diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index d29c6383e6bb..90eca844e2cf 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -2591,6 +2591,12 @@ criteria = "safe-to-deploy" version = "0.2.11" notes = "build is only looking for environment variables to set cfg. only two minor uses of unsafe,on macos, with ffi bindings to digest primitives and libc atexit. otherwise, this is an abstraction over three very complex systems (schannel, security-framework, and openssl) which may end up having subtle differences, but none of those are apparent from the implementation of this crate" +[[audits.native-tls]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.14" +notes = "Minor changes, mostly around updating some dependencies, directives, etc." + [[audits.nu-ansi-term]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -4627,6 +4633,12 @@ user-id = 189 # Andrew Gallant (BurntSushi) start = "2019-07-07" end = "2024-07-15" +[[trusted.openssl-probe]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2020-08-04" +end = "2026-06-18" + [[trusted.parking_lot]] criteria = "safe-to-deploy" user-id = 2915 # Amanieu d'Antras (Amanieu) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index d8c953b74784..86416b88dae7 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -374,6 +374,14 @@ criteria = "safe-to-deploy" version = "1.12.0" criteria = "safe-to-deploy" +[[exemptions.openssl]] +version = "0.10.73" +criteria = "safe-to-deploy" + +[[exemptions.openssl-sys]] +version = "0.9.109" +criteria = "safe-to-deploy" + [[exemptions.openvino-finder]] version = "0.4.1" criteria = "safe-to-deploy" @@ -454,6 +462,18 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" +[[exemptions.schannel]] +version = "0.1.27" +criteria = "safe-to-deploy" + +[[exemptions.security-framework]] +version = "2.11.1" +criteria = "safe-to-deploy" + +[[exemptions.security-framework-sys]] +version = "2.14.0" +criteria = "safe-to-deploy" + [[exemptions.shuffling-allocator]] version = "1.1.2" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 8aaebd697d97..2f28cf618de1 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -618,6 +618,13 @@ user-id = 6743 user-login = "epage" user-name = "Ed Page" +[[publisher.core-foundation]] +version = "0.9.3" +when = "2022-02-07" +user-id = 5946 +user-login = "jrmuizel" +user-name = "Jeff Muizelaar" + [[publisher.core-foundation-sys]] version = "0.8.4" when = "2023-04-03" @@ -927,6 +934,13 @@ user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" +[[publisher.openssl-probe]] +version = "0.1.6" +when = "2025-01-23" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + [[publisher.prettyplease]] version = "0.2.31" when = "2025-03-13" @@ -1710,6 +1724,12 @@ criteria = "safe-to-run" delta = "0.6.0 -> 0.6.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.openssl-macros]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.1.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" @@ -1866,6 +1886,16 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.10.2" +[[audits.mozilla.wildcard-audits.core-foundation]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +user-id = 5946 # Jeff Muizelaar (jrmuizel) +start = "2019-03-29" +end = "2023-05-04" +renew = false +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -2008,6 +2038,13 @@ criteria = "safe-to-deploy" delta = "1.2.11 -> 1.2.12" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.core-foundation]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" +notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy"