919 lines
32 KiB
Text
919 lines
32 KiB
Text
|
|
# cargo-vet imports lock
|
|
|
|
[[publisher.filetime]]
|
|
version = "0.2.27"
|
|
when = "2026-01-18"
|
|
user-id = 1
|
|
user-login = "alexcrichton"
|
|
user-name = "Alex Crichton"
|
|
|
|
[[publisher.hashbrown]]
|
|
version = "0.16.1"
|
|
when = "2025-11-20"
|
|
user-id = 55123
|
|
user-login = "rust-lang-owner"
|
|
|
|
[[publisher.indexmap]]
|
|
version = "2.13.1"
|
|
when = "2026-04-02"
|
|
user-id = 539
|
|
user-login = "cuviper"
|
|
user-name = "Josh Stone"
|
|
|
|
[[publisher.jobserver]]
|
|
version = "0.1.34"
|
|
when = "2025-08-23"
|
|
user-id = 55123
|
|
user-login = "rust-lang-owner"
|
|
|
|
[[publisher.libc]]
|
|
version = "0.2.184"
|
|
when = "2026-04-01"
|
|
user-id = 55123
|
|
user-login = "rust-lang-owner"
|
|
|
|
[[publisher.linux-raw-sys]]
|
|
version = "0.12.1"
|
|
when = "2025-12-23"
|
|
user-id = 6825
|
|
user-login = "sunfishcode"
|
|
user-name = "Dan Gohman"
|
|
|
|
[[publisher.proc-macro2]]
|
|
version = "1.0.106"
|
|
when = "2026-01-21"
|
|
user-id = 3618
|
|
user-login = "dtolnay"
|
|
user-name = "David Tolnay"
|
|
|
|
[[publisher.quote]]
|
|
version = "1.0.45"
|
|
when = "2026-03-03"
|
|
user-id = 3618
|
|
user-login = "dtolnay"
|
|
user-name = "David Tolnay"
|
|
|
|
[[publisher.regex-syntax]]
|
|
version = "0.8.10"
|
|
when = "2026-02-24"
|
|
user-id = 189
|
|
user-login = "BurntSushi"
|
|
user-name = "Andrew Gallant"
|
|
|
|
[[publisher.rustix]]
|
|
version = "1.1.4"
|
|
when = "2026-02-22"
|
|
user-id = 6825
|
|
user-login = "sunfishcode"
|
|
user-name = "Dan Gohman"
|
|
|
|
[[publisher.serde_spanned]]
|
|
version = "1.1.1"
|
|
when = "2026-03-31"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.syn]]
|
|
version = "2.0.117"
|
|
when = "2026-02-20"
|
|
user-id = 3618
|
|
user-login = "dtolnay"
|
|
user-name = "David Tolnay"
|
|
|
|
[[publisher.tar]]
|
|
version = "0.4.45"
|
|
when = "2026-03-19"
|
|
user-id = 1
|
|
user-login = "alexcrichton"
|
|
user-name = "Alex Crichton"
|
|
|
|
[[publisher.toml]]
|
|
version = "1.1.2+spec-1.1.0"
|
|
when = "2026-04-01"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.toml_datetime]]
|
|
version = "1.1.1+spec-1.1.0"
|
|
when = "2026-03-31"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.toml_parser]]
|
|
version = "1.1.2+spec-1.1.0"
|
|
when = "2026-04-01"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.toml_writer]]
|
|
version = "1.1.1+spec-1.1.0"
|
|
when = "2026-03-31"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.unicode-ident]]
|
|
version = "1.0.24"
|
|
when = "2026-02-16"
|
|
user-id = 3618
|
|
user-login = "dtolnay"
|
|
user-name = "David Tolnay"
|
|
|
|
[[publisher.unicode-segmentation]]
|
|
version = "1.13.2"
|
|
when = "2026-03-26"
|
|
user-id = 1139
|
|
user-login = "Manishearth"
|
|
user-name = "Manish Goregaokar"
|
|
|
|
[[publisher.wait-timeout]]
|
|
version = "0.2.1"
|
|
when = "2025-02-03"
|
|
user-id = 1
|
|
user-login = "alexcrichton"
|
|
user-name = "Alex Crichton"
|
|
|
|
[[publisher.wasip2]]
|
|
version = "1.0.2+wasi-0.2.9"
|
|
when = "2026-01-15"
|
|
user-id = 1
|
|
user-login = "alexcrichton"
|
|
user-name = "Alex Crichton"
|
|
|
|
[[publisher.windows-sys]]
|
|
version = "0.61.2"
|
|
when = "2025-10-06"
|
|
user-id = 64539
|
|
user-login = "kennykerr"
|
|
user-name = "Kenny Kerr"
|
|
|
|
[[publisher.winnow]]
|
|
version = "1.0.1"
|
|
when = "2026-03-30"
|
|
user-id = 6743
|
|
user-login = "epage"
|
|
user-name = "Ed Page"
|
|
|
|
[[publisher.wit-bindgen]]
|
|
version = "0.51.0"
|
|
when = "2026-01-12"
|
|
trusted-publisher = "github:bytecodealliance/wit-bindgen"
|
|
|
|
[[audits.bytecode-alliance.wildcard-audits.wasip2]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
user-id = 1 # Alex Crichton (alexcrichton)
|
|
start = "2025-08-10"
|
|
end = "2026-08-21"
|
|
notes = """
|
|
This is a Bytecode Alliance authored crate.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.wildcard-audits.wit-bindgen]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
trusted-publisher = "github:bytecodealliance/wit-bindgen"
|
|
start = "2025-08-13"
|
|
end = "2027-01-08"
|
|
notes = "The Bytecode Alliance is the author of this crate"
|
|
|
|
[[audits.bytecode-alliance.audits.arrayref]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.6"
|
|
notes = """
|
|
Unsafe code, but its logic looks good to me. Necessary given what it is
|
|
doing. Well tested, has quickchecks.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.arrayvec]]
|
|
who = "Nick Fitzgerald <fitzgen@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.7.2"
|
|
notes = """
|
|
Well documented invariants, good assertions for those invariants in unsafe code,
|
|
and tested with MIRI to boot. LGTM.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.bitflags]]
|
|
who = "Jamey Sharp <jsharp@fastly.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.1.0 -> 2.2.1"
|
|
notes = """
|
|
This version adds unsafe impls of traits from the bytemuck crate when built
|
|
with that library enabled, but I believe the impls satisfy the documented
|
|
safety requirements for bytemuck. The other changes are minor.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.bitflags]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.3.2 -> 2.3.3"
|
|
notes = """
|
|
Nothing outside the realm of what one would expect from a bitflags generator,
|
|
all as expected.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.bitflags]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.4.1 -> 2.6.0"
|
|
notes = """
|
|
Changes in how macros are invoked and various bits and pieces of macro-fu.
|
|
Otherwise no major changes and nothing dealing with `unsafe`.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.bitflags]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.7.0 -> 2.9.4"
|
|
notes = "Tweaks to the macro, nothing out of order."
|
|
|
|
[[audits.bytecode-alliance.audits.cfg-if]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.0"
|
|
notes = "I am the author of this crate."
|
|
|
|
[[audits.bytecode-alliance.audits.errno]]
|
|
who = "Dan Gohman <dev@sunfishcode.online>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.0"
|
|
notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
|
|
|
|
[[audits.bytecode-alliance.audits.errno]]
|
|
who = "Dan Gohman <dev@sunfishcode.online>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.0 -> 0.3.1"
|
|
notes = "Just a dependency version bump and a bug fix for redox"
|
|
|
|
[[audits.bytecode-alliance.audits.errno]]
|
|
who = "Dan Gohman <dev@sunfishcode.online>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.9 -> 0.3.10"
|
|
|
|
[[audits.bytecode-alliance.audits.num-traits]]
|
|
who = "Andrew Brown <andrew.brown@intel.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.2.19"
|
|
notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected."
|
|
|
|
[[audits.bytecode-alliance.audits.pkg-config]]
|
|
who = "Pat Hickey <phickey@fastly.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.25"
|
|
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
|
|
|
|
[[audits.bytecode-alliance.audits.pkg-config]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.26 -> 0.3.29"
|
|
notes = """
|
|
No `unsafe` additions or anything outside of the purview of the crate in this
|
|
change.
|
|
"""
|
|
|
|
[[audits.bytecode-alliance.audits.pkg-config]]
|
|
who = "Chris Fallin <chris@cfallin.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.29 -> 0.3.32"
|
|
|
|
[[audits.bytecode-alliance.audits.shlex]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.1.0"
|
|
notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."
|
|
|
|
[[audits.bytecode-alliance.audits.xattr]]
|
|
who = "Andrew Brown <andrew.brown@intel.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.2.0"
|
|
notes = "This crate contains `unsafe` calls to libc `extattr_*` functions as one would expect from the crate's purpose."
|
|
|
|
[[audits.bytecode-alliance.audits.xattr]]
|
|
who = "Andrew Brown <andrew.brown@intel.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.2.0 -> 1.3.1"
|
|
notes = "Minor changes to MacOS-specific code."
|
|
|
|
[[audits.bytecode-alliance.audits.xattr]]
|
|
who = "Alex Crichton <alex@alexcrichton.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.3.1 -> 1.6.1"
|
|
notes = "Refactorings and minor updates, nothing out of place."
|
|
|
|
[[audits.google.audits.autocfg]]
|
|
who = "Manish Goregaokar <manishearth@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.4.0"
|
|
notes = "Contains no unsafe"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.bitflags]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.3.2"
|
|
notes = """
|
|
Security review of earlier versions of the crate can be found at
|
|
(Google-internal, sorry): go/image-crate-chromium-security-review
|
|
|
|
The crate exposes a function marked as `unsafe`, but doesn't use any
|
|
`unsafe` blocks (except for tests of the single `unsafe` function). I
|
|
think this justifies marking this crate as `ub-risk-1`.
|
|
|
|
Additional review comments can be found at https://crrev.com/c/4723145/31
|
|
"""
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.equivalent]]
|
|
who = "George Burgess IV <gbiv@google.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.1"
|
|
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.equivalent]]
|
|
who = "Jonathan Hao <phao@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.1 -> 1.0.2"
|
|
notes = "No changes to any .rs files or Rust code."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.rand]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.8.5"
|
|
notes = """
|
|
For more detailed unsafe review notes please see https://crrev.com/c/6362797
|
|
"""
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.197"
|
|
notes = """
|
|
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
|
|
|
|
There were some hits for `net`, but they were related to serialization and
|
|
not actually opening any connections or anything like that.
|
|
|
|
There were 2 hits of `unsafe` when grepping:
|
|
* In `fn as_str` in `impl Buf`
|
|
* In `fn serialize` in `impl Serialize for net::Ipv4Addr`
|
|
|
|
Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this
|
|
review also covered `serde_json_lenient`).
|
|
|
|
Version 1.0.130 of the crate has been added to Chromium in
|
|
https://crrev.com/c/3265545. The CL description contains a link to a
|
|
(Google-internal, sorry) document with a mini security review.
|
|
"""
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.197 -> 1.0.198"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "danakj <danakj@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.198 -> 1.0.201"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.201 -> 1.0.202"
|
|
notes = "Trivial changes"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.202 -> 1.0.203"
|
|
notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.203 -> 1.0.204"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.204 -> 1.0.207"
|
|
notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.207 -> 1.0.209"
|
|
notes = """
|
|
The delta carries fairly small changes in `src/private/de.rs` and
|
|
`src/private/ser.rs` (see https://crrev.com/c/5812194/2..5). AFAICT the
|
|
delta has no impact on the `unsafe`, `from_utf8_unchecked`-related parts
|
|
of the crate (in `src/de/format.rs` and `src/ser/impls.rs`).
|
|
"""
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.209 -> 1.0.210"
|
|
notes = "Almost no new code - just feature rearrangement"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Liza Burakova <liza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.210 -> 1.0.213"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.213 -> 1.0.214"
|
|
notes = "No unsafe, no crypto"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.214 -> 1.0.215"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.215 -> 1.0.216"
|
|
notes = "The delta makes minor changes in `build.rs` - switching to the `?` syntax sugar."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.216 -> 1.0.217"
|
|
notes = "Minimal changes, nothing unsafe"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Daniel Cheng <dcheng@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.217 -> 1.0.218"
|
|
notes = "No changes outside comments and documentation."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.218 -> 1.0.219"
|
|
notes = "Just allowing `clippy::elidable_lifetime_names`."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.197"
|
|
notes = 'Grepped for "unsafe", "crypt", "cipher", "fs", "net" - there were no hits'
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "danakj <danakj@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.197 -> 1.0.201"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.201 -> 1.0.202"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.202 -> 1.0.203"
|
|
notes = 'Grepped for "unsafe", "crypt", "cipher", "fs", "net" - there were no hits'
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.203 -> 1.0.204"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.204 -> 1.0.207"
|
|
notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits'
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.207 -> 1.0.209"
|
|
notes = '''
|
|
There are no code changes in this delta - see https://crrev.com/c/5812194/2..5
|
|
|
|
I've neverthless also grepped for `-i cipher`, `-i crypto`, `\bfs\b`,
|
|
`\bnet\b`, and `\bunsafe\b`. There were no hits.
|
|
'''
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.209 -> 1.0.210"
|
|
notes = "Almost no new code - just feature rearrangement"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Liza Burakova <liza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.210 -> 1.0.213"
|
|
notes = "Grepped for 'unsafe', 'crypt', 'cipher', 'fs', 'net' - there were no hits"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.213 -> 1.0.214"
|
|
notes = "No changes to unsafe, no crypto"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Adrian Taylor <adetaylor@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.214 -> 1.0.215"
|
|
notes = "Minor changes should not impact UB risk"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.215 -> 1.0.216"
|
|
notes = "The delta adds `#[automatically_derived]` in a few places. Still no `unsafe`."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Dustin J. Mitchell <djmitche@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.216 -> 1.0.217"
|
|
notes = "No changes"
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Daniel Cheng <dcheng@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.217 -> 1.0.218"
|
|
notes = "No changes outside comments and documentation."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.google.audits.serde_derive]]
|
|
who = "Lukasz Anforowicz <lukasza@chromium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.218 -> 1.0.219"
|
|
notes = "Minor changes (clippy tweaks, using `mem::take` instead of `mem::replace`)."
|
|
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
|
|
|
|
[[audits.isrg.audits.cfg-if]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.0 -> 1.0.1"
|
|
|
|
[[audits.isrg.audits.cfg-if]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.1 -> 1.0.3"
|
|
|
|
[[audits.isrg.audits.cfg-if]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.3 -> 1.0.4"
|
|
|
|
[[audits.isrg.audits.rand]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.8.5 -> 0.9.1"
|
|
|
|
[[audits.isrg.audits.rand]]
|
|
who = "Tim Geoghegan <timg@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.9.1 -> 0.9.2"
|
|
|
|
[[audits.isrg.audits.rand_chacha]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.3.1"
|
|
|
|
[[audits.isrg.audits.rand_chacha]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.1 -> 0.9.0"
|
|
|
|
[[audits.isrg.audits.rand_core]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.6.3"
|
|
|
|
[[audits.isrg.audits.rand_core]]
|
|
who = "David Cook <dcook@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.6.4 -> 0.9.3"
|
|
|
|
[[audits.isrg.audits.rand_core]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.9.3 -> 0.9.5"
|
|
|
|
[[audits.isrg.audits.serde]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.219 -> 1.0.224"
|
|
|
|
[[audits.isrg.audits.serde]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.224 -> 1.0.225"
|
|
|
|
[[audits.isrg.audits.serde]]
|
|
who = "Tim Geoghegan <timg@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.225 -> 1.0.226"
|
|
|
|
[[audits.isrg.audits.serde_core]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.224"
|
|
|
|
[[audits.isrg.audits.serde_core]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.224 -> 1.0.225"
|
|
|
|
[[audits.isrg.audits.serde_core]]
|
|
who = "Tim Geoghegan <timg@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.225 -> 1.0.226"
|
|
|
|
[[audits.isrg.audits.serde_derive]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.219 -> 1.0.224"
|
|
|
|
[[audits.isrg.audits.serde_derive]]
|
|
who = "J.C. Jones <jc@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.224 -> 1.0.225"
|
|
|
|
[[audits.isrg.audits.serde_derive]]
|
|
who = "Tim Geoghegan <timg@divviup.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.225 -> 1.0.226"
|
|
|
|
[[audits.mozilla.audits.arrayvec]]
|
|
who = "Alex Franchuk <afranchuk@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.7.2 -> 0.7.6"
|
|
notes = "Manually verified new unsafe pointer arithmetic."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-set]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.5.2"
|
|
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-set]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.5.2 -> 0.5.3"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-set]]
|
|
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.5.3 -> 0.6.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-set]]
|
|
who = "Jim Blandy <jimb@red-bean.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.6.0 -> 0.8.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-vec]]
|
|
who = "Aria Beingessner <a.beingessner@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.6.3"
|
|
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-vec]]
|
|
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.6.3 -> 0.7.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bit-vec]]
|
|
who = "Jim Blandy <jimb@red-bean.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.7.0 -> 0.8.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Alex Franchuk <afranchuk@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.3.2 -> 2.0.2"
|
|
notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Nicolas Silva <nical@fastmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.0.2 -> 2.1.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.2.1 -> 2.3.2"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.3.3 -> 2.4.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.4.0 -> 2.4.1"
|
|
notes = "Only allowing new clippy lints"
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = [
|
|
"Teodor Tanasoaia <ttanasoaia@mozilla.com>",
|
|
"Erich Gubler <erichdongubler@gmail.com>",
|
|
]
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.6.0 -> 2.7.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.bitflags]]
|
|
who = "Benjamin VanderSloot <bvandersloot@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "2.9.4 -> 2.10.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.errno]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.1 -> 0.3.3"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.fnv]]
|
|
who = "Bobby Holley <bobbyholley@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
version = "1.0.7"
|
|
notes = "Simple hasher implementation with no unsafe code."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.pkg-config]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.25 -> 0.3.26"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.rand_core]]
|
|
who = "Mike Hommey <mh+mozilla@glandium.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.6.3 -> 0.6.4"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde]]
|
|
who = "Erich Gubler <erichdongubler@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.226 -> 1.0.227"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.227 -> 1.0.228"
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde_core]]
|
|
who = "Erich Gubler <erichdongubler@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.226 -> 1.0.227"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde_core]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.227 -> 1.0.228"
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde_derive]]
|
|
who = "Erich Gubler <erichdongubler@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.226 -> 1.0.227"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.serde_derive]]
|
|
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.0.227 -> 1.0.228"
|
|
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.shlex]]
|
|
who = "Max Inden <mail@max-inden.de>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.1.0 -> 1.3.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.windows-link]]
|
|
who = "Mark Hammond <mhammond@skippinet.com.au>"
|
|
criteria = "safe-to-deploy"
|
|
version = "0.1.1"
|
|
notes = "A microsoft crate allowing unsafe calls to windows apis."
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.mozilla.audits.windows-link]]
|
|
who = "Erich Gubler <erichdongubler@gmail.com>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.1.1 -> 0.2.0"
|
|
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.arrayref]]
|
|
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.6 -> 0.3.8"
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.arrayref]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.8 -> 0.3.9"
|
|
notes = "Changes to `unsafe` lines are to make some existing `unsafe fn`s `const`."
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.autocfg]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "1.4.0 -> 1.5.0"
|
|
notes = "Filesystem change is to remove the generated LLVM IR output file after probing."
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.errno]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.3 -> 0.3.8"
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.errno]]
|
|
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.8 -> 0.3.9"
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.errno]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.10 -> 0.3.11"
|
|
notes = "The `__errno` location for vxworks and cygwin looks correct from a quick search."
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.errno]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.11 -> 0.3.13"
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.errno]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.3.13 -> 0.3.14"
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
|
|
|
|
[[audits.zcash.audits.windows-link]]
|
|
who = "Jack Grigg <jack@electriccoin.co>"
|
|
criteria = "safe-to-deploy"
|
|
delta = "0.2.0 -> 0.2.1"
|
|
notes = "No code changes at all."
|
|
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
|