Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch imported audits from Mozilla, 0.10 backport #808

Merged
merged 1 commit into from
Oct 23, 2023
Merged

Switch imported audits from Mozilla, 0.10 backport #808

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions supply-chain/config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audit
[imports.fermyon]
url = "https://raw.githubusercontent.com/fermyon/spin/main/supply-chain/audits.toml"

[imports.firefox]
url = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[imports.mozilla]
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"

[imports.zcash]
url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml"
Expand Down
71 changes: 44 additions & 27 deletions supply-chain/imports.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,6 +424,11 @@ who = "George Burgess IV <[email protected]>"
criteria = "safe-to-run"
delta = "0.4.0 -> 0.3.3"

[[audits.chromeos.audits.hex]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.3"

[[audits.chromeos.audits.io-lifetimes]]
who = "George Burgess IV <[email protected]>"
criteria = "safe-to-run"
Expand All @@ -439,6 +444,11 @@ who = "Android Legacy"
criteria = "safe-to-run"
version = "1.4.0"

[[audits.chromeos.audits.log]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.17"

[[audits.chromeos.audits.miniz_oxide]]
who = "George Burgess IV <[email protected]>"
criteria = "safe-to-run"
Expand Down Expand Up @@ -682,46 +692,53 @@ who = "Radu Matei <[email protected]>"
criteria = "safe-to-run"
version = "0.3.3"

[[audits.firefox.wildcard-audits.unicode-segmentation]]
[[audits.mozilla.wildcard-audits.unicode-segmentation]]
who = "Manish Goregaokar <[email protected]>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-05-15"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.autocfg]]
[[audits.mozilla.audits.autocfg]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.block-buffer]]
[[audits.mozilla.audits.block-buffer]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.crypto-common]]
[[audits.mozilla.audits.crypto-common]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.either]]
[[audits.mozilla.audits.either]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.either]]
[[audits.mozilla.audits.either]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.getrandom]]
[[audits.mozilla.audits.getrandom]]
who = "Yannis Juglaret <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.half]]
[[audits.mozilla.audits.half]]
who = "John M. Schanck <[email protected]>"
criteria = "safe-to-deploy"
version = "1.8.2"
Expand All @@ -730,65 +747,65 @@ This crate contains unsafe code for bitwise casts to/from binary16 floating-poin
format. I've reviewed these and found no issues. There are no uses of ambient
capabilities.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.hermit-abi]]
[[audits.mozilla.audits.hermit-abi]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.2.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.hex]]
who = "Simon Friedberger <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.3"

[[audits.firefox.audits.log]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.17"

[[audits.firefox.audits.num-bigint]]
[[audits.mozilla.audits.num-bigint]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "0.4.3"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.num-integer]]
[[audits.mozilla.audits.num-integer]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "0.1.45"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.rayon]]
[[audits.mozilla.audits.rayon]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "1.5.3"
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.rayon]]
[[audits.mozilla.audits.rayon]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.5.3 -> 1.6.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.rayon-core]]
[[audits.mozilla.audits.rayon-core]]
who = "Josh Stone <[email protected]>"
criteria = "safe-to-deploy"
version = "1.9.3"
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.rayon-core]]
[[audits.mozilla.audits.rayon-core]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.9.3 -> 1.10.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.rayon-core]]
[[audits.mozilla.audits.rayon-core]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-deploy"
delta = "1.10.1 -> 1.10.2"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.firefox.audits.tracing]]
[[audits.mozilla.audits.tracing]]
who = "Mike Hommey <[email protected]>"
criteria = "safe-to-run"
delta = "0.1.35 -> 0.1.36"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.zcash.audits.inout]]
who = "Daira Hopwood <[email protected]>"
Expand Down