diff --git a/Cargo.lock b/Cargo.lock index 77e85463e..4328a63f8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -185,6 +185,17 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "either" version = "1.10.0" @@ -465,14 +476,143 @@ dependencies = [ "tracing", ] +[[package]] +name = "icu_collections" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locid" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_locid_transform" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_locid_transform_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_locid_transform_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" + +[[package]] +name = "icu_normalizer" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "utf16_iter", + "utf8_iter", + "write16", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" + +[[package]] +name = "icu_properties" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_locid_transform", + "icu_properties_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" + +[[package]] +name = "icu_provider" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_provider_macros", + "stable_deref_trait", + "tinystr", + "writeable", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_provider_macros" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "idna" -version = "0.5.0" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" +checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e" dependencies = [ - "unicode-bidi", - "unicode-normalization", + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71" +dependencies = [ + "icu_normalizer", + "icu_properties", ] [[package]] @@ -549,6 +689,12 @@ version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +[[package]] +name = "litemap" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104" + [[package]] name = "log" version = "0.4.20" @@ -993,6 +1139,12 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "stable_deref_trait" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" + [[package]] name = "syn" version = "2.0.58" @@ -1010,6 +1162,17 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" +[[package]] +name = "synstructure" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "system-configuration" version = "0.5.1" @@ -1044,20 +1207,15 @@ dependencies = [ ] [[package]] -name = "tinyvec" -version = "1.6.0" +name = "tinystr" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" dependencies = [ - "tinyvec_macros", + "displaydoc", + "zerovec", ] -[[package]] -name = "tinyvec_macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" - [[package]] name = "tokio" version = "1.36.0" @@ -1163,38 +1321,35 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" -[[package]] -name = "unicode-bidi" -version = "0.3.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" - [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "unicode-normalization" -version = "0.1.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" -dependencies = [ - "tinyvec", -] - [[package]] name = "url" -version = "2.5.0" +version = "2.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" dependencies = [ "form_urlencoded", "idna", "percent-encoding", ] +[[package]] +name = "utf16_iter" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + [[package]] name = "vcpkg" version = "0.2.15" @@ -1458,3 +1613,82 @@ dependencies = [ "cfg-if", "windows-sys 0.48.0", ] + +[[package]] +name = "write16" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" + +[[package]] +name = "writeable" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" + +[[package]] +name = "yoke" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" +dependencies = [ + "serde", + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerofrom" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerovec" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 522ee77bd..ea0644733 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -33,6 +33,11 @@ who = "Kunal Mehta " criteria = "safe-to-run" version = "2.5.0" +[[audits.litemap]] +who = "Cory Francis Myers " +criteria = "safe-to-run" +delta = "0.7.3 -> 0.7.4" + [[audits.mime]] who = "Kunal Mehta " criteria = "safe-to-run" @@ -126,6 +131,12 @@ start = "2023-01-15" end = "2024-11-17" notes = "Rust Project member" +[[trusted.displaydoc]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2024-06-20" +end = "2025-12-10" + [[trusted.flate2]] criteria = "safe-to-deploy" user-id = 980 # Sebastian Thiel (Byron) @@ -259,6 +270,12 @@ start = "2022-01-15" end = "2024-11-17" notes = "see https://github.com/freedomofpress/securedrop-engineering/pull/87" +[[trusted.icu_properties]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2022-01-31" +end = "2025-12-10" + [[trusted.indexmap]] criteria = "safe-to-deploy" user-id = 539 # Josh Stone (cuviper) @@ -287,6 +304,12 @@ start = "2021-06-12" end = "2024-08-12" notes = "Rust Project member" +[[trusted.litemap]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-02-23" +end = "2025-12-10" + [[trusted.mio]] criteria = "safe-to-deploy" user-id = 10 # Carl Lerche (carllerche) @@ -433,3 +456,27 @@ user-id = 1 # Alex Crichton (alexcrichton) start = "2019-03-04" end = "2024-08-12" notes = "Rust Project member" + +[[trusted.yoke]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-05-01" +end = "2025-12-10" + +[[trusted.yoke-derive]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2021-07-02" +end = "2025-12-10" + +[[trusted.zerofrom]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2022-04-06" +end = "2025-12-10" + +[[trusted.zerofrom-derive]] +criteria = "safe-to-run" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2022-04-06" +end = "2025-12-10" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b24e58faa..b4cf54a80 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -15,6 +15,13 @@ user-id = 3788 user-login = "emilio" user-name = "Emilio Cobos Álvarez" +[[publisher.displaydoc]] +version = "0.2.5" +when = "2024-06-20" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.encoding_rs]] version = "0.8.33" when = "2023-08-23" @@ -127,6 +134,13 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" +[[publisher.icu_properties]] +version = "1.5.1" +when = "2024-06-24" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.indexmap]] version = "2.2.3" when = "2024-02-11" @@ -260,6 +274,13 @@ user-id = 6741 user-login = "Darksonn" user-name = "Alice Ryhl" +[[publisher.utf8_iter]] +version = "1.0.4" +when = "2023-12-01" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" + [[publisher.wasm-bindgen-futures]] version = "0.4.41" when = "2024-02-06" @@ -267,6 +288,34 @@ user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" +[[publisher.yoke]] +version = "0.7.5" +when = "2024-11-23" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.yoke-derive]] +version = "0.7.5" +when = "2024-11-23" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.zerofrom]] +version = "0.1.5" +when = "2024-11-23" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.zerofrom-derive]] +version = "0.1.5" +when = "2024-11-23" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[audits.bytecode-alliance.audits.addr2line]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -900,6 +949,12 @@ delta = "0.4.4 -> 0.5.5" notes = "Reviewed at https://fxrev.dev/946307" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.stable_deref_trait]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "1.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.syn]] who = "Ying Hsu " criteria = "safe-to-run" @@ -1018,6 +1073,15 @@ end = "2025-10-23" notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.wildcard-audits.utf8_iter]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2022-04-19" +end = "2024-06-16" +notes = "Maintained by Henri Sivonen who works at Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.anyhow]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1080,12 +1144,178 @@ criteria = "safe-to-deploy" delta = "1.2.0 -> 1.2.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.icu_collections]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "This crate is used by ICU4X for internal data structure. There is no fileaccess and network access. This uses unsafe block, but we confirm data is valid before." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_collections]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_collections]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "This has unsafe block to handle ascii string in utf-8 string. I've vetted the one instance of unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid_transform]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid_transform]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid_transform_data]] +who = "Jonathan Kew " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = "Compile-time static for the icu_locid_transform crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_locid_transform_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +version = "1.5.0" +notes = "I, Henri Sivonen, am the principal author of this crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_normalizer_data]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +version = "1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties_data]] +who = "Jonathan Kew " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = "Compile-time static data for the icu_properties crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_properties_data]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "Although this has unsafe block, this has a commnet why this is safety and I audited code. Also, this doesn't have file access and network access." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider_macros]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "This crate is macros for ICU4X's data provider implementer. This has no unsafe code and uses no ambient capabilities." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider_macros]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.4.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.icu_provider_macros]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.idna]] who = "Valentin Gosu " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.idna]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +delta = "0.5.0 -> 1.0.2" +notes = "In the 0.5.0 to 1.0.2 delta, I, Henri Sivonen, rewrote the non-Punycode internals of the crate and made the changes to the Punycode code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "1.0.2 -> 1.0.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.idna_adapter]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.litemap]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = "This crete has no unsafe code, no file acceess and no network access." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.litemap]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.7.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.litemap]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.7.2 -> 0.7.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.percent-encoding]] who = "Valentin Gosu " criteria = "safe-to-deploy" @@ -1098,6 +1328,29 @@ criteria = "safe-to-deploy" delta = "0.4.7 -> 0.4.8" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.synstructure]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +version = "0.12.6" +notes = """ +I am the primary author of the `synstructure` crate, and its current +maintainer. The one use of `unsafe` is unnecessary, but documented and +harmless. It will be removed in the next version. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.12.6 -> 0.13.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.13.0 -> 0.13.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.tempfile]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" @@ -1116,6 +1369,31 @@ criteria = "safe-to-deploy" delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tinystr]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = "One of original auther was Zibi Braniecki who worked at Mozilla and maintained by ICU4X developers (Google and Mozilla). I've vetted the one instance of unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.tinystr]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.7.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.tinystr]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.7.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.tinystr]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.7.4 -> 0.7.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.tracing]] who = "Mike Hommey " criteria = "safe-to-run" @@ -1178,6 +1456,94 @@ criteria = "safe-to-deploy" delta = "2.4.1 -> 2.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.url]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.5.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.url]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "2.5.1 -> 2.5.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.utf16_iter]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +version = "1.0.5" +notes = "I, Henri Sivonen, wrote this crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.write16]] +who = "Henri Sivonen " +criteria = "safe-to-deploy" +version = "1.0.0" +notes = "I, Henri Sivonen, wrote this (safe-code-only) crate." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.writeable]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.5.2" +notes = "writeable is a variation of fmt::Write with sink version. This uses `unsafe` block to handle potentially-invalid UTF-8 character. I've vetted the one instance of unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.writeable]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.5.2 -> 0.5.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.writeable]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.5.4 -> 0.5.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.9.4" +notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.10.1 -> 0.10.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.10.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.10.1 -> 0.10.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec-derive]] +who = "Max Inden " +criteria = "safe-to-deploy" +delta = "0.10.2 -> 0.10.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.securedrop.audits.cc]] who = "Cory Francis Myers " criteria = "safe-to-run"