@@ -626,6 +626,12 @@ criteria = "safe-to-deploy"
626626version = "1.1.0"
627627notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."
628628
629+ [[audits.bytecode-alliance.audits.smallvec]]
630+ who = "Alex Crichton <alex@alexcrichton.com>"
631+ criteria = "safe-to-deploy"
632+ delta = "1.13.2 -> 1.14.0"
633+ notes = "Minor new feature, nothing out of the ordinary."
634+
629635[[audits.bytecode-alliance.audits.tempfile]]
630636who = "Pat Hickey <phickey@fastly.com>"
631637criteria = "safe-to-deploy"
@@ -1020,6 +1026,19 @@ criteria = "safe-to-run"
10201026version = "0.27.3"
10211027aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
10221028
1029+ [[audits.google.audits.glob]]
1030+ who = "George Burgess IV <gbiv@google.com>"
1031+ criteria = "safe-to-deploy"
1032+ version = "0.3.1"
1033+ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
1034+
1035+ [[audits.google.audits.glob]]
1036+ who = "Dustin J. Mitchell <djmitche@chromium.org>"
1037+ criteria = "safe-to-deploy"
1038+ delta = "0.3.1 -> 0.3.2"
1039+ notes = "Still no unsafe"
1040+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1041+
10231042[[audits.google.audits.iana-time-zone]]
10241043who = "Manish Goregaokar <manishearth@google.com>"
10251044criteria = "safe-to-deploy"
@@ -1364,6 +1383,74 @@ version = "0.8.5"
13641383notes = "Contains no unsafe"
13651384aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
13661385
1386+ [[audits.google.audits.rustversion]]
1387+ who = "Lukasz Anforowicz <lukasza@chromium.org>"
1388+ criteria = "safe-to-deploy"
1389+ version = "1.0.14"
1390+ notes = """
1391+ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
1392+ and there were no hits except for:
1393+
1394+ * Using trivially-safe `unsafe` in test code:
1395+
1396+ ```
1397+ tests/test_const.rs:unsafe fn _unsafe() {}
1398+ tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
1399+ ```
1400+
1401+ * Using `unsafe` in a string:
1402+
1403+ ```
1404+ src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe,
1405+ ```
1406+
1407+ * Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
1408+ which is later read back via `include!` used in `src/lib.rs`.
1409+
1410+ Version `1.0.6` of this crate has been added to Chromium in
1411+ https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
1412+ """
1413+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1414+
1415+ [[audits.google.audits.rustversion]]
1416+ who = "Adrian Taylor <adetaylor@chromium.org>"
1417+ criteria = "safe-to-deploy"
1418+ delta = "1.0.14 -> 1.0.15"
1419+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1420+
1421+ [[audits.google.audits.rustversion]]
1422+ who = "danakj <danakj@chromium.org>"
1423+ criteria = "safe-to-deploy"
1424+ delta = "1.0.15 -> 1.0.16"
1425+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1426+
1427+ [[audits.google.audits.rustversion]]
1428+ who = "Dustin J. Mitchell <djmitche@chromium.org>"
1429+ criteria = "safe-to-deploy"
1430+ delta = "1.0.16 -> 1.0.17"
1431+ notes = "Just updates windows compat"
1432+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1433+
1434+ [[audits.google.audits.rustversion]]
1435+ who = "Liza Burakova <liza@chromium.org>"
1436+ criteria = "safe-to-deploy"
1437+ delta = "1.0.17 -> 1.0.18"
1438+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1439+
1440+ [[audits.google.audits.rustversion]]
1441+ who = "Dustin J. Mitchell <djmitche@chromium.org>"
1442+ criteria = "safe-to-deploy"
1443+ delta = "1.0.18 -> 1.0.19"
1444+ notes = "No unsafe, just doc changes"
1445+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1446+
1447+ [[audits.google.audits.rustversion]]
1448+ who = "Daniel Cheng <dcheng@chromium.org>"
1449+ criteria = "safe-to-deploy"
1450+ delta = "1.0.19 -> 1.0.20"
1451+ notes = "Only minor updates to documentation and the mock today used for testing."
1452+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1453+
13671454[[audits.google.audits.rusty-fork]]
13681455who = "George Burgess IV <gbiv@google.com>"
13691456criteria = "safe-to-run"
@@ -1689,6 +1776,12 @@ version = "0.10.5"
16891776notes = "Reviewed on https://fxrev.dev/712371."
16901777aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
16911778
1779+ [[audits.google.audits.smallvec]]
1780+ who = "Manish Goregaokar <manishearth@google.com>"
1781+ criteria = "safe-to-deploy"
1782+ version = "1.13.2"
1783+ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
1784+
16921785[[audits.google.audits.stable_deref_trait]]
16931786who = "George Burgess IV <gbiv@google.com>"
16941787criteria = "safe-to-run"
@@ -2581,6 +2674,12 @@ criteria = "safe-to-deploy"
25812674delta = "2.2.1 -> 2.7.0"
25822675aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
25832676
2677+ [[audits.mozilla.audits.smallvec]]
2678+ who = "Erich Gubler <erichdongubler@gmail.com>"
2679+ criteria = "safe-to-deploy"
2680+ delta = "1.14.0 -> 1.15.1"
2681+ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
2682+
25842683[[audits.mozilla.audits.strsim]]
25852684who = "Ben Dean-Kawamura <bdk@mozilla.com>"
25862685criteria = "safe-to-deploy"
@@ -2930,6 +3029,16 @@ criteria = "safe-to-deploy"
29303029delta = "0.7.9 -> 0.7.10"
29313030aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
29323031
3032+ [[audits.zcash.audits.dunce]]
3033+ who = "Jack Grigg <jack@electriccoin.co>"
3034+ criteria = "safe-to-deploy"
3035+ version = "1.0.5"
3036+ notes = """
3037+ Does what it says on the tin. No `unsafe`, and the only IO is `std::fs::canonicalize`.
3038+ Path and string handling looks plausibly correct.
3039+ """
3040+ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
3041+
29333042[[audits.zcash.audits.errno]]
29343043who = "Jack Grigg <jack@electriccoin.co>"
29353044criteria = "safe-to-deploy"
@@ -2968,6 +3077,12 @@ delta = "0.2.15 -> 0.2.16"
29683077notes = "New support for Cygwin looks correct to me."
29693078aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
29703079
3080+ [[audits.zcash.audits.glob]]
3081+ who = "Jack Grigg <jack@electriccoin.co>"
3082+ criteria = "safe-to-deploy"
3083+ delta = "0.3.2 -> 0.3.3"
3084+ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
3085+
29713086[[audits.zcash.audits.half]]
29723087who = "Daira-Emma Hopwood <daira@jacaranda.org>"
29733088criteria = "safe-to-run"
@@ -3173,6 +3288,20 @@ delta = "0.4.0 -> 0.4.1"
31733288notes = "Changes to `Command` usage are to add support for `RUSTC_WRAPPER`."
31743289aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
31753290
3291+ [[audits.zcash.audits.rustversion]]
3292+ who = "Jack Grigg <jack@electriccoin.co>"
3293+ criteria = "safe-to-deploy"
3294+ delta = "1.0.20 -> 1.0.21"
3295+ notes = "Build script change is to fix building with `-Zfmt-debug=none`."
3296+ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
3297+
3298+ [[audits.zcash.audits.rustversion]]
3299+ who = "Jack Grigg <jack@electriccoin.co>"
3300+ criteria = "safe-to-deploy"
3301+ delta = "1.0.21 -> 1.0.22"
3302+ notes = "Changes to generated code are to prepend a clippy annotation."
3303+ aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
3304+
31763305[[audits.zcash.audits.ryu]]
31773306who = "Jack Grigg <jack@electriccoin.co>"
31783307criteria = "safe-to-deploy"
0 commit comments