Denis Drakhnia
7 months ago
7 changed files with 949 additions and 79 deletions
@ -0,0 +1,222 @@ |
|||||||
|
|
||||||
|
# cargo-vet audits file |
||||||
|
|
||||||
|
[[audits.fastrand]] |
||||||
|
who = "Denis Drakhnia <numas13@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "2.0.1 -> 2.0.2" |
||||||
|
|
||||||
|
[[audits.iana-time-zone]] |
||||||
|
who = "Denis Drakhnia <numas13@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.1.59 -> 0.1.60" |
||||||
|
|
||||||
|
[[trusted.getopts]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-08-19" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.itoa]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-05-02" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.js-sys]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.libc]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 51017 # Yuki Okushi (JohnTitor) |
||||||
|
start = "2020-03-17" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.num-traits]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 539 # Josh Stone (cuviper) |
||||||
|
start = "2019-05-20" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.proc-macro2]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-04-23" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.quote]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-04-09" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.ryu]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-05-02" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.serde]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-03-01" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.serde_derive]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-03-01" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.serde_json]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-02-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.syn]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-03-01" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.thiserror]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-10-09" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.thiserror-impl]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 3618 # David Tolnay (dtolnay) |
||||||
|
start = "2019-10-09" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.toml]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-05-16" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasi]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2020-06-03" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasm-bindgen]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasm-bindgen-backend]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasm-bindgen-macro]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasm-bindgen-macro-support]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.wasm-bindgen-shared]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1 # Alex Crichton (alexcrichton) |
||||||
|
start = "2019-03-04" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-01-15" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows-core]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-11-15" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows-targets]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2022-09-09" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_aarch64_gnullvm]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2022-09-01" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_aarch64_msvc]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-11-05" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_i686_gnu]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-10-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_i686_msvc]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-10-27" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_x86_64_gnu]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-10-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_x86_64_gnullvm]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2022-09-01" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.windows_x86_64_msvc]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 64539 # Kenny Kerr (kennykerr) |
||||||
|
start = "2021-10-27" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.xash3d-admin]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 251561 # Denis Drakhnia (numas13) |
||||||
|
start = "2024-01-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.xash3d-master]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 251561 # Denis Drakhnia (numas13) |
||||||
|
start = "2024-01-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.xash3d-protocol]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 251561 # Denis Drakhnia (numas13) |
||||||
|
start = "2024-01-28" |
||||||
|
end = "2025-04-04" |
||||||
|
|
||||||
|
[[trusted.xash3d-query]] |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 251561 # Denis Drakhnia (numas13) |
||||||
|
start = "2024-01-28" |
||||||
|
end = "2025-04-04" |
@ -0,0 +1,108 @@ |
|||||||
|
|
||||||
|
# cargo-vet config file |
||||||
|
|
||||||
|
[cargo-vet] |
||||||
|
version = "0.9" |
||||||
|
|
||||||
|
[imports.bytecode-alliance] |
||||||
|
url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[imports.google] |
||||||
|
url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml" |
||||||
|
|
||||||
|
[imports.isrg] |
||||||
|
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[imports.mozilla] |
||||||
|
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" |
||||||
|
|
||||||
|
[imports.zcash] |
||||||
|
url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[policy.xash3d-admin] |
||||||
|
audit-as-crates-io = true |
||||||
|
|
||||||
|
[policy.xash3d-master] |
||||||
|
audit-as-crates-io = true |
||||||
|
|
||||||
|
[policy.xash3d-protocol] |
||||||
|
audit-as-crates-io = true |
||||||
|
|
||||||
|
[policy.xash3d-query] |
||||||
|
audit-as-crates-io = true |
||||||
|
|
||||||
|
[[exemptions.ahash]] |
||||||
|
version = "0.4.8" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.android-tzdata]] |
||||||
|
version = "0.1.1" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.bitflags]] |
||||||
|
version = "1.3.2" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.blake2b_simd]] |
||||||
|
version = "0.5.11" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.chrono]] |
||||||
|
version = "0.4.26" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.const-random]] |
||||||
|
version = "0.1.17" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.const-random-macro]] |
||||||
|
version = "0.1.16" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.constant_time_eq]] |
||||||
|
version = "0.1.5" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.getrandom]] |
||||||
|
version = "0.2.10" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.numtoa]] |
||||||
|
version = "0.1.0" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.once_cell]] |
||||||
|
version = "1.17.2" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.redox_syscall]] |
||||||
|
version = "0.2.16" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.redox_termios]] |
||||||
|
version = "0.1.2" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.signal-hook]] |
||||||
|
version = "0.3.17" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.termion]] |
||||||
|
version = "2.0.1" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.tiny-keccak]] |
||||||
|
version = "2.0.2" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.winapi]] |
||||||
|
version = "0.3.9" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.winapi-i686-pc-windows-gnu]] |
||||||
|
version = "0.4.0" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
|
||||||
|
[[exemptions.winapi-x86_64-pc-windows-gnu]] |
||||||
|
version = "0.4.0" |
||||||
|
criteria = "safe-to-deploy" |
@ -0,0 +1,528 @@ |
|||||||
|
|
||||||
|
# cargo-vet imports lock |
||||||
|
|
||||||
|
[[publisher.bumpalo]] |
||||||
|
version = "3.12.0" |
||||||
|
when = "2023-01-17" |
||||||
|
user-id = 696 |
||||||
|
user-login = "fitzgen" |
||||||
|
user-name = "Nick Fitzgerald" |
||||||
|
|
||||||
|
[[publisher.core-foundation-sys]] |
||||||
|
version = "0.8.4" |
||||||
|
when = "2023-04-03" |
||||||
|
user-id = 5946 |
||||||
|
user-login = "jrmuizel" |
||||||
|
user-name = "Jeff Muizelaar" |
||||||
|
|
||||||
|
[[publisher.getopts]] |
||||||
|
version = "0.2.21" |
||||||
|
when = "2019-08-19" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.itoa]] |
||||||
|
version = "1.0.11" |
||||||
|
when = "2024-03-26" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.js-sys]] |
||||||
|
version = "0.3.64" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.libc]] |
||||||
|
version = "0.2.153" |
||||||
|
when = "2024-01-31" |
||||||
|
user-id = 51017 |
||||||
|
user-login = "JohnTitor" |
||||||
|
user-name = "Yuki Okushi" |
||||||
|
|
||||||
|
[[publisher.num-traits]] |
||||||
|
version = "0.2.18" |
||||||
|
when = "2024-02-08" |
||||||
|
user-id = 539 |
||||||
|
user-login = "cuviper" |
||||||
|
user-name = "Josh Stone" |
||||||
|
|
||||||
|
[[publisher.proc-macro2]] |
||||||
|
version = "1.0.79" |
||||||
|
when = "2024-03-12" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.ryu]] |
||||||
|
version = "1.0.17" |
||||||
|
when = "2024-02-19" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.serde_json]] |
||||||
|
version = "1.0.115" |
||||||
|
when = "2024-03-26" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.syn]] |
||||||
|
version = "2.0.56" |
||||||
|
when = "2024-03-30" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.thiserror]] |
||||||
|
version = "1.0.58" |
||||||
|
when = "2024-03-12" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.thiserror-impl]] |
||||||
|
version = "1.0.58" |
||||||
|
when = "2024-03-12" |
||||||
|
user-id = 3618 |
||||||
|
user-login = "dtolnay" |
||||||
|
user-name = "David Tolnay" |
||||||
|
|
||||||
|
[[publisher.toml]] |
||||||
|
version = "0.5.7" |
||||||
|
when = "2020-10-11" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.unicode-width]] |
||||||
|
version = "0.1.11" |
||||||
|
when = "2023-09-19" |
||||||
|
user-id = 1139 |
||||||
|
user-login = "Manishearth" |
||||||
|
user-name = "Manish Goregaokar" |
||||||
|
|
||||||
|
[[publisher.wasi]] |
||||||
|
version = "0.11.0+wasi-snapshot-preview1" |
||||||
|
when = "2022-01-19" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.wasm-bindgen]] |
||||||
|
version = "0.2.87" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.wasm-bindgen-backend]] |
||||||
|
version = "0.2.87" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.wasm-bindgen-macro]] |
||||||
|
version = "0.2.87" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.wasm-bindgen-macro-support]] |
||||||
|
version = "0.2.87" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.wasm-bindgen-shared]] |
||||||
|
version = "0.2.87" |
||||||
|
when = "2023-06-12" |
||||||
|
user-id = 1 |
||||||
|
user-login = "alexcrichton" |
||||||
|
user-name = "Alex Crichton" |
||||||
|
|
||||||
|
[[publisher.windows-core]] |
||||||
|
version = "0.52.0" |
||||||
|
when = "2023-11-15" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows-targets]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_aarch64_gnullvm]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_aarch64_msvc]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_i686_gnu]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_i686_msvc]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_x86_64_gnu]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_x86_64_gnullvm]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.windows_x86_64_msvc]] |
||||||
|
version = "0.52.4" |
||||||
|
when = "2024-02-28" |
||||||
|
user-id = 64539 |
||||||
|
user-login = "kennykerr" |
||||||
|
user-name = "Kenny Kerr" |
||||||
|
|
||||||
|
[[publisher.xash3d-admin]] |
||||||
|
version = "0.1.0" |
||||||
|
when = "2024-01-28" |
||||||
|
user-id = 251561 |
||||||
|
user-login = "numas13" |
||||||
|
user-name = "Denis Drakhnia" |
||||||
|
|
||||||
|
[[publisher.xash3d-master]] |
||||||
|
version = "0.1.0" |
||||||
|
when = "2024-01-28" |
||||||
|
user-id = 251561 |
||||||
|
user-login = "numas13" |
||||||
|
user-name = "Denis Drakhnia" |
||||||
|
|
||||||
|
[[publisher.xash3d-protocol]] |
||||||
|
version = "0.1.0" |
||||||
|
when = "2024-01-28" |
||||||
|
user-id = 251561 |
||||||
|
user-login = "numas13" |
||||||
|
user-name = "Denis Drakhnia" |
||||||
|
|
||||||
|
[[publisher.xash3d-query]] |
||||||
|
version = "0.1.0" |
||||||
|
when = "2024-01-28" |
||||||
|
user-id = 251561 |
||||||
|
user-login = "numas13" |
||||||
|
user-name = "Denis Drakhnia" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.wildcard-audits.bumpalo]] |
||||||
|
who = "Nick Fitzgerald <fitzgen@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 696 # Nick Fitzgerald (fitzgen) |
||||||
|
start = "2019-03-16" |
||||||
|
end = "2024-03-10" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.arrayref]] |
||||||
|
who = "Nick Fitzgerald <fitzgen@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.3.6" |
||||||
|
notes = """ |
||||||
|
Unsafe code, but its logic looks good to me. Necessary given what it is |
||||||
|
doing. Well tested, has quickchecks. |
||||||
|
""" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.arrayvec]] |
||||||
|
who = "Nick Fitzgerald <fitzgen@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.7.2" |
||||||
|
notes = """ |
||||||
|
Well documented invariants, good assertions for those invariants in unsafe code, |
||||||
|
and tested with MIRI to boot. LGTM. |
||||||
|
""" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.cc]] |
||||||
|
who = "Alex Crichton <alex@alexcrichton.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.73" |
||||||
|
notes = "I am the author of this crate." |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.fastrand]] |
||||||
|
who = "Alex Crichton <alex@alexcrichton.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "2.0.0 -> 2.0.1" |
||||||
|
notes = """ |
||||||
|
This update had a few doc updates but no otherwise-substantial source code |
||||||
|
updates. |
||||||
|
""" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.iana-time-zone]] |
||||||
|
who = "Dan Gohman <dev@sunfishcode.online>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.1.59" |
||||||
|
notes = """ |
||||||
|
I also manually ran windows-bindgen and confirmed that the output matches |
||||||
|
the bindings checked into the repo. |
||||||
|
""" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.iana-time-zone-haiku]] |
||||||
|
who = "Dan Gohman <dev@sunfishcode.online>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.1.2" |
||||||
|
|
||||||
|
[[audits.bytecode-alliance.audits.signal-hook-registry]] |
||||||
|
who = "Pat Hickey <phickey@fastly.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.4.1" |
||||||
|
|
||||||
|
[[audits.google.audits.autocfg]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.1.0" |
||||||
|
notes = """ |
||||||
|
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
||||||
|
and there were no hits except for reasonable, client-controlled usage of |
||||||
|
`std::fs` in `AutoCfg::with_dir`. |
||||||
|
|
||||||
|
This crate has been added to Chromium in |
||||||
|
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb |
||||||
|
The CL description contains a link to a Google-internal document with audit details. |
||||||
|
""" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.autocfg]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "1.1.0 -> 1.2.0" |
||||||
|
notes = ''' |
||||||
|
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
||||||
|
and nothing changed from the baseline audit of 1.1.0. Skimmed through the |
||||||
|
1.1.0 => 1.2.0 delta and everything seemed okay. |
||||||
|
''' |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.bitflags]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "2.4.2" |
||||||
|
notes = """ |
||||||
|
Audit notes: |
||||||
|
|
||||||
|
* I've checked for any discussion in Google-internal cl/546819168 (where audit |
||||||
|
of version 2.3.3 happened) |
||||||
|
* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` |
||||||
|
* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be |
||||||
|
correct in a straightforward way - they just propagate the marker trait's |
||||||
|
impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type |
||||||
|
* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 |
||||||
|
""" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.bitflags]] |
||||||
|
who = "Adrian Taylor <adetaylor@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "2.4.2 -> 2.5.0" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.cfg-if]] |
||||||
|
who = "George Burgess IV <gbiv@google.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.0" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.fastrand]] |
||||||
|
who = "George Burgess IV <gbiv@google.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.9.0" |
||||||
|
notes = """ |
||||||
|
`does-not-implement-crypto` is certified because this crate explicitly says |
||||||
|
that the RNG here is not cryptographically secure. |
||||||
|
""" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.quote]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.35" |
||||||
|
notes = """ |
||||||
|
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits |
||||||
|
(except for benign \"net\" hit in tests and \"fs\" hit in README.md) |
||||||
|
""" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.serde]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.197" |
||||||
|
notes = """ |
||||||
|
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. |
||||||
|
|
||||||
|
There were some hits for `net`, but they were related to serialization and |
||||||
|
not actually opening any connections or anything like that. |
||||||
|
|
||||||
|
There were 2 hits of `unsafe` when grepping: |
||||||
|
* In `fn as_str` in `impl Buf` |
||||||
|
* In `fn serialize` in `impl Serialize for net::Ipv4Addr` |
||||||
|
|
||||||
|
Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this |
||||||
|
review also covered `serde_json_lenient`). |
||||||
|
|
||||||
|
Version 1.0.130 of the crate has been added to Chromium in |
||||||
|
https://crrev.com/c/3265545. The CL description contains a link to a |
||||||
|
(Google-internal, sorry) document with a mini security review. |
||||||
|
""" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.serde_derive]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.197" |
||||||
|
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.google.audits.unicode-ident]] |
||||||
|
who = "Lukasz Anforowicz <lukasza@chromium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "1.0.12" |
||||||
|
notes = ''' |
||||||
|
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. |
||||||
|
|
||||||
|
All two functions from the public API of this crate use `unsafe` to avoid bound |
||||||
|
checks for an array access. Cross-module analysis shows that the offsets can |
||||||
|
be statically proven to be within array bounds. More details can be found in |
||||||
|
the unsafe review CL at https://crrev.com/c/5350386. |
||||||
|
|
||||||
|
This crate has been added to Chromium in https://crrev.com/c/3891618. |
||||||
|
''' |
||||||
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" |
||||||
|
|
||||||
|
[[audits.isrg.audits.crunchy]] |
||||||
|
who = "David Cook <dcook@divviup.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.2.2" |
||||||
|
|
||||||
|
[[audits.isrg.audits.getrandom]] |
||||||
|
who = "Brandon Pitman <bran@bran.land>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.2.10 -> 0.2.11" |
||||||
|
|
||||||
|
[[audits.isrg.audits.getrandom]] |
||||||
|
who = "David Cook <dcook@divviup.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.2.11 -> 0.2.12" |
||||||
|
|
||||||
|
[[audits.mozilla.wildcard-audits.core-foundation-sys]] |
||||||
|
who = "Bobby Holley <bobbyholley@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 5946 # Jeff Muizelaar (jrmuizel) |
||||||
|
start = "2020-10-14" |
||||||
|
end = "2023-05-04" |
||||||
|
renew = false |
||||||
|
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.wildcard-audits.unicode-width]] |
||||||
|
who = "Manish Goregaokar <manishsmail@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
user-id = 1139 # Manish Goregaokar (Manishearth) |
||||||
|
start = "2019-12-05" |
||||||
|
end = "2024-05-03" |
||||||
|
notes = "All code written or reviewed by Manish" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.android_system_properties]] |
||||||
|
who = "Nicolas Silva <nical@fastmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.1.2" |
||||||
|
notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.android_system_properties]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.1.2 -> 0.1.4" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.android_system_properties]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.1.4 -> 0.1.5" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.cc]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "1.0.73 -> 1.0.78" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.cc]] |
||||||
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "1.0.78 -> 1.0.83" |
||||||
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.fastrand]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "1.9.0 -> 2.0.0" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.log]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
version = "0.4.17" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.log]] |
||||||
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.4.17 -> 0.4.18" |
||||||
|
notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." |
||||||
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.toml]] |
||||||
|
who = "Bobby Holley <bobbyholley@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.5.7 -> 0.5.9" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.toml]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.5.9 -> 0.5.10" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.mozilla.audits.toml]] |
||||||
|
who = "Mike Hommey <mh+mozilla@glandium.org>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.5.10 -> 0.5.11" |
||||||
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" |
||||||
|
|
||||||
|
[[audits.zcash.audits.arrayref]] |
||||||
|
who = "Sean Bowe <ewillbefull@gmail.com>" |
||||||
|
criteria = "safe-to-deploy" |
||||||
|
delta = "0.3.6 -> 0.3.7" |
||||||
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" |
Loading…
Reference in new issue