blob: 4027d393753abb35e602a470fdd5d5782ee0e1f1 [file] [log] [blame] [edit]
# cargo-vet audits file
[criteria.ub-risk-0]
description = """
No unsafe code.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0
"""
implies = "ub-risk-1"
[criteria.ub-risk-1]
description = """
Excellent soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1
"""
implies = "ub-risk-2"
[criteria.ub-risk-2]
description = """
Negligible unsoundness or average soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2
"""
implies = "ub-risk-3"
[criteria.ub-risk-3]
description = """
Mild unsoundness or suboptimal soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
"""
implies = "ub-risk-4"
[criteria.ub-risk-4]
description = """
Extreme unsoundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
"""
[[audits."0.7.11"]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-1"]
version = "0.7.15"
[[audits.aes]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.7.5 -> 0.8.2"
notes = """
Note for reviewers of future updates to this crate: There exist
internal APIs such as [1] which are safe but have undocumented safety
invariants.
[1] https://fuchsia-review.git.corp.google.com/c/fuchsia/+/711365/comment/7a8cdc16_9e9f45ca/
"""
[[audits.aes]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-1"]
delta = "0.8.2 -> 0.8.4"
notes = "Audited at https://fxrev.dev/987054"
[[audits.aes-gcm]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.9.4 -> 0.8.2"
[[audits.aes-gcm-siv]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.10.3 -> 0.11.1"
[[audits.ash]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["ub-risk-4", "safe-to-deploy"]
version = "0.37.0+1.3.209"
notes = "Reviewed on https://fxrev.dev/694269"
[[audits.async-stream]]
who = "Tyler Mandry <tmandry@google.com>"
criteria = ["ub-risk-2", "safe-to-deploy"]
version = "0.3.4"
notes = "Reviewed on https://fxrev.dev/761470"
[[audits.async-stream]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-0"]
delta = "0.3.4 -> 0.3.5"
notes = "Reviewed on https://fxrev.dev/906795"
[[audits.async-stream-impl]]
who = "Tyler Mandry <tmandry@google.com>"
criteria = ["ub-risk-2", "safe-to-deploy"]
version = "0.3.4"
notes = "Reviewed on https://fxrev.dev/761470"
[[audits.async-stream-impl]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-0"]
delta = "0.3.4 -> 0.3.5"
notes = "Reviewed on https://fxrev.dev/906795"
[[audits.async-trait]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.56 -> 0.1.68"
[[audits.chacha20]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.8.1 -> 0.9.0"
[[audits.ecdsa]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.13.4 -> 0.14.8"
[[audits.elliptic-curve]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.11.12 -> 0.12.3"
[[audits.getrandom]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.2.2 -> 0.2.12"
notes = "Audited at https://fxrev.dev/932979"
[[audits.hkdf]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.11.0 -> 0.12.3"
[[audits.hmac]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.11.0 -> 0.12.1"
[[audits.http-body]]
who = "Erick Tryzelaar <etryzelaar@google.com>"
criteria = ["ub-risk-2", "safe-to-run"]
version = "0.4.4"
notes = "Reviewed on https://fxrev.dev/611683"
[[audits.libc]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.2.142 -> 0.2.149"
notes = "Audited at https://fxrev.dev/932979"
[[audits.loom]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-run"
delta = "0.5.6 -> 0.7.0"
notes = "Reviewed on https://fxrev.dev/907709."
[[audits.md-5]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-1"]
version = "0.10.5"
notes = "Reviewed on https://fxrev.dev/712372."
[[audits.mio]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.8.5 -> 0.8.9"
notes = "Audited at https://fxrev.dev/946305"
[[audits.nix]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["ub-risk-3", "safe-to-run"]
version = "0.26.2"
notes = """
Reviewed on https://fxrev.dev/780283
Issues:
- https://github.com/nix-rust/nix/issues/1975
- https://github.com/nix-rust/nix/issues/1977
- https://github.com/nix-rust/nix/pull/1978
- https://github.com/nix-rust/nix/pull/1979
- https://github.com/nix-rust/nix/issues/1980
- https://github.com/nix-rust/nix/issues/1981
- https://github.com/nix-rust/nix/pull/1983
- https://github.com/nix-rust/nix/issues/1990
- https://github.com/nix-rust/nix/pull/1992
- https://github.com/nix-rust/nix/pull/1993
"""
[[audits.p256]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.10.1 -> 0.11.1"
[[audits.password-hash]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.3.2 -> 0.4.2"
[[audits.pbkdf2]]
who = "Joshua Liebow-Feeser <joshlf@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.9.0 -> 0.11.0"
[[audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["ub-risk-1", "safe-to-deploy"]
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
[[audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.2.9 -> 0.2.13"
notes = "Audited at https://fxrev.dev/946396"
[[audits.rayon]]
who = [
"Adam Perry <adamperry@google.com>",
"Dan Johnson <computerdruid@google.com>",
"David Koloski <dkoloski@google.com>",
"Julia Ryan <pineapple@google.com>",
"Manish Goregaokar <manishearth@google.com>",
"Tyler Mandry <tmandry@google.com>",
]
criteria = ["ub-risk-2", "safe-to-deploy"]
delta = "1.3.0 -> 1.5.3"
notes = "Reviewed on https://fxrev.dev/753625"
[[audits.ring]]
who = "Laura Peskin <pesk@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.16.12 -> 0.16.20"
notes = """
Reviewed on: https://fxrev.dev/923001 (0.16.13 -> 0.16.20)
Reviewed on: https://fxrev.dev/716624 (0.16.12 -> 0.16.13)
"""
[[audits.sha1]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-1"]
version = "0.10.5"
notes = "Reviewed on https://fxrev.dev/712371."
[[audits.socket2]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.4.4 -> 0.5.5"
notes = "Reviewed at https://fxrev.dev/946307"
[[audits.take_mut]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
version = "0.2.2"
notes = "Reviewed on https://fxrev.dev/883543"
[[audits.thread_local]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "1.0.1 -> 1.1.7"
notes = "Reviewed on https://fxrev.dev/906819"
[[audits.tokio]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "1.19.2 -> 1.20.5"
notes = "Reviewed on http://fxrev.dev/904806"
[[audits.tokio]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "1.20.5 -> 1.25.2"
notes = "Reviewed at https://fxrev.dev/906324"
[[audits.tokio-stream]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["ub-risk-1", "safe-to-deploy"]
version = "0.1.11"
notes = "Reviewed on https://fxrev.dev/804724"
[[audits.tokio-stream]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-0"]
delta = "0.1.11 -> 0.1.14"
notes = "Reviewed on https://fxrev.dev/907732."
[[audits.tracing-core]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.1.21 -> 0.1.31"
notes = "Reviewed on https://fxrev.dev/906816"
[[audits.tracing-subscriber]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
delta = "0.3.1 -> 0.3.15"
notes = "Reviewed on https://fxrev.dev/907708"
[[audits.utf8parse]]
who = "David Koloski <dkoloski@google.com>"
criteria = ["safe-to-deploy", "ub-risk-2"]
version = "0.2.1"
notes = "Reviewed on https://fxrev.dev/904811"