| |
| # cargo-vet audits file |
| |
| [criteria.ub-risk-0] |
| description = """ |
| No unsafe code. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 |
| """ |
| implies = "ub-risk-1" |
| |
| [criteria.ub-risk-1] |
| description = """ |
| Excellent soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 |
| """ |
| implies = "ub-risk-2" |
| |
| [criteria.ub-risk-2] |
| description = """ |
| Negligible unsoundness or average soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 |
| """ |
| implies = "ub-risk-3" |
| |
| [criteria.ub-risk-3] |
| description = """ |
| Mild unsoundness or suboptimal soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 |
| """ |
| implies = "ub-risk-4" |
| |
| [criteria.ub-risk-4] |
| description = """ |
| Extreme unsoundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 |
| """ |
| |
| [[audits."0.7.11"]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-1"] |
| version = "0.7.15" |
| |
| [[audits.aes]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.7.5 -> 0.8.2" |
| notes = """ |
| Note for reviewers of future updates to this crate: There exist |
| internal APIs such as [1] which are safe but have undocumented safety |
| invariants. |
| |
| [1] https://fuchsia-review.git.corp.google.com/c/fuchsia/+/711365/comment/7a8cdc16_9e9f45ca/ |
| """ |
| |
| [[audits.aes]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-1"] |
| delta = "0.8.2 -> 0.8.4" |
| notes = "Audited at https://fxrev.dev/987054" |
| |
| [[audits.aes-gcm]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.9.4 -> 0.8.2" |
| |
| [[audits.aes-gcm-siv]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.10.3 -> 0.11.1" |
| |
| [[audits.ash]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["ub-risk-4", "safe-to-deploy"] |
| version = "0.37.0+1.3.209" |
| notes = "Reviewed on https://fxrev.dev/694269" |
| |
| [[audits.async-stream]] |
| who = "Tyler Mandry <tmandry@google.com>" |
| criteria = ["ub-risk-2", "safe-to-deploy"] |
| version = "0.3.4" |
| notes = "Reviewed on https://fxrev.dev/761470" |
| |
| [[audits.async-stream]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-0"] |
| delta = "0.3.4 -> 0.3.5" |
| notes = "Reviewed on https://fxrev.dev/906795" |
| |
| [[audits.async-stream-impl]] |
| who = "Tyler Mandry <tmandry@google.com>" |
| criteria = ["ub-risk-2", "safe-to-deploy"] |
| version = "0.3.4" |
| notes = "Reviewed on https://fxrev.dev/761470" |
| |
| [[audits.async-stream-impl]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-0"] |
| delta = "0.3.4 -> 0.3.5" |
| notes = "Reviewed on https://fxrev.dev/906795" |
| |
| [[audits.async-trait]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = "safe-to-deploy" |
| delta = "0.1.56 -> 0.1.68" |
| |
| [[audits.chacha20]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.8.1 -> 0.9.0" |
| |
| [[audits.ecdsa]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.13.4 -> 0.14.8" |
| |
| [[audits.elliptic-curve]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.11.12 -> 0.12.3" |
| |
| [[audits.getrandom]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.2.2 -> 0.2.12" |
| notes = "Audited at https://fxrev.dev/932979" |
| |
| [[audits.hkdf]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.11.0 -> 0.12.3" |
| |
| [[audits.hmac]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.11.0 -> 0.12.1" |
| |
| [[audits.http-body]] |
| who = "Erick Tryzelaar <etryzelaar@google.com>" |
| criteria = ["ub-risk-2", "safe-to-run"] |
| version = "0.4.4" |
| notes = "Reviewed on https://fxrev.dev/611683" |
| |
| [[audits.libc]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.2.142 -> 0.2.149" |
| notes = "Audited at https://fxrev.dev/932979" |
| |
| [[audits.loom]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = "safe-to-run" |
| delta = "0.5.6 -> 0.7.0" |
| notes = "Reviewed on https://fxrev.dev/907709." |
| |
| [[audits.md-5]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-1"] |
| version = "0.10.5" |
| notes = "Reviewed on https://fxrev.dev/712372." |
| |
| [[audits.mio]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.8.5 -> 0.8.9" |
| notes = "Audited at https://fxrev.dev/946305" |
| |
| [[audits.nix]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["ub-risk-3", "safe-to-run"] |
| version = "0.26.2" |
| notes = """ |
| Reviewed on https://fxrev.dev/780283 |
| Issues: |
| - https://github.com/nix-rust/nix/issues/1975 |
| - https://github.com/nix-rust/nix/issues/1977 |
| - https://github.com/nix-rust/nix/pull/1978 |
| - https://github.com/nix-rust/nix/pull/1979 |
| - https://github.com/nix-rust/nix/issues/1980 |
| - https://github.com/nix-rust/nix/issues/1981 |
| - https://github.com/nix-rust/nix/pull/1983 |
| - https://github.com/nix-rust/nix/issues/1990 |
| - https://github.com/nix-rust/nix/pull/1992 |
| - https://github.com/nix-rust/nix/pull/1993 |
| """ |
| |
| [[audits.p256]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.10.1 -> 0.11.1" |
| |
| [[audits.password-hash]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.3.2 -> 0.4.2" |
| |
| [[audits.pbkdf2]] |
| who = "Joshua Liebow-Feeser <joshlf@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.9.0 -> 0.11.0" |
| |
| [[audits.pin-project-lite]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["ub-risk-1", "safe-to-deploy"] |
| version = "0.2.9" |
| notes = "Reviewed on https://fxrev.dev/824504" |
| |
| [[audits.pin-project-lite]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.2.9 -> 0.2.13" |
| notes = "Audited at https://fxrev.dev/946396" |
| |
| [[audits.rayon]] |
| who = [ |
| "Adam Perry <adamperry@google.com>", |
| "Dan Johnson <computerdruid@google.com>", |
| "David Koloski <dkoloski@google.com>", |
| "Joseph Ryan <josephry@google.com>", |
| "Manish Goregaokar <manishearth@google.com>", |
| "Tyler Mandry <tmandry@google.com>", |
| ] |
| criteria = ["ub-risk-2", "safe-to-deploy"] |
| delta = "1.3.0 -> 1.5.3" |
| notes = "Reviewed on https://fxrev.dev/753625" |
| |
| [[audits.ring]] |
| who = "Laura Peskin <pesk@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.16.12 -> 0.16.20" |
| notes = """ |
| Reviewed on: https://fxrev.dev/923001 (0.16.13 -> 0.16.20) |
| Reviewed on: https://fxrev.dev/716624 (0.16.12 -> 0.16.13) |
| """ |
| |
| [[audits.sha1]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-1"] |
| version = "0.10.5" |
| notes = "Reviewed on https://fxrev.dev/712371." |
| |
| [[audits.socket2]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.4.4 -> 0.5.5" |
| notes = "Reviewed at https://fxrev.dev/946307" |
| |
| [[audits.take_mut]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| version = "0.2.2" |
| notes = "Reviewed on https://fxrev.dev/883543" |
| |
| [[audits.thread_local]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "1.0.1 -> 1.1.7" |
| notes = "Reviewed on https://fxrev.dev/906819" |
| |
| [[audits.tokio]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "1.19.2 -> 1.20.5" |
| notes = "Reviewed on http://fxrev.dev/904806" |
| |
| [[audits.tokio]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "1.20.5 -> 1.25.2" |
| notes = "Reviewed at https://fxrev.dev/906324" |
| |
| [[audits.tokio-stream]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["ub-risk-1", "safe-to-deploy"] |
| version = "0.1.11" |
| notes = "Reviewed on https://fxrev.dev/804724" |
| |
| [[audits.tokio-stream]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-0"] |
| delta = "0.1.11 -> 0.1.14" |
| notes = "Reviewed on https://fxrev.dev/907732." |
| |
| [[audits.tracing-core]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.1.21 -> 0.1.31" |
| notes = "Reviewed on https://fxrev.dev/906816" |
| |
| [[audits.tracing-subscriber]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| delta = "0.3.1 -> 0.3.15" |
| notes = "Reviewed on https://fxrev.dev/907708" |
| |
| [[audits.utf8parse]] |
| who = "David Koloski <dkoloski@google.com>" |
| criteria = ["safe-to-deploy", "ub-risk-2"] |
| version = "0.2.1" |
| notes = "Reviewed on https://fxrev.dev/904811" |
