# cargo-vet imports lock [[publisher.filetime]] version = "0.2.27" when = "2026-01-18" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.hashbrown]] version = "0.16.1" when = "2025-11-20" user-id = 55123 user-login = "rust-lang-owner" [[publisher.indexmap]] version = "2.13.1" when = "2026-04-02" user-id = 539 user-login = "cuviper" user-name = "Josh Stone" [[publisher.jobserver]] version = "0.1.34" when = "2025-08-23" user-id = 55123 user-login = "rust-lang-owner" [[publisher.libc]] version = "0.2.184" when = "2026-04-01" user-id = 55123 user-login = "rust-lang-owner" [[publisher.linux-raw-sys]] version = "0.12.1" when = "2025-12-23" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.proc-macro2]] version = "1.0.106" when = "2026-01-21" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.quote]] version = "1.0.45" when = "2026-03-03" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.regex-syntax]] version = "0.8.10" when = "2026-02-24" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.rustix]] version = "1.1.4" when = "2026-02-22" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.serde_spanned]] version = "1.1.1" when = "2026-03-31" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.syn]] version = "2.0.117" when = "2026-02-20" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.tar]] version = "0.4.45" when = "2026-03-19" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.toml]] version = "1.1.2+spec-1.1.0" when = "2026-04-01" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_datetime]] version = "1.1.1+spec-1.1.0" when = "2026-03-31" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_parser]] version = "1.1.2+spec-1.1.0" when = "2026-04-01" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.toml_writer]] version = "1.1.1+spec-1.1.0" when = "2026-03-31" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.unicode-ident]] version = "1.0.24" when = "2026-02-16" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.unicode-segmentation]] version = "1.13.2" when = "2026-03-26" user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" [[publisher.wait-timeout]] version = "0.2.1" when = "2025-02-03" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.wasip2]] version = "1.0.2+wasi-0.2.9" when = "2026-01-15" user-id = 1 user-login = "alexcrichton" user-name = "Alex Crichton" [[publisher.windows-sys]] version = "0.61.2" when = "2025-10-06" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.winnow]] version = "1.0.1" when = "2026-03-30" user-id = 6743 user-login = "epage" user-name = "Ed Page" [[publisher.wit-bindgen]] version = "0.51.0" when = "2026-01-12" trusted-publisher = "github:bytecodealliance/wit-bindgen" [[audits.bytecode-alliance.wildcard-audits.wasip2]] who = "Alex Crichton " criteria = "safe-to-deploy" user-id = 1 # Alex Crichton (alexcrichton) start = "2025-08-10" end = "2026-08-21" notes = """ This is a Bytecode Alliance authored crate. """ [[audits.bytecode-alliance.wildcard-audits.wit-bindgen]] who = "Alex Crichton " criteria = "safe-to-deploy" trusted-publisher = "github:bytecodealliance/wit-bindgen" start = "2025-08-13" end = "2027-01-08" notes = "The Bytecode Alliance is the author of this crate" [[audits.bytecode-alliance.audits.arrayref]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.3.6" notes = """ Unsafe code, but its logic looks good to me. Necessary given what it is doing. Well tested, has quickchecks. """ [[audits.bytecode-alliance.audits.arrayvec]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" version = "0.7.2" notes = """ Well documented invariants, good assertions for those invariants in unsafe code, and tested with MIRI to boot. LGTM. """ [[audits.bytecode-alliance.audits.bitflags]] who = "Jamey Sharp " criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.1" notes = """ This version adds unsafe impls of traits from the bytemuck crate when built with that library enabled, but I believe the impls satisfy the documented safety requirements for bytemuck. The other changes are minor. """ [[audits.bytecode-alliance.audits.bitflags]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.3.2 -> 2.3.3" notes = """ Nothing outside the realm of what one would expect from a bitflags generator, all as expected. """ [[audits.bytecode-alliance.audits.bitflags]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.4.1 -> 2.6.0" notes = """ Changes in how macros are invoked and various bits and pieces of macro-fu. Otherwise no major changes and nothing dealing with `unsafe`. """ [[audits.bytecode-alliance.audits.bitflags]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "2.7.0 -> 2.9.4" notes = "Tweaks to the macro, nothing out of order." [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.3.0" notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value." [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" notes = "Just a dependency version bump and a bug fix for redox" [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" delta = "0.3.9 -> 0.3.10" [[audits.bytecode-alliance.audits.num-traits]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "0.2.19" notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." [[audits.bytecode-alliance.audits.pkg-config]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.25" notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." [[audits.bytecode-alliance.audits.pkg-config]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.29" notes = """ No `unsafe` additions or anything outside of the purview of the crate in this change. """ [[audits.bytecode-alliance.audits.pkg-config]] who = "Chris Fallin " criteria = "safe-to-deploy" delta = "0.3.29 -> 0.3.32" [[audits.bytecode-alliance.audits.shlex]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "1.1.0" notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin." [[audits.bytecode-alliance.audits.xattr]] who = "Andrew Brown " criteria = "safe-to-deploy" version = "1.2.0" notes = "This crate contains `unsafe` calls to libc `extattr_*` functions as one would expect from the crate's purpose." [[audits.bytecode-alliance.audits.xattr]] who = "Andrew Brown " criteria = "safe-to-deploy" delta = "1.2.0 -> 1.3.1" notes = "Minor changes to MacOS-specific code." [[audits.bytecode-alliance.audits.xattr]] who = "Alex Crichton " criteria = "safe-to-deploy" delta = "1.3.1 -> 1.6.1" notes = "Refactorings and minor updates, nothing out of place." [[audits.google.audits.autocfg]] who = "Manish Goregaokar " criteria = "safe-to-deploy" version = "1.4.0" notes = "Contains no unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.bitflags]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.3.2" notes = """ Security review of earlier versions of the crate can be found at (Google-internal, sorry): go/image-crate-chromium-security-review The crate exposes a function marked as `unsafe`, but doesn't use any `unsafe` blocks (except for tests of the single `unsafe` function). I think this justifies marking this crate as `ub-risk-1`. Additional review comments can be found at https://crrev.com/c/4723145/31 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.equivalent]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.equivalent]] who = "Jonathan Hao " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.2" notes = "No changes to any .rs files or Rust code." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.rand]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "0.8.5" notes = """ For more detailed unsafe review notes please see https://crrev.com/c/6362797 """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.0.197" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. There were some hits for `net`, but they were related to serialization and not actually opening any connections or anything like that. There were 2 hits of `unsafe` when grepping: * In `fn as_str` in `impl Buf` * In `fn serialize` in `impl Serialize for net::Ipv4Addr` Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this review also covered `serde_json_lenient`). Version 1.0.130 of the crate has been added to Chromium in https://crrev.com/c/3265545. The CL description contains a link to a (Google-internal, sorry) document with a mini security review. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.197 -> 1.0.198" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "danakj " criteria = "safe-to-deploy" delta = "1.0.198 -> 1.0.201" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.201 -> 1.0.202" notes = "Trivial changes" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.202 -> 1.0.203" notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.204 -> 1.0.207" notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.207 -> 1.0.209" notes = """ The delta carries fairly small changes in `src/private/de.rs` and `src/private/ser.rs` (see https://crrev.com/c/5812194/2..5). AFAICT the delta has no impact on the `unsafe`, `from_utf8_unchecked`-related parts of the crate (in `src/de/format.rs` and `src/ser/impls.rs`). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.209 -> 1.0.210" notes = "Almost no new code - just feature rearrangement" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Liza Burakova " criteria = "safe-to-deploy" delta = "1.0.210 -> 1.0.213" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.213 -> 1.0.214" notes = "No unsafe, no crypto" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.214 -> 1.0.215" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.215 -> 1.0.216" notes = "The delta makes minor changes in `build.rs` - switching to the `?` syntax sugar." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.216 -> 1.0.217" notes = "Minimal changes, nothing unsafe" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "1.0.217 -> 1.0.218" notes = "No changes outside comments and documentation." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.218 -> 1.0.219" notes = "Just allowing `clippy::elidable_lifetime_names`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.0.197" notes = 'Grepped for "unsafe", "crypt", "cipher", "fs", "net" - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "danakj " criteria = "safe-to-deploy" delta = "1.0.197 -> 1.0.201" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.201 -> 1.0.202" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.202 -> 1.0.203" notes = 'Grepped for "unsafe", "crypt", "cipher", "fs", "net" - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.204 -> 1.0.207" notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.207 -> 1.0.209" notes = ''' There are no code changes in this delta - see https://crrev.com/c/5812194/2..5 I've neverthless also grepped for `-i cipher`, `-i crypto`, `\bfs\b`, `\bnet\b`, and `\bunsafe\b`. There were no hits. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.209 -> 1.0.210" notes = "Almost no new code - just feature rearrangement" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Liza Burakova " criteria = "safe-to-deploy" delta = "1.0.210 -> 1.0.213" notes = "Grepped for 'unsafe', 'crypt', 'cipher', 'fs', 'net' - there were no hits" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.213 -> 1.0.214" notes = "No changes to unsafe, no crypto" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Adrian Taylor " criteria = "safe-to-deploy" delta = "1.0.214 -> 1.0.215" notes = "Minor changes should not impact UB risk" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.215 -> 1.0.216" notes = "The delta adds `#[automatically_derived]` in a few places. Still no `unsafe`." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Dustin J. Mitchell " criteria = "safe-to-deploy" delta = "1.0.216 -> 1.0.217" notes = "No changes" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Daniel Cheng " criteria = "safe-to-deploy" delta = "1.0.217 -> 1.0.218" notes = "No changes outside comments and documentation." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" delta = "1.0.218 -> 1.0.219" notes = "Minor changes (clippy tweaks, using `mem::take` instead of `mem::replace`)." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.isrg.audits.cfg-if]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.0 -> 1.0.1" [[audits.isrg.audits.cfg-if]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.1 -> 1.0.3" [[audits.isrg.audits.cfg-if]] who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.3 -> 1.0.4" [[audits.isrg.audits.rand]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.8.5 -> 0.9.1" [[audits.isrg.audits.rand]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "0.9.1 -> 0.9.2" [[audits.isrg.audits.rand_chacha]] who = "David Cook " criteria = "safe-to-deploy" version = "0.3.1" [[audits.isrg.audits.rand_chacha]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.9.0" [[audits.isrg.audits.rand_core]] who = "David Cook " criteria = "safe-to-deploy" version = "0.6.3" [[audits.isrg.audits.rand_core]] who = "David Cook " criteria = "safe-to-deploy" delta = "0.6.4 -> 0.9.3" [[audits.isrg.audits.rand_core]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "0.9.3 -> 0.9.5" [[audits.isrg.audits.serde]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.219 -> 1.0.224" [[audits.isrg.audits.serde]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.224 -> 1.0.225" [[audits.isrg.audits.serde]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "1.0.225 -> 1.0.226" [[audits.isrg.audits.serde_core]] who = "J.C. Jones " criteria = "safe-to-deploy" version = "1.0.224" [[audits.isrg.audits.serde_core]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.224 -> 1.0.225" [[audits.isrg.audits.serde_core]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "1.0.225 -> 1.0.226" [[audits.isrg.audits.serde_derive]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.219 -> 1.0.224" [[audits.isrg.audits.serde_derive]] who = "J.C. Jones " criteria = "safe-to-deploy" delta = "1.0.224 -> 1.0.225" [[audits.isrg.audits.serde_derive]] who = "Tim Geoghegan " criteria = "safe-to-deploy" delta = "1.0.225 -> 1.0.226" [[audits.mozilla.audits.arrayvec]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "0.7.2 -> 0.7.6" notes = "Manually verified new unsafe pointer arithmetic." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.5.2" notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.2 -> 0.5.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.6.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "0.6.3 -> 0.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Jim Blandy " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Alex Franchuk " criteria = "safe-to-deploy" delta = "1.3.2 -> 2.0.2" notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Nicolas Silva " criteria = "safe-to-deploy" delta = "2.0.2 -> 2.1.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Teodor Tanasoaia " criteria = "safe-to-deploy" delta = "2.2.1 -> 2.3.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "2.3.3 -> 2.4.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "2.4.0 -> 2.4.1" notes = "Only allowing new clippy lints" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = [ "Teodor Tanasoaia ", "Erich Gubler ", ] criteria = "safe-to-deploy" delta = "2.6.0 -> 2.7.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bitflags]] who = "Benjamin VanderSloot " criteria = "safe-to-deploy" delta = "2.9.4 -> 2.10.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.errno]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.1 -> 0.3.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.pkg-config]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.6.3 -> 0.6.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.serde_core]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_core]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.serde_derive]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "1.0.226 -> 1.0.227" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.serde_derive]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" delta = "1.0.227 -> 1.0.228" aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" [[audits.mozilla.audits.shlex]] who = "Max Inden " criteria = "safe-to-deploy" delta = "1.1.0 -> 1.3.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.windows-link]] who = "Mark Hammond " criteria = "safe-to-deploy" version = "0.1.1" notes = "A microsoft crate allowing unsafe calls to windows apis." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.windows-link]] who = "Erich Gubler " criteria = "safe-to-deploy" delta = "0.1.1 -> 0.2.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.zcash.audits.arrayref]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.3.6 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.arrayref]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.9" notes = "Changes to `unsafe` lines are to make some existing `unsafe fn`s `const`." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.autocfg]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.4.0 -> 1.5.0" notes = "Filesystem change is to remove the generated LLVM IR output file after probing." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" delta = "0.3.8 -> 0.3.9" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.10 -> 0.3.11" notes = "The `__errno` location for vxworks and cygwin looks correct from a quick search." aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.11 -> 0.3.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.13 -> 0.3.14" aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.windows-link]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.2.1" notes = "No code changes at all." aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"