-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
115 additions
and
72 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -86,6 +86,11 @@ who = "Sebastian Wiesner <[email protected]>" | |
| criteria = "safe-to-run" | ||
| delta = "1.0.214 -> 1.0.215" | ||
|
|
||
| [[audits.serde_json]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.137 -> 1.0.138" | ||
|
|
||
| [[audits.socket2]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-run" | ||
|
|
@@ -103,6 +108,11 @@ criteria = "safe-to-deploy" | |
| delta = "7.0.2 -> 7.0.3" | ||
| notes = "The diff just updates a dependency version, and does not involve a code change." | ||
|
|
||
| [[audits.unicode-ident]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.15 -> 1.0.16" | ||
|
|
||
| [[trusted.aho-corasick]] | ||
| criteria = "safe-to-run" | ||
| user-id = 189 # Andrew Gallant (BurntSushi) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -155,8 +155,8 @@ user-login = "Amanieu" | |
| user-name = "Amanieu d'Antras" | ||
|
|
||
| [[publisher.indexmap]] | ||
| version = "2.7.0" | ||
| when = "2024-12-01" | ||
| version = "2.7.1" | ||
| when = "2025-01-20" | ||
| user-id = 539 | ||
| user-login = "cuviper" | ||
| user-name = "Josh Stone" | ||
|
|
@@ -211,8 +211,8 @@ user-login = "sdroege" | |
| user-name = "Sebastian Dröge" | ||
|
|
||
| [[publisher.ryu]] | ||
| version = "1.0.18" | ||
| when = "2024-05-07" | ||
| version = "1.0.19" | ||
| when = "2025-01-28" | ||
| user-id = 3618 | ||
| user-login = "dtolnay" | ||
| user-name = "David Tolnay" | ||
|
|
@@ -253,8 +253,8 @@ user-login = "mbrubeck" | |
| user-name = "Matt Brubeck" | ||
|
|
||
| [[publisher.syn]] | ||
| version = "2.0.93" | ||
| when = "2024-12-28" | ||
| version = "2.0.96" | ||
| when = "2025-01-10" | ||
| user-id = 3618 | ||
| user-login = "dtolnay" | ||
| user-name = "David Tolnay" | ||
|
|
@@ -344,8 +344,8 @@ user-login = "kennykerr" | |
| user-name = "Kenny Kerr" | ||
|
|
||
| [[publisher.winnow]] | ||
| version = "0.6.22" | ||
| when = "2025-01-03" | ||
| version = "0.6.25" | ||
| when = "2025-01-27" | ||
| user-id = 6743 | ||
| user-login = "epage" | ||
| user-name = "Ed Page" | ||
|
|
@@ -373,6 +373,12 @@ criteria = "safe-to-deploy" | |
| delta = "0.8.0 -> 0.9.0" | ||
| notes = "No major changes in the crate, mostly updates to use new nightly Rust features." | ||
|
|
||
| [[audits.bytecode-alliance.audits.pin-project-lite]] | ||
| who = "Alex Crichton <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.2.13 -> 0.2.14" | ||
| notes = "No substantive changes in this update" | ||
|
|
||
| [[audits.embark-studios.wildcard-audits.cfg-expr]] | ||
| who = "Jake Shadle <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -394,33 +400,16 @@ delta = "0.1.1 -> 0.2.0" | |
| aggregated-from = "https://gitlab.gnome.org/GNOME/loupe/-/raw/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.google.audits.bitflags]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "2.4.2" | ||
| notes = """ | ||
| Audit notes: | ||
|
|
||
| * I've checked for any discussion in Google-internal cl/546819168 (where audit | ||
| of version 2.3.3 happened) | ||
| * `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` | ||
| * There are 2 cases of `unsafe` in `src/external.rs` but they seem to be | ||
| correct in a straightforward way - they just propagate the marker trait's | ||
| impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type | ||
| * Additional discussion and/or notes may be found in https://crrev.com/c/5238056 | ||
| """ | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.bitflags]] | ||
| who = "Adrian Taylor <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "2.4.2 -> 2.5.0" | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
| who = "Justin Green <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "2.6.0" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.bitflags]] | ||
| who = "Adrian Taylor <adetaylor@chromium.org>" | ||
| who = "Lukasz Anforowicz <lukasza@chromium.org>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "2.5.0 -> 2.6.0" | ||
| notes = "The changes from the previous version are negligible and thus it retains the same properties." | ||
| delta = "2.6.0 -> 2.8.0" | ||
| notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.crossbeam-utils]] | ||
|
|
@@ -582,6 +571,13 @@ describe in the review doc. | |
| """ | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.log]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.4.22 -> 0.4.25" | ||
| notes = "No impact on `unsafe` usage in `lib.rs`." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.memoffset]] | ||
| who = "George Burgess IV <[email protected]>" | ||
| criteria = "safe-to-run" | ||
|
|
@@ -595,11 +591,10 @@ delta = "0.6.5 -> 0.7.1" | |
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.pin-project-lite]] | ||
| who = "David Koloski <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| who = "ChromeOS" | ||
| criteria = "safe-to-run" | ||
| version = "0.2.9" | ||
| notes = "Reviewed on https://fxrev.dev/824504" | ||
| aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" | ||
| aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.pin-project-lite]] | ||
| who = "David Koloski <[email protected]>" | ||
|
|
@@ -643,6 +638,25 @@ Some config related changes in wrapper.rs. | |
| """ | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.proc-macro2]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.89 -> 1.0.92" | ||
| notes = """ | ||
| I looked at the delta and the previous discussion at | ||
| https://chromium-review.googlesource.com/c/chromium/src/+/5385745/3#message-a8e2813129fa3779dab15acede408ee26d67b7f3 | ||
| and the changes look okay to me (including the `unsafe fn from_str_unchecked` | ||
| changes in `wrapper.rs`). | ||
| """ | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.proc-macro2]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.92 -> 1.0.93" | ||
| notes = "No `unsafe`-related changes." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.quote]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -723,6 +737,13 @@ delta = "1.0.23 -> 1.0.24" | |
| notes = "Minor, `ptr_eq`-related changes." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.semver]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.0.24 -> 1.0.25" | ||
| notes = "No changes in `.rs` files except `doc` attribute changes in `lib.rs`." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.serde_json]] | ||
| who = "[email protected]" | ||
| criteria = "safe-to-run" | ||
|
|
@@ -825,6 +846,12 @@ criteria = "safe-to-run" | |
| delta = "1.0.133 -> 1.0.134" | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.serde_json]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.0.134 -> 1.0.137" | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.toml]] | ||
| who = "George Burgess IV <[email protected]>" | ||
| criteria = "safe-to-run" | ||
|
|
@@ -866,6 +893,20 @@ delta = "1.0.12 -> 1.0.13" | |
| notes = "Lots of table updates, and tables are assumed correct with unsafe `.get_unchecked()`, so ub-risk-2 is appropriate" | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.unicode-ident]] | ||
| who = "Lukasz Anforowicz <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.13 -> 1.0.14" | ||
| notes = "Minimal delta in `.rs` files: new test assertions + doc changes." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.google.audits.unicode-ident]] | ||
| who = "Adrian Taylor <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "1.0.14 -> 1.0.15" | ||
| notes = "No changes relevant to any of these criteria." | ||
| aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" | ||
|
|
||
| [[audits.mozilla.audits.crossbeam-utils]] | ||
| who = "Jan-Erik Rediger <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -879,26 +920,14 @@ delta = "0.8.19 -> 0.8.20" | |
| notes = "Minor changes." | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.mozilla.audits.pin-project-lite]] | ||
| who = "Mike Hommey <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.2.13 -> 0.2.14" | ||
| aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" | ||
|
|
||
| [[audits.swsnr.audits.cfg-expr]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.17.0 -> 0.17.2" | ||
| aggregated-from = "https://raw.githubusercontent.com/swsnr/gnome-search-providers-vscode/refs/heads/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.swsnr.audits.proc-macro2]] | ||
| [[audits.swsnr.audits.pin-project-lite]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.0.89 -> 1.0.92" | ||
| aggregated-from = "https://raw.githubusercontent.com/swsnr/gnome-search-providers-vscode/refs/heads/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.swsnr.audits.unicode-ident]] | ||
| who = "Sebastian Wiesner <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.0.13 -> 1.0.14" | ||
| delta = "0.2.15 -> 0.2.16" | ||
| aggregated-from = "https://raw.githubusercontent.com/swsnr/gnome-search-providers-vscode/refs/heads/main/supply-chain/audits.toml" | ||