diff --git a/Cargo.lock b/Cargo.lock index 0d905ee7..641e8a24 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ "flate2", "futures-core", "futures-util", - "getrandom 0.3.4", + "getrandom 0.4.2", "hmac 0.13.0", "insta", "jaq-core", @@ -1809,11 +1809,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", - "js-sys", "libc", "r-efi 5.3.0", "wasip2", - "wasm-bindgen", ] [[package]] @@ -1823,11 +1821,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" dependencies = [ "cfg-if", + "js-sys", "libc", "r-efi 6.0.0", "rand_core 0.10.1", "wasip2", "wasip3", + "wasm-bindgen", ] [[package]] @@ -4802,11 +4802,11 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.9" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" +checksum = "6662b5879511e06e8999a8a235d848113e942c9124f211511b16466ee2995f26" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -5391,9 +5391,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.52.1" +version = "1.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" dependencies = [ "bytes", "libc", @@ -5463,44 +5463,42 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.23" +version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362" +checksum = "81f3d15e84cbcd896376e6730314d59fb5a87f31e4b038454184435cd57defee" dependencies = [ - "serde", + "indexmap", + "serde_core", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_parser", + "toml_writer", + "winnow", ] [[package]] name = "toml_datetime" -version = "0.6.11" +version = "1.1.1+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c" +checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7" dependencies = [ - "serde", + "serde_core", ] [[package]] -name = "toml_edit" -version = "0.22.27" +name = "toml_parser" +version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" +checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" dependencies = [ - "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "toml_write", "winnow", ] [[package]] -name = "toml_write" -version = "0.1.2" +name = "toml_writer" +version = "1.1.1+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" +checksum = "756daf9b1013ebe47a8776667b466417e2d4c5679d441c26230efd9ef78692db" [[package]] name = "tower" @@ -6314,12 +6312,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.7.15" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945" -dependencies = [ - "memchr", -] +checksum = "2ee1708bef14716a11bae175f579062d4554d95be2c6829f518df847b7b3fdd0" [[package]] name = "wit-bindgen" diff --git a/Cargo.toml b/Cargo.toml index 59ba5f4f..24a4c87e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -74,7 +74,7 @@ zeroize = "1" # build gate stays green; bashkit targets JS-backed wasm for that triple. # Used by the credential placeholder generator; getrandom is the lowest-level # CSPRNG primitive and is already transitively in the dep tree via reqwest/rustls. -getrandom = { version = "0.3", features = ["wasm_js"] } +getrandom = { version = "0.4", features = ["wasm_js"] } # CLI # Intentionally NOT enabling clap's `env` feature: it makes `Arg::env(...)` diff --git a/crates/bashkit-coreutils-port/Cargo.toml b/crates/bashkit-coreutils-port/Cargo.toml index 5c32f90e..63205a6c 100644 --- a/crates/bashkit-coreutils-port/Cargo.toml +++ b/crates/bashkit-coreutils-port/Cargo.toml @@ -27,7 +27,7 @@ proc-macro2 = "1" prettyplease = "0.2" anyhow = { workspace = true } serde = { workspace = true } -toml = "0.8" +toml = "1.1" [dev-dependencies] tempfile = { workspace = true } diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 1bf52156..5be5cc26 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -114,3 +114,52 @@ who = "Mykhailo Chalyi " criteria = "safe-to-deploy" delta = "1.52.0 -> 1.52.1" notes = "Reviewed delta: reverts blocking-pool sharded queue to mutex/condvar VecDeque to fix spawn_blocking hang, adjusts fastrand cfg, and adds no new unsafe blocks or ambient capabilities." + +[[trusted.serde_spanned]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-01-20" +end = "2027-05-16" +notes = "Trusted Ed Page for the TOML crate family versions in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.tokio]] +criteria = "safe-to-deploy" +user-id = 6741 # Alice Ryhl (Darksonn) +start = "2020-12-25" +end = "2027-05-16" +notes = "Trusted Alice Ryhl for Tokio patch releases in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.toml]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-12-14" +end = "2027-05-16" +notes = "Trusted Ed Page for the TOML crate family versions in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.toml_datetime]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-10-21" +end = "2027-05-16" +notes = "Trusted Ed Page for the TOML crate family versions in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.toml_parser]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2025-07-08" +end = "2027-05-16" +notes = "Trusted Ed Page for the TOML parser version in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.toml_writer]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2025-07-08" +end = "2027-05-16" +notes = "Trusted Ed Page for the TOML crate family versions in this dependency bump; Mozilla cargo-vet imports also trust this publisher." + +[[trusted.winnow]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2023-02-22" +end = "2027-05-16" +notes = "Trusted Ed Page for the parser dependency versions in this TOML dependency bump; Mozilla cargo-vet imports also trust this publisher." diff --git a/supply-chain/config.toml b/supply-chain/config.toml index e71d4212..011070cb 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -4,6 +4,9 @@ [cargo-vet] version = "0.10" +[imports.mozilla] +url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" + [policy.bashkit] audit-as-crates-io = false criteria = "safe-to-deploy" @@ -72,10 +75,6 @@ criteria = "safe-to-run" version = "0.2.21" criteria = "safe-to-deploy" -[[exemptions.android_system_properties]] -version = "0.1.5" -criteria = "safe-to-deploy" - [[exemptions.anes]] version = "0.1.6" criteria = "safe-to-run" @@ -172,14 +171,6 @@ criteria = "safe-to-deploy" version = "0.4.10" criteria = "safe-to-deploy" -[[exemptions.bit-set]] -version = "0.8.0" -criteria = "safe-to-deploy" - -[[exemptions.bit-vec]] -version = "0.8.0" -criteria = "safe-to-deploy" - [[exemptions.bitflags]] version = "2.11.1" criteria = "safe-to-deploy" @@ -636,22 +627,10 @@ criteria = "safe-to-deploy" version = "1.1.9" criteria = "safe-to-deploy" -[[exemptions.fnv]] -version = "1.0.7" -criteria = "safe-to-deploy" - [[exemptions.foldhash]] version = "0.1.5" criteria = "safe-to-deploy" -[[exemptions.foldhash]] -version = "0.2.0" -criteria = "safe-to-deploy" - -[[exemptions.form_urlencoded]] -version = "1.2.2" -criteria = "safe-to-deploy" - [[exemptions.fs_extra]] version = "1.3.0" criteria = "safe-to-deploy" @@ -772,10 +751,6 @@ criteria = "safe-to-deploy" version = "0.5.2" criteria = "safe-to-deploy" -[[exemptions.hex]] -version = "0.4.3" -criteria = "safe-to-deploy" - [[exemptions.hex-literal]] version = "1.1.0" criteria = "safe-to-deploy" @@ -1028,10 +1003,6 @@ criteria = "safe-to-deploy" version = "0.8.9" criteria = "safe-to-deploy" -[[exemptions.libloading]] -version = "0.9.0" -criteria = "safe-to-deploy" - [[exemptions.libm]] version = "0.2.16" criteria = "safe-to-deploy" @@ -1184,10 +1155,6 @@ criteria = "safe-to-deploy" version = "1.70.2" criteria = "safe-to-deploy" -[[exemptions.oorandom]] -version = "11.1.5" -criteria = "safe-to-run" - [[exemptions.opaque-debug]] version = "0.3.1" criteria = "safe-to-deploy" @@ -1452,14 +1419,6 @@ criteria = "safe-to-deploy" version = "0.14.0-rc.7" criteria = "safe-to-deploy" -[[exemptions.proc-macro-error-attr2]] -version = "2.0.0" -criteria = "safe-to-deploy" - -[[exemptions.proc-macro-error2]] -version = "2.0.1" -criteria = "safe-to-deploy" - [[exemptions.proc-macro-utils]] version = "0.10.0" criteria = "safe-to-deploy" @@ -1792,10 +1751,6 @@ criteria = "safe-to-deploy" version = "1.0.149" criteria = "safe-to-deploy" -[[exemptions.serde_spanned]] -version = "0.6.9" -criteria = "safe-to-deploy" - [[exemptions.serdect]] version = "0.4.2" criteria = "safe-to-deploy" @@ -1892,10 +1847,6 @@ criteria = "safe-to-deploy" version = "1.15.1" criteria = "safe-to-deploy" -[[exemptions.smawk]] -version = "0.3.2" -criteria = "safe-to-deploy" - [[exemptions.socket2]] version = "0.6.3" criteria = "safe-to-deploy" @@ -1968,10 +1919,6 @@ criteria = "safe-to-deploy" version = "1.0.2" criteria = "safe-to-deploy" -[[exemptions.synstructure]] -version = "0.13.2" -criteria = "safe-to-deploy" - [[exemptions.tabled]] version = "0.20.0" criteria = "safe-to-deploy" @@ -2000,10 +1947,6 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.textwrap]] -version = "0.16.2" -criteria = "safe-to-deploy" - [[exemptions.thiserror]] version = "1.0.69" criteria = "safe-to-deploy" @@ -2040,10 +1983,6 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" -[[exemptions.tokio]] -version = "1.52.0" -criteria = "safe-to-deploy" - [[exemptions.tokio-macros]] version = "2.7.0" criteria = "safe-to-deploy" @@ -2064,22 +2003,6 @@ criteria = "safe-to-run" version = "0.7.18" criteria = "safe-to-deploy" -[[exemptions.toml]] -version = "0.8.23" -criteria = "safe-to-deploy" - -[[exemptions.toml_datetime]] -version = "0.6.11" -criteria = "safe-to-deploy" - -[[exemptions.toml_edit]] -version = "0.22.27" -criteria = "safe-to-deploy" - -[[exemptions.toml_write]] -version = "0.1.2" -criteria = "safe-to-deploy" - [[exemptions.tower]] version = "0.5.3" criteria = "safe-to-deploy" @@ -2164,30 +2087,10 @@ criteria = "safe-to-deploy" version = "1.0.24" criteria = "safe-to-deploy" -[[exemptions.unicode-linebreak]] -version = "0.1.5" -criteria = "safe-to-deploy" - -[[exemptions.unicode-normalization]] -version = "0.1.25" -criteria = "safe-to-deploy" - [[exemptions.unicode-segmentation]] version = "1.13.2" criteria = "safe-to-deploy" -[[exemptions.unicode-width]] -version = "0.1.14" -criteria = "safe-to-deploy" - -[[exemptions.unicode-width]] -version = "0.2.2" -criteria = "safe-to-deploy" - -[[exemptions.unicode-xid]] -version = "0.2.6" -criteria = "safe-to-deploy" - [[exemptions.unicode_names2]] version = "1.3.0" criteria = "safe-to-deploy" @@ -2224,10 +2127,6 @@ criteria = "safe-to-deploy" version = "2.1.3" criteria = "safe-to-deploy" -[[exemptions.utf8_iter]] -version = "1.0.4" -criteria = "safe-to-deploy" - [[exemptions.utf8parse]] version = "0.2.2" criteria = "safe-to-deploy" @@ -2416,10 +2315,6 @@ criteria = "safe-to-deploy" version = "0.52.6" criteria = "safe-to-deploy" -[[exemptions.winnow]] -version = "0.7.15" -criteria = "safe-to-deploy" - [[exemptions.wit-bindgen]] version = "0.51.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 0c397a40..398cbd16 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -1,2 +1,321 @@ # cargo-vet imports lock + +[[publisher.serde_spanned]] +version = "1.1.1" +when = "2026-03-31" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.tokio]] +version = "1.52.3" +when = "2026-05-08" +user-id = 6741 +user-login = "Darksonn" +user-name = "Alice Ryhl" + +[[publisher.toml]] +version = "1.1.2+spec-1.1.0" +when = "2026-04-01" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_datetime]] +version = "1.1.1+spec-1.1.0" +when = "2026-03-31" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_parser]] +version = "1.1.2+spec-1.1.0" +when = "2026-04-01" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.toml_writer]] +version = "1.1.1+spec-1.1.0" +when = "2026-03-31" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.unicode-normalization]] +version = "0.1.25" +when = "2025-10-30" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.unicode-width]] +version = "0.1.14" +when = "2024-09-19" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.unicode-width]] +version = "0.2.2" +when = "2025-10-06" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.unicode-xid]] +version = "0.2.6" +when = "2024-09-19" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + +[[publisher.utf8_iter]] +version = "1.0.4" +when = "2023-12-01" +user-id = 4484 +user-login = "hsivonen" +user-name = "Henri Sivonen" + +[[publisher.winnow]] +version = "1.0.2" +when = "2026-04-21" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[audits.mozilla.wildcard-audits.unicode-normalization]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-11-06" +end = "2026-02-01" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.unicode-width]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-12-05" +end = "2026-02-01" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.unicode-xid]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-07-25" +end = "2026-02-01" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.wildcard-audits.utf8_iter]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +user-id = 4484 # Henri Sivonen (hsivonen) +start = "2022-04-19" +end = "2024-06-16" +notes = "Maintained by Henri Sivonen who works at Mozilla." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.1.2" +notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.1.2 -> 0.1.4" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.android_system_properties]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.1.4 -> 0.1.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.5.2" +notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.5.2 -> 0.5.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.5.3 -> 0.6.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-set]] +who = "Jim Blandy " +criteria = "safe-to-deploy" +delta = "0.6.0 -> 0.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Aria Beingessner " +criteria = "safe-to-deploy" +version = "0.6.3" +notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Teodor Tanasoaia " +criteria = "safe-to-deploy" +delta = "0.6.3 -> 0.7.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bit-vec]] +who = "Jim Blandy " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.8.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.fnv]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +version = "1.0.7" +notes = "Simple hasher implementation with no unsafe code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.foldhash]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.1.5 -> 0.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +version = "1.2.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "Valentin Gosu " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.2.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.form_urlencoded]] +who = "edgul " +criteria = "safe-to-deploy" +delta = "1.2.1 -> 1.2.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.hex]] +who = "Simon Friedberger " +criteria = "safe-to-deploy" +version = "0.4.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.libloading]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.9.0" +notes = "The exposed functionality is inherently unsafe, but all such functions are correctly tagged as `unsafe` and requirements documented. It also includes extensive documentation about the choices made about differing platform APIs" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.oorandom]] +who = "Jan-Erik Rediger " +criteria = "safe-to-run" +version = "11.1.5" +notes = "Small random number generator, explicitly not cryptographically secure, no use of unsafe code, no dependencies" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.proc-macro-error-attr2]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +version = "2.0.0" +notes = "No unsafe block." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.proc-macro-error2]] +who = "Kagami Sascha Rosylight " +criteria = "safe-to-deploy" +version = "2.0.1" +notes = "No unsafe block with a lovely `#![forbid(unsafe_code)]`." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.smawk]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.3.2" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +version = "0.12.6" +notes = """ +I am the primary author of the `synstructure` crate, and its current +maintainer. The one use of `unsafe` is unnecessary, but documented and +harmless. It will be removed in the next version. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.12.6 -> 0.13.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.13.0 -> 0.13.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.synstructure]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.13.2" +aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.15.0" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.15.0 -> 0.15.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.15.2 -> 0.16.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.16.0 -> 0.16.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.textwrap]] +who = "Nika Layzell " +criteria = "safe-to-deploy" +delta = "0.16.1 -> 0.16.2" +aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.unicode-linebreak]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +version = "0.1.5" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"