Google Git
Sign in
android / toolchain / cargo-vet / HEAD / . / supply-chain / imports.lock
blob: 218c85939e73f807b9bc67331aa51bc88179104e [file] [log] [blame]
# cargo-vet imports lock
[[publisher.bumpalo]]
version = "3.10.0"
when = "2022-06-01"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
[[publisher.unicode-width]]
version = "0.1.9"
when = "2021-09-16"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[audits.bytecodealliance.wildcard-audits.bumpalo]]
who = "Nick Fitzgerald <[email protected]>"
criteria = "safe-to-deploy"
user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2024-03-10"
[[audits.bytecodealliance.audits.atty]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.2.14"
notes = """
Contains only unsafe code for what this crate's purpose is and only accesses
the environment's terminal information when asked. Does its stated purpose and
no more.
"""
[[audits.bytecodealliance.audits.backtrace]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.66"
notes = "I am the author of this crate."
[[audits.bytecodealliance.audits.cargo-platform]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "no build, no ambient capabilities, no unsafe"
[[audits.bytecodealliance.audits.cc]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.73"
notes = "I am the author of this crate."
[[audits.bytecodealliance.audits.cfg-if]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
[[audits.bytecodealliance.audits.errno]]
who = "Dan Gohman <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
[[audits.bytecodealliance.audits.errno]]
who = "Dan Gohman <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
notes = "Just a dependency version bump and a bug fix for redox"
[[audits.bytecodealliance.audits.errno-dragonfly]]
who = "Jamey Sharp <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is."
[[audits.bytecodealliance.audits.heck]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
[[audits.bytecodealliance.audits.httpdate]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "No unsafety, no io"
[[audits.bytecodealliance.audits.idna]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = """
This is a crate without unsafe code or usage of the standard library. The large
size of this crate comes from the large generated unicode tables file. This
crate is broadly used throughout the ecosystem and does not contain anything
suspicious.
"""
[[audits.bytecodealliance.audits.is-terminal]]
who = "Dan Gohman <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.7"
notes = """
The is-terminal implementation code is now sync'd up with the prototype
implementation in the Rust standard library.
"""
[[audits.bytecodealliance.audits.pin-utils]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecodealliance.audits.pkg-config]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
[[audits.bytecodealliance.audits.quote]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.0.23 -> 1.0.27"
[[audits.bytecodealliance.audits.rustc-demangle]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.21"
notes = "I am the author of this crate."
[[audits.bytecodealliance.audits.sct]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.7.0"
notes = "no unsafe, no build, no ambient capabilities"
[[audits.bytecodealliance.audits.slab]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.6"
notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."
[[audits.bytecodealliance.audits.tinyvec]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "1.6.0"
notes = """
This crate, while it implements collections, does so without `std::*` APIs and
without `unsafe`. Skimming the crate everything looks reasonable and what one
would expect from idiomatic safe collections in Rust.
"""
[[audits.bytecodealliance.audits.unicode-bidi]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.8"
notes = """
This crate has no unsafe code and does not use `std::*`. Skimming the crate it
does not attempt to out of the bounds of what it's already supposed to be doing.
"""
[[audits.bytecodealliance.audits.unicode-normalization]]
who = "Alex Crichton <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.19"
notes = """
This crate contains one usage of `unsafe` which I have manually checked to see
it as correct. This crate's size comes in large part due to the generated
unicode tables that it contains. This crate is additionally widely used
throughout the ecosystem and skimming the crate shows no usage of `std::*` APIs
and nothing suspicious.
"""
[[audits.bytecodealliance.audits.vcpkg]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "no build.rs, no macros, no unsafe. It reads the filesystem and makes copies of DLLs into OUT_DIR."
[[audits.bytecodealliance.audits.want]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.bytecodealliance.audits.wasm-bindgen-shared]]
who = "Pat Hickey <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.2.83 -> 0.2.80"
[[audits.embark.audits.epaint]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
violation = "<0.20.0"
notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321"
[[audits.embark.audits.thiserror]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Wrapper over implementation crate, found no unsafe or ambient capabilities used"
[[audits.embark.audits.thiserror-impl]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Found no unsafe or ambient capabilities used"
[[audits.embark.audits.tinyvec_macros]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Inspected it and is a tiny crate with single safe macro"
[[audits.embark.audits.valuable]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "No unsafe usage or ambient capabilities, sane build script"
[[audits.embark.audits.yaml-rust]]
who = "Johan Andersson <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.5"
notes = "No unsafe usage or ambient capabilities"
[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.version_check]]
who = "George Burgess IV <[email protected]>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
[[audits.isrg.audits.untrusted]]
who = "David Cook <[email protected]>"
criteria = "safe-to-deploy"
version = "0.7.1"
[[audits.isrg.audits.wasm-bindgen-shared]]
who = "David Cook <[email protected]>"
criteria = "safe-to-deploy"
version = "0.2.83"
[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <[email protected]>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.autocfg]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.cargo_metadata]]
who = "Jan-Erik Rediger <[email protected]>"
criteria = "safe-to-deploy"
version = "0.15.2"
notes = "I reviewed the whole code base. Parser for the output of cargo-metadata, relying mostly on serde. No unsafe code used."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.encoding_rs]]
who = "Henri Sivonen <[email protected]>"
criteria = "safe-to-deploy"
version = "0.8.31"
notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.hex]]
who = "Simon Friedberger <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.idna]]
who = "Bobby Holley <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.2.3"
notes = "Backwards diff with some algorithm changes, no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.linked-hash-map]]
who = "Aria Beingessner <[email protected]>"
criteria = "safe-to-deploy"
version = "0.5.4"
notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.log]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.17"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.matches]]
who = "Bobby Holley <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.9"
notes = "This is a trivial crate."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.num-bigint]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.3"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.num-integer]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.45"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.num-traits]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <[email protected]>"
criteria = "safe-to-deploy"
version = "1.0.18"
notes = """
`quote` is a utility crate used by proc-macros to generate TokenStreams
conveniently from source code. The bulk of the logic is some complex
interlocking `macro_rules!` macros which are used to parse and build the
`TokenStream` within the proc-macro.
This crate contains no unsafe code, and the internal logic, while difficult to
read, is generally straightforward. I have audited the the quote macros, ident
formatter, and runtime logic.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.0.27 -> 1.0.28"
notes = "Enabled on wasm targets"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.rustc-hash]]
who = "Bobby Holley <[email protected]>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.typenum]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.15.0 -> 1.16.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"