From 76bad07c688158f99e82a76ba8d322e384327a2b Mon Sep 17 00:00:00 2001 From: Alfredo Garcia Date: Mon, 24 Jun 2024 17:09:57 -0300 Subject: [PATCH 1/2] add(support): Include Windows as a tier2 supported platform (#8637) * add windows to tier2 supported platforms document * add changelog entry --- CHANGELOG.md | 3 ++- book/src/user/supported-platforms.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd2dfe2c6dd..2e1e841ba73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,8 @@ and this project adheres to [Semantic Versioning](https://semver.org). - We're no longer using general conditional compilation attributes for `tor`, but only feature flags instead. - Fixed a bug with trailing characters in the openapi spec method descriptions ([#8597](https://github.com/ZcashFoundation/zebra/pull/8597)) -- Added default constructions for several RPC method responses([#8616](https://github.com/ZcashFoundation/zebra/pull/8616)) +- Added default constructions for several RPC method responses ([#8616](https://github.com/ZcashFoundation/zebra/pull/8616)) +- Added Windows to the list of supported platforms in Tier 2 ([#8637](https://github.com/ZcashFoundation/zebra/pull/8637)) ## [Zebra 1.7.0](https://github.com/ZcashFoundation/zebra/releases/tag/v1.7.0) - 2024-05-07 diff --git a/book/src/user/supported-platforms.md b/book/src/user/supported-platforms.md index cbb83cdc840..3220ce72d59 100644 --- a/book/src/user/supported-platforms.md +++ b/book/src/user/supported-platforms.md @@ -35,6 +35,7 @@ For the full requirements, see [Tier 2 platform policy](platform-tier-policy.md# | `x86_64-unknown-linux-gnu` | [GitHub ubuntu-latest](https://github.com/actions/virtual-environments#available-environments) | 64-bit | [latest stable release](https://github.com/rust-lang/rust/releases) | N/A | `x86_64-unknown-linux-gnu` | [GitHub ubuntu-latest](https://github.com/actions/virtual-environments#available-environments) | 64-bit | [latest beta release](https://github.com/rust-lang/rust/blob/beta/src/version) | N/A | `x86_64-apple-darwin` | [GitHub macos-latest](https://github.com/actions/virtual-environments#available-environments) | 64-bit | [latest stable release](https://github.com/rust-lang/rust/releases) | N/A +| `x86_64-pc-windows-msvc` | [GitHub windows-latest](https://github.com/actions/virtual-environments#available-environments) | 64-bit | [latest stable release](https://github.com/rust-lang/rust/releases) | N/A ## Tier 3 From d6b45884116af31bf7f0b648d3d5063ab09ef9fe Mon Sep 17 00:00:00 2001 From: Arya Date: Tue, 25 Jun 2024 10:03:23 -0400 Subject: [PATCH 2/2] change(deps): Initializes `cargo vet` in Zebra (#8641) * Initializes cargo vet in Zebra * adds audits from zcash/zcashd, google, and mozilla as trusted audits --- supply-chain/audits.toml | 4 + supply-chain/config.toml | 2063 +++++++++++++++++++++++++++++++++++++ supply-chain/imports.lock | 1174 +++++++++++++++++++++ 3 files changed, 3241 insertions(+) create mode 100644 supply-chain/audits.toml create mode 100644 supply-chain/config.toml create mode 100644 supply-chain/imports.lock diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml new file mode 100644 index 00000000000..2772ccb21f3 --- /dev/null +++ b/supply-chain/audits.toml @@ -0,0 +1,4 @@ + +# cargo-vet audits file + +[audits] diff --git a/supply-chain/config.toml b/supply-chain/config.toml new file mode 100644 index 00000000000..ad3e7aac56a --- /dev/null +++ b/supply-chain/config.toml @@ -0,0 +1,2063 @@ + +# cargo-vet config file + +[cargo-vet] +version = "0.9" + +[imports.google] +url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml" + +[imports.mozilla] +url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" + +[imports.zcash] +url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml" + +[imports.zcashd] +url = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[policy.tower-batch-control] +audit-as-crates-io = true + +[policy.tower-fallback] +audit-as-crates-io = true + +[policy.zebra-chain] +audit-as-crates-io = true + +[policy.zebra-consensus] +audit-as-crates-io = true + +[policy.zebra-grpc] +audit-as-crates-io = true + +[policy.zebra-network] +audit-as-crates-io = true + +[policy.zebra-node-services] +audit-as-crates-io = true + +[policy.zebra-rpc] +audit-as-crates-io = true + +[policy.zebra-scan] +audit-as-crates-io = true + +[policy.zebra-script] +audit-as-crates-io = true + +[policy.zebra-state] +audit-as-crates-io = true + +[policy.zebra-test] +audit-as-crates-io = true + +[policy.zebra-utils] +audit-as-crates-io = true + +[policy.zebrad] +audit-as-crates-io = true + +[[exemptions.abscissa_core]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.abscissa_derive]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.addr2line]] +version = "0.21.0" +criteria = "safe-to-deploy" + +[[exemptions.adler]] +version = "1.0.2" +criteria = "safe-to-deploy" + +[[exemptions.aead]] +version = "0.5.2" +criteria = "safe-to-deploy" + +[[exemptions.aes]] +version = "0.8.4" +criteria = "safe-to-deploy" + +[[exemptions.ahash]] +version = "0.8.11" +criteria = "safe-to-deploy" + +[[exemptions.aho-corasick]] +version = "1.1.3" +criteria = "safe-to-deploy" + +[[exemptions.allocator-api2]] +version = "0.2.18" +criteria = "safe-to-deploy" + +[[exemptions.android-tzdata]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.anes]] +version = "0.1.6" +criteria = "safe-to-run" + +[[exemptions.ansi_term]] +version = "0.12.1" +criteria = "safe-to-deploy" + +[[exemptions.anstream]] +version = "0.6.14" +criteria = "safe-to-deploy" + +[[exemptions.anstyle]] +version = "1.0.7" +criteria = "safe-to-deploy" + +[[exemptions.anstyle-parse]] +version = "0.2.4" +criteria = "safe-to-deploy" + +[[exemptions.anstyle-query]] +version = "1.0.3" +criteria = "safe-to-deploy" + +[[exemptions.anstyle-wincon]] +version = "3.0.3" +criteria = "safe-to-deploy" + +[[exemptions.anyhow]] +version = "1.0.82" +criteria = "safe-to-deploy" + +[[exemptions.arc-swap]] +version = "1.7.1" +criteria = "safe-to-deploy" + +[[exemptions.arrayref]] +version = "0.3.7" +criteria = "safe-to-deploy" + +[[exemptions.arrayvec]] +version = "0.7.4" +criteria = "safe-to-deploy" + +[[exemptions.async-compression]] +version = "0.4.9" +criteria = "safe-to-deploy" + +[[exemptions.async-trait]] +version = "0.1.80" +criteria = "safe-to-deploy" + +[[exemptions.atty]] +version = "0.2.14" +criteria = "safe-to-deploy" + +[[exemptions.axum]] +version = "0.6.20" +criteria = "safe-to-deploy" + +[[exemptions.axum-core]] +version = "0.3.4" +criteria = "safe-to-deploy" + +[[exemptions.backtrace]] +version = "0.3.71" +criteria = "safe-to-deploy" + +[[exemptions.base64]] +version = "0.11.0" +criteria = "safe-to-deploy" + +[[exemptions.base64]] +version = "0.21.7" +criteria = "safe-to-deploy" + +[[exemptions.base64]] +version = "0.22.1" +criteria = "safe-to-deploy" + +[[exemptions.base64ct]] +version = "1.0.1" +criteria = "safe-to-deploy" + +[[exemptions.bech32]] +version = "0.9.1" +criteria = "safe-to-deploy" + +[[exemptions.bellman]] +version = "0.14.0" +criteria = "safe-to-deploy" + +[[exemptions.bincode]] +version = "1.3.3" +criteria = "safe-to-deploy" + +[[exemptions.bip0039]] +version = "0.10.1" +criteria = "safe-to-deploy" + +[[exemptions.bitflags]] +version = "1.3.2" +criteria = "safe-to-deploy" + +[[exemptions.bitflags-serde-legacy]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.bitvec]] +version = "1.0.1" +criteria = "safe-to-deploy" + +[[exemptions.blake2b_simd]] +version = "1.0.2" +criteria = "safe-to-deploy" + +[[exemptions.blake2s_simd]] +version = "1.0.2" +criteria = "safe-to-deploy" + +[[exemptions.block-buffer]] +version = "0.10.4" +criteria = "safe-to-deploy" + +[[exemptions.bls12_381]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.bridgetree]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.bs58]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.bstr]] +version = "1.9.1" +criteria = "safe-to-deploy" + +[[exemptions.bumpalo]] +version = "3.16.0" +criteria = "safe-to-deploy" + +[[exemptions.byte-slice-cast]] +version = "1.2.2" +criteria = "safe-to-deploy" + +[[exemptions.byteorder]] +version = "1.5.0" +criteria = "safe-to-deploy" + +[[exemptions.bytes]] +version = "1.6.0" +criteria = "safe-to-deploy" + +[[exemptions.bzip2-sys]] +version = "0.1.11+1.0.8" +criteria = "safe-to-deploy" + +[[exemptions.camino]] +version = "1.1.6" +criteria = "safe-to-deploy" + +[[exemptions.canonical-path]] +version = "2.0.2" +criteria = "safe-to-deploy" + +[[exemptions.cargo-platform]] +version = "0.1.8" +criteria = "safe-to-deploy" + +[[exemptions.cargo_metadata]] +version = "0.18.1" +criteria = "safe-to-deploy" + +[[exemptions.cbc]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.cc]] +version = "1.0.96" +criteria = "safe-to-deploy" + +[[exemptions.cfg-if]] +version = "0.1.10" +criteria = "safe-to-deploy" + +[[exemptions.chacha20]] +version = "0.9.1" +criteria = "safe-to-deploy" + +[[exemptions.chacha20poly1305]] +version = "0.10.1" +criteria = "safe-to-deploy" + +[[exemptions.chrono]] +version = "0.4.38" +criteria = "safe-to-deploy" + +[[exemptions.ciborium]] +version = "0.2.2" +criteria = "safe-to-run" + +[[exemptions.ciborium-io]] +version = "0.2.2" +criteria = "safe-to-run" + +[[exemptions.ciborium-ll]] +version = "0.2.2" +criteria = "safe-to-run" + +[[exemptions.cipher]] +version = "0.4.4" +criteria = "safe-to-deploy" + +[[exemptions.clang-sys]] +version = "1.7.0" +criteria = "safe-to-deploy" + +[[exemptions.clap]] +version = "2.34.0" +criteria = "safe-to-deploy" + +[[exemptions.clap]] +version = "4.5.4" +criteria = "safe-to-deploy" + +[[exemptions.clap_builder]] +version = "4.5.2" +criteria = "safe-to-deploy" + +[[exemptions.clap_derive]] +version = "4.5.4" +criteria = "safe-to-deploy" + +[[exemptions.clap_lex]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.color-eyre]] +version = "0.6.3" +criteria = "safe-to-deploy" + +[[exemptions.color-spantrace]] +version = "0.2.1" +criteria = "safe-to-deploy" + +[[exemptions.colorchoice]] +version = "1.0.1" +criteria = "safe-to-deploy" + +[[exemptions.console]] +version = "0.15.8" +criteria = "safe-to-deploy" + +[[exemptions.console-api]] +version = "0.6.0" +criteria = "safe-to-deploy" + +[[exemptions.console-subscriber]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.const-oid]] +version = "0.9.6" +criteria = "safe-to-deploy" + +[[exemptions.constant_time_eq]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.core-foundation-sys]] +version = "0.8.6" +criteria = "safe-to-deploy" + +[[exemptions.cpufeatures]] +version = "0.2.12" +criteria = "safe-to-deploy" + +[[exemptions.crc32fast]] +version = "1.4.0" +criteria = "safe-to-deploy" + +[[exemptions.criterion]] +version = "0.5.1" +criteria = "safe-to-run" + +[[exemptions.criterion-plot]] +version = "0.5.0" +criteria = "safe-to-run" + +[[exemptions.crossbeam-channel]] +version = "0.5.12" +criteria = "safe-to-deploy" + +[[exemptions.crossbeam-deque]] +version = "0.8.5" +criteria = "safe-to-deploy" + +[[exemptions.crossbeam-epoch]] +version = "0.9.18" +criteria = "safe-to-deploy" + +[[exemptions.crossbeam-utils]] +version = "0.8.19" +criteria = "safe-to-deploy" + +[[exemptions.crunchy]] +version = "0.2.2" +criteria = "safe-to-deploy" + +[[exemptions.crypto-common]] +version = "0.1.6" +criteria = "safe-to-deploy" + +[[exemptions.curve25519-dalek]] +version = "4.1.3" +criteria = "safe-to-deploy" + +[[exemptions.curve25519-dalek-derive]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.darling]] +version = "0.13.4" +criteria = "safe-to-deploy" + +[[exemptions.darling]] +version = "0.20.8" +criteria = "safe-to-deploy" + +[[exemptions.darling_core]] +version = "0.13.4" +criteria = "safe-to-deploy" + +[[exemptions.darling_core]] +version = "0.20.8" +criteria = "safe-to-deploy" + +[[exemptions.darling_macro]] +version = "0.13.4" +criteria = "safe-to-deploy" + +[[exemptions.darling_macro]] +version = "0.20.8" +criteria = "safe-to-deploy" + +[[exemptions.der]] +version = "0.7.9" +criteria = "safe-to-deploy" + +[[exemptions.digest]] +version = "0.10.7" +criteria = "safe-to-deploy" + +[[exemptions.dirs]] +version = "5.0.1" +criteria = "safe-to-deploy" + +[[exemptions.dirs-sys]] +version = "0.4.1" +criteria = "safe-to-deploy" + +[[exemptions.dyn-clone]] +version = "1.0.17" +criteria = "safe-to-deploy" + +[[exemptions.ed25519]] +version = "2.2.3" +criteria = "safe-to-deploy" + +[[exemptions.ed25519-zebra]] +version = "4.0.3" +criteria = "safe-to-deploy" + +[[exemptions.elasticsearch]] +version = "8.5.0-alpha.1" +criteria = "safe-to-deploy" + +[[exemptions.encode_unicode]] +version = "0.3.6" +criteria = "safe-to-deploy" + +[[exemptions.env_logger]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.equihash]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.errno]] +version = "0.3.8" +criteria = "safe-to-deploy" + +[[exemptions.eyre]] +version = "0.6.12" +criteria = "safe-to-deploy" + +[[exemptions.f4jumble]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.ff]] +version = "0.13.0" +criteria = "safe-to-deploy" + +[[exemptions.fiat-crypto]] +version = "0.2.8" +criteria = "safe-to-deploy" + +[[exemptions.fixed-hash]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.fixedbitset]] +version = "0.4.2" +criteria = "safe-to-deploy" + +[[exemptions.flate2]] +version = "1.0.30" +criteria = "safe-to-deploy" + +[[exemptions.flume]] +version = "0.10.14" +criteria = "safe-to-deploy" + +[[exemptions.fpe]] +version = "0.6.1" +criteria = "safe-to-deploy" + +[[exemptions.fs-err]] +version = "2.11.0" +criteria = "safe-to-deploy" + +[[exemptions.funty]] +version = "2.0.0" +criteria = "safe-to-deploy" + +[[exemptions.futures]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-channel]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-core]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-executor]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-io]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-macro]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-sink]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-task]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.futures-util]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.generic-array]] +version = "0.14.7" +criteria = "safe-to-deploy" + +[[exemptions.getrandom]] +version = "0.1.16" +criteria = "safe-to-deploy" + +[[exemptions.getrandom]] +version = "0.2.14" +criteria = "safe-to-deploy" + +[[exemptions.gimli]] +version = "0.28.1" +criteria = "safe-to-deploy" + +[[exemptions.git2]] +version = "0.18.3" +criteria = "safe-to-deploy" + +[[exemptions.globset]] +version = "0.4.14" +criteria = "safe-to-deploy" + +[[exemptions.group]] +version = "0.13.0" +criteria = "safe-to-deploy" + +[[exemptions.h2]] +version = "0.3.26" +criteria = "safe-to-deploy" + +[[exemptions.h2]] +version = "0.4.4" +criteria = "safe-to-deploy" + +[[exemptions.half]] +version = "2.4.1" +criteria = "safe-to-run" + +[[exemptions.halo2_gadgets]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.halo2_legacy_pdqsort]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.halo2_proofs]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.hashbrown]] +version = "0.14.5" +criteria = "safe-to-deploy" + +[[exemptions.hdrhistogram]] +version = "7.5.4" +criteria = "safe-to-deploy" + +[[exemptions.hdwallet]] +version = "0.4.1" +criteria = "safe-to-deploy" + +[[exemptions.heck]] +version = "0.3.3" +criteria = "safe-to-deploy" + +[[exemptions.heck]] +version = "0.5.0" +criteria = "safe-to-deploy" + +[[exemptions.hermit-abi]] +version = "0.1.19" +criteria = "safe-to-deploy" + +[[exemptions.hermit-abi]] +version = "0.3.9" +criteria = "safe-to-deploy" + +[[exemptions.hex-literal]] +version = "0.4.1" +criteria = "safe-to-deploy" + +[[exemptions.hmac]] +version = "0.12.1" +criteria = "safe-to-deploy" + +[[exemptions.home]] +version = "0.5.9" +criteria = "safe-to-deploy" + +[[exemptions.hostname]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.howudoin]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.http]] +version = "0.2.12" +criteria = "safe-to-deploy" + +[[exemptions.http]] +version = "1.1.0" +criteria = "safe-to-deploy" + +[[exemptions.http-body]] +version = "0.4.6" +criteria = "safe-to-deploy" + +[[exemptions.http-body]] +version = "1.0.0" +criteria = "safe-to-deploy" + +[[exemptions.http-body-util]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.httparse]] +version = "1.8.0" +criteria = "safe-to-deploy" + +[[exemptions.human_bytes]] +version = "0.4.3" +criteria = "safe-to-deploy" + +[[exemptions.humantime]] +version = "2.1.0" +criteria = "safe-to-deploy" + +[[exemptions.humantime-serde]] +version = "1.1.1" +criteria = "safe-to-deploy" + +[[exemptions.hyper]] +version = "0.14.28" +criteria = "safe-to-deploy" + +[[exemptions.hyper]] +version = "1.3.1" +criteria = "safe-to-deploy" + +[[exemptions.hyper-rustls]] +version = "0.24.2" +criteria = "safe-to-deploy" + +[[exemptions.hyper-timeout]] +version = "0.4.1" +criteria = "safe-to-deploy" + +[[exemptions.hyper-util]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.iana-time-zone]] +version = "0.1.60" +criteria = "safe-to-deploy" + +[[exemptions.iana-time-zone-haiku]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.ident_case]] +version = "1.0.1" +criteria = "safe-to-deploy" + +[[exemptions.idna]] +version = "0.5.0" +criteria = "safe-to-deploy" + +[[exemptions.impl-codec]] +version = "0.6.0" +criteria = "safe-to-deploy" + +[[exemptions.impl-trait-for-tuples]] +version = "0.2.2" +criteria = "safe-to-deploy" + +[[exemptions.incrementalmerkletree]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.indenter]] +version = "0.3.3" +criteria = "safe-to-deploy" + +[[exemptions.indexmap]] +version = "1.9.3" +criteria = "safe-to-deploy" + +[[exemptions.indexmap]] +version = "2.2.6" +criteria = "safe-to-deploy" + +[[exemptions.indicatif]] +version = "0.17.8" +criteria = "safe-to-deploy" + +[[exemptions.inferno]] +version = "0.11.19" +criteria = "safe-to-deploy" + +[[exemptions.insta]] +version = "1.39.0" +criteria = "safe-to-deploy" + +[[exemptions.instant]] +version = "0.1.12" +criteria = "safe-to-deploy" + +[[exemptions.ipnet]] +version = "2.9.0" +criteria = "safe-to-deploy" + +[[exemptions.is-terminal]] +version = "0.4.12" +criteria = "safe-to-deploy" + +[[exemptions.is_terminal_polyfill]] +version = "1.70.0" +criteria = "safe-to-deploy" + +[[exemptions.itertools]] +version = "0.10.5" +criteria = "safe-to-deploy" + +[[exemptions.itertools]] +version = "0.13.0" +criteria = "safe-to-deploy" + +[[exemptions.jobserver]] +version = "0.1.31" +criteria = "safe-to-deploy" + +[[exemptions.js-sys]] +version = "0.3.69" +criteria = "safe-to-deploy" + +[[exemptions.jsonrpc]] +version = "0.18.0" +criteria = "safe-to-deploy" + +[[exemptions.jsonrpc-core]] +version = "18.0.0" +criteria = "safe-to-deploy" + +[[exemptions.jsonrpc-derive]] +version = "18.0.0" +criteria = "safe-to-deploy" + +[[exemptions.jsonrpc-http-server]] +version = "18.0.0" +criteria = "safe-to-deploy" + +[[exemptions.jsonrpc-server-utils]] +version = "18.0.0" +criteria = "safe-to-deploy" + +[[exemptions.jubjub]] +version = "0.10.0" +criteria = "safe-to-deploy" + +[[exemptions.lazycell]] +version = "1.3.0" +criteria = "safe-to-deploy" + +[[exemptions.libc]] +version = "0.2.154" +criteria = "safe-to-deploy" + +[[exemptions.libgit2-sys]] +version = "0.16.2+1.7.2" +criteria = "safe-to-deploy" + +[[exemptions.libloading]] +version = "0.8.3" +criteria = "safe-to-deploy" + +[[exemptions.libm]] +version = "0.2.8" +criteria = "safe-to-deploy" + +[[exemptions.libredox]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.librocksdb-sys]] +version = "0.16.0+8.10.0" +criteria = "safe-to-deploy" + +[[exemptions.libz-sys]] +version = "1.1.16" +criteria = "safe-to-deploy" + +[[exemptions.linux-raw-sys]] +version = "0.4.13" +criteria = "safe-to-deploy" + +[[exemptions.lock_api]] +version = "0.4.12" +criteria = "safe-to-deploy" + +[[exemptions.lz4-sys]] +version = "1.9.4" +criteria = "safe-to-deploy" + +[[exemptions.matchers]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.matchit]] +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.memchr]] +version = "2.7.2" +criteria = "safe-to-deploy" + +[[exemptions.memuse]] +version = "0.2.1" +criteria = "safe-to-deploy" + +[[exemptions.metrics]] +version = "0.22.3" +criteria = "safe-to-deploy" + +[[exemptions.metrics-exporter-prometheus]] +version = "0.14.0" +criteria = "safe-to-deploy" + +[[exemptions.metrics-util]] +version = "0.16.3" +criteria = "safe-to-deploy" + +[[exemptions.mime]] +version = "0.3.17" +criteria = "safe-to-deploy" + +[[exemptions.minimal-lexical]] +version = "0.2.1" +criteria = "safe-to-deploy" + +[[exemptions.miniz_oxide]] +version = "0.7.2" +criteria = "safe-to-deploy" + +[[exemptions.mio]] +version = "0.8.11" +criteria = "safe-to-deploy" + +[[exemptions.mset]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.multimap]] +version = "0.10.0" +criteria = "safe-to-deploy" + +[[exemptions.nanorand]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.net2]] +version = "0.2.39" +criteria = "safe-to-deploy" + +[[exemptions.nonempty]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.nu-ansi-term]] +version = "0.46.0" +criteria = "safe-to-deploy" + +[[exemptions.num-bigint]] +version = "0.4.4" +criteria = "safe-to-deploy" + +[[exemptions.num-format]] +version = "0.4.4" +criteria = "safe-to-deploy" + +[[exemptions.num-integer]] +version = "0.1.46" +criteria = "safe-to-deploy" + +[[exemptions.num-traits]] +version = "0.2.18" +criteria = "safe-to-deploy" + +[[exemptions.num_cpus]] +version = "1.16.0" +criteria = "safe-to-deploy" + +[[exemptions.num_threads]] +version = "0.1.7" +criteria = "safe-to-deploy" + +[[exemptions.object]] +version = "0.32.2" +criteria = "safe-to-deploy" + +[[exemptions.once_cell]] +version = "1.19.0" +criteria = "safe-to-deploy" + +[[exemptions.oorandom]] +version = "11.1.3" +criteria = "safe-to-run" + +[[exemptions.opaque-debug]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.option-ext]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.orchard]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.ordered-map]] +version = "0.4.2" +criteria = "safe-to-deploy" + +[[exemptions.os_info]] +version = "3.8.2" +criteria = "safe-to-deploy" + +[[exemptions.overload]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.owo-colors]] +version = "3.5.0" +criteria = "safe-to-deploy" + +[[exemptions.owo-colors]] +version = "4.0.0" +criteria = "safe-to-deploy" + +[[exemptions.pairing]] +version = "0.23.0" +criteria = "safe-to-deploy" + +[[exemptions.parity-scale-codec]] +version = "3.6.9" +criteria = "safe-to-deploy" + +[[exemptions.parity-scale-codec-derive]] +version = "3.6.9" +criteria = "safe-to-deploy" + +[[exemptions.parking_lot]] +version = "0.11.2" +criteria = "safe-to-deploy" + +[[exemptions.parking_lot]] +version = "0.12.2" +criteria = "safe-to-deploy" + +[[exemptions.parking_lot_core]] +version = "0.8.6" +criteria = "safe-to-deploy" + +[[exemptions.parking_lot_core]] +version = "0.9.10" +criteria = "safe-to-deploy" + +[[exemptions.password-hash]] +version = "0.3.2" +criteria = "safe-to-deploy" + +[[exemptions.pasta_curves]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.pbkdf2]] +version = "0.10.1" +criteria = "safe-to-deploy" + +[[exemptions.percent-encoding]] +version = "2.3.1" +criteria = "safe-to-deploy" + +[[exemptions.pest]] +version = "2.7.10" +criteria = "safe-to-deploy" + +[[exemptions.pest_derive]] +version = "2.7.10" +criteria = "safe-to-deploy" + +[[exemptions.pest_generator]] +version = "2.7.10" +criteria = "safe-to-deploy" + +[[exemptions.pest_meta]] +version = "2.7.10" +criteria = "safe-to-deploy" + +[[exemptions.petgraph]] +version = "0.6.4" +criteria = "safe-to-deploy" + +[[exemptions.pin-project]] +version = "1.1.5" +criteria = "safe-to-deploy" + +[[exemptions.pin-project-internal]] +version = "1.1.5" +criteria = "safe-to-deploy" + +[[exemptions.pin-utils]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.pkcs8]] +version = "0.10.2" +criteria = "safe-to-deploy" + +[[exemptions.pkg-config]] +version = "0.3.30" +criteria = "safe-to-deploy" + +[[exemptions.plotters]] +version = "0.3.5" +criteria = "safe-to-run" + +[[exemptions.plotters-backend]] +version = "0.3.5" +criteria = "safe-to-run" + +[[exemptions.plotters-svg]] +version = "0.3.5" +criteria = "safe-to-run" + +[[exemptions.poly1305]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.portable-atomic]] +version = "1.6.0" +criteria = "safe-to-deploy" + +[[exemptions.ppv-lite86]] +version = "0.2.17" +criteria = "safe-to-deploy" + +[[exemptions.prettyplease]] +version = "0.2.19" +criteria = "safe-to-deploy" + +[[exemptions.primitive-types]] +version = "0.12.2" +criteria = "safe-to-deploy" + +[[exemptions.proc-macro-crate]] +version = "0.1.5" +criteria = "safe-to-deploy" + +[[exemptions.proc-macro-crate]] +version = "2.0.0" +criteria = "safe-to-deploy" + +[[exemptions.proc-macro-error]] +version = "1.0.4" +criteria = "safe-to-deploy" + +[[exemptions.proptest]] +version = "1.4.0" +criteria = "safe-to-deploy" + +[[exemptions.proptest-derive]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.prost]] +version = "0.12.6" +criteria = "safe-to-deploy" + +[[exemptions.prost-build]] +version = "0.12.4" +criteria = "safe-to-deploy" + +[[exemptions.prost-derive]] +version = "0.12.6" +criteria = "safe-to-deploy" + +[[exemptions.prost-types]] +version = "0.12.4" +criteria = "safe-to-deploy" + +[[exemptions.quanta]] +version = "0.12.3" +criteria = "safe-to-deploy" + +[[exemptions.quick-error]] +version = "1.2.3" +criteria = "safe-to-deploy" + +[[exemptions.quick-xml]] +version = "0.26.0" +criteria = "safe-to-deploy" + +[[exemptions.quickcheck]] +version = "0.9.2" +criteria = "safe-to-deploy" + +[[exemptions.quickcheck_macros]] +version = "0.9.1" +criteria = "safe-to-deploy" + +[[exemptions.radium]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.rand]] +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.rand]] +version = "0.8.5" +criteria = "safe-to-deploy" + +[[exemptions.rand_chacha]] +version = "0.2.2" +criteria = "safe-to-deploy" + +[[exemptions.rand_chacha]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.rand_core]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.rand_core]] +version = "0.6.4" +criteria = "safe-to-deploy" + +[[exemptions.rand_hc]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.raw-cpuid]] +version = "11.0.2" +criteria = "safe-to-deploy" + +[[exemptions.rayon]] +version = "1.10.0" +criteria = "safe-to-deploy" + +[[exemptions.rayon-core]] +version = "1.12.1" +criteria = "safe-to-deploy" + +[[exemptions.reddsa]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.redox_syscall]] +version = "0.2.16" +criteria = "safe-to-deploy" + +[[exemptions.redox_syscall]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.redox_users]] +version = "0.4.5" +criteria = "safe-to-deploy" + +[[exemptions.regex]] +version = "1.10.4" +criteria = "safe-to-deploy" + +[[exemptions.regex-automata]] +version = "0.1.10" +criteria = "safe-to-deploy" + +[[exemptions.regex-automata]] +version = "0.4.6" +criteria = "safe-to-deploy" + +[[exemptions.regex-syntax]] +version = "0.6.29" +criteria = "safe-to-deploy" + +[[exemptions.regex-syntax]] +version = "0.8.3" +criteria = "safe-to-deploy" + +[[exemptions.reqwest]] +version = "0.11.27" +criteria = "safe-to-deploy" + +[[exemptions.rgb]] +version = "0.8.37" +criteria = "safe-to-deploy" + +[[exemptions.ring]] +version = "0.16.20" +criteria = "safe-to-deploy" + +[[exemptions.ring]] +version = "0.17.8" +criteria = "safe-to-deploy" + +[[exemptions.ripemd]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.rlimit]] +version = "0.10.1" +criteria = "safe-to-deploy" + +[[exemptions.rocksdb]] +version = "0.22.0" +criteria = "safe-to-deploy" + +[[exemptions.ron]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.rustc-demangle]] +version = "0.1.23" +criteria = "safe-to-deploy" + +[[exemptions.rustc-hex]] +version = "2.1.0" +criteria = "safe-to-deploy" + +[[exemptions.rustc_version]] +version = "0.2.3" +criteria = "safe-to-deploy" + +[[exemptions.rustix]] +version = "0.38.34" +criteria = "safe-to-deploy" + +[[exemptions.rustls]] +version = "0.21.12" +criteria = "safe-to-deploy" + +[[exemptions.rustls-pemfile]] +version = "1.0.4" +criteria = "safe-to-deploy" + +[[exemptions.rustls-webpki]] +version = "0.101.7" +criteria = "safe-to-deploy" + +[[exemptions.rusty-fork]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.ryu]] +version = "1.0.17" +criteria = "safe-to-deploy" + +[[exemptions.sapling-crypto]] +version = "0.1.3" +criteria = "safe-to-deploy" + +[[exemptions.scopeguard]] +version = "1.2.0" +criteria = "safe-to-deploy" + +[[exemptions.sct]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.secp256k1]] +version = "0.26.0" +criteria = "safe-to-deploy" + +[[exemptions.secp256k1-sys]] +version = "0.8.1" +criteria = "safe-to-deploy" + +[[exemptions.secrecy]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.semver]] +version = "0.9.0" +criteria = "safe-to-deploy" + +[[exemptions.semver]] +version = "1.0.23" +criteria = "safe-to-deploy" + +[[exemptions.semver-parser]] +version = "0.7.0" +criteria = "safe-to-deploy" + +[[exemptions.sentry]] +version = "0.32.2" +criteria = "safe-to-deploy" + +[[exemptions.sentry-backtrace]] +version = "0.32.3" +criteria = "safe-to-deploy" + +[[exemptions.sentry-contexts]] +version = "0.32.3" +criteria = "safe-to-deploy" + +[[exemptions.sentry-core]] +version = "0.32.3" +criteria = "safe-to-deploy" + +[[exemptions.sentry-tracing]] +version = "0.32.3" +criteria = "safe-to-deploy" + +[[exemptions.sentry-types]] +version = "0.32.3" +criteria = "safe-to-deploy" + +[[exemptions.serde-big-array]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.serde_json]] +version = "1.0.117" +criteria = "safe-to-deploy" + +[[exemptions.serde_spanned]] +version = "0.6.6" +criteria = "safe-to-deploy" + +[[exemptions.serde_urlencoded]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.serde_with]] +version = "1.14.0" +criteria = "safe-to-deploy" + +[[exemptions.serde_with]] +version = "3.8.1" +criteria = "safe-to-deploy" + +[[exemptions.serde_with_macros]] +version = "1.5.2" +criteria = "safe-to-deploy" + +[[exemptions.serde_with_macros]] +version = "3.8.1" +criteria = "safe-to-deploy" + +[[exemptions.serde_yaml]] +version = "0.9.34+deprecated" +criteria = "safe-to-deploy" + +[[exemptions.sha2]] +version = "0.10.8" +criteria = "safe-to-deploy" + +[[exemptions.sharded-slab]] +version = "0.1.7" +criteria = "safe-to-deploy" + +[[exemptions.shardtree]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.shlex]] +version = "1.3.0" +criteria = "safe-to-deploy" + +[[exemptions.signal-hook-registry]] +version = "1.4.2" +criteria = "safe-to-deploy" + +[[exemptions.similar]] +version = "2.5.0" +criteria = "safe-to-deploy" + +[[exemptions.sketches-ddsketch]] +version = "0.2.2" +criteria = "safe-to-deploy" + +[[exemptions.slab]] +version = "0.4.9" +criteria = "safe-to-deploy" + +[[exemptions.smallvec]] +version = "1.13.2" +criteria = "safe-to-deploy" + +[[exemptions.socket2]] +version = "0.5.7" +criteria = "safe-to-deploy" + +[[exemptions.spandoc]] +version = "0.2.2" +criteria = "safe-to-deploy" + +[[exemptions.spandoc-attribute]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.spin]] +version = "0.5.2" +criteria = "safe-to-deploy" + +[[exemptions.spin]] +version = "0.9.8" +criteria = "safe-to-deploy" + +[[exemptions.spki]] +version = "0.7.3" +criteria = "safe-to-deploy" + +[[exemptions.str_stack]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.strsim]] +version = "0.8.0" +criteria = "safe-to-deploy" + +[[exemptions.strsim]] +version = "0.11.1" +criteria = "safe-to-deploy" + +[[exemptions.structopt]] +version = "0.3.26" +criteria = "safe-to-deploy" + +[[exemptions.structopt-derive]] +version = "0.4.18" +criteria = "safe-to-deploy" + +[[exemptions.subtle]] +version = "2.4.1" +criteria = "safe-to-deploy" + +[[exemptions.syn]] +version = "1.0.109" +criteria = "safe-to-deploy" + +[[exemptions.syn]] +version = "2.0.66" +criteria = "safe-to-deploy" + +[[exemptions.sync_wrapper]] +version = "0.1.2" +criteria = "safe-to-deploy" + +[[exemptions.system-configuration]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.system-configuration-sys]] +version = "0.5.0" +criteria = "safe-to-deploy" + +[[exemptions.tap]] +version = "1.0.1" +criteria = "safe-to-deploy" + +[[exemptions.tempfile]] +version = "3.10.1" +criteria = "safe-to-deploy" + +[[exemptions.termcolor]] +version = "1.4.1" +criteria = "safe-to-deploy" + +[[exemptions.textwrap]] +version = "0.11.0" +criteria = "safe-to-deploy" + +[[exemptions.thiserror]] +version = "1.0.61" +criteria = "safe-to-deploy" + +[[exemptions.thiserror-impl]] +version = "1.0.61" +criteria = "safe-to-deploy" + +[[exemptions.thread-priority]] +version = "1.1.0" +criteria = "safe-to-deploy" + +[[exemptions.thread_local]] +version = "1.1.8" +criteria = "safe-to-deploy" + +[[exemptions.time]] +version = "0.3.36" +criteria = "safe-to-deploy" + +[[exemptions.tokio]] +version = "1.37.0" +criteria = "safe-to-deploy" + +[[exemptions.tokio-io-timeout]] +version = "1.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tokio-macros]] +version = "2.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tokio-rustls]] +version = "0.24.1" +criteria = "safe-to-deploy" + +[[exemptions.tokio-test]] +version = "0.4.4" +criteria = "safe-to-run" + +[[exemptions.tokio-util]] +version = "0.6.10" +criteria = "safe-to-deploy" + +[[exemptions.tokio-util]] +version = "0.7.11" +criteria = "safe-to-deploy" + +[[exemptions.toml]] +version = "0.5.11" +criteria = "safe-to-deploy" + +[[exemptions.toml]] +version = "0.8.13" +criteria = "safe-to-deploy" + +[[exemptions.toml_datetime]] +version = "0.6.6" +criteria = "safe-to-deploy" + +[[exemptions.toml_edit]] +version = "0.20.7" +criteria = "safe-to-deploy" + +[[exemptions.toml_edit]] +version = "0.22.13" +criteria = "safe-to-deploy" + +[[exemptions.tonic]] +version = "0.10.2" +criteria = "safe-to-deploy" + +[[exemptions.tonic-build]] +version = "0.10.2" +criteria = "safe-to-deploy" + +[[exemptions.tonic-reflection]] +version = "0.11.0" +criteria = "safe-to-deploy" + +[[exemptions.tower]] +version = "0.4.13" +criteria = "safe-to-deploy" + +[[exemptions.tower-batch-control]] +version = "0.2.41-beta.13" +criteria = "safe-to-deploy" + +[[exemptions.tower-fallback]] +version = "0.2.41-beta.13" +criteria = "safe-to-deploy" + +[[exemptions.tower-layer]] +version = "0.3.2" +criteria = "safe-to-deploy" + +[[exemptions.tower-service]] +version = "0.3.2" +criteria = "safe-to-deploy" + +[[exemptions.tower-test]] +version = "0.4.0" +criteria = "safe-to-run" + +[[exemptions.tracing]] +version = "0.1.40" +criteria = "safe-to-deploy" + +[[exemptions.tracing-appender]] +version = "0.2.3" +criteria = "safe-to-deploy" + +[[exemptions.tracing-attributes]] +version = "0.1.27" +criteria = "safe-to-deploy" + +[[exemptions.tracing-core]] +version = "0.1.32" +criteria = "safe-to-deploy" + +[[exemptions.tracing-error]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing-flame]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing-futures]] +version = "0.2.5" +criteria = "safe-to-deploy" + +[[exemptions.tracing-journald]] +version = "0.3.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing-log]] +version = "0.1.4" +criteria = "safe-to-deploy" + +[[exemptions.tracing-log]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.tracing-subscriber]] +version = "0.3.18" +criteria = "safe-to-deploy" + +[[exemptions.tracing-test]] +version = "0.2.4" +criteria = "safe-to-run" + +[[exemptions.tracing-test-macro]] +version = "0.2.4" +criteria = "safe-to-run" + +[[exemptions.try-lock]] +version = "0.2.5" +criteria = "safe-to-deploy" + +[[exemptions.typenum]] +version = "1.17.0" +criteria = "safe-to-deploy" + +[[exemptions.ucd-trie]] +version = "0.1.6" +criteria = "safe-to-deploy" + +[[exemptions.uint]] +version = "0.9.5" +criteria = "safe-to-deploy" + +[[exemptions.uname]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.unarray]] +version = "0.1.4" +criteria = "safe-to-deploy" + +[[exemptions.unicase]] +version = "2.7.0" +criteria = "safe-to-deploy" + +[[exemptions.unicode-bidi]] +version = "0.3.15" +criteria = "safe-to-deploy" + +[[exemptions.universal-hash]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.unsafe-libyaml]] +version = "0.2.11" +criteria = "safe-to-deploy" + +[[exemptions.untrusted]] +version = "0.7.1" +criteria = "safe-to-deploy" + +[[exemptions.untrusted]] +version = "0.9.0" +criteria = "safe-to-deploy" + +[[exemptions.ureq]] +version = "2.9.1" +criteria = "safe-to-deploy" + +[[exemptions.uuid]] +version = "1.8.0" +criteria = "safe-to-deploy" + +[[exemptions.valuable]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.vcpkg]] +version = "0.2.15" +criteria = "safe-to-deploy" + +[[exemptions.vec_map]] +version = "0.8.2" +criteria = "safe-to-deploy" + +[[exemptions.vergen]] +version = "8.3.1" +criteria = "safe-to-deploy" + +[[exemptions.wait-timeout]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.walkdir]] +version = "2.5.0" +criteria = "safe-to-run" + +[[exemptions.want]] +version = "0.3.1" +criteria = "safe-to-deploy" + +[[exemptions.wasi]] +version = "0.9.0+wasi-snapshot-preview1" +criteria = "safe-to-deploy" + +[[exemptions.wasi]] +version = "0.11.0+wasi-snapshot-preview1" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen]] +version = "0.2.92" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen-backend]] +version = "0.2.92" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen-futures]] +version = "0.4.42" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen-macro]] +version = "0.2.92" +criteria = "safe-to-deploy" + +[[exemptions.wasm-bindgen-shared]] +version = "0.2.92" +criteria = "safe-to-deploy" + +[[exemptions.web-sys]] +version = "0.3.69" +criteria = "safe-to-deploy" + +[[exemptions.webpki-roots]] +version = "0.25.4" +criteria = "safe-to-deploy" + +[[exemptions.which]] +version = "4.4.2" +criteria = "safe-to-deploy" + +[[exemptions.winapi]] +version = "0.3.9" +criteria = "safe-to-deploy" + +[[exemptions.winapi-i686-pc-windows-gnu]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.winapi-util]] +version = "0.1.8" +criteria = "safe-to-deploy" + +[[exemptions.winapi-x86_64-pc-windows-gnu]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.windows]] +version = "0.52.0" +criteria = "safe-to-deploy" + +[[exemptions.windows-core]] +version = "0.52.0" +criteria = "safe-to-deploy" + +[[exemptions.windows-sys]] +version = "0.48.0" +criteria = "safe-to-deploy" + +[[exemptions.windows-sys]] +version = "0.52.0" +criteria = "safe-to-deploy" + +[[exemptions.windows-targets]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows-targets]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_aarch64_gnullvm]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_aarch64_gnullvm]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_aarch64_msvc]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_aarch64_msvc]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_i686_gnu]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_i686_gnu]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_i686_gnullvm]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_i686_msvc]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_i686_msvc]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_gnu]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_gnu]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_gnullvm]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_gnullvm]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_msvc]] +version = "0.48.5" +criteria = "safe-to-deploy" + +[[exemptions.windows_x86_64_msvc]] +version = "0.52.5" +criteria = "safe-to-deploy" + +[[exemptions.winnow]] +version = "0.5.40" +criteria = "safe-to-deploy" + +[[exemptions.winnow]] +version = "0.6.7" +criteria = "safe-to-deploy" + +[[exemptions.winreg]] +version = "0.50.0" +criteria = "safe-to-deploy" + +[[exemptions.wyz]] +version = "0.5.1" +criteria = "safe-to-deploy" + +[[exemptions.x25519-dalek]] +version = "2.0.1" +criteria = "safe-to-deploy" + +[[exemptions.xdg]] +version = "2.5.2" +criteria = "safe-to-deploy" + +[[exemptions.zcash_address]] +version = "0.3.2" +criteria = "safe-to-deploy" + +[[exemptions.zcash_client_backend]] +version = "0.12.1" +criteria = "safe-to-deploy" + +[[exemptions.zcash_encoding]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_history]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_keys]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_note_encryption]] +version = "0.4.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_primitives]] +version = "0.15.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_proofs]] +version = "0.15.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_protocol]] +version = "0.1.1" +criteria = "safe-to-deploy" + +[[exemptions.zcash_script]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.zcash_spec]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.zebra-chain]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-consensus]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-grpc]] +version = "0.1.0-alpha.4" +criteria = "safe-to-deploy" + +[[exemptions.zebra-network]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-node-services]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-rpc]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-scan]] +version = "0.1.0-alpha.6" +criteria = "safe-to-deploy" + +[[exemptions.zebra-script]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-state]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-test]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebra-utils]] +version = "1.0.0-beta.37" +criteria = "safe-to-deploy" + +[[exemptions.zebrad]] +version = "1.7.0" +criteria = "safe-to-deploy" + +[[exemptions.zeroize]] +version = "1.7.0" +criteria = "safe-to-deploy" + +[[exemptions.zeroize_derive]] +version = "1.4.2" +criteria = "safe-to-deploy" + +[[exemptions.zip32]] +version = "0.1.1" +criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock new file mode 100644 index 00000000000..72680a30464 --- /dev/null +++ b/supply-chain/imports.lock @@ -0,0 +1,1174 @@ + +# cargo-vet imports lock + +[[publisher.cexpr]] +version = "0.6.0" +when = "2021-10-11" +user-id = 3788 +user-login = "emilio" +user-name = "Emilio Cobos Álvarez" + +[[publisher.core-foundation]] +version = "0.9.3" +when = "2022-02-07" +user-id = 5946 +user-login = "jrmuizel" +user-name = "Jeff Muizelaar" + +[[publisher.encoding_rs]] +version = "0.8.34" +when = "2024-04-10" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" + +[[publisher.unicode-normalization]] +version = "0.1.23" +when = "2024-02-20" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.unicode-segmentation]] +version = "1.11.0" +when = "2024-02-07" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.unicode-width]] +version = "0.1.12" +when = "2024-04-26" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[audits.google.audits.async-stream]] +who = "Tyler Mandry " +criteria = "safe-to-deploy" +version = "0.3.4" +notes = "Reviewed on https://fxrev.dev/761470" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.3.4 -> 0.3.5" +notes = "Reviewed on https://fxrev.dev/906795" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream-impl]] +who = "Tyler Mandry " +criteria = "safe-to-deploy" +version = "0.3.4" +notes = "Reviewed on https://fxrev.dev/761470" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.async-stream-impl]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.3.4 -> 0.3.5" +notes = "Reviewed on https://fxrev.dev/906795" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for reasonable, client-controlled usage of +`std::fs` in `AutoCfg::with_dir`. + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 1.2.0" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and nothing changed from the baseline audit of 1.1.0. Skimmed through the +1.1.0 => 1.2.0 delta and everything seemed okay. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.base64]] +who = "Adam Langley " +criteria = "safe-to-deploy" +version = "0.13.1" +notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.14.3" +notes = "Additional review notes may be found in https://crrev.com/c/5362675." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.14.3 -> 1.15.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.cast]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.3.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.cfg-if]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.equivalent]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.fastrand]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.9.0" +notes = """ +`does-not-implement-crypto` is certified because this crate explicitly says +that the RNG here is not cryptographically secure. +""" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.glob]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.3.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.httpdate]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.itoa]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +notes = """ +Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: + +* Bumping up the version +* A touch up of comments +* And my own PR to make `unsafe` blocks more granular: + https://github.com/dtolnay/itoa/pull/42 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are two places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5347418. + +This crate has been added to Chromium in https://crrev.com/c/3321895. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.nom]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "7.1.3" +notes = """ +Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.number_prefix]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.4.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.2.9" +notes = "Reviewed on https://fxrev.dev/824504" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.13" +notes = "Audited at https://fxrev.dev/946396" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro-error-attr]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.4" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.78" +notes = """ +Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for a benign \"fs\" hit in a doc comment) + +Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.78 -> 1.0.79" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.79 -> 1.0.80" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.80 -> 1.0.81" +notes = "Comment changes only" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.81 -> 1.0.82" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.82 -> 1.0.83" +notes = "Substantive change is replacing String with Box, saving memory." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.0.84" +notes = "Only doc comment changes in `src/lib.rs`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.35" +notes = """ +Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for benign \"net\" hit in tests and \"fs\" hit in README.md) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.35 -> 1.0.36" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rustversion]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.14" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for: + +* Using trivially-safe `unsafe` in test code: + + ``` + tests/test_const.rs:unsafe fn _unsafe() {} + tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; + ``` + +* Using `unsafe` in a string: + + ``` + src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe, + ``` + +* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` + which is later read back via `include!` used in `src/lib.rs`. + +Version `1.0.6` of this crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.rustversion]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.14 -> 1.0.15" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.same-file]] +who = "Android Legacy" +criteria = "safe-to-run" +version = "1.0.6" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +There were some hits for `net`, but they were related to serialization and +not actually opening any connections or anything like that. + +There were 2 hits of `unsafe` when grepping: +* In `fn as_str` in `impl Buf` +* In `fn serialize` in `impl Serialize for net::Ipv4Addr` + +Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this +review also covered `serde_json_lenient`). + +Version 1.0.130 of the crate has been added to Chromium in +https://crrev.com/c/3265545. The CL description contains a link to a +(Google-internal, sorry) document with a mini security review. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.198" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.198 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.201 -> 1.0.202" +notes = "Trivial changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.201 -> 1.0.202" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.static_assertions]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` +and there were no hits except for one `unsafe`. + +The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code +never runs) and is only introduced for some compile-time checks. Additional +unsafe review comments can be found in https://crrev.com/c/5353376. + +This crate has been added to Chromium in https://crrev.com/c/3736562. The CL +description contains a link to a document with an additional security review. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.strsim]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "0.10.0" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.tinyvec]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.6.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for some \"unsafe\" appearing in comments: + +``` +src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on +src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the +src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this +src/lib.rs://! crate* introduces no new `unsafe` code into your project. +src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code +``` + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tinyvec_macros]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.1.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.tokio-stream]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.1.11" +notes = "Reviewed on https://fxrev.dev/804724" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tokio-stream]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.1.11 -> 0.1.14" +notes = "Reviewed on https://fxrev.dev/907732." +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.unicode-ident]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.12" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +All two functions from the public API of this crate use `unsafe` to avoid bound +checks for an array access. Cross-module analysis shows that the offsets can +be statically proven to be within array bounds. More details can be found in +the unsafe review CL at https://crrev.com/c/5350386. + +This crate has been added to Chromium in https://crrev.com/c/3891618. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.unicode-xid]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.2.4" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.utf8parse]] +who = "David Koloski " +criteria = "safe-to-deploy" +version = "0.2.1" +notes = "Reviewed on https://fxrev.dev/904811" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.version_check]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.9.4" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.void]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "1.0.2" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.mozilla.wildcard-audits.cexpr]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +user-id = 3788 # Emilio Cobos Álvarez (emilio) +start = "2021-06-21" +end = "2024-04-21" +notes = "No unsafe code, rather straight-forward parser." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.core-foundation]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +user-id = 5946 # Jeff Muizelaar (jrmuizel) +start = "2019-03-29" +end = "2023-05-04" +renew = false +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.encoding_rs]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2019-02-26" +end = "2024-08-28" +notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.unicode-normalization]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-11-06" +end = "2024-05-03" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.unicode-segmentation]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-05-15" +end = "2024-05-03" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.unicode-width]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-12-05" +end = "2024-05-03" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.1.2" +notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.1.2 -> 0.1.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +version = "0.59.2" +notes = "I'm the primary author and maintainer of the crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +delta = "0.59.2 -> 0.63.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.63.0 -> 0.64.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.64.0 -> 0.66.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.66.1 -> 0.68.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Andreas Pehrson " +criteria = "safe-to-deploy" +delta = "0.68.1 -> 0.69.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.69.1 -> 0.69.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bindgen]] +who = "Emilio Cobos Álvarez " +criteria = "safe-to-deploy" +delta = "0.69.2 -> 0.69.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.5.2" +notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.5.2 -> 0.5.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.6.3" +notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.core-foundation]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.debugid]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +version = "0.8.0" +notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.deranged]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.3.11" +notes = """ +This crate contains a decent bit of `unsafe` code, however all internal +unsafety is verified with copious assertions (many are compile-time), and +otherwise the unsafety is documented and left to the caller to verify. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.document-features]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +version = "0.2.8" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.either]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +version = "1.6.1" +notes = """ +Straightforward crate providing the Either enum and trait implementations with +no unsafe code. +""" +aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.either]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.6.1 -> 1.7.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.either]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.7.0 -> 1.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.either]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.8.0 -> 1.8.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.fastrand]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 2.0.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.fnv]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +version = "1.0.7" +notes = "Simple hasher implementation with no unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.2.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.hashbrown]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +version = "0.12.3" +notes = "This version is used in rust's libstd, so effectively we're already trusting it" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.hex]] +who = "Simon Friedberger " +criteria = "safe-to-deploy" +version = "0.4.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.linked-hash-map]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.5.4" +notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.linked-hash-map]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.5.4 -> 0.5.6" +notes = "New unsafe code has debug assertions and meets invariants. All other changes are formatting-related." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.litrs]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +version = "0.4.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +version = "0.4.17" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.4.17 -> 0.4.18" +notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.log]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +delta = "0.4.18 -> 0.4.20" +notes = "Only cfg attribute and internal macro changes and module refactorings" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.num-conv]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = """ +Very straightforward, simple crate. No dependencies, unsafe, extern, +side-effectful std functions, etc. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.powerfmt]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.2.0" +notes = """ +A tiny bit of unsafe code to implement functionality that isn't in stable rust +yet, but it's all valid. Otherwise it's a pretty simple crate. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.rustc-hash]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = "Straightforward crate with no unsafe code, does what it says on the tin." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +version = "0.12.6" +notes = """ +I am the primary author of the `synstructure` crate, and its current +maintainer. The one use of `unsafe` is unnecessary, but documented and +harmless. It will be removed in the next version. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +version = "0.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-core]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.1.1 -> 0.1.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +version = "0.2.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Kershaw Chang " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.10" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.time-macros]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.2.10 -> 0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "2.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.4.0 -> 2.4.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.4.1 -> 2.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerocopy]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.7.32" +notes = """ +This crate is `no_std` so doesn't use any side-effectful std functions. It +contains quite a lot of `unsafe` code, however. I verified portions of this. It +also has a large, thorough test suite. The project claims to run tests with +Miri to have stronger soundness checks, and also claims to use formal +verification tools to prove correctness. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerocopy-derive]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.7.32" +notes = "Clean, safe macros for zerocopy." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.zcash.audits.either]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.8.1 -> 1.9.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.either]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 1.11.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.0.0 -> 2.0.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.0.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +notes = """ +As noted in the changelog, this version produces different output for a given seed. +The documentation did not mention stability. It is possible that some uses relying on +determinism across the update would be broken. + +The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked): +https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145 +I have no way to check whether these constants are an improvement or not. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.inout]] +who = "Daira Hopwood " +criteria = "safe-to-deploy" +version = "0.1.3" +notes = "Reviewed in full." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.known-folders]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +version = "1.0.1" +notes = """ +Uses `unsafe` blocks to interact with `windows-sys` crate. +- `SHGetKnownFolderPath` safety requirements are met. +- `CoTaskMemFree` has no effect if passed `NULL`, so there is no issue if some + future refactor created a pathway where `ffi::Guard` could be dropped before + `SHGetKnownFolderPath` is called. +- Small nit: `ffi::Guard::as_pwstr` takes `&self` but returns `PWSTR` which is + the mutable type; it should instead return `PCWSTR` which is the const type + (and what `lstrlenW` takes) instead of implicitly const-casting the pointer, + as this would better reflect the intent to take an immutable reference. +- The slice constructed from the `PWSTR` correctly goes out of scope before + `guard` is dropped. +- A code comment says that `path_ptr` is valid for `len` bytes, but `PCWSTR` is + a `*const u16` and `lstrlenW` returns its length \"in characters\" (which the + Windows documentation confirms means the number of `WCHAR` values). This is + likely a typo; the code checks that `len * size_of::() <= isize::MAX`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.known-folders]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.1 -> 1.1.0" +notes = "Addresses the notes from my previous review :)" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.log]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.20 -> 0.4.21" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.maybe-rayon]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.1.1" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.pin-project-lite]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.13 -> 0.2.14" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.rand_xorshift]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.3.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.redjubjub]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = """ +This crate is a thin wrapper around the `reddsa` crate, which I did not review. I also +did not review tests or verify test vectors. + +The comment on `batch::Verifier::verify` has an error in the batch verification equation, +filed as https://github.com/ZcashFoundation/redjubjub/issues/163 . It does not affect the +implementation which just delegates to `reddsa`. `reddsa` has the same comment bug filed as +https://github.com/ZcashFoundation/reddsa/issues/52 , but its batch verification implementation +is correct. (I checked the latter against https://zips.z.cash/protocol/protocol.pdf#reddsabatchvalidate +which has had previous cryptographic review by NCC group; see finding NCC-Zcash2018-009 in +https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Zcash2018_Public_Report_2019-01-30_v1.3.pdf ). +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.rustc_version]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +version = "0.4.0" +notes = """ +Most of the crate is code to parse and validate the output of `rustc -vV`. The caller can +choose which `rustc` to use, or can use `rustc_version::{version, version_meta}` which will +try `$RUSTC` followed by `rustc`. + +If an adversary can arbitrarily set the `$RUSTC` environment variable then this crate will +execute arbitrary code. But when this crate is used within a build script, `$RUSTC` should +be set correctly by `cargo`. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.signature]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +version = "2.1.0" +notes = """ +This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations. +I did not review whether implementing these APIs would present any undocumented cryptographic hazards. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.signature]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tinyvec_macros]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +notes = "Adds `#![forbid(unsafe_code)]` and license files." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tokio-stream]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.1.14 -> 0.1.15" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.tonic]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.11.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.tonic-build]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.11.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-1]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-2]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-3]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-4]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-5]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wagyu-zcash-parameters-6]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.2.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wasm-bindgen-macro-support]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[audits.zcashd.audits]