-
Notifications
You must be signed in to change notification settings - Fork 686
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7071 from freedomofpress/rust-audits2
Audit remaining Rust crates
- Loading branch information
Showing
3 changed files
with
419 additions
and
238 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,97 +3,216 @@ | |
|
|
||
| [[audits.ascii-canvas]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "3.0.0" | ||
|
|
||
| [[audits.bitflags]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "1.3.2" | ||
|
|
||
| [[audits.cc]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.0.73 -> 1.0.83" | ||
|
|
||
| [[audits.chrono]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.4.26 -> 0.4.31" | ||
|
|
||
| [[audits.crc32fast]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "1.3.2" | ||
|
|
||
| [[audits.diff]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.1.13" | ||
|
|
||
| [[audits.digest]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.9.0" | ||
|
|
||
| [[audits.dirs-next]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "2.0.0" | ||
|
|
||
| [[audits.dirs-sys-next]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.1.2" | ||
|
|
||
| [[audits.ena]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.14.2" | ||
|
|
||
| [[audits.fixedbitset]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.4.2" | ||
|
|
||
| [[audits.generic-array]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.14.6" | ||
|
|
||
| [[audits.getrandom]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.1.16" | ||
|
|
||
| [[audits.getrandom]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.1.16 -> 0.2.6" | ||
|
|
||
| [[audits.iana-time-zone]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.1.58" | ||
| notes = "Only code for Linux was reviewed." | ||
|
|
||
| [[audits.idna]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.3.0 -> 0.4.0" | ||
| notes = "Primarily adding a no_std mode" | ||
|
|
||
| [[audits.lalrpop]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.19.12 -> 0.20.0" | ||
| criteria = "safe-to-run" | ||
| delta = "0.19.10 -> 0.20.0" | ||
| notes = "Autogenerated code was not reviewed." | ||
|
|
||
| [[audits.lalrpop-util]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.19.12" | ||
|
|
||
| [[audits.lalrpop-util]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.19.12 -> 0.20.0" | ||
|
|
||
| [[audits.memoffset]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.6.5" | ||
|
|
||
| [[audits.memsec]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.6.3" | ||
|
|
||
| [[audits.petgraph]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.6.2 -> 0.6.4" | ||
|
|
||
| [[audits.phf_shared]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.10.0" | ||
|
|
||
| [[audits.pkg-config]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.3.26 -> 0.3.27" | ||
|
|
||
| [[audits.ppv-lite86]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.2.10 -> 0.2.16" | ||
|
|
||
| [[audits.pyo3]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.18.3" | ||
|
|
||
| [[audits.pyo3-build-config]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.18.3" | ||
| notes = "Windows, cross-compiling and abi3 code not reviewed." | ||
|
|
||
| [[audits.pyo3-ffi]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.18.3" | ||
| notes = "Unsurprisingly lots of unsafe, appears fine for an FFI library. PyPy and Windows code was skipped." | ||
|
|
||
| [[audits.pyo3-macros]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.18.3" | ||
|
|
||
| [[audits.pyo3-macros-backend]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.18.3" | ||
|
|
||
| [[audits.rand]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.7.3 -> 0.8.5" | ||
|
|
||
| [[audits.rand]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "0.8.3 -> 0.8.5" | ||
|
|
||
| [[audits.rand_chacha]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.2.2 -> 0.3.1" | ||
|
|
||
| [[audits.rand_core]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| delta = "0.5.1 -> 0.6.3" | ||
|
|
||
| [[audits.siphasher]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| criteria = "safe-to-run" | ||
| version = "0.3.10" | ||
|
|
||
| [[audits.smallvec]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| delta = "1.6.1 -> 1.11.1" | ||
|
|
||
| [[audits.string_cache]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.8.7" | ||
|
|
||
| [[audits.term]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.7.0" | ||
| notes = "Windows code was not reviewed." | ||
|
|
||
| [[audits.tiny-keccak]] | ||
| who = "Cory Francis Myers <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "2.0.2" | ||
|
|
||
| [[audits.typenum]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "1.15.0" | ||
|
|
||
| [[audits.xxhash-rust]] | ||
| who = "Kunal Mehta <[email protected]>" | ||
| criteria = "safe-to-run" | ||
| version = "0.8.7" | ||
| notes = "Only the `xxh3` feature, used by Sequoia, was reviewed" | ||
|
|
||
| [[trusted.aho-corasick]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 189 # Andrew Gallant (BurntSushi) | ||
|
|
@@ -149,6 +268,13 @@ user-id = 539 # Josh Stone (cuviper) | |
| start = "2019-04-02" | ||
| end = "2024-04-10" | ||
|
|
||
| [[trusted.ena]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 1386 # Niko Matsakis (nikomatsakis) | ||
| start = "2019-03-19" | ||
| end = "2024-05-02" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.equivalent]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 539 # Josh Stone (cuviper) | ||
|
|
@@ -198,6 +324,13 @@ start = "2022-01-22" | |
| end = "2024-04-10" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.lalrpop]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 1386 # Niko Matsakis (nikomatsakis) | ||
| start = "2023-03-25" | ||
| end = "2024-05-02" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.libc]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 1 # Alex Crichton (alexcrichton) | ||
|
|
@@ -240,6 +373,27 @@ start = "2019-05-20" | |
| end = "2024-04-10" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.openssl]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 5 # Steven Fackler (sfackler) | ||
| start = "2019-02-22" | ||
| end = "2024-05-02" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.openssl]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 163 # Alex Gaynor (alex) | ||
| start = "2023-03-24" | ||
| end = "2024-05-02" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.openssl-sys]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 5 # Steven Fackler (sfackler) | ||
| start = "2019-03-01" | ||
| end = "2024-05-02" | ||
| notes = "Rust Project member" | ||
|
|
||
| [[trusted.parking_lot]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 2915 # Amanieu d'Antras (Amanieu) | ||
|
|
||
Oops, something went wrong.