTask type, which I implemented. No risky unsafe code changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.async-trait]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.56 -> 0.1.57" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.async-trait]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.57 -> 0.1.60" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.async-trait]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.60 -> 0.1.64" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.atomic_refcell]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.8" notes = "I maintain this crate and have reviewed every line." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.atomic_refcell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.8 -> 0.1.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.audio-mixer]] who = "Chun-Min Chang " criteria = "safe-to-deploy" version = "0.1.2" notes = "audio-mixer is a Mozilla-developed package." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.audio-mixer]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.audio-mixer]] who = "Paul Adenot " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.2.0" notes = "(I wrote all of this code)" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.authenticator]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "0.4.0-alpha.13" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.authenticator]] who = "John M. Schanck " criteria = "safe-to-deploy" delta = "0.4.0-alpha.24 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.autocfg]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.1.0" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.backtrace]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.3.66 -> 0.3.65" notes = "Only changes were to the miri backend, which will be checked" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.base16]] who = "Ryan Safaeian " criteria = "safe-to-deploy" version = "0.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.base64]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.13.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.base64-stream]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "1.2.7" notes = """ The crate is fairly straightforward. There are a few unsafe blocks to elide bounds-checking when copying data, but I have manually verified that the unsafe blocks will always have lengths within bounds of source and destination pointers. Some `debug_assert!`s document and check these invariants as well (though there could be more). """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.basic-toml]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.1.2" notes = "TOML parser, forked from toml 0.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.basic-toml]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.9" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.bindgen]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.59.2" notes = "I'm the primary author and maintainer of the crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.59.2 -> 0.63.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.63.0 -> 0.64.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.64.0 -> 0.66.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.66.1 -> 0.68.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.68.1 -> 0.69.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.69.1 -> 0.69.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.69.2 -> 0.69.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bindgen]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.69.4 -> 0.72.0" notes = "I'm the primary maintainer of this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.5.2" notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-set]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-set]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-set]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-vec]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-vec]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.6.3 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bit-vec]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "1.3.2 -> 2.0.2" notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "2.0.2 -> 2.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "2.2.1 -> 2.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.3.3 -> 2.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = [ "Teodor Tanasoaia ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "2.6.0 -> 2.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bitflags]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "2.9.0 -> 2.9.1" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.bitflags]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.4.0 -> 2.4.1" notes = "Only allowing new clippy lints" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.bitreader]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.7 -> 0.3.6" notes = "No material changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.block2]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.6.2" notes = "Contains unsafe code to interoperate with the ObjC runtime." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.borsh]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.5.7" notes = "Uses of unsafe are limited to safe use-cases." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.build-parallel]] who = "Jeff Muizelaar " criteria = "safe-to-deploy" version = "0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bumpalo]] who = "Bobby Holley " criteria = "safe-to-run" delta = "3.9.1 -> 3.10.0" notes = """ Some nontrivial functional changes but certainly meets the no-malware bar of safe-to-run. If we needed safe-to-deploy for this in m-c I'd ask Nick to re- certify this version, but we don't, so this is fine for now. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bumpalo]] who = "Mike Hommey " criteria = "safe-to-run" delta = "3.11.1 -> 3.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bytemuck_derive]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.9.2 -> 1.9.3" notes = "Just a Rust MSRV bump." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.1.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.2.1 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.3.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.bytes]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.9.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.calendrical_calculations]] who = "André Bargull " criteria = "safe-to-deploy" version = "0.1.0" notes = "This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.calendrical_calculations]] who = "André Bargull " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.calendrical_calculations]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.calendrical_calculations]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.camino]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.9 -> 1.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.camino]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.1.1 -> 1.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.camino]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "1.1.4 -> 1.1.2" notes = "Older version, just lacks a few APIs and tests from the newer version." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.camino]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.1.4 -> 1.1.9" notes = "No new unsafe code, some cleanup and a new function added" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.canonical_json]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.5.0" notes = "Maintained by the Mozilla developers." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cargo-config2]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.1.27" notes = """ Contains no unsafe code and does not appear to abuse any powerful capabilities such as filesystem access. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.cargo-platform]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.cargo_metadata]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.15.2" notes = "I reviewed the whole code base. Parser for the output of cargo-metadata, relying mostly on serde. No unsafe code used." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cargo_metadata]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.15.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cargo_metadata]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.14.2 -> 0.15.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.cargo_metadata]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.19.2 -> 0.20.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.cc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.73 -> 1.0.78" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.89 -> 1.2.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.2.10 -> 1.2.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.2.11 -> 1.2.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.2.12 -> 1.2.16" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.2.16 -> 1.2.30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cc]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.78 -> 1.0.83" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.cfg_aliases]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.1" notes = "Very minor changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cgl]] who = "Sotaro Ikeda " criteria = "safe-to-deploy" version = "0.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chardetng]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.1.9" notes = "I, Henri Sivonen, wrote this (safe-code-only) crate for Gecko even though the crate is published via crates.io." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chardetng]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.1.9 -> 0.1.9@git:3484d3e3ebdc8931493aa5df4d7ee9360a90e76b" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chardetng_c]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.1.2" notes = "I, Henri Sivonen, wrote this crate for Gecko even though it is published via crates.io. The buffer input assumes Rust slice constraints for the start pointer. In Gecko, this is taken care of by mozilla::Span, but the C API doesn't conform to idiomatic C constraints on this point." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chardetng_c]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.2@git:ed8a4c6f900a90d4dbc1d64b856e61490a1c3570" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chrono]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.4.19 -> 0.4.40" notes = "Significant refactor of both implementation and dependencies." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chrono]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.4.41 -> 0.4.42" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.chrono]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.4.40 -> 0.4.41" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.chunked_transfer]] who = "Glenn Watson " criteria = "safe-to-deploy" delta = "1.4.1 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.circular]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.3.0" notes = "No dependencies. Unsafe code is necessary to provide functionality and was manually verified to be correct." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clang-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.3.3 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clang-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clang-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.6.0 -> 1.7.0" notes = """ Adds several new symbols for Clang versions 11.0, 12.0, 16.0, and 17.0, conditionally enabled based on Cargo feature flags. Some other minor internal refactors were implemented that shouldn't change functionality otherwise. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clap-verbosity-flag]] who = "Kershaw Chang " criteria = "safe-to-run" version = "2.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clap-verbosity-flag]] who = "Max Inden " criteria = "safe-to-run" delta = "2.2.0 -> 3.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clap_lex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clap_lex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clubcard]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "0.3.1" notes = "This crate is maintained by the CryptoEng team at Mozilla and it contains no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.clubcard-crlite]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "0.2.1" notes = "This crate is maintained by the CryptoEng team at Mozilla and it contains no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.codespan-reporting]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.comedy]] who = "Nick Alexander " criteria = "safe-to-deploy" version = "0.2.0" notes = """ The comedy crate was written by Adam Gashlin for Mozilla's use. The entire comedy 0.2.0 crate is full of `unsafe` code and makes many assumptions about memory and layout, but there is no particular processing of untrusted input here. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cookie]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.16.0 -> 0.16.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-foundation]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.9.3 -> 0.9.4" notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-foundation]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.9.4 -> 0.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-foundation-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.6 -> 0.8.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-graphics]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.22.3 -> 0.23.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-graphics]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.23.1 -> 0.24.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-graphics-types]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-graphics-types]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-graphics-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-text]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "19.2.0 -> 20.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-text]] who = "Jonathan Kew " criteria = "safe-to-deploy" delta = "20.0.0 -> 20.1.0" notes = """ The bulk of the 20.0.0 -> 20.1.0 changes were purely cosmetic clippy and rustfmt changes. The only substantive change was the addition of wrappers to expose two additional Core Text APIs, the variants of CTFontCreateWithName and CTFontCreateWithFontDescriptor that accept a CTFontOptions parameter. These are directly parallel to the existing versions without CTFontOptions, and do not introduce any new forms of risk. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core-text]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "20.1.0 -> 21.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.core_maths]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coreaudio-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coreaudio-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.11 -> 0.2.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coreaudio-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.12 -> 0.2.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coreaudio-sys]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.2.13 -> 0.2.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coremidi]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.coremidi-sys]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "3.1.0 -> 3.2.0" notes = "Machine generated bindings, no unsafe or dangerous changes" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cose]] who = "Mathew Hodson " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.4@git:43c22248d136c8b38fe42ea709d08da6355cf04b" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cpufeatures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cpufeatures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cpufeatures]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.8" notes = "This release contains a single fix for an issue that affected Firefox" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crash-context]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.5.1" notes = "Mozilla employees contributed to this crate and the remaining code was fully audited" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crash-context]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.5.1 -> 0.6.0" notes = """ There are few changes. The main change is the removal of `winapi` in favor of manually-generated bindings (which are minimal). The few small bugfixes are sound. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crash-context]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crc32fast]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "1.3.2 -> 1.4.2" notes = "Minor, safe changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Glenn Watson " criteria = "safe-to-deploy" delta = "0.5.12 -> 0.5.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.5.7 -> 0.5.8" notes = "Reviewed the fix, previous versions indeed had were able to trigger a race condition" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.5.8 -> 0.5.11" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.5.11 -> 0.5.12" notes = "Minimal change fixing a memory leak." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.5.13 -> 0.5.14" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crossbeam-channel]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.5.14 -> 0.5.15" notes = "Fixes a regression from an earlier version which could lead to a double free" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crossbeam-deque]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.8.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.8 -> 0.9.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.10 -> 0.9.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-epoch]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.13 -> 0.9.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-queue]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.3.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.8 -> 0.8.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.11 -> 0.8.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-utils]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.8.19 -> 0.8.20" notes = "Minor changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-utils]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.8.20 -> 0.8.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crossbeam-utils]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.8.14 -> 0.8.19" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.crunchy]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.29.6" notes = """ I've reviewed or authored most of the recent changes to this library, and it was developed by other mozilla folks. Unsafe code there is reasonable (utf-8 casts for serialization and parsing). """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.29.6 -> 0.31.0" notes = """ All the changes in this release were authored by Mozilla staff, except the uninit_array stuff, which looks fine. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.31.0 -> 0.31.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.31.2 -> 0.32.0" notes = "All changes were either authored or reviewed by Mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.32.0 -> 0.33.0" notes = """ Mozilla authored. Breaking changes from 0.32 involve splitting color APIs into their own crate and removing an unused line number offset mechanism. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.33.0 -> 0.33.0@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0" notes = "Only one minimal change exposing a previously-private enumeration." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.33.0 -> 0.34.0" notes = "I'm the publisher of the crate, and either myself or other Mozilla folks have been authors or reviewers of all the changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.34.0 -> 0.35.0" notes = "All non-trivial changes authored or reviewed by Mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.35.0 -> 0.35.0@git:71b7cfe6f1cd85427ca905a41be31ca9f6af29a5" notes = "Only dependency bumps and one trivial change with no unsafe change." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser]] who = "Diego Escalante " criteria = "safe-to-deploy" delta = "0.35.0 -> 0.36.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser-color]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.1.0" notes = "This code used to live in cssparser's color module. Only moved out. Mozilla-authored." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser-macros]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.6.0" notes = """ Trivial crate with a single proc macro to compute the max length of the inputs to a match expression. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser-macros]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cssparser-macros]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.6.1 -> 0.6.1@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0" notes = "No changes from already-certified upstream, but needed because it lives in the same git repo as the cssparser crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cstr]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.2.10" notes = """ I've reviewed the code of the crate thoroughly. It generates an unsafe block which is statically guaranteed to be safe. Inputs to the macro have to be static so there's no uncontrolled input whatsoever. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cstr]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ctor]] who = "Jan-Erik Rediger " criteria = "safe-to-run" delta = "0.1.26 -> 0.2.2" notes = "Dependency updates only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.ctor]] who = "Jan-Erik Rediger " criteria = "safe-to-run" delta = "0.2.2 -> 0.2.4" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.ctor]] who = "Jan-Erik Rediger " criteria = "safe-to-run" delta = "0.2.4 -> 0.2.9" notes = "Minimal changes around cfg parameters and fixing one bug breaking compilation on newest Rust" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.cubeb]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.10.1" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb]] who = "Chun-Min Chang " criteria = "safe-to-deploy" delta = "0.30.1 -> 0.32.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.10.1" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Paul Adenot " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-backend]] who = "Chun-Min Chang " criteria = "safe-to-deploy" delta = "0.30.1 -> 0.32.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.10.1" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Paul Adenot " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.4 -> 0.10.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-core]] who = "Chun-Min Chang " criteria = "safe-to-deploy" delta = "0.30.1 -> 0.32.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Matthew Gregan " criteria = "safe-to-deploy" version = "0.10.1" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Paul Adenot " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" notes = """ Mozilla-developed package. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.10.7 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Andreas Pehrson " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cubeb-sys]] who = "Chun-Min Chang " criteria = "safe-to-deploy" delta = "0.30.1 -> 0.32.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.cvt]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.d3d12]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.4.1 -> 0.5.0" notes = "The commits between 0.4.1 and 0.5.0 were all audited by Dzmitry Malyshau or myself." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.d3d12]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.5.0 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.d3d12]] who = [ "Erich Gubler ", "Jim Blandy ", "Nicolas Silva ", "Erich Gubler ", "Teodor Tanasoaia ", ] criteria = "safe-to-deploy" delta = "0.7.0 -> 0.19.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.d3d12]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.19.0 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.d3d12]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.20.0 -> 22.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.4 -> 0.14.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.2 -> 0.14.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.3 -> 0.20.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.20.1 -> 0.20.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.4 -> 0.14.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.2 -> 0.14.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.3 -> 0.20.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_core]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.20.1 -> 0.20.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.4 -> 0.14.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.2 -> 0.14.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.3 -> 0.20.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.darling_macro]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.20.1 -> 0.20.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.data-encoding]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.3.2 -> 2.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.debug_tree]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.debugid]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.8.0" notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.deranged]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.3.11" notes = """ This crate contains a decent bit of `unsafe` code, however all internal unsafety is verified with copious assertions (many are compile-time), and otherwise the unsafety is documented and left to the caller to verify. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.deranged]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.11 -> 0.4.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.derive_arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.0 -> 1.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.derive_arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.1 -> 1.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.derive_arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.1.3 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.derive_arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.2.1 -> 1.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.derive_arbitrary]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.3.0 -> 1.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.derive_more]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.99.17 -> 1.0.0-beta.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.devd-rs]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.4 -> 0.3.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.devd-rs]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.5 -> 0.3.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.digest]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.5.2" notes = "This crate is FFI wrapper generator using by ICU4X ffi libraries. This uses unsafe code to convert paramenters, I have reviewed this and generated headers." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.5.2" notes = "This crate is FFI wrapper generator runtime using by ICU4X ffi libraries. This uses unsafe code for memory access of FFI. I have reviewed carefully." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat-runtime]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.5.2" notes = "This crate contains unsafe code, no network and no file access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.diplomat_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dirs]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "4.0.0 -> 6.0.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.dirs-sys]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.3.7 -> 0.5.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.displaydoc]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.2.3" notes = """ This crate is convenient macros to implement core::fmt::Display trait. Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access. It meets the criteria for safe-to-deploy. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.displaydoc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.3 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dissimilar]] who = "Ben Dean-Kawamura " criteria = "safe-to-run" version = "1.0.10" notes = "dtolnay crate that will generate diffs for testing purposes. No IO or unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.doc-comment]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.3.3" notes = """ Trivial macro crate implementing a trick for expanding macros within doc comments on older versions of rustc. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.document-features]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.2.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.document-features]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.2.8 -> 0.2.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.document-features]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.document-features]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dogear]] who = "Sammy Khamis " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.0" notes = "The repository for this crate belongs in the Mozilla org." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dtoa-short]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dwrote]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.11.0" notes = "All code written or reviewed by Mozilla staff." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.dwrote]] who = "Jonathan Kew " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.11.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.6.1 -> 1.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.8.0 -> 1.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.either]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.6.1" notes = """ Straightforward crate providing the Either enum and trait implementations with no unsafe code. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.embed-manifest]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "1.4.0" notes = "Necessary dependencies, all environment variable access is for build script vars set by cargo." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.encoding_c]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.9.8" notes = "I, Henri Sivonen, wrote encoding_c for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/issues/79#issuecomment-1211870361" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.encoding_c_mem]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.2.6" notes = """ I, Henri Sivonen, wrote encoding_c_mem for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C ++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/i ssues/79#issuecomment-1211870361 """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.encoding_rs]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.8.31" notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.encoding_rs]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.31 -> 0.8.32" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enum-map]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "2.7.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enum-map-derive]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enum-primitive-derive]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enumset]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.11 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enumset]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.12 -> 1.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enumset_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.enumset_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.1 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.env_logger]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.9.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.env_logger]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.9.3 -> 0.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.errno]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.error-graph]] who = "Chris Martin " criteria = "safe-to-deploy" version = "0.1.1" notes = "This code was written and reviewed by Mozilla employees" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.expect-test]] who = "Ben Dean-Kawamura " criteria = "safe-to-run" version = "1.4.1" notes = """ Expectation testing/management library. This will read/write the Rust test files, but that's expected. It should only change string literals and any changes will be visible in code review. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.extend]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "1.1.2" notes = "Inspected the crate and noted that the impl block comes directly from the proc-macro input. If no new code can be added by this crate, I don't think there can be any issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.extend]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.1.2 -> 1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.failspot]] who = "Chris Martin " criteria = "safe-to-deploy" version = "0.2.0" notes = "This code was written and reviewed by Mozilla employees" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fallible_collections]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.4 -> 0.4.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fallible_collections]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.5 -> 0.4.6" notes = "The changes in this version are mine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fallible_collections]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.6 -> 0.4.9" notes = "Mostly soundness fixes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fallible_collections]] who = "Matthew Gregan " criteria = "safe-to-deploy" delta = "0.4.9 -> 0.5.1" notes = "Changes are largely removal of Rust < 1.57 support and dependency updates." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.8.0 -> 1.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fastrand]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fastrand]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "2.1.0 -> 2.1.1" notes = "Fairly trivial changes, no chance of security regression." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fd-lock]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "3.0.12 -> 3.0.13" notes = "Dependency updates only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.filetime_win]] who = "Nick Alexander " criteria = "safe-to-deploy" version = "0.2.0" notes = """ filetime_win was written by Adam Gashlin for Mozilla's use. The `unsafe` code blocks in filetime_win 0.2.0 are straight-forward invocations of `mem::zeroed` and expected invocations of Win32 APIs (with error handling as appropriate). """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.flagset]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "0.4.3" notes = "Uses no ambient capabilities, vetted the one instance of unsafe." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.flate2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.24 -> 1.0.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.flate2]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "1.0.28 -> 1.0.30" notes = "Some new unsafe code, however it has been verified and there are unit tests as well." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.flate2]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.25 -> 1.0.26" notes = "Few dep updates, internal refactorings" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.fluent]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" notes = "Style and dependency changes" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-bundle]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.15.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-bundle]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.16.0" notes = "Added support for NUMBER. Style and dependency changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-fallback]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-fallback]] who = "Greg Tatum " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-fallback]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.2" notes = "Style and dependency changes. removal of unsafe pin_cell module" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-langneg]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-pseudo]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-pseudo]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" notes = "Removal of unsafe code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-syntax]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-syntax]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" notes = "New serializer module does not use unsafe" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-testing]] who = "Zibi Braniecki " criteria = "safe-to-run" version = "0.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fluent-testing]] who = "Greg Tatum " criteria = "safe-to-run" delta = "0.0.2 -> 0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.foldhash]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.foreign-types]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.3.2 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.foreign-types-macros]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" version = "0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.foreign-types-shared]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.form_urlencoded]] who = "Valentin Gosu " criteria = "safe-to-deploy" version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.form_urlencoded]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.form_urlencoded]] who = "edgul " criteria = "safe-to-deploy" delta = "1.2.1 -> 1.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fs-err]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.7.0 -> 2.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fs-err]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.8.1 -> 2.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fs-err]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.9.0 -> 2.11.0" notes = "A single new function, doc updates" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.futures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-channel]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-channel]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-core]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-executor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-executor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-executor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-executor]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-executor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-io]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-io]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-io]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-io]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-io]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-macro]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-sink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-sink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-sink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-sink]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-sink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-task]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.21 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-util]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.futures-util]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.28 -> 0.3.27" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.fxhash]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.2.1" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.generic-array]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.14.5 -> 0.14.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Yannis Juglaret " criteria = "safe-to-deploy" delta = "0.2.8 -> 0.2.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Simon Friedberger " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.2.15 -> 0.3.1" notes = """ I've looked over all unsafe code, and it appears to be safe, fully initializing the rng buffers. In addition, I've checked Linux, Windows, Mac, and Android more thoroughly against API documentation. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.getrandom]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" notes = """ Biggest non-trivial change is a new UEFI back-end, which looks reasonable to the best of my ability: There's some trickiness on initialization but doesn't look unsafe, at worse it leaks, and it might not if the relevant pointers are static/non-owning. Other changes also look reasonable too: some tweaks to inlining and a syscall-based linux back-end, whose relevant unsafe code looks reasonable. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gimli]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.30.0" notes = """ Unsafe code blocks are sound. Minimal dependencies used. No use of side-effectful std functions. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gimli]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.29.0" notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gleam]] who = "Jamie Nicol " criteria = "safe-to-deploy" delta = "0.13.1 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gleam]] who = "Jamie Nicol " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.15.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.glob]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.glsl]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "6.0.1 -> 6.0.2" notes = "I'm the author of the changes in this version of the crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.glslopt]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.1.11 -> 0.1.12" notes = "Only a minor build tweak." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.5.4" notes = "Several bugfixes since 2019. This version is also in use by Mozilla's crash reporting tooling, e.g. minidump-writer" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.6.0" notes = "Mostly bug fixes and some added functionality" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "Fairly straightforward feature improvements." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Alexandre Lissy " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.1" notes = "Updating goblin to 0.8.1 that includes my fix for Elf SectionHeader parsing" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.8.2" notes = "Removes the TE feature/functionality, otherwise no meaningful changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.8.2 -> 0.9.2" notes = "Doesn't use any unsafe code, mostly parsing and arithmetic." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.goblin]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" notes = "MSRV bump, no unsafe changes" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.gpu-alloc]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-alloc-types]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-allocator]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.25.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-allocator]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.26.0" notes = "New Metal backend is written with no `unsafe`. New `unsafe` usage of DX12's platform APIs appear correct and safe. Otherwise, minimal changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-allocator]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.26.0 -> 0.27.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-allocator]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.28.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-descriptor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-descriptor]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.2.3 -> 0.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-descriptor]] who = "Andy Leiserson " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.gpu-descriptor-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.guid_win]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.2.0" notes = """ This crate has some unsafe code for the FFI bits, which I've reviewed carefully. It uses the deprecated mem::uninitialized(), which is generally sketchy. However the usage is pretty straightforward and while it's technically UB, it seems no more likely to lead to miscompilation than any other use of mem::uninitialized. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.h2]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.13 -> 0.3.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.h2]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.14 -> 0.3.15" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.half]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "1.8.2" notes = """ This crate contains unsafe code for bitwise casts to/from binary16 floating-point format. I've reviewed these and found no issues. There are no uses of ambient capabilities. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.half]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.8.2 -> 1.8.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.half]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.8.3 -> 2.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashbrown]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.15.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashbrown]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.15.5 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashlink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashlink]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.8.2" notes = "Only dependency changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashlink]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.9.1" notes = "New CursorMut struct and other relatively straight-forward changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashlink]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.9.1 -> 0.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hashlink]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.headers]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.7 -> 0.3.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.headers-core]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.2.0" notes = "Trivial crate, no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hermit-abi]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hex]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.home]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.5.3" notes = """ Crate with straightforward code for determining the user's HOME directory. Only unsafe code is used to invoke the Windows SHGetFolderPathW API to get the profile directory when the USERPROFILE environment variable is unavailable. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.home]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.5.11" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.http]] who = "Max Leonard Inden " criteria = "safe-to-deploy" version = "0.2.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.http]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.2.8 -> 0.2.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.httparse]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.7.1 -> 1.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hyper]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.14.19 -> 0.14.20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hyper]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.14.20 -> 0.14.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hyper]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.14.22 -> 0.14.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.hyper]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.14.23 -> 0.14.24" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.iana-time-zone]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.61 -> 0.1.63" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.iana-time-zone]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.63 -> 0.1.64" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar]] who = "André Bargull " criteria = "safe-to-deploy" version = "1.4.0" notes = "This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar]] who = "André Bargull " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar]] who = "Max Inden " criteria = "safe-to-deploy" delta = "1.5.1 -> 1.5.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.2 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar_data]] who = "André Bargull " criteria = "safe-to-deploy" version = "1.4.0" notes = "This crate is data only for icu_calendar. There is no filesystem / network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar_data]] who = "André Bargull " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_calendar_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_capi]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.2" notes = "This crate is C/C++ FFI for ICU4X using diplomat crate. no unsafe and no file access etc on this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_capi]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.2 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_capi]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_capi]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_capi]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_casemap]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_casemap]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_casemap]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_casemap_data]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_casemap_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collator]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" notes = "I authored the substantive upstream changes in this version delta." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collator_data]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "2.0.0" notes = "ZeroVec family datastructures are initialized from unchecked data, so soundness depends on databake having worked properly." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.0" notes = "This crate is used by ICU4X for internal data structure. There is no fileaccess and network access. This uses unsafe block, but we confirm data is valid before." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_collections]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" notes = "Adding methods have unsafe code for faster, but these have the commnet why this is safe." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale_core]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locale_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.0" notes = "This has unsafe block to handle ascii string in utf-8 string. I've vetted the one instance of unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid_transform]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.4.0" notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid_transform]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid_transform_data]] who = "Jonathan Kew " criteria = "safe-to-deploy" version = "1.4.0" notes = "Compile-time static for the icu_locid_transform crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_locid_transform_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "1.5.0" notes = "I, Henri Sivonen, am the principal author of this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer_data]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_normalizer_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties]] who = "Jonathan Kew " criteria = "safe-to-deploy" version = "1.4.0" notes = "This is used by ICU4X for character property lookup. The few (4) usages of unsafe have comments clarifying their safety." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties_data]] who = "Jonathan Kew " criteria = "safe-to-deploy" version = "1.4.0" notes = "Compile-time static data for the icu_properties crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_properties_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.1 -> 2.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.0" notes = "Although this has unsafe block, this has a commnet why this is safety and I audited code. Also, this doesn't have file access and network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_adapters]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.0" notes = "This is one of ICU4X data provider crates that depends on data type. This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_adapters]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_adapters]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_adapters]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_adapters]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_macros]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.0" notes = "This crate is macros for ICU4X's data provider implementer. This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_macros]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.0@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_macros]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_provider_macros]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.2.1" notes = "Original authors are Makoto Kato and Ting-Yu Lin who work at Mozilla. This crate uses unsafe to matrix calculation, but it is safety to check length. And there is no filesystem / network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.1 -> 1.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter_data]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "1.4.0" notes = "This crate is data only for icu_segmenter. There is no filesystem / network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_segmenter_data]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_time]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0-beta2 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.icu_time]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "2.0.0 -> 2.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.2.3" notes = "Backwards diff with some algorithm changes, no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "0.5.0 -> 1.0.2" notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna]] who = "edgul " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna_adapter]] who = "Valentin Gosu " criteria = "safe-to-deploy" version = "1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna_adapter]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.idna_adapter]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.indexmap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.8.2 -> 1.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.indexmap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.1 -> 1.9.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.indexmap]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.2.6 -> 2.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.indexmap]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.2.6 -> 2.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.indexmap]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "2.8.0 -> 2.11.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.indexmap]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.8.0 -> 2.9.0" notes = "Doc update, a new API, one carefully annotated unsafe code block with all preconditions checked" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.inherent]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.inherent]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.inherent]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.inherent]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.5 -> 1.0.7" notes = "Dependency updates only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.inherent]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.7 -> 1.0.9" notes = "Dependency updates" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.inplace_it]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.intl-memoizer]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.intl-memoizer]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.5.1 -> 0.5.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.intl_pluralrules]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "7.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.intl_pluralrules]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "7.0.1 -> 7.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.is-docker]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.2.0" notes = "Fairly straightforward checking of /.dockerenv and /proc/self/cgroup" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.is-wsl]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.4.0" notes = "Straightforward checking of procfs for the string \"microsoft\"" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.is_ci]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.1.1" notes = "Trivial crate which checks the environment for specific environment variables" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.itertools]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.itoa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.2 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.itoa]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ixdtf]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ixdtf]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.0 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jexl-eval]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.0" notes = "This crate doesn't contain any unsafe code or IO usage." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jexl-eval]] who = "Tif Tran " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jexl-parser]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.0" notes = "This crate doesn't contain any unsafe code or IO usage." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jexl-parser]] who = "Tif Tran " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jobserver]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.24 -> 0.1.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.jobserver]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.1.32 -> 0.1.33" notes = "No unsafe added, only non-trivial change is switching to the getrandom crate on Windows." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.js-sys]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.76 -> 0.3.77" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.keccak]] who = "Simon Friedberger " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.khronos-egl]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "4.1.0 -> 6.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.lalrpop-util]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.19.12" notes = """ This crate doesn't contain any unsafe code or IO usage. Also, it's written by Niko Matsakis. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.leak]] who = "Sotaro Ikeda " criteria = "safe-to-deploy" version = "0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.leaky-cow]] who = "Sotaro Ikeda " criteria = "safe-to-deploy" version = "0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.126 -> 0.2.132" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.132 -> 0.2.138" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.138 -> 0.2.139" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.147 -> 0.2.148" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.2.154 -> 0.2.158" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.2.171 -> 0.2.176" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libc]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.2.141 -> 0.2.146" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.libcrux-hacl-rs]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libcrux-macros]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libcrux-p256]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libcrux-sha2]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libcrux-traits]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libloading]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.3 -> 0.7.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libloading]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.7.4 -> 0.8.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libloading]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.3 -> 0.8.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libm]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.2.6" notes = "This crate uses unsafe block, but this doesn't have network and file access. I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libsqlite3-sys]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.25.2 -> 0.26.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libsqlite3-sys]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.26.0 -> 0.27.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libsqlite3-sys]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.28.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libsqlite3-sys]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.28.0 -> 0.31.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libsqlite3-sys]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.31.0 -> 0.35.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.libz-rs-sys]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.1 -> 0.4.2" notes = "Only documentation changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.linked-hash-map]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.5.4" notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.linked-hash-map]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.6" notes = "New unsafe code has debug assertions and meets invariants. All other changes are formatting-related." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.linked-hash-map]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.5.4 -> 0.5.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.litemap]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.7.0" notes = "This crete has no unsafe code, no file acceess and no network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.litemap]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.litemap]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.2 -> 0.7.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.litemap]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.litrs]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "0.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.lmdb-rkv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.14.0" notes = "Victor and Myk developed this crate at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.lock_api]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.7 -> 0.4.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.log]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.4.17 -> 0.4.18" notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.log]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" delta = "0.4.18 -> 0.4.20" notes = "Only cfg attribute and internal macro changes and module refactorings" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mach2]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.macro_rules_attribute]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.macro_rules_attribute-proc_macro]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.malloc_buf]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.0.6" notes = """ Very small crate for managing malloc-ed buffers, primarily for use in the objc crate. There is an edge-case condition that passes slice::from_raw_parts(0x1, 0) which I'm not entirely certain is technically sound, but in either case I am reasonably confident it's not exploitable. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.malloc_size_of_derive]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.2" notes = """ This was originally servo code which I put on crates.io some years ago but didn't examine at the time, so I examined it now. I didn't perform a full logic review but convinced myself that any generated code will be entirely safe to deploy. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.malloc_size_of_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" notes = "Switch to syn v2" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.matches]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.9" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.matches]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.9 -> 0.1.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.maybe-async]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.2.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.md-5]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.10.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memchr]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.5.0 -> 2.7.4" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.memmap2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memmap2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.7 -> 0.5.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memmap2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.8 -> 0.5.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memmap2]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.5.9 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memmap2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.9.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memoffset]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.6.5 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memoffset]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memtest]] who = "Brian Tsoi " criteria = "safe-to-deploy" version = "0.1.3" notes = "This crate is written and maintained by Mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memtest]] who = "Brian Tsoi " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.memtest]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.4.0" notes = "This crate is written and maintained by Mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Jim Blandy " criteria = "safe-to-deploy" version = "0.23.1" notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.23.1 -> 0.24.0" notes = "This audit treats Dzmitry Malyshau (kvark) as a trusted reviewer." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.24.0 -> 0.25.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.26.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Nicolas Silva , Jim Blandy " criteria = "safe-to-deploy" delta = "0.26.0 -> 0.27.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.27.0@git:ff8fd3d6dc7792852f8a015458d7e6d42d7fb352" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.28.0" notes = "No significantly changed functionality. Some warnings resolved, bumped `core-graphics-types`, newer versions of Metal supported." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.28.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.30.0@git:ef768ff9d742ae6a0f4e83ddc8031264e7d460c4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.31.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.31.0 -> 0.32.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.metal]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.32.0 -> 0.33.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.midir]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.0@git:519e651241e867af3391db08f9ae6400bc023e18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.midir]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.10.1" notes = "Large formatting changes and some safe additions, the very few modified unsafe blocks deal with explicit memory management and appear to be sound." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.midir]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.midir]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mime]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.3.16 -> 0.3.17" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mime_guess]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.0.4 -> 2.0.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.minidump-common]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.15.2" notes = "The code in this crate was written or reviewed by Mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-common]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-common]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.17.0 -> 0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-common]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.17.0 -> 0.19.1" notes = "All the changes have been authored or reviewed by Mozilla employees" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-common]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.17.0@git:87a29fba5e19cfae5ebf73a57ba31504a3872545 -> 0.17.0@git:6ae42a7f992e8a88ebee661bc77bcedb95cd671f" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.7.0" notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" notes = "The code in this crate was written or reviewed by Mozilla employees, the crate it evolved from was written specifically for gecko." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.8.1@git:491eb330e78e310c32927e5cc3bd2350af1e93f8" notes = "All the changes were written by a Mozilla employee (me)" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.8.3" notes = "All changes were authored or reviewed by Mozilla employees" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.8.3 -> 0.8.9" notes = "Mainly dependency updates and a few small features (in support of mozilla bugs)." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.8.9 -> 0.10.1" notes = "Crate written and reviewed by mozilla employees." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" notes = "This patch was written and reviewed by Mozilla employees" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.minidump-writer]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.11.0" notes = """ A majority of these changes were made and reviewed by Mozilla employees. I've reviewed the others, as well as re-reviewed the broader changes. There was a large refactor which makes this changeset artificially large. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.miniz_oxide]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mio]] who = "Bobby Holley " criteria = "safe-to-run" delta = "0.6.21 -> 0.6.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mio]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mio]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.8 -> 1.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.39.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.39.1 -> 0.45.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-codec]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.5.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-codec]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-codec-derive]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.1.1" notes = "No unsafe code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-codec-derive]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-core]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.18.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-core]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.18.0 -> 0.21.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-crypto-hpke]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-crypto-hpke]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-crypto-hpke]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-crypto-traits]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-crypto-traits]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-identity-x509]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-identity-x509]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-provider-sqlite]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mls-rs-provider-sqlite]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mockito]] who = "Ben Dean-Kawamura " criteria = "safe-to-run" version = "0.31.0" notes = """ Used to setup mock HTTP servers for unit tests. I quickly scanned the code and it seems safe to me. It's also popular enough that I would expect any issues to have been uncovered by the public. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.moz_cbor]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.2" notes = "Developed by Mozilla staff." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mtu]] who = "Max Inden " criteria = "safe-to-deploy" version = "0.2.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mtu]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.2.5 -> 0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mtu]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Dzmitry Malyshau " criteria = "safe-to-deploy" version = "0.8.0" notes = """ This crate, up through the indicated version, was written or reviewed by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left Mozilla at the beginning of February 2022. This audit statement was collected by Jim Blandy, a Mozilla employee, over email in July 2022: Dzmitry was shown, and agreed to, the 'safe-to-deploy' text. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.14.0 -> 0.19.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = [ "Jim Blandy ", "Nicolas Silva ", "Erich Gubler ", "Teodor Tanasoaia ", ] criteria = "safe-to-deploy" delta = "0.19.2 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.20.0 -> 22.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "22.0.0 -> 23.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.0 -> 23.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.1.0 -> 24.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "24.0.0 -> 25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.naga]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.net2]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.2.37 -> 0.2.38" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.new_debug_unreachable]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.4" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.25.0" notes = "Plenty of new bindings but also several important bug fixes (including buffer overflows). New unsafe sections are restricted to wrappers and are no more dangerous than calling the C functions." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.25.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.25.1 -> 0.26.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.26.2 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.27.1 -> 0.28.0" notes = """ Many new features and bugfixes. Obviously there's a lot of unsafe code calling libc, but the usage looks correct. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.28.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nix]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.1" notes = "Some new wrappers, support for minor platforms and lots of work around type safety that reduces the unsafe surafce." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nom]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "7.1.1 -> 7.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.nss-gk-api]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "0.2.1" notes = "Maintained by the CryptoEng team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ntapi]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.7 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.4.0" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-bigint]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.2.6" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-bigint]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.4.3" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-complex]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.4.2" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-conv]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.1.0" notes = """ Very straightforward, simple crate. No dependencies, unsafe, extern, side-effectful std functions, etc. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-derive]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.3.3" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-integer]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-iter]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.43" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-macros]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.40" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-rational]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.4.1" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num-traits]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num_cpus]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.13.1 -> 1.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.num_cpus]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.14.0 -> 1.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.6.3" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings appearing in other `objc2-*` crates was also reviewed, in lieu of a full review of the generated bindings. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-core-foundation]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings in this crate was also reviewed, in lieu of a full review of the generated bindings. Users of this crate should be aware of the information in https://github.com/madsmtm/objc2/blob/main/crates/objc2/src/topics/frameworks_soundness.md. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-encode]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "4.1.0" notes = "Support library for objc2 with no unsafe code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-foundation]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings in this crate was also reviewed, in lieu of a full review of the generated bindings. Users of this crate should be aware of the information in https://github.com/madsmtm/objc2/blob/main/crates/objc2/src/topics/frameworks_soundness.md. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-io-surface]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings in this crate was also reviewed, in lieu of a full review of the generated bindings. Users of this crate should be aware of the information in https://github.com/madsmtm/objc2/blob/main/crates/objc2/src/topics/frameworks_soundness.md. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-metal]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings in this crate was also reviewed, in lieu of a full review of the generated bindings. Users of this crate should be aware of the information in https://github.com/madsmtm/objc2/blob/main/crates/objc2/src/topics/frameworks_soundness.md. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.objc2-quartz-core]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Contains substantial unsafe code, as is typical for FFI. The (non-published) `header-translator` crate that produces generated bindings in this crate was also reviewed, in lieu of a full review of the generated bindings. Users of this crate should be aware of the information in https://github.com/madsmtm/objc2/blob/main/crates/objc2/src/topics/frameworks_soundness.md. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.object]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.28.4 -> 0.30.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.object]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.30.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.object]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.33.0 -> 0.36.4" notes = "Hardly any new unsafe code, no new dependencies nor side-effectful std functions. Plenty of new tests." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.12.0 -> 1.13.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.13.1 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.16.0 -> 1.17.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.20.1 -> 1.20.2" notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.20.2 -> 1.20.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.20.3 -> 1.21.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.once_cell]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.21.1 -> 1.21.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oneshot]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.1.5" notes = "Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oneshot]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.1.5@git:1f3c657c8073aec4f0b6ebac7be33b4851644745" notes = """ Small crate, reviewed by bendk. There is a decent amount of unsafe code, but it's well tested and the crate has been well-used over the years. The git branch is my fork of the official code that removes the `loom` target to avoid pulling in that crate and its dependencies into moz-central. This doesn't change any of the functionality -- the `loom` target is only used for testing. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oneshot]] who = "Bastian Gruber " criteria = "safe-to-deploy" version = "0.1.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oneshot-uniffi]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.1.5" notes = "This is the essentially same code as `oneshot version 0.1.5` which has already been audited. The only difference is that it won't pull in `loom` and related dependencies when `mach vendor rust` is run." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oneshot-uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.1.5" notes = "Fork of the oneshot crate; modified to remove a test dependency only." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.oneshot-uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.1.6" notes = "Synced with the orginal crate, no new unsafe" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.oorandom]] who = "Jan-Erik Rediger " criteria = "safe-to-run" version = "11.1.5" notes = "Small random number generator, explicitly not cryptographically secure, no use of unsafe code, no dependencies" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.option-ext]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.2.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.ordered-float]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "3.0.0 -> 3.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.origin-trial-token]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.1.1" notes = """ I'm the author of the crate. The only unsafe code is a view over a byte array which is properly validated. Cryptography shenanigans are delegated to the caller so there's no possible unsoundness there. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.os_str_bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "6.1.0 -> 6.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.os_str_bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "6.3.0 -> 6.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.oxilangtag]] who = "Jonathan Kew " criteria = "safe-to-deploy" version = "0.1.3" notes = """ I have reviewed all the code in this (small) crate. There is no unsafe code present. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.packed_simd]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.9" notes = "The update from 0.3.8 to 0.3.9 makes mechanical changes to accommodate renaming, compiler updates, and CI service updates." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.packed_simd]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "0.3.9 -> 0.3.9@git:e588ceb568878e1a3156ea9ce551d5b63ef0cdc4" notes = "The patch on top of crates.io version 0.3.9 merely deletes code for a feature that Firefox does not use." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.packed_simd_2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.7 -> 0.3.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.packed_simd_2]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.8@git:412f9a0aa556611de021bde89dee8fefe6e0fbbd" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.parking_lot_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.5 -> 0.8.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.paste]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.7 -> 1.0.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.paste]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.8 -> 1.0.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.paste]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.10 -> 1.0.15" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.peeking_take_while]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "1.0.0 -> 0.1.2" notes = "Small refactor of some simple iterator logic, no unsafe code or capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.2.0 -> 2.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.3.0 -> 2.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.percent-encoding]] who = "edgul " criteria = "safe-to-deploy" delta = "2.3.1 -> 2.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.phf]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.phf_codegen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.phf_generator]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.phf_macros]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.phf_shared]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-cell]] who = "Lars Eggert " criteria = "safe-to-deploy" version = "0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.10 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.12 -> 1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project-internal]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.10 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project-internal]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.12 -> 1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project-lite]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.13 -> 0.2.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pin-project-lite]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.2.14 -> 0.2.16" notes = """ Only functional change is to work around a bug in the negative_impls feature (https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009) """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.pkcs11-bindings]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.1.0" notes = """ This crate consists of declarations of types and constants that are auto-generated by running bindgen on the PKCS#11 specification headers. Other than the tests generated by bindgen, it consists of no runnable code. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pkcs11-bindings]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pkcs11-bindings]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pkcs11-bindings]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pkcs11-bindings]] who = "John M. Schanck " criteria = "safe-to-deploy" delta = "0.1.5 -> 0.1.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pkg-config]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.plane-split]] who = "Nicolas Silva " criteria = "safe-to-deploy" version = "0.18.0" notes = "Mozilla-developed package, no unsafe code, no access to file system, network or other far reaching APIs." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.plist]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.3.1 -> 1.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.plist]] who = "Lars Eggert " criteria = "safe-to-run" delta = "1.7.0 -> 1.7.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.pollster]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.0" notes = "Tiny crate with only 130 lines of code. No unsafe code or IO." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.potential_utf]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.powerfmt]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.2.0" notes = """ A tiny bit of unsafe code to implement functionality that isn't in stable rust yet, but it's all valid. Otherwise it's a pretty simple crate. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ppv-lite86]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.precomputed-hash]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.1" notes = "This is a trivial crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prio]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "0.8.4" notes = "The crate does not use any unsafe code or ambient capabilities and thus meets the criteria for safe-to-deploy. The cryptography itself should be considered experimental at this phase and is currently undergoing a thorough audit organized by Cloudflare." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prio]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "0.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro-error-attr2]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" version = "2.0.0" notes = "No unsafe block." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro-error2]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" version = "2.0.1" notes = "No unsafe block with a lovely `#![forbid(unsafe_code)]`." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro-hack]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.19 -> 0.5.20+deprecated" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.0.39" notes = """ `proc-macro2` acts as either a thin(-ish) wrapper around the std-provided `proc_macro` crate, or as a fallback implementation of the crate, depending on where it is used. If using this crate on older versions of rustc (1.56 and earlier), it will temporarily replace the panic handler while initializing in order to detect if it is running within a `proc_macro`, which could lead to surprising behaviour. This should not be an issue for more recent compiler versions, which support `proc_macro::is_available()`. The `proc-macro2` crate's fallback behaviour is not identical to the complex behaviour of the rustc compiler (e.g. it does not perform unicode normalization for identifiers), however it behaves well enough for its intended use-case (tests and scripts processing rust code). `proc-macro2` does not use unsafe code, however exposes one `unsafe` API to allow bypassing checks in the fallback implementation when constructing `Literal` using `from_str_unchecked`. This was intended to only be used by the `quote!` macro, however it has been removed (https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), and is likely completely unused. Even when used, this API shouldn't be able to cause unsoundness. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.39 -> 1.0.43" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.43 -> 1.0.49" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.49 -> 1.0.51" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.57 -> 1.0.59" notes = "Enabled on Wasm" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.proc-macro2]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.63 -> 1.0.66" notes = "Removed special support for some really old Rust versions" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.procfs-core]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.16.0-RC1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.procfs-core]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.16.0-RC1 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.procfs-core]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" notes = "Lots of code, but nothing unsafe and mostly parsing various text formats output by /proc files" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.profiling]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.6 -> 1.0.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.11.9" notes = "Mostly internal refactorings. Minimal new unsafe code, but with the invariants explicitly checked in code" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost]] who = "Drew Willcoxon " criteria = "safe-to-deploy" delta = "0.11.9 -> 0.12.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.12.1 -> 0.13.5" notes = """ This is mostly a reorganization of code (splitting one big file into many), with some minor changes to improve safety and readability. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost-derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.11.9" notes = "Documentation and internal refactoring changes only" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost-derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.9 -> 0.11.9@git:95964e9d33df3c2a9c3f14285e262867cab6f96b" notes = "Changes against 0.11.9 are mine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost-derive]] who = "Drew Willcoxon " criteria = "safe-to-deploy" delta = "0.11.9 -> 0.12.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.prost-derive]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.12.1 -> 0.13.5" notes = """ This is mostly code cleanup and using higher-level functions from itertools/std. There were also a few tests added, which is an improvement over having none at all. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.qlog]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.qlog]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.qlog]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.qlog]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.qlog]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.15.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quick-xml]] who = "Lars Eggert " criteria = "safe-to-run" delta = "0.30.0 -> 0.37.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Kershaw Chang " criteria = "safe-to-run" version = "0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" version = "0.5.4" notes = "This is a small crate, providing safe wrappers around various low-level networking specific operating system features. Given that the Rust standard library does not provide safe wrappers for these low-level features, safe wrappers need to be build in the crate itself, i.e. `quinn-udp`, thus requiring `unsafe` code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.6 -> 0.5.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.5.8 -> 0.5.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.9 -> 0.5.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.10 -> 0.5.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.11 -> 0.5.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quinn-udp]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "0.5.12 -> 0.5.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quote]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.0.18" notes = """ `quote` is a utility crate used by proc-macros to generate TokenStreams conveniently from source code. The bulk of the logic is some complex interlocking `macro_rules!` macros which are used to parse and build the `TokenStream` within the proc-macro. This crate contains no unsafe code, and the internal logic, while difficult to read, is generally straightforward. I have audited the the quote macros, ident formatter, and runtime logic. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quote]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.18 -> 1.0.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quote]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.21 -> 1.0.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.quote]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.27 -> 1.0.28" notes = "Enabled on wasm targets" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.quote]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.28 -> 1.0.31" notes = "Minimal changes and removal of the build.rs" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.radium]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.5.3" notes = """ I am no longer the primary maintainer of `radium`, however I have audited the code to ensure it is still correct. The implementation contains no `unsafe` logic, and will not abstract away `Sync` trait bounds. The core logic is very simple, and acts as an abstraction trait for `Cell` and `AtomicT`. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.3 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rand_distr]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.4.3" notes = """ Simple crate that extends `rand`. It has little unsafe code and uses Miri to test it. As far as I can tell, it does not have any file IO or network access. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.range-alloc]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.2" notes = "Dzmitry authored this crate while he was staff at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.range-alloc]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.range-map]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.raw-window-handle]] who = "Jim Blandy " criteria = "safe-to-deploy" version = "0.5.0" notes = "I looked through all the sources of the v0.5.0 crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.raw-window-handle]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.0 -> 0.5.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.raw-window-handle]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.raw-window-handle]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.6.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.raw-window-metal]] who = "Andy Leiserson " criteria = "safe-to-deploy" version = "1.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rayon]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.5.3" notes = "All code written or reviewed by Josh Stone or Niko Matsakis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rayon]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rayon-core]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.9.3" notes = "All code written or reviewed by Josh Stone or Niko Matsakis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rayon-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.3 -> 1.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rayon-core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.10.1 -> 1.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.redox_syscall]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.13 -> 0.2.16" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.redox_syscall]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.2.16 -> 0.3.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.regex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.5.6 -> 1.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.6.0 -> 1.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex]] who = "edgul " criteria = "safe-to-deploy" delta = "1.10.4 -> 1.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex-automata]] who = "edgul " criteria = "safe-to-deploy" delta = "0.4.7 -> 0.4.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex-syntax]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.26 -> 0.6.27" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.regex-syntax]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.27 -> 0.6.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.remove_dir_all]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.8.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.replace_with]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.1.7 -> 0.1.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rinja]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.5" notes = """ Template crate, forked from askama which has been audited. The only unsafe code is calls to `str::from_utf8_unchecked` for known ASCII strings. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rinja_derive]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.5" notes = """ Template crate, forked from askama which has been audited. The only unsafe code is calls to `str::from_utf8_unchecked` for known ASCII strings. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rinja_parser]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.3.5" notes = """ Template crate, forked from askama which has been audited. The only unsafe code is calls to `str::from_utf8_unchecked` for known ASCII strings. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rkv]] who = "Chris H-C " criteria = "safe-to-deploy" version = "0.18.2" notes = "Maintained by Jan-Erik and :krosylight." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rkv]] who = "Chris H-C " criteria = "safe-to-deploy" version = "0.18.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rkv]] who = "Kagami Sascha Rosylight " criteria = "safe-to-deploy" delta = "0.18.4 -> 0.19.0" notes = "Maintained by Mozilla, no addition of unsafe blocks" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.rkv]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.19.0 -> 0.20.0" notes = "Removed all LMDB-specific code, added malloc_size_of integration" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.rmp]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.8.14" notes = """ Very popular crate. 1 instance of unsafe code, which is used to adjust a slice to work around lifetime issues. No network or file access. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rmp-serde]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "1.3.0" notes = "Very popular crate. No unsafe code, network or file access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.8.0 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.8.1 -> 0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.11.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ron]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rure]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.2.2" notes = """ This is a fairly straightforward FFI wrapper crate for `regex`, maintained by the `regex` developers in the same repository. This crate is explicitly designed for FFI use, and should not be used directly by Rust code. The exported `extern \"C\"` functions are not marked as `unsafe`, meaning that it is technically incorrect to use them from within Rust code, however they are reasonable to use from C code. The unsafe code in this crate heavily depends on the C caller maintaining invariants, however these invariants are clearly documented in the `rure.h` file, bundled with the crate. I have checked the signatures of each function both in C++ and in the Rust to ensure they match. In some places, the c `rure.h` header file is missing a `const` qualifier which could be present given the Rust code, however this will have no impact on ABI, and is fairly normal for FFI crates. Panics are handled in all Rust FFI methods, meaning that projects which do not disable unwinding will still consistently abort (using `libc::abort()`) if a panic occurs in the Rust code. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.27.0 -> 0.28.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.28.0 -> 0.29.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.29.0 -> 0.30.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.30.0 -> 0.31.0" notes = "Mostly build and dependency related changes, and bump to sqlite version" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.31.0 -> 0.33.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rusqlite]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.33.0 -> 0.37.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rust_cascade]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rust_decimal]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.24.0 -> 1.25.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rust_decimal]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.25.0 -> 1.26.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rust_decimal]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.26.1 -> 1.27.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rust_decimal]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.27.0 -> 1.28.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustc-hash]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustc-hash]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "1.1.0 -> 2.1.1" notes = "Simple hashing crate, no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustc_version]] who = "Nika Layzell " criteria = "safe-to-run" version = "0.4.0" notes = """ Straightforward crate which runs `$RUSTC -vV` and parses the output into a machine-interpretable form for build scripts. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustc_version]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.4.0" notes = """ Use of powerful capabilities is limited to invoking `rustc -vV` to get version information for parsing version information. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.rustversion]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.9" notes = """ This crate has a build-time component and procedural macro logic, which I looked at enough to convince myself it wasn't going to do anything dramatically wrong. I don't think logic bugs in the version parsing etc can realistically introduce a security vulnerability. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustversion]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.9 -> 1.0.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.rustversion]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.9 -> 1.0.14" notes = "Doc updates, minimal CI changes and a fix to build-script reruns" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.ryu]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.10 -> 1.0.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ryu]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.11 -> 1.0.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.ryu]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.12 -> 1.0.19" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.safemem]] who = "Bobby Holley " criteria = "safe-to-run" version = "0.3.3" notes = "I didn't review the allocation code carefully but it's not malicious." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.scoped-tls]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.0.0 -> 1.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.scroll]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.11.0" notes = "Small changes to exposed traits, that look reasonable and have additional buffer boundary checks. No unsafe code touched." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.scroll]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.12.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.scroll_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.10.5 -> 0.11.0" notes = "No code changes. Tagged together with its parent crate scroll." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.scroll_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.scroll_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.0 -> 0.11.1" notes = "Dependency syn v2 update only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.scroll_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.12.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.selectors]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.22.0" notes = """ This crate is basically developed in-tree. Mozilla employees have either reviewed or written virtually all of the code. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.selectors]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.22.0 -> 0.25.0" notes = "First party Mozilla code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.selectors]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.26.0" notes = "First-party code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.self_cell]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.self_cell]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.10.2 -> 1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.semver]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.9 -> 1.0.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.semver]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.10 -> 1.0.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.semver]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.13 -> 1.0.16" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.semver]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "1.0.17 -> 1.0.16" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.semver]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.17 -> 1.0.25" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.137 -> 1.0.143" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.144" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.144 -> 1.0.151" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.151 -> 1.0.152" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.198 -> 1.0.201" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.150 -> 1.0.160" notes = "Small API improvements, fixing broken code generation for edge cases and updating to syn v2" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.163 -> 1.0.179" notes = "Internal refactorings and some new trait implementations" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde-value]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.7.0" notes = "Basic implementation of a serde value type. No use of unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.serde_bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.6 -> 0.11.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.7 -> 0.11.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_bytes]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.11.8 -> 0.11.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_cbor]] who = "R. Martinho Fernandes " criteria = "safe-to-deploy" version = "0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_cbor]] who = "John M. Schanck " criteria = "safe-to-deploy" delta = "0.11.1 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.137 -> 1.0.143" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.144" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.144 -> 1.0.151" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.151 -> 1.0.152" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.198 -> 1.0.201" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.150 -> 1.0.160" notes = "Update of syn dependency and thus largely changes to adopt the newer API" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.163 -> 1.0.179" notes = "Internal refactorings and dependency updates" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.81 -> 1.0.83" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.83 -> 1.0.85" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.85 -> 1.0.91" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_json]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.91 -> 1.0.93" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_json]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.89 -> 1.0.138" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_path_to_error]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "0.1.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_repr]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.8 -> 0.1.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_repr]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.9 -> 0.1.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_spanned]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" version = "1.0.3" notes = "Relatively simple Serde trait implementations. No IO or unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_spanned]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.4" notes = "Unchanged" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.serde_with]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.14.0 -> 3.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_with]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "3.0.0 -> 3.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_with_macros]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.5.2 -> 3.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_with_macros]] who = "Max Leonard Inden " criteria = "safe-to-deploy" delta = "3.0.0 -> 3.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.serde_yaml]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.8.24 -> 0.8.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.servo_arc]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.1.1" notes = "Developed in-tree, effectively." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.servo_arc]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.3.0" notes = "First-party Mozilla code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.servo_arc]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" notes = "First-party code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sfv]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.2 -> 0.9.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sfv]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.9.3 -> 0.9.4" notes = "Only an update of `indexmap` 1 → 2." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sfv]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "0.9.4 -> 0.14.0" notes = "I have reviewed and published the sfv updates myself." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sha1]] who = "Dana Keeler " criteria = "safe-to-deploy" version = "0.10.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sha1]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.10.0 -> 0.10.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sha2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sha2]] who = "Jeff Muizelaar " criteria = "safe-to-deploy" delta = "0.10.6 -> 0.10.8" notes = """ The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson. I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year which suggests no one else has found anything either. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sha3]] who = "Simon Friedberger " criteria = "safe-to-deploy" delta = "0.10.6 -> 0.10.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.sharded-slab]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.shlex]] who = "Max Inden " criteria = "safe-to-deploy" delta = "1.1.0 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.similar]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "2.2.0" notes = """ Algorithm crate implemented entirely in safe rust. Does no platform-specific logic, only implementing diffing and string manipulation algorithms. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.similar]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "2.2.1 -> 2.7.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.siphasher]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.3.11 -> 1.0.1" notes = "Only change to the crate source is adding documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.siphasher]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.3.10 -> 0.3.11" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.slab]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.6 -> 0.4.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.slab]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.7 -> 0.4.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smallbitvec]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "2.5.0" notes = "All code written or reviewed by Mozilla staff." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smallbitvec]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "2.5.0 -> 2.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smallvec]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.8.0 -> 1.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smallvec]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.0 -> 1.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smallvec]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.14.0 -> 1.15.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smart-default]] who = "Gabriele Svelto " criteria = "safe-to-deploy" version = "0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smart-default]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.smawk]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.3.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.smol_str]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.3.2" notes = """ Unsafe is used to implement the small string size optimizations (and is always checked ahead of time), as well as to avoid redundant utf-8 validation. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.socket2]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.4.4 -> 0.4.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.socket2]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.5.5 -> 0.5.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.spirv]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.2.0+1.5.4 -> 0.3.0+sdk-1.3.268.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strck]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.2" notes = "This crate uses unsafe lock to keep invariant. I auditted code. Also, this doesn't have file access and network access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strck_ident]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.2" notes = "This crate doesn't use unsafe block, network access and filesystem access." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strsim]] who = "Ben Dean-Kawamura " criteria = "safe-to-deploy" delta = "0.10.0 -> 0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strum]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.25.0 -> 0.26.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strum]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.26.3 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strum_macros]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.25.3 -> 0.26.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.strum_macros]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.26.4 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" version = "2.5.0" notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.svg_fmt]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.4.1" notes = "Simple string processing with no unsafe code or ambient capability usage." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.syn]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.96 -> 1.0.99" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.syn]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.99 -> 1.0.107" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.syn]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.0.18 -> 2.0.26" notes = "Dependency update & internal refactorings" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.syn]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.0.26 -> 2.0.98" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.12.6" notes = """ I am the primary author of the `synstructure` crate, and its current maintainer. The one use of `unsafe` is unnecessary, but documented and harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.synstructure]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.12.6 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.synstructure]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.13.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.13.1 -> 0.13.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.sys-locale]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.3.1" notes = "Succinct and easily-verified unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tempfile]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "3.6.0 -> 3.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tempfile]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tempfile]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "3.9.0 -> 3.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tempfile]] who = "Chris Martin " criteria = "safe-to-deploy" delta = "3.10.1 -> 3.16.0" notes = "Big change, but nothing unsafe and lots of it is documentation and convenience APIs" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tempfile]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "3.19.1 -> 3.20.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.tempfile]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "3.4.0 -> 3.5.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.termcolor]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.1.3 -> 1.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.15.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.textwrap]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.15.2 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.textwrap]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.16.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.textwrap]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.16.1 -> 0.16.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.textwrap]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.15.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.thin-vec]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.2.5" notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thin-vec]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.5 -> 0.2.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thin-vec]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.7 -> 0.2.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thin-vec]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.2.12 -> 0.2.14" notes = "Minor API additions, trivial no-std support, and minor inlining tweaks." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thiserror]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.31 -> 1.0.32" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thiserror]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.32 -> 1.0.38" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thiserror]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.43 -> 1.0.69" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.thiserror-impl]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.31 -> 1.0.32" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thiserror-impl]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.32 -> 1.0.38" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.thiserror-impl]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.43 -> 1.0.69" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.threadbound]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.threadbound]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.44 -> 0.1.45" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.1.45 -> 0.3.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.9 -> 0.3.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.3.17 -> 0.3.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.3.23 -> 0.3.36" notes = """ There's a bit of new unsafe code that is self-imposed because they now assert that ordinals are non-zero. All unsafe code was checked to ensure that the invariants claimed were true. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.3.36 -> 0.3.41" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.time-core]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-core]] who = "Mike Hommey " criteria = "safe-to-run" version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-core]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-core]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-core]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.time-macros]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-macros]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.2.4 -> 0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-macros]] who = "Kershaw Chang " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-macros]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.2.10 -> 0.2.18" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.time-macros]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.18 -> 0.2.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tiny_http]] who = "Glenn Watson " criteria = "safe-to-deploy" version = "0.12.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.3.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.7.0" notes = "One of original auther was Zibi Braniecki who worked at Mozilla and maintained by ICU4X developers (Google and Mozilla). I've vetted the one instance of unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.7.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.4 -> 0.7.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.6 -> 0.8.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tinystr]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.7.6 -> 0.8.1" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.tinyvec_macros]] who = "Drew Willcoxon " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.to_shmem]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.1.0" notes = "First-party mozilla code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.to_shmem_derive]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "0.1.0" notes = "It's all first-party Mozilla code recently published to crates.io" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tokio-macros]] who = "Mike Hommey " criteria = "safe-to-run" delta = "1.8.0 -> 1.8.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tokio-stream]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.9 -> 0.1.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tokio-stream]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.11 -> 0.1.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.toml]] who = "Bobby Holley " criteria = "safe-to-deploy" delta = "0.5.7 -> 0.5.9" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.toml]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.9 -> 0.5.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.toml]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.10 -> 0.5.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.toml_datetime]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.7.5+spec-1.1.0" notes = "Pure data type crate with some datetime parsing. No unsafe." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.toml_writer]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "1.0.6+spec-1.1.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.topological-sort]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.0" notes = "Simple algorithm crate with no unsafe code or capability usage." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tower-service]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.1 -> 0.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.1.37" notes = """ There's only one unsafe impl, and its purpose is to ensure correct behavior by creating a non-Send marker type (it has nothing to do with soundness). All dependencies make sense, and no side-effectful std functions are used. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.35 -> 0.1.36" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.36 -> 0.1.37" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.37 -> 0.1.41" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-attributes]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.1.24" notes = "No unsafe code, macros extensively tested and produce reasonable code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-attributes]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.21 -> 0.1.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-attributes]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.22 -> 0.1.23" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-attributes]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.23 -> 0.1.24" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-attributes]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.24 -> 0.1.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-core]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.1.30" notes = """ Most unsafe code is in implementing non-std sync primitives. Unsafe impls are logically correct and justified in comments, and unsafe code is sound and justified in comments. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-core]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.27 -> 0.1.29" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-core]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.1.29 -> 0.1.30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-core]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.1.30 -> 0.1.33" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-subscriber]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.3.17 -> 0.3.19" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracing-subscriber]] who = "Mark Hammond " criteria = "safe-to-deploy" delta = "0.3.19 -> 0.3.20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.tracy-rs]] who = "Glenn Watson " criteria = "safe-to-deploy" version = "0.1.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.try-lock]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.2.3 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.type-map]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.typed-arena-nomut]] who = "Lee Salzman " criteria = "safe-to-deploy" version = "0.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.typenum]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uluru]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" version = "3.0.0" notes = """ I've reviewed multiple patches in this crate, including the initial implementation back in the day. It has no unsafe code at all nowadays. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-char-property]] who = "edgul " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-char-range]] who = "edgul " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-common]] who = "edgul " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid]] who = "Eemeli Aro " criteria = "safe-to-deploy" delta = "0.9.1 -> 0.9.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.9.5 -> 0.9.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-impl]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-impl]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-impl]] who = "Eemeli Aro " criteria = "safe-to-deploy" delta = "0.9.1 -> 0.9.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-impl]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.9.5 -> 0.9.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-macros]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-macros]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-macros-impl]] who = "Zibi Braniecki " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-langid-macros-impl]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.9.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unic-ucd-ident]] who = "edgul " criteria = "safe-to-deploy" version = "0.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicase]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.6.0 -> 2.8.1" notes = "Update to Unicode 15.0.0" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.unicode-bidi]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-bidi]] who = "Jonathan Kew " criteria = "safe-to-deploy" delta = "0.3.13 -> 0.3.14" notes = "I am the author of the bulk of the upstream changes in this version, and also checked the remaining post-0.3.13 changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-bidi]] who = "Jonathan Kew " criteria = "safe-to-deploy" delta = "0.3.14 -> 0.3.15" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-ident]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.0 -> 1.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-ident]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-ident]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-ident]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.8 -> 1.0.9" notes = "Dependency updates only" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.unicode-linebreak]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.1.5" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.1.20" notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.20 -> 0.1.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.21 -> 0.1.22" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-segmentation]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.9.0 -> 1.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-width]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.9 -> 0.1.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-xid]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.3 -> 0.2.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-xid]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.unicode-xid]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.2.5 -> 0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Travis Long " criteria = "safe-to-deploy" version = "0.19.3" notes = "Maintained by the Glean and Application Services teams" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.19.3 -> 0.19.6" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Perry McManis " criteria = "safe-to-deploy" delta = "0.19.6 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" notes = "No changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Travis Long " criteria = "safe-to-deploy" version = "0.19.3" notes = "Maintained by the Glean and Application Services teams." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.19.3 -> 0.19.6" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Perry McManis " criteria = "safe-to-deploy" delta = "0.19.6 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" notes = "I authored the changes in this version." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_bindgen]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Travis Long " criteria = "safe-to-deploy" version = "0.19.3" notes = "Maintained by the Glean and Application Services teams." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.19.3 -> 0.19.6" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Perry McManis " criteria = "safe-to-deploy" delta = "0.19.6 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" notes = "No changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_build]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_checksum_derive]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.21.1" notes = "I authored this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_checksum_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.23.0" notes = "Maintained by the Glean and Application Services teams." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Travis Long " criteria = "safe-to-deploy" version = "0.19.3" notes = "Maintained by the Glean and Application Services teams." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.19.3 -> 0.19.6" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Perry McManis " criteria = "safe-to-deploy" delta = "0.19.6 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" notes = "No changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_macros]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.19.6" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_meta]] who = "Perry McManis " criteria = "safe-to-deploy" delta = "0.19.6 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_meta]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.21.0 -> 0.21.1" notes = "I authored the changes in this version." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_meta]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.21.1 -> 0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uniffi_testing]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" version = "0.23.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uritemplate-next]] who = "Kershaw Chang " criteria = "safe-to-deploy" version = "0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "Valentin Gosu " criteria = "safe-to-deploy" version = "2.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.4.0 -> 2.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.4.1 -> 2.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "Henri Sivonen " criteria = "safe-to-deploy" delta = "2.5.0 -> 2.5.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "2.5.1 -> 2.5.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.url]] who = "edgul " criteria = "safe-to-deploy" delta = "2.5.4 -> 2.5.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.urlpattern]] who = "edgul " criteria = "safe-to-deploy" version = "0.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.urlpattern]] who = "edgul " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.urlpattern]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.urlpattern]] who = "Ed Guloien " criteria = "safe-to-deploy" delta = "0.4.1 -> 0.4.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.urlpattern]] who = "Ed Guloien " criteria = "safe-to-deploy" delta = "0.4.2 -> 0.5.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.utf16_iter]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "1.0.5" notes = "I, Henri Sivonen, wrote this crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.utf8parse]] who = "Nika Layzell " criteria = "safe-to-deploy" delta = "0.2.1 -> 0.2.2" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.uuid]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.8.2 -> 1.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uuid]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.2.2 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.uuid]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.3.0 -> 1.4.1" notes = "Internal refactoring, new target support" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.void]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.2" notes = "Very small crate, just hosts the Void type for easier cross-crate interfacing." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.warp]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.3.2 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-bindgen]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.99 -> 0.2.100" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.wasm-bindgen-macro]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "0.2.99 -> 0.2.100" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "0.7.0" notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Ryan Hunt " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.14.0" notes = "wasm-encoder has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "0.14.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Ryan Hunt " criteria = "safe-to-deploy" delta = "0.19.0 -> 0.19.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-encoder]] who = "Ben Visness " criteria = "safe-to-deploy" delta = "0.243.0 -> 0.244.0" notes = "I made almost all the changes in this version, and the rest are straightforward, mostly deletions." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "0.11.2" notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Yury Delendik " criteria = "safe-to-run" delta = "0.11.2 -> 0.11.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Yury Delendik " criteria = "safe-to-run" delta = "0.11.4 -> 0.11.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Ryan Hunt " criteria = "safe-to-run" delta = "0.11.7 -> 0.11.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Yury Delendik " criteria = "safe-to-run" delta = "0.227.1 -> 0.243.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasm-smith]] who = "Ben Visness " criteria = "safe-to-run" delta = "0.243.0 -> 0.244.0" notes = "I am the author of all the changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasmparser]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "0.87.0" notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. I've vetted the one instance of unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasmparser]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "0.87.0 -> 0.88.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasmparser]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "0.89.1 -> 0.91.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasmparser]] who = "Ryan Hunt " criteria = "safe-to-deploy" delta = "0.93.0 -> 0.94.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wasmparser]] who = "Ben Visness " criteria = "safe-to-deploy" delta = "0.243.0 -> 0.244.0" notes = "I made most of these changes, and the rest were made by the Bytecode Alliance and seem fine to me." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "44.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "44.0.0" notes = "Maintained by the Bytecode Alliance, with contributions from Mozilla. wast has no unsafe code and the only ambient capability it uses is to read the full contents of a file that is given to it." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "44.0.0 -> 45.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Yury Delendik " criteria = "safe-to-deploy" delta = "46.0.0 -> 47.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Ryan Hunt " criteria = "safe-to-deploy" delta = "48.0.0 -> 49.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Ben Visness " criteria = "safe-to-deploy" delta = "55.0.0 -> 56.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wast]] who = "Ben Visness " criteria = "safe-to-deploy" delta = "243.0.0 -> 244.0.0" notes = "I made most of the changes in this version, and the rest were made by the Bytecode Alliance and seem fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.webrtc-sdp]] who = "Byron Campen " criteria = "safe-to-deploy" delta = "0.3.9 -> 0.3.10" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.webrtc-sdp]] who = "Nicolas Grunbaum " criteria = "safe-to-deploy" delta = "0.3.10 -> 0.3.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.webrtc-sdp]] who = "na-g " criteria = "safe-to-deploy" delta = "0.3.11 -> 0.3.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.weedle2]] who = "Travis Long " criteria = "safe-to-deploy" version = "3.0.0" notes = "Maintained by the Glean and Application Services teams." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.weedle2]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "3.0.0 -> 4.0.0" notes = "Maintained by the Glean and Application Services team." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Dzmitry Malyshau " criteria = "safe-to-deploy" version = "0.12.0" notes = """ This crate, up through the indicated version, was written or reviewed by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left Mozilla at the beginning of February 2022. This audit statement was collected by Jim Blandy, a Mozilla employee, over email in July 2022: Dzmitry was shown, and agreed to, the 'safe-to-deploy' text. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.14.0" notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.14.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.17.0 -> 0.18.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.18.0 -> 0.19.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = [ "Jim Blandy ", "Nicolas Silva ", "Erich Gubler ", "Teodor Tanasoaia ", ] criteria = "safe-to-deploy" delta = "0.19.3 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.20.0 -> 22.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "22.0.0 -> 23.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.0 -> 23.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.1 -> 24.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "24.0.0 -> 25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-apple]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-apple]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-apple]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-apple]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-windows-linux-android]] who = "Erich Gubler " criteria = "safe-to-deploy" version = "25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-windows-linux-android]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-windows-linux-android]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-core-deps-windows-linux-android]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Dzmitry Malyshau " criteria = "safe-to-deploy" version = "0.12.0" notes = """ This crate, up through the indicated version, was written or reviewed by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left Mozilla at the beginning of February 2022. This audit statement was collected by Jim Blandy, a Mozilla employee, over email in July 2022: Dzmitry was shown, and agreed to, the 'safe-to-deploy' text. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.14.0" notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.14.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.17.0 -> 0.18.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.18.0 -> 0.19.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = [ "Jim Blandy ", "Nicolas Silva ", "Erich Gubler ", "Teodor Tanasoaia ", ] criteria = "safe-to-deploy" delta = "0.19.3 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.20.0 -> 22.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "22.0.0 -> 23.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.0 -> 23.0.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.1 -> 24.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "24.0.0 -> 25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-hal]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Dzmitry Malyshau " criteria = "safe-to-deploy" version = "0.12.0" notes = """ This crate, up through the indicated version, was written or reviewed by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left Mozilla at the beginning of February 2022. This audit statement was collected by Jim Blandy, a Mozilla employee, over email in July 2022: Dzmitry was shown, and agreed to, the 'safe-to-deploy' text. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.13.0 -> 0.14.0" notes = "Audit by Erich Gubler, Jim Blandy, Nicolas Silva, and Teodor Tanasoaia." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.14.0 -> 0.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.15.0 -> 0.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.16.0 -> 0.17.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "0.17.0 -> 0.18.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.18.0 -> 0.19.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = [ "Jim Blandy ", "Nicolas Silva ", "Erich Gubler ", "Teodor Tanasoaia ", ] criteria = "safe-to-deploy" delta = "0.19.2 -> 0.20.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.20.0 -> 22.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "22.0.0 -> 23.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "23.0.0 -> 24.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "24.0.0 -> 25.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "25.0.0 -> 26.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Jim Blandy ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "26.0.0 -> 27.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wgpu-types]] who = [ "Andy Leiserson ", "Teodor Tanasoaia ", "Erich Gubler ", "Jim Blandy ", ] criteria = "safe-to-deploy" delta = "27.0.0 -> 28.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.whatsys]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.1.2" notes = """ Contains platform-specific FFI code for apple, mac, and windows. The windows code also contains a small C file compiled at build-time. I audited all of it and it looks correct. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.whatsys]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.3.1" notes = "Maintained by me. I have written or reviewed all of the code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.whatsys]] who = "Emilio Cobos Álvarez " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.2" notes = "Minor tweak to avoid depending on min() macro which I authored." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.whatsys]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.2" notes = "Maintained by me. I have written or reviewed all of the code." aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.windows-link]] who = "Mark Hammond " criteria = "safe-to-deploy" version = "0.1.1" notes = "A microsoft crate allowing unsafe calls to windows apis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.windows-link]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.winreg]] who = "Ray Kraesig " criteria = "safe-to-run" version = "0.10.1" notes = """ This crate uses a lot of `unsafe`; not all of it is necessary, and not all of it is correct. (In particular, the alignment of data buffers does not seem to be correctly ensured at type-conversion time.) However, the code is not deceptive, and any more subtle issues do not appear to be exploitable -- certainly not from a test environment. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.wpf-gpu-raster]] who = "Lee Salzman " criteria = "safe-to-deploy" version = "0.1.0" notes = "Written and maintained by Gfx team at Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.write16]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "1.0.0" notes = "I, Henri Sivonen, wrote this (safe-code-only) crate." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.5.2" notes = "writeable is a variation of fmt::Write with sink version. This uses `unsafe` block to handle potentially-invalid UTF-8 character. I've vetted the one instance of unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.5.4 -> 0.5.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.writeable]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.6.1 -> 0.6.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.xmldecl]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.2.0" notes = "I, Henri Sivonen, wrote this crate myself for Gecko even though it's published on crates.io." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.xshell-venv]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.1.0 -> 1.2.0" notes = "Added a file lock on the created directory" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.yaml-rust2]] who = "Lars Eggert " criteria = "safe-to-deploy" version = "0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.7.1" notes = "This crate is for zero-copy serialization for ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.1 -> 0.7.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.3 -> 0.7.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.7.1@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873" notes = "This crate is a helper for yoke crate that is ICU4X data structure, and maintained by ICU4X team. Since this uses unsafe block for serialization, all has the comment why this uses unsafe and I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.7.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.yoke-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.7.3 -> 0.7.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerocopy]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.7.32" notes = """ This crate is `no_std` so doesn't use any side-effectful std functions. It contains quite a lot of `unsafe` code, however. I verified portions of this. It also has a large, thorough test suite. The project claims to run tests with Miri to have stronger soundness checks, and also claims to use formal verification tools to prove correctness. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerocopy]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.32 -> 0.8.27" notes = """ These changes are enormous, however unsafe code is kept somewhat minimal in comparison. The safety properties of unsafe code blocks, traits, and other types are thoroughly documented. The new build script is safe. All code is very thoroughly tested. I expect their test coverage is quite high. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerocopy-derive]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.7.32" notes = "Clean, safe macros for zerocopy." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerocopy-derive]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.32 -> 0.8.27" notes = """ There are a lot of changes here, however they look reasonable. Unsafe code is heavily documented, and there are extensive tests for the changes. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerofrom]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.2" notes = "This crate is zero-copy version of \"From\". This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerofrom]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerofrom-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.2@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873" notes = "This is custom derives for `ZeroFrom` that is from zerofrom crate. This has no unsafe code and uses no ambient capabilities." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerofrom-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.1.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zeroize]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "1.8.1" notes = """ This code DOES contain unsafe code required to internally call volatiles for deleting data. This is expected and documented behavior. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zeroize_derive]] who = "Benjamin Beurdouche " criteria = "safe-to-deploy" version = "1.4.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerotrie]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.2.1 -> 0.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.9.4" notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.9.4 -> 0.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.4 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.11.2 -> 0.11.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.11.3 -> 0.11.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.9.4@git:14e9a3a9857be74582abe2dfa7ab799c5eaac873" notes = "This is custom derives for `ZeroVec` that is from zerovec crate. Although this uses unsafe block for zero-copy, this has a comment in code why this uses unsafe and I audited code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" version = "0.10.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.1 -> 0.10.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec-derive]] who = "Max Inden " criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" delta = "0.10.3 -> 0.11.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zip]] who = "Alex Franchuk " criteria = "safe-to-deploy" version = "0.6.4" notes = """ No unsafe code nor unwarranted dependencies. Side-effectful std usage is only present where expected (zip archive reading/writing and unpacking) """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zip]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.6.2 -> 0.6.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zip]] who = "Mike Hommey " criteria = "safe-to-run" delta = "0.6.3 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zip]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.6.4 -> 2.1.3" notes = """ There's a lot of new code and features, however it's almost entirely very straightforward and safe. All new dependencies are appropriate. `FixedSizeBlock::interpret` could be unsound if implemented on a non-1-byte-aligned type, however right now that is not the case (submitted https://github.com/zip-rs/zip2/issues/198). """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zip]] who = "Lars Eggert " criteria = "safe-to-deploy" delta = "2.1.3 -> 2.4.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.aho-corasick]] criteria = "safe-to-deploy" user-id = 189 start = "2019-03-28" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.anstream]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-03-16" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.anstyle]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-05-18" end = "2024-09-28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.anstyle]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-05-18" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.anstyle-parse]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-03-08" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.anstyle-query]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-04-13" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.anstyle-wincon]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-03-08" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.async-trait]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-07-23" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.atomic]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-02-22" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.byteorder]] criteria = "safe-to-deploy" user-id = 189 start = "2019-06-09" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.bytes]] criteria = "safe-to-deploy" user-id = 6741 start = "2021-01-11" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.bytes]] criteria = "safe-to-deploy" user-id = 6741 start = "2021-01-11" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.cargo-platform]] criteria = "safe-to-deploy" user-id = 55123 start = "2023-07-13" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.cargo-util-schemas]] criteria = "safe-to-deploy" user-id = 55123 start = "2024-03-21" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.cc]] criteria = "safe-to-deploy" user-id = 2915 start = "2024-02-20" end = "2025-02-26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.clap]] criteria = "safe-to-deploy" user-id = 6743 start = "2021-12-08" end = "2025-08-21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.clap]] criteria = "safe-to-deploy" user-id = 6743 start = "2021-12-08" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.clap-cargo]] criteria = "safe-to-deploy" user-id = 6743 start = "2019-04-08" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.clap_builder]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-03-28" end = "2024-06-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.clap_builder]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-03-28" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.clap_derive]] criteria = "safe-to-deploy" user-id = 6743 start = "2021-12-08" end = "2025-08-21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.clap_derive]] criteria = "safe-to-deploy" user-id = 6743 start = "2021-12-08" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.clap_lex]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-04-15" end = "2025-08-21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.clap_lex]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-04-15" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.colorchoice]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-04-13" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.crates-index]] criteria = "safe-to-deploy" user-id = 980 start = "2023-07-29" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.derive_arbitrary]] criteria = "safe-to-deploy" user-id = 1139 start = "2020-04-29" end = "2026-07-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.derive_more]] criteria = "safe-to-deploy" user-id = 3797 start = "2019-05-25" end = "2026-04-21" notes = "Jelte audits each PR that was submitted for security issues. He has not contributed much to Mozilla codebases, but is the maintainer of PgBouncer and is a Postgres contributor. Unsafe code is forbidden using #[forbid(unsafe_code)]." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.derive_more-impl]] criteria = "safe-to-deploy" user-id = 3797 start = "2023-07-23" end = "2026-04-21" notes = "Jelte audits each PR that was submitted for security issues. He has not contributed much to Mozilla codebases, but is the maintainer of PgBouncer and is a Postgres contributor. Unsafe code is forbidden using #[forbid(unsafe_code)]." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.dtoa]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.equivalent]] criteria = "safe-to-deploy" user-id = 539 start = "2023-02-05" end = "2024-07-17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.erased-serde]] criteria = "safe-to-deploy" user-id = 3618 start = "2020-01-06" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.errno]] criteria = "safe-to-deploy" user-id = 6825 start = "2023-08-29" end = "2025-01-11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.errno]] criteria = "safe-to-deploy" user-id = 6825 start = "2023-08-29" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.flate2]] criteria = "safe-to-deploy" user-id = 4333 start = "2020-09-30" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.flate2]] criteria = "safe-to-deploy" user-id = 55123 start = "2022-11-24" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.h2]] criteria = "safe-to-deploy" user-id = 359 start = "2019-03-13" end = "2024-12-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.hashbrown]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-04-02" end = "2024-07-17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.hashbrown]] criteria = "safe-to-deploy" user-id = 55123 start = "2025-04-30" end = "2026-09-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.hashbrown]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-04-02" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.hashbrown]] criteria = "safe-to-deploy" user-id = 55123 start = "2025-04-30" end = "2026-06-10" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.headers]] criteria = "safe-to-deploy" user-id = 359 start = "2019-09-09" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.httparse]] criteria = "safe-to-deploy" user-id = 359 start = "2019-07-03" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.hyper]] criteria = "safe-to-run" user-id = 359 start = "2019-03-01" end = "2026-07-04" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.icu_collections]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_locale_core]] criteria = "safe-to-deploy" user-id = 166196 start = "2025-05-07" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_normalizer]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_normalizer_data]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-11-16" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_properties]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_properties_data]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-11-16" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.icu_provider]] criteria = "safe-to-deploy" user-id = 166196 start = "2022-10-08" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.indexmap]] criteria = "safe-to-deploy" user-id = 539 start = "2020-01-15" end = "2026-09-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.indexmap]] criteria = "safe-to-deploy" user-id = 539 start = "2020-01-15" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.inherent]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-07-14" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.inherent]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-07-14" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.io-lifetimes]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-06-12" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.iovec]] criteria = "safe-to-deploy" user-id = 10 start = "2019-10-09" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.is-terminal]] criteria = "safe-to-deploy" user-id = 6825 start = "2022-01-22" end = "2024-10-19" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.is_terminal_polyfill]] criteria = "safe-to-deploy" user-id = 6743 start = "2024-05-02" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.itoa]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.itoa]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.jobserver]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-15" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.js-sys]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.libc]] criteria = "safe-to-deploy" user-id = 2915 start = "2021-01-27" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.libc]] criteria = "safe-to-deploy" user-id = 51017 start = "2020-03-17" end = "2024-10-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.libc]] criteria = "safe-to-deploy" user-id = 55123 start = "2024-08-15" end = "2026-09-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.libc]] criteria = "safe-to-deploy" user-id = 55123 start = "2024-08-15" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.libz-rs-sys]] criteria = "safe-to-deploy" user-id = 1303 start = "2024-02-23" end = "2024-09-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.linux-raw-sys]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-06-12" end = "2024-09-08" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.linux-raw-sys]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-06-12" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.linux-raw-sys]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-06-12" end = "2024-10-19" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.litemap]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.lock_api]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-05-04" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.memchr]] criteria = "safe-to-deploy" user-id = 189 start = "2019-07-07" end = "2025-06-20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.mime]] criteria = "safe-to-deploy" user-id = 359 start = "2019-09-09" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.mio]] criteria = "safe-to-deploy" user-id = 10 start = "2019-05-15" end = "2024-05-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.mio]] criteria = "safe-to-deploy" user-id = 10 start = "2019-05-15" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.mio]] criteria = "safe-to-deploy" user-id = 6025 start = "2019-12-17" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.num]] criteria = "safe-to-deploy" user-id = 539 start = "2020-01-10" end = "2026-07-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.num-bigint]] criteria = "safe-to-deploy" user-id = 539 start = "2019-09-04" end = "2026-07-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.num-complex]] criteria = "safe-to-deploy" user-id = 539 start = "2019-06-10" end = "2026-07-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.num_cpus]] criteria = "safe-to-deploy" user-id = 359 start = "2019-06-10" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.once_cell_polyfill]] criteria = "safe-to-deploy" user-id = 6743 start = "2025-05-22" end = "2026-06-03" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.open]] criteria = "safe-to-deploy" user-id = 980 start = "2019-07-03" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.ordered-float]] criteria = "safe-to-deploy" user-id = 2017 start = "2019-03-13" end = "2024-05-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.ordered-float]] criteria = "safe-to-deploy" user-id = 2017 start = "2019-03-13" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.parking_lot]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-05-04" end = "2026-04-29" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.parking_lot_core]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-05-04" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.paste]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-19" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.paste]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-19" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.phf]] criteria = "safe-to-deploy" user-id = 51017 start = "2021-06-17" end = "2026-01-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.phf_codegen]] criteria = "safe-to-deploy" user-id = 51017 start = "2021-06-17" end = "2026-01-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.phf_generator]] criteria = "safe-to-deploy" user-id = 51017 start = "2021-06-17" end = "2026-01-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.phf_macros]] criteria = "safe-to-deploy" user-id = 51017 start = "2021-06-17" end = "2026-01-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.phf_shared]] criteria = "safe-to-deploy" user-id = 51017 start = "2021-06-17" end = "2026-01-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.proc-macro-hack]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-04-16" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.proc-macro2]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-04-23" end = "2026-09-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.proc-macro2]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-04-23" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.quote]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-04-09" end = "2024-05-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.ref-cast]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-05" end = "2026-08-19" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.ref-cast-impl]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-05" end = "2026-08-19" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.regex]] criteria = "safe-to-deploy" user-id = 189 start = "2019-02-27" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.regex-automata]] criteria = "safe-to-deploy" user-id = 189 start = "2019-02-25" end = "2024-09-20" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.regex-syntax]] criteria = "safe-to-deploy" user-id = 189 start = "2019-03-30" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.rustc-stable-hash]] criteria = "safe-to-deploy" user-id = 304535 start = "2024-12-10" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.rustix]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-10-29" end = "2024-09-08" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.rustix]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-10-29" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.rustix]] criteria = "safe-to-deploy" user-id = 6825 start = "2021-10-29" end = "2024-10-19" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.rustversion]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-07-08" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.ryu]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.ryu]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.ryu]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.same-file]] criteria = "safe-to-deploy" user-id = 189 start = "2019-07-16" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.scopeguard]] criteria = "safe-to-deploy" user-id = 2915 start = "2020-02-16" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.semver]] criteria = "safe-to-deploy" user-id = 3618 start = "2021-05-25" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2026-10-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde-untagged]] criteria = "safe-to-deploy" user-id = 3618 start = "2023-08-27" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde_bytes]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-02-25" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_core]] criteria = "safe-to-deploy" user-id = 3618 start = "2025-09-13" end = "2026-10-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_derive]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2026-10-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_derive]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde_json]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-02-28" end = "2026-04-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_json]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-02-28" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde_json]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-02-28" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.serde_repr]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-04-26" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_spanned]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-01-20" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.serde_yaml]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.serde_yaml]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-05-02" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.smallvec]] criteria = "safe-to-deploy" user-id = 2017 start = "2019-10-28" end = "2024-05-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.smallvec]] criteria = "safe-to-deploy" user-id = 2017 start = "2019-10-28" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.socket2]] criteria = "safe-to-deploy" user-id = 6025 start = "2020-09-09" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.syn]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2026-09-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.syn]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.syn]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-03-01" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.termcolor]] criteria = "safe-to-deploy" user-id = 189 start = "2019-06-04" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.thiserror]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2025-05-31" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.thiserror]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.thiserror]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2026-06-10" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.thiserror-impl]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2025-05-31" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.thiserror-impl]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.thiserror-impl]] criteria = "safe-to-deploy" user-id = 3618 start = "2019-10-09" end = "2026-06-10" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.thread_local]] criteria = "safe-to-deploy" user-id = 2915 start = "2019-09-07" end = "2026-05-13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.threadbound]] criteria = "safe-to-deploy" user-id = 3618 start = "2020-06-16" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.tinystr]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.tokio]] criteria = "safe-to-run" user-id = 6741 start = "2020-12-25" end = "2025-07-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.tokio]] criteria = "safe-to-deploy" user-id = 6741 start = "2020-12-25" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.tokio-macros]] criteria = "safe-to-deploy" user-id = 6741 start = "2020-10-26" end = "2025-07-30" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.tokio-macros]] criteria = "safe-to-deploy" user-id = 6741 start = "2020-10-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.tokio-util]] criteria = "safe-to-deploy" user-id = 6741 start = "2021-01-12" end = "2024-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.toml]] criteria = "safe-to-deploy" user-id = 1 start = "2019-05-16" end = "2024-05-06" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.toml]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-12-14" end = "2026-11-12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.toml]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-12-14" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.toml]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-12-14" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.toml_datetime]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-10-21" end = "2026-11-12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.toml_datetime]] criteria = "safe-to-deploy" user-id = 6743 start = "2022-10-21" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.toml_edit]] criteria = "safe-to-deploy" user-id = 6743 start = "2021-09-13" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.toml_parser]] criteria = "safe-to-deploy" user-id = 6743 start = "2025-07-08" end = "2026-11-12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.toml_parser]] criteria = "safe-to-deploy" user-id = 6743 start = "2025-07-08" end = "2027-01-08" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.toml_write]] criteria = "safe-to-deploy" user-id = 6743 start = "2025-04-25" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.toml_writer]] criteria = "safe-to-deploy" user-id = 6743 start = "2025-07-08" end = "2026-11-12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.typeid]] criteria = "safe-to-deploy" user-id = 3618 start = "2024-05-13" end = "2026-12-11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.typeid]] criteria = "safe-to-deploy" user-id = 3618 start = "2024-05-13" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.unicode-ident]] criteria = "safe-to-deploy" user-id = 3618 start = "2021-10-02" end = "2024-04-25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.unicode-ident]] criteria = "safe-to-deploy" user-id = 3618 start = "2021-10-02" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.walkdir]] criteria = "safe-to-deploy" user-id = 189 start = "2019-06-09" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.warp]] criteria = "safe-to-deploy" user-id = 359 start = "2019-03-20" end = "2024-05-08" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.wasi]] criteria = "safe-to-deploy" user-id = 1 start = "2020-06-03" end = "2026-05-19" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.wasi]] criteria = "safe-to-deploy" user-id = 1 start = "2020-06-03" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.wasm-bindgen]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.wasm-bindgen-backend]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.wasm-bindgen-macro]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.wasm-bindgen-macro-support]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.wasm-bindgen-shared]] criteria = "safe-to-deploy" user-id = 1 start = "2019-03-04" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.wasm-encoder]] criteria = "safe-to-deploy" user-id = 73222 start = "2024-02-15" end = "2025-03-11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.wasm-smith]] criteria = "safe-to-deploy" user-id = 73222 start = "2024-02-15" end = "2025-03-11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.wast]] criteria = "safe-to-deploy" user-id = 73222 start = "2024-02-15" end = "2025-03-11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.winapi-util]] criteria = "safe-to-deploy" user-id = 189 start = "2020-01-11" end = "2024-05-03" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-01-15" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-collections]] criteria = "safe-to-deploy" user-id = 64539 start = "2025-02-06" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-core]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-11-15" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-core]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-11-15" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-future]] criteria = "safe-to-deploy" user-id = 64539 start = "2025-02-10" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-implement]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-01-27" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-implement]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-01-27" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-interface]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-02-18" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-interface]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-02-18" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-link]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-07-17" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-link]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-07-17" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-numerics]] criteria = "safe-to-deploy" user-id = 64539 start = "2023-05-15" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-result]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-02-02" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-result]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-02-02" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-strings]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-02-02" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-strings]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-02-02" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-sys]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-11-15" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-sys]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-11-15" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows-targets]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-09" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows-targets]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-09" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows-targets]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-09" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows-threading]] criteria = "safe-to-deploy" user-id = 64539 start = "2025-04-29" end = "2026-10-02" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.windows_aarch64_gnullvm]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-01" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_aarch64_gnullvm]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-01" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows_aarch64_msvc]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-11-05" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_i686_gnu]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-10-28" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_i686_gnullvm]] criteria = "safe-to-deploy" user-id = 64539 start = "2024-04-02" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_i686_msvc]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-10-27" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_x86_64_gnu]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-10-28" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_x86_64_gnullvm]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-01" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.windows_x86_64_gnullvm]] criteria = "safe-to-deploy" user-id = 64539 start = "2022-09-01" end = "2026-06-18" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.windows_x86_64_msvc]] criteria = "safe-to-deploy" user-id = 64539 start = "2021-10-27" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.winnow]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-02-22" end = "2026-05-05" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[trusted.winnow]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-02-22" end = "2025-09-12" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.winnow]] criteria = "safe-to-deploy" user-id = 6743 start = "2023-02-22" end = "2026-06-10" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[trusted.zerotrie]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-11-16" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.zerovec]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.zerovec-derive]] criteria = "safe-to-deploy" user-id = 1139 start = "2021-12-11" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.zerovec-derive]] criteria = "safe-to-deploy" user-id = 166196 start = "2023-01-26" end = "2026-06-02" aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[trusted.zlib-rs]] criteria = "safe-to-deploy" user-id = 1303 start = "2024-02-23" end = "2024-09-01" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"