supply-chain/audits.toml - toolchain/cargo-vet - Git at Google


 # cargo-vet audits file

 [[audits.backtrace]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 delta = "0.3.66 -> 0.3.65"
 notes = "Only changes were to the miri backend, which will be checked"

 [[audits.base64-stream]]
 who = "Alex Franchuk <[email protected]>"
 criteria = "safe-to-deploy"
 version = "1.2.7"
 notes = """
 The crate is fairly straightforward. There are a few unsafe blocks to elide
 bounds-checking when copying data, but I have manually verified that the unsafe
 blocks will always have lengths within bounds of source and destination
 pointers. Some `debug_assert!`s document and check these invariants as well
 (though there could be more).
 """

 [[audits.cargo_metadata]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 delta = "0.14.2 -> 0.15.2"

 [[audits.doc-comment]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "0.3.3"
 notes = """
 Trivial macro crate implementing a trick for expanding macros within doc
 comments on older versions of rustc.
 """

 [[audits.either]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "1.6.1"
 notes = """
 Straightforward crate providing the Either enum and trait implementations with
 no unsafe code.
 """

 [[audits.home]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "0.5.3"
 notes = """
 Crate with straightforward code for determining the user's HOME directory. Only
 unsafe code is used to invoke the Windows SHGetFolderPathW API to get the
 profile directory when the USERPROFILE environment variable is unavailable.
 """

 [[audits.is_ci]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "1.1.1"
 notes = "Trivial crate which checks the environment for specific environment variables"

 [[audits.lazy_static]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "1.4.0"
 notes = "I have read over the macros, and audited the unsafe code."

 [[audits.similar]]
 who = "Nika Layzell <[email protected]>"
 criteria = "safe-to-deploy"
 version = "2.2.0"
 notes = """
 Algorithm crate implemented entirely in safe rust. Does no platform-specific
 logic, only implementing diffing and string manipulation algorithms.
 """

	# cargo-vet audits file

	[[audits.backtrace]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	delta = "0.3.66 -> 0.3.65"
	notes = "Only changes were to the miri backend, which will be checked"

	[[audits.base64-stream]]
	who = "Alex Franchuk <[email protected]>"
	criteria = "safe-to-deploy"
	version = "1.2.7"
	notes = """
	The crate is fairly straightforward. There are a few unsafe blocks to elide
	bounds-checking when copying data, but I have manually verified that the unsafe
	blocks will always have lengths within bounds of source and destination
	pointers. Some `debug_assert!`s document and check these invariants as well
	(though there could be more).
	"""

	[[audits.cargo_metadata]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	delta = "0.14.2 -> 0.15.2"

	[[audits.doc-comment]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "0.3.3"
	notes = """
	Trivial macro crate implementing a trick for expanding macros within doc
	comments on older versions of rustc.
	"""

	[[audits.either]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "1.6.1"
	notes = """
	Straightforward crate providing the Either enum and trait implementations with
	no unsafe code.
	"""

	[[audits.home]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "0.5.3"
	notes = """
	Crate with straightforward code for determining the user's HOME directory. Only
	unsafe code is used to invoke the Windows SHGetFolderPathW API to get the
	profile directory when the USERPROFILE environment variable is unavailable.
	"""

	[[audits.is_ci]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "1.1.1"
	notes = "Trivial crate which checks the environment for specific environment variables"

	[[audits.lazy_static]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "1.4.0"
	notes = "I have read over the macros, and audited the unsafe code."

	[[audits.similar]]
	who = "Nika Layzell <[email protected]>"
	criteria = "safe-to-deploy"
	version = "2.2.0"
	notes = """
	Algorithm crate implemented entirely in safe rust. Does no platform-specific
	logic, only implementing diffing and string manipulation algorithms.
	"""