diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 2d1ca44a6e07..0575d71a9164 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -2657,6 +2657,132 @@ criteria = "safe-to-deploy" version = "0.6.4" notes = "The Bytecode Alliance is the author of this crate." +[[trusted.async-trait]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-07-23" +end = "2024-07-06" + +[[trusted.clap]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2021-12-08" +end = "2024-07-06" + +[[trusted.clap_derive]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2021-12-08" +end = "2024-07-06" + +[[trusted.clap_lex]] +criteria = "safe-to-deploy" +user-id = 6743 # Ed Page (epage) +start = "2022-04-15" +end = "2024-07-06" + +[[trusted.indexmap]] +criteria = "safe-to-deploy" +user-id = 539 # Josh Stone (cuviper) +start = "2020-01-15" +end = "2024-07-06" + +[[trusted.itoa]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-02" +end = "2024-07-06" + +[[trusted.libc]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2021-01-27" +end = "2024-07-06" + +[[trusted.libm]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2022-02-06" +end = "2024-07-06" + +[[trusted.lock_api]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2024-07-06" + +[[trusted.parking_lot]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2024-07-06" + +[[trusted.parking_lot_core]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2019-05-04" +end = "2024-07-06" + +[[trusted.paste]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-19" +end = "2024-07-06" + +[[trusted.ryu]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-05-02" +end = "2024-07-06" + +[[trusted.scopeguard]] +criteria = "safe-to-deploy" +user-id = 2915 # Amanieu d'Antras (Amanieu) +start = "2020-02-16" +end = "2024-07-06" + +[[trusted.serde]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-01" +end = "2024-07-06" + +[[trusted.serde_derive]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-01" +end = "2024-07-06" + +[[trusted.serde_json]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-02-28" +end = "2024-07-06" + +[[trusted.syn]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-03-01" +end = "2024-07-06" + +[[trusted.thiserror]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-10-09" +end = "2024-07-06" + +[[trusted.thiserror-impl]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-10-09" +end = "2024-07-06" + +[[trusted.toml]] +criteria = "safe-to-deploy" +user-id = 1 # Alex Crichton (alexcrichton) +start = "2019-05-16" +end = "2024-07-06" + [[trusted.windows-sys]] criteria = "safe-to-deploy" user-id = 64539 # Kenny Kerr (kennykerr) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 0b1f6b87af04..279c54693f10 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -218,10 +218,6 @@ criteria = "safe-to-deploy" version = "0.7.18" criteria = "safe-to-deploy" -[[exemptions.async-trait]] -version = "0.1.53" -criteria = "safe-to-deploy" - [[exemptions.autocfg]] version = "0.1.8" criteria = "safe-to-deploy" @@ -274,18 +270,6 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.clap]] -version = "3.2.8" -criteria = "safe-to-deploy" - -[[exemptions.clap_derive]] -version = "3.2.7" -criteria = "safe-to-deploy" - -[[exemptions.clap_lex]] -version = "0.2.4" -criteria = "safe-to-deploy" - [[exemptions.console]] version = "0.15.0" criteria = "safe-to-deploy" @@ -508,10 +492,6 @@ version = "1.0.0-rc.3" criteria = "safe-to-deploy" notes = "we are exempting tokio, hyper, and their tightly coupled dependencies by the same authors, expecting that the authors at aws will publish attestions we can import at some point soon" -[[exemptions.indexmap]] -version = "1.9.1" -criteria = "safe-to-deploy" - [[exemptions.indicatif]] version = "0.13.0" criteria = "safe-to-deploy" @@ -528,10 +508,6 @@ criteria = "safe-to-deploy" version = "0.10.3" criteria = "safe-to-deploy" -[[exemptions.itoa]] -version = "1.0.1" -criteria = "safe-to-deploy" - [[exemptions.jobserver]] version = "0.1.24" criteria = "safe-to-deploy" @@ -545,26 +521,14 @@ notes = "dependency of ring for wasm32 browser platform, which our project does version = "0.9.6" criteria = "safe-to-deploy" -[[exemptions.libc]] -version = "0.2.133" -criteria = "safe-to-deploy" - [[exemptions.libloading]] version = "0.7.3" criteria = "safe-to-deploy" -[[exemptions.libm]] -version = "0.2.2" -criteria = "safe-to-deploy" - [[exemptions.listenfd]] version = "1.0.0" criteria = "safe-to-deploy" -[[exemptions.lock_api]] -version = "0.4.7" -criteria = "safe-to-deploy" - [[exemptions.mach]] version = "0.3.2" criteria = "safe-to-deploy" @@ -638,18 +602,6 @@ criteria = "safe-to-deploy" version = "0.9.0" criteria = "safe-to-deploy" -[[exemptions.parking_lot]] -version = "0.11.2" -criteria = "safe-to-deploy" - -[[exemptions.parking_lot_core]] -version = "0.8.5" -criteria = "safe-to-deploy" - -[[exemptions.paste]] -version = "1.0.7" -criteria = "safe-to-deploy" - [[exemptions.pem-rfc7468]] version = "0.2.4" criteria = "safe-to-deploy" @@ -807,30 +759,10 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.ryu]] -version = "1.0.9" -criteria = "safe-to-deploy" - [[exemptions.same-file]] version = "1.0.6" criteria = "safe-to-deploy" -[[exemptions.scopeguard]] -version = "1.1.0" -criteria = "safe-to-deploy" - -[[exemptions.serde]] -version = "1.0.137" -criteria = "safe-to-deploy" - -[[exemptions.serde_derive]] -version = "1.0.137" -criteria = "safe-to-deploy" - -[[exemptions.serde_json]] -version = "1.0.80" -criteria = "safe-to-deploy" - [[exemptions.sha2]] version = "0.9.9" criteria = "safe-to-deploy" @@ -891,10 +823,6 @@ criteria = "safe-to-deploy" version = "5.0.3" criteria = "safe-to-run" -[[exemptions.syn]] -version = "1.0.92" -criteria = "safe-to-deploy" - [[exemptions.target-lexicon]] version = "0.12.3" criteria = "safe-to-deploy" @@ -915,14 +843,6 @@ criteria = "safe-to-deploy" version = "0.15.0" criteria = "safe-to-deploy" -[[exemptions.thiserror]] -version = "1.0.31" -criteria = "safe-to-deploy" - -[[exemptions.thiserror-impl]] -version = "1.0.31" -criteria = "safe-to-deploy" - [[exemptions.thread_local]] version = "1.1.4" criteria = "safe-to-run" @@ -940,10 +860,6 @@ notes = "we are exempting tokio, hyper, and their tightly coupled dependencies b version = "1.7.0" criteria = "safe-to-deploy" -[[exemptions.toml]] -version = "0.5.9" -criteria = "safe-to-deploy" - [[exemptions.tracing]] version = "0.1.34" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index c4431bb1d949..a66102b509d3 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -404,6 +404,13 @@ user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" +[[publisher.async-trait]] +version = "0.1.53" +when = "2022-03-25" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + [[publisher.bumpalo]] version = "3.12.0" when = "2023-01-17" @@ -411,6 +418,27 @@ user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" +[[publisher.clap]] +version = "3.2.8" +when = "2022-06-30" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap_derive]] +version = "3.2.7" +when = "2022-06-28" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + +[[publisher.clap_lex]] +version = "0.2.4" +when = "2022-06-28" +user-id = 6743 +user-login = "epage" +user-name = "Ed Page" + [[publisher.cranelift]] version = "0.97.1" when = "2023-06-21" @@ -520,6 +548,62 @@ user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" +[[publisher.indexmap]] +version = "1.9.1" +when = "2022-06-21" +user-id = 539 +user-login = "cuviper" +user-name = "Josh Stone" + +[[publisher.itoa]] +version = "1.0.1" +when = "2021-12-12" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.libc]] +version = "0.2.132" +when = "2022-08-16" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.libm]] +version = "0.2.7" +when = "2023-05-15" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.lock_api]] +version = "0.4.7" +when = "2022-03-30" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.parking_lot]] +version = "0.11.2" +when = "2021-08-27" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.parking_lot_core]] +version = "0.8.5" +when = "2021-08-28" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.paste]] +version = "1.0.7" +when = "2022-03-27" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + [[publisher.regalloc2]] version = "0.9.1" when = "2023-05-31" @@ -527,6 +611,76 @@ user-id = 187138 user-login = "elliottt" user-name = "Trevor Elliott" +[[publisher.ryu]] +version = "1.0.9" +when = "2021-12-12" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.scopeguard]] +version = "1.1.0" +when = "2020-02-16" +user-id = 2915 +user-login = "Amanieu" +user-name = "Amanieu d'Antras" + +[[publisher.serde]] +version = "1.0.137" +when = "2022-05-01" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.serde_derive]] +version = "1.0.137" +when = "2022-05-01" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.serde_json]] +version = "1.0.80" +when = "2022-04-30" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.syn]] +version = "1.0.92" +when = "2022-04-29" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.syn]] +version = "2.0.16" +when = "2023-05-14" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.thiserror]] +version = "1.0.31" +when = "2022-04-30" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.thiserror-impl]] +version = "1.0.31" +when = "2022-04-30" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + +[[publisher.toml]] +version = "0.5.7" +when = "2020-10-11" +user-id = 1 +user-login = "alexcrichton" +user-name = "Alex Crichton" + [[publisher.unicode-segmentation]] version = "1.10.1" when = "2023-01-31" @@ -1073,6 +1227,11 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.9.0" +[[audits.isrg.audits.libc]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.139 -> 0.2.141" + [[audits.isrg.audits.once_cell]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -1307,6 +1466,18 @@ version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" +[[audits.mozilla.audits.libc]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.2.132 -> 0.2.138" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.libc]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.2.138 -> 0.2.139" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1507,6 +1678,12 @@ harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.toml]] +who = "Bobby Holley " +criteria = "safe-to-deploy" +delta = "0.5.7 -> 0.5.9" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy"