Source code

Revision control

Copy as Markdown

Other Tools

# cargo-vet audits file
[[wildcard-audits.audio_thread_priority]]
who = "Paul Adenot <paul@paul.cx>"
criteria = "safe-to-deploy"
user-id = 1258 # Paul Adenot (padenot)
start = "2019-05-09"
end = "2024-04-24"
notes = """
I've written most of this crate, the rest has been either written and in any
case has been reviewed by Mozilla developers.
"""
[[wildcard-audits.authenticator]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 175410 # John Schanck (jschanck)
start = "2022-11-15"
end = "2025-09-25"
notes = "Maintained by the CryptoEng team at Mozilla."
[[wildcard-audits.bhttp]]
who = "Martin Thomson <mt@lowentropy.net>"
criteria = "safe-to-deploy"
user-id = 128763 # Martin Thomson (martinthomson)
start = "2022-08-04"
end = "2024-03-09"
notes = "Though the code is safe to run and deploy, the code for processing HTTP/1.1 messages (the `read-http` feature, specifically) is not suited for deployment in real applications, either clients or servers. Some features necessary for live deployment are not implemented, such as the proper handling of some types of response (e.g., a response to a HEAD request). Software that processes HTTP/1.1 messages requires a large number of compatibility tweaks if it is to be deployed interoperably. This feature only exists to support basic validation tools and is unlikely to be widely compatible."
[[wildcard-audits.breakpad-symbols]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 72814 # Gabriele Svelto (gabrielesvelto)
start = "2022-11-30"
end = "2025-02-28"
notes = "This crate is written and maintained by mozilla employees."
[[wildcard-audits.cachemap2]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 106639 # Alex Franchuk (afranchuk)
start = "2023-03-21"
end = "2025-02-28"
notes = "This crate is written and solely maintained by a mozilla employee."
[[wildcard-audits.cexpr]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
user-id = 3788 # Emilio Cobos Álvarez (emilio)
start = "2021-06-21"
end = "2024-04-21"
notes = "No unsafe code, rather straight-forward parser."
[[wildcard-audits.cocoa]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-07-23"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.cocoa]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2022-11-01"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.cocoa-foundation]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2020-07-20"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.cocoa-foundation]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2023-03-16"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-foundation]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-11-12"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-foundation]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2019-03-29"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-11-12"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-10-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-graphics]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-10-28"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-graphics]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-12-08"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-graphics-types]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2020-07-20"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-text]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-03-29"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.core-text]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2021-02-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.dogear]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 27901 # Lina Butler (linabutler)
start = "2019-03-04"
end = "2024-05-05"
notes = "Lina developed this crate as Mozilla staff."
[[wildcard-audits.encoding_rs]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
user-id = 4484 # Henri Sivonen (hsivonen)
start = "2019-02-26"
end = "2024-08-28"
notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
[[wildcard-audits.etagere]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
user-id = 1281 # Nicolas Silva (nical)
start = "2020-11-12"
end = "2025-06-01"
notes = "I am the author of this crate."
[[wildcard-audits.euclid]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
user-id = 1281 # Nicolas Silva (nical)
start = "2019-03-14"
end = "2025-04-25"
notes = "I wrote most of the commits in the euclid reprository and review every change that is not produced by me."
[[wildcard-audits.framehop]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 20227 # Markus Stange (mstange)
start = "2022-03-12"
end = "2025-02-28"
notes = "This crate is written and solely maintained by a mozilla employee."
[[wildcard-audits.freetype]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2020-02-28"
end = "2023-05-04"
renew = false
notes = "All code written or reviewed by Mozilla staff."
[[wildcard-audits.gleam]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1039
start = "2019-03-01"
end = "2023-05-04"
renew = false
notes = "All code written or reviewed by Mozilla."
[[wildcard-audits.gleam]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-03-18"
end = "2023-05-04"
renew = false
notes = "All code written or reviewed by Mozilla."
[[wildcard-audits.gleam]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2023-04-21"
end = "2023-05-04"
renew = false
notes = "All code written or reviewed by Mozilla."
[[wildcard-audits.glean]]
who = "Chris H-C <chutten@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2020-11-10"
end = "2025-02-12"
notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
[[wildcard-audits.glean]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 66068
start = "2024-02-12"
end = "2025-02-13"
[[wildcard-audits.glean-core]]
who = "Chris H-C <chutten@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2019-09-24"
end = "2025-02-12"
notes = "The Glean SDKs are maintained by the Glean Team at Mozilla."
[[wildcard-audits.glean-core]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 66068
start = "2020-07-10"
end = "2025-02-13"
[[wildcard-audits.glslopt]]
who = "Jamie Nicol <jnicol@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 84794 # Jamie Nicol (jamienicol)
start = "2020-04-07"
end = "2025-08-30"
[[wildcard-audits.io-surface]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 2396 # Josh Matthews (jdm)
start = "2019-07-23"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[wildcard-audits.macho-unwind-info]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 20227 # Markus Stange (mstange)
start = "2022-01-31"
end = "2025-02-28"
notes = "This crate is written and solely maintained by a mozilla employee."
[[wildcard-audits.marionette]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-run"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[wildcard-audits.minidump]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 72814 # Gabriele Svelto (gabrielesvelto)
start = "2022-11-30"
end = "2025-02-28"
notes = "This crate is written and maintained by mozilla employees."
[[wildcard-audits.minidump-common]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 72814 # Gabriele Svelto (gabrielesvelto)
start = "2022-11-30"
end = "2025-02-28"
notes = "This crate is written and maintained by mozilla employees."
[[wildcard-audits.minidump-unwind]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 72814 # Gabriele Svelto (gabrielesvelto)
start = "2023-05-17"
end = "2025-02-28"
notes = "This crate is written and maintained by mozilla employees."
[[wildcard-audits.mozdevice]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-run"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[wildcard-audits.mozprofile]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-deploy"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[wildcard-audits.mozrunner]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-deploy"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[wildcard-audits.mozversion]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-run"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[wildcard-audits.nss-gk-api]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 175410 # John Schanck (jschanck)
start = "2022-11-14"
end = "2024-06-20"
notes = "Maintained by the CryptoEng team at Mozilla."
[[wildcard-audits.ohttp]]
who = "Martin Thomson <mt@lowentropy.net>"
criteria = "safe-to-deploy"
user-id = 128763 # Martin Thomson (martinthomson)
start = "2022-08-04"
end = "2024-03-09"
notes = "This code contains two cryptographic back ends. No unsafe code is contained if the Rust `hpke` crate is used (the `rust-hpke` feature). Using NSS (the `nss` feature) involves extensive use of bindings to the native code provided by NSS. This interface uses wrappers that attempt to add safety to a fundamentally very dangerous library, but those wrappers have only been validated for use following the needs of this crate."
[[wildcard-audits.pe-unwind-info]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 106639 # Alex Franchuk (afranchuk)
start = "2023-07-25"
end = "2025-02-28"
notes = "This crate is written and solely maintained by a mozilla employee."
[[wildcard-audits.qcms]]
who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-11-05"
end = "2025-01-09"
notes = "Maintained by the Graphics team at Mozilla in mozilla-central."
[[wildcard-audits.rust_cascade]]
who = "Dana Keeler <dkeeler@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 57462 # Dana Keeler (mozkeeler)
start = "2019-11-15"
end = "2024-04-24"
notes = "Written and maintained by the security engineering team at Mozilla."
[[wildcard-audits.unicode-normalization]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-11-06"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
[[wildcard-audits.unicode-segmentation]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-05-15"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
[[wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-12-05"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
[[wildcard-audits.unicode-xid]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-07-25"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
[[wildcard-audits.uniffi]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2021-10-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-05-05"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_bindgen]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2021-10-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_bindgen]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-05-05"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_build]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2021-10-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_build]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-05-05"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_checksum_derive]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2023-01-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_checksum_derive]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-12-16"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_core]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2023-01-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_core]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2023-06-21"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_macros]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2021-10-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_macros]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-05-05"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_meta]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2022-09-13"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_meta]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-08-31"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_testing]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2023-01-27"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_testing]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2022-12-16"
end = "2024-06-21"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.uniffi_udl]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2023-10-18"
end = "2024-12-11"
notes = "Maintained by the Glean and Application Services teams"
[[wildcard-audits.utf8_iter]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
user-id = 4484 # Henri Sivonen (hsivonen)
start = "2022-04-19"
end = "2024-06-16"
notes = "Maintained by Henri Sivonen who works at Mozilla."
[[wildcard-audits.webdriver]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-deploy"
user-id = 22262
start = "2020-11-03"
end = "2025-01-31"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[audits.aa-stroke]]
who = "Lee Salzman <lsalzman@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Written and maintained by Gfx team at Mozilla."
[[audits.ahash]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.7.6 -> 0.7.8"
[[audits.ahash]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.8.7 -> 0.8.11"
[[audits.aho-corasick]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.7.18 -> 0.7.20"
[[audits.allocator-api2]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.2.18"
[[audits.alsa]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.7.0"
[[audits.alsa]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.1"
[[audits.android_logger]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.11.0"
notes = "Small crate, wrapping Android log functionality, reviewed by janerik"
[[audits.android_logger]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.0 -> 0.11.1"
notes = "Small crate, wrapping Android log functionality, now switched to properly using MaybeUninit"
[[audits.android_logger]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.11.1 -> 0.11.3"
[[audits.android_logger]]
who = "Chris H-C <chutten@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.3 -> 0.12.0"
notes = "Small wrapper crate. This update fixes log level filtering."
[[audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
[[audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
[[audits.android_system_properties]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
[[audits.any_all_workaround]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The little code that is in this crate I reviewed and modified from packed_simd (which has previously been vendored in full instead of just this small part)."
[[audits.any_all_workaround]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.0@git:7fb1b7034c9f172aade21ee1c8554e8d8a48af80"
importable = false
notes = "This is a trivial workaround copied from elsewhere in m-c, specifically qcms."
[[audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.57 -> 1.0.61"
[[audits.anyhow]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.58 -> 1.0.57"
notes = "No functional differences, just CI config and docs."
[[audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.61 -> 1.0.62"
[[audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.62 -> 1.0.68"
[[audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.69"
[[audits.app_units]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.7.1"
notes = """
I'm pretty familiar with this crate. It provides a fixed-point numeric type.
The code is pretty straight-forward, there's no unsafe code at all.
"""
[[audits.app_units]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.7.3"
[[audits.app_units]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.7.2"
notes = "Adding repr(transparent) plus a couple minor clean-ups, no functional changes from 0.7.1."
[[audits.arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.0 -> 1.1.1"
[[audits.arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.1 -> 1.1.3"
[[audits.arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.3 -> 1.2.0"
[[audits.arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.2.0 -> 1.2.3"
[[audits.arraystring]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.arrayvec]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.7.2 -> 0.7.6"
notes = "Manually verified new unsafe pointer arithmetic."
[[audits.ash]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.37.0+1.3.209 -> 0.37.1+1.3.235"
notes = """
Nicolas Silva, Jim Blandy, and Teodor Tanasoaia audited ash master
branch commits from e43e9c0c to 6bd82768 inclusive.
"""
[[audits.ash]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "0.37.1+1.3.235 -> 0.37.2+1.3.238"
[[audits.ash]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.37.2+1.3.238 -> 0.37.3+1.3.251"
[[audits.ash]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.37.3+1.3.251 -> 0.38.0+1.3.281"
notes = """
There are many sweeping changes to code generation that make this review intimidating, at first.
However, I have audited all hand-written code, and vetted changes to the code generator (with some
auditing of generated output to ensure correspondence to my mental model). Vulkan is an inherently
unsafe API, but this crate makes many of the preparatory steps for calling Vulkan APIs safer and
easier to use.
"""
[[audits.ashmem]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = """
Small unsafe wrapper around Android 8.0's ASharedMemory native API that falls
back to older private ioctl-based API at runtime on earlier OS releases. The
shim code is small and doesn't inspect the API arguments, so is unlikely to
expose any safety issues beyond those presented by the native OS API.
"""
[[audits.askama]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.11.1"
notes = """
Just contains some traits and re-exports for use by a broader package of related
crates. No unsafe code or ambient capability usage.
"""
[[audits.async-task]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "4.0.3 -> 4.0.3@git:f6488e35beccb26eb6e85847b02aa78a42cd3d0e"
notes = "Recorded by bholley, confirmed over slack."
[[audits.async-task]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
delta = "4.0.3 -> 4.3.0"
notes = "Main addition is the new FallibleTask type, which I implemented. No risky unsafe code changes."
[[audits.async-trait]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.56 -> 0.1.57"
[[audits.async-trait]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.57 -> 0.1.60"
[[audits.async-trait]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.60 -> 0.1.64"
[[audits.atomic_refcell]]
who = "Bobby Holley <bholley@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.8"
notes = "I maintain this crate and have reviewed every line."
[[audits.atomic_refcell]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.8 -> 0.1.9"
[[audits.audio-mixer]]
who = "Chun-Min Chang <chun.m.chang@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "audio-mixer is a Mozilla-developed package."
[[audits.audio-mixer]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.3"
[[audits.audio-mixer]]
who = "Paul Adenot <paul@paul.cx>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
notes = "(I wrote all of this code)"
[[audits.authenticator]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.4.0-alpha.13"
notes = "Maintained by the CryptoEng team at Mozilla."
[[audits.authenticator]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.4.0-alpha.24 -> 0.4.0"
[[audits.autocfg]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
[[audits.base64]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.13.1"
[[audits.bindgen]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.59.2"
notes = "I'm the primary author and maintainer of the crate."
[[audits.bindgen]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.59.2 -> 0.63.0"
[[audits.bindgen]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.63.0 -> 0.64.0"
[[audits.bindgen]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.64.0 -> 0.66.1"
[[audits.bindgen]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.66.1 -> 0.68.1"
[[audits.bindgen]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.68.1 -> 0.69.1"
[[audits.bindgen]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.69.1 -> 0.69.2"
[[audits.bindgen]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.69.2 -> 0.69.4"
[[audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
[[audits.bit-set]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.5.3"
[[audits.bit-set]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.3 -> 0.6.0"
[[audits.bit-set]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.8.0"
[[audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
[[audits.bit-vec]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.3 -> 0.7.0"
[[audits.bit-vec]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.0"
[[audits.bitflags]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 2.0.2"
notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
[[audits.bitflags]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
[[audits.bitflags]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.2.1 -> 2.3.2"
[[audits.bitflags]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.3.3 -> 2.4.0"
[[audits.block-buffer]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
[[audits.build-parallel]]
who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
[[audits.bumpalo]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-run"
delta = "3.9.1 -> 3.10.0"
notes = """
Some nontrivial functional changes but certainly meets the no-malware bar of
safe-to-run. If we needed safe-to-deploy for this in m-c I'd ask Nick to re-
certify this version, but we don't, so this is fine for now.
"""
[[audits.bumpalo]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "3.11.1 -> 3.12.0"
[[audits.bytes]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.2.1"
[[audits.bytes]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.2.1 -> 1.3.0"
[[audits.bytes]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.3.0 -> 1.4.0"
[[audits.calendrical_calculations]]
who = "André Bargull <andre.bargull@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "This has no unsafe code and uses no ambient capabilities."
[[audits.calendrical_calculations]]
who = "André Bargull <andre.bargull@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
[[audits.camino]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.1.1"
[[audits.camino]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.1.1 -> 1.1.2"
[[audits.cargo_metadata]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.15.2"
notes = "I reviewed the whole code base. Parser for the output of cargo-metadata, relying mostly on serde. No unsafe code used."
[[audits.cargo_metadata]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.15.2 -> 0.15.3"
[[audits.cc]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.73 -> 1.0.78"
[[audits.cfg_aliases]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.2.1"
notes = "Very minor changes."
[[audits.chardetng]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.1.9"
notes = "I, Henri Sivonen, wrote this (safe-code-only) crate for Gecko even though the crate is published via crates.io."
[[audits.chardetng]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.9 -> 0.1.9@git:3484d3e3ebdc8931493aa5df4d7ee9360a90e76b"
[[audits.chardetng_c]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "I, Henri Sivonen, wrote this crate for Gecko even though it is published via crates.io. The buffer input assumes Rust slice constraints for the start pointer. In Gecko, this is taken care of by mozilla::Span, but the C API doesn't conform to idiomatic C constraints on this point."
[[audits.chardetng_c]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.2@git:ed8a4c6f900a90d4dbc1d64b856e61490a1c3570"
[[audits.circular]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "No dependencies. Unsafe code is necessary to provide functionality and was manually verified to be correct."
[[audits.clang-sys]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.3.3 -> 1.4.0"
[[audits.clang-sys]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.4.0 -> 1.6.0"
[[audits.clang-sys]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.6.0 -> 1.7.0"
notes = """
Adds several new symbols for Clang versions 11.0, 12.0, 16.0, and 17.0, conditionally enabled based
on Cargo feature flags. Some other minor internal refactors were implemented that shouldn't change
functionality otherwise.
"""
[[audits.clap-verbosity-flag]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-run"
version = "2.2.0"
[[audits.clap_lex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.2"
[[audits.clap_lex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.4"
[[audits.clubcard]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.3.1"
notes = "This crate is maintained by the CryptoEng team at Mozilla and it contains no unsafe code."
[[audits.clubcard-crlite]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.1"
notes = "This crate is maintained by the CryptoEng team at Mozilla and it contains no unsafe code."
[[audits.comedy]]
who = "Nick Alexander <nalexander@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.0"
notes = """
The comedy crate was written by Adam Gashlin for Mozilla's use. The entire
comedy 0.2.0 crate is full of `unsafe` code and makes many assumptions about
memory and layout, but there is no particular processing of untrusted input
here.
"""
[[audits.cookie]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "0.16.0 -> 0.16.2"
[[audits.core-foundation]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.9.4"
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[audits.core-graphics]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.22.3 -> 0.23.1"
[[audits.core-graphics-types]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.1.2"
[[audits.core-graphics-types]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.3"
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
[[audits.core-text]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "19.2.0 -> 20.0.0"
[[audits.core-text]]
who = "Jonathan Kew <jfkthame@gmail.com>"
criteria = "safe-to-deploy"
delta = "20.0.0 -> 20.1.0"
notes = """
The bulk of the 20.0.0 -> 20.1.0 changes were purely cosmetic clippy and rustfmt changes.
The only substantive change was the addition of wrappers to expose two additional Core Text APIs,
the variants of CTFontCreateWithName and CTFontCreateWithFontDescriptor that accept a CTFontOptions
parameter. These are directly parallel to the existing versions without CTFontOptions, and do not
introduce any new forms of risk.
"""
[[audits.core_maths]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.coreaudio-sys]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.11"
[[audits.coreaudio-sys]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.11 -> 0.2.12"
[[audits.coreaudio-sys]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.12 -> 0.2.13"
[[audits.coreaudio-sys]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.2.13 -> 0.2.14"
[[audits.cose]]
who = "Mathew Hodson <mathew.hodson@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.4@git:43c22248d136c8b38fe42ea709d08da6355cf04b"
[[audits.cpufeatures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.4"
[[audits.cpufeatures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.4 -> 0.2.5"
[[audits.cpufeatures]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.2.7 -> 0.2.8"
notes = "This release contains a single fix for an issue that affected Firefox"
[[audits.crash-context]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.5.1"
notes = "Mozilla employees contributed to this crate and the remaining code was fully audited"
[[audits.crash-context]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.0"
notes = """
There are few changes. The main change is the removal of `winapi` in favor of
manually-generated bindings (which are minimal). The few small bugfixes are
sound.
"""
[[audits.crash-context]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
[[audits.crc32fast]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 1.4.2"
notes = "Minor, safe changes."
[[audits.crossbeam-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.4 -> 0.5.6"
[[audits.crossbeam-channel]]
who = "Glenn Watson <git@intuitionlibrary.com>"
criteria = "safe-to-deploy"
delta = "0.5.12 -> 0.5.13"
[[audits.crossbeam-deque]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.8.1 -> 0.8.2"
[[audits.crossbeam-epoch]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.9.8 -> 0.9.10"
[[audits.crossbeam-epoch]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.9.10 -> 0.9.13"
[[audits.crossbeam-epoch]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.9.13 -> 0.9.14"
[[audits.crossbeam-queue]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.3.8"
[[audits.crossbeam-utils]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.8.8 -> 0.8.11"
[[audits.crossbeam-utils]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.8.11 -> 0.8.14"
[[audits.crossbeam-utils]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.8.19 -> 0.8.20"
notes = "Minor changes."
[[audits.crypto-common]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.6"
[[audits.cssparser]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.29.6"
notes = """
I've reviewed or authored most of the recent changes to this library, and it
was developed by other mozilla folks. Unsafe code there is reasonable (utf-8
casts for serialization and parsing).
"""
[[audits.cssparser]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.29.6 -> 0.31.0"
notes = """
All the changes in this release were authored by Mozilla staff, except the
uninit_array stuff, which looks fine.
"""
[[audits.cssparser]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.31.0 -> 0.31.2"
[[audits.cssparser]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.31.2 -> 0.32.0"
notes = "All changes were either authored or reviewed by Mozilla employees."
[[audits.cssparser]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.32.0 -> 0.33.0"
notes = """
Mozilla authored. Breaking changes from 0.32 involve splitting color APIs into
their own crate and removing an unused line number offset mechanism.
"""
[[audits.cssparser]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.33.0 -> 0.33.0@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
notes = "Only one minimal change exposing a previously-private enumeration."
[[audits.cssparser]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.33.0 -> 0.34.0"
notes = "I'm the publisher of the crate, and either myself or other Mozilla folks have been authors or reviewers of all the changes."
[[audits.cssparser-color]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "This code used to live in cssparser's color module. Only moved out. Mozilla-authored."
[[audits.cssparser-macros]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.6.0"
notes = """
Trivial crate with a single proc macro to compute the max length of the inputs
to a match expression.
"""
[[audits.cssparser-macros]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
[[audits.cssparser-macros]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.6.1@git:aaa966d9d6ae70c4b8a62bb5e3a14c068bb7dff0"
notes = "No changes from already-certified upstream, but needed because it lives in the same git repo as the cssparser crate."
[[audits.cstr]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.2.10"
notes = """
I've reviewed the code of the crate thoroughly. It generates an unsafe block
which is statically guaranteed to be safe. Inputs to the macro have to be
static so there's no uncontrolled input whatsoever.
"""
[[audits.cstr]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.10 -> 0.2.11"
[[audits.cubeb]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.10.1"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
[[audits.cubeb]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
[[audits.cubeb]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.12.0"
[[audits.cubeb]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.13.0"
[[audits.cubeb-backend]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.10.1"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-backend]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
[[audits.cubeb-backend]]
who = "Paul Adenot <paul@paul.cx>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-backend]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.10.7"
[[audits.cubeb-backend]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.12.0"
[[audits.cubeb-backend]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.13.0"
[[audits.cubeb-core]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.10.1"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-core]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
[[audits.cubeb-core]]
who = "Paul Adenot <paul@paul.cx>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.10.4"
[[audits.cubeb-core]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.4 -> 0.10.7"
[[audits.cubeb-core]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.12.0"
[[audits.cubeb-core]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.13.0"
[[audits.cubeb-sys]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
version = "0.10.1"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-sys]]
who = "Matthew Gregan <kinetik@flim.org>"
criteria = "safe-to-deploy"
delta = "0.10.1 -> 0.10.2"
[[audits.cubeb-sys]]
who = "Paul Adenot <paul@paul.cx>"
criteria = "safe-to-deploy"
delta = "0.10.2 -> 0.10.3"
notes = """
Mozilla-developed package.
"""
[[audits.cubeb-sys]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.10.7"
[[audits.cubeb-sys]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.12.0"
[[audits.cubeb-sys]]
who = "Andreas Pehrson <apehrson@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.12.0 -> 0.13.0"
[[audits.d3d12]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "The commits between 0.4.1 and 0.5.0 were all audited by Dzmitry Malyshau or myself."
[[audits.d3d12]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "0.5.0 -> 0.7.0"
[[audits.d3d12]]
who = [
"Erich Gubler <egubler@mozilla.com>",
"Jim Blandy <jimb@red-bean.com>",
"Nicolas Silva <nical@fastmail.com>",
"Erich Gubler <erichdongubler@gmail.com>",
"Teodor Tanasoaia <ttanasoaia@mozilla.com>",
]
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.19.0"
[[audits.d3d12]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.0"
[[audits.d3d12]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "0.20.0 -> 22.0.0"
[[audits.d3d12]]
who = "Jim Blandy <jimb@red-bean.com>"
criteria = "safe-to-deploy"
delta = "22.0.0 -> 22.0.0@git:c6a3d927345a81eeb13e9e3720002c4cc6f25e54"
importable = false
[[audits.darling]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.4 -> 0.14.2"
[[audits.darling]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.2 -> 0.14.3"
[[audits.darling]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.3 -> 0.20.1"
[[audits.darling]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.20.1 -> 0.20.10"
[[audits.darling_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.4 -> 0.14.2"
[[audits.darling_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.2 -> 0.14.3"
[[audits.darling_core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.3 -> 0.20.1"
[[audits.darling_core]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.20.1 -> 0.20.10"
[[audits.darling_macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.13.4 -> 0.14.2"
[[audits.darling_macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.2 -> 0.14.3"
[[audits.darling_macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.14.3 -> 0.20.1"
[[audits.darling_macro]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.20.1 -> 0.20.10"
[[audits.data-encoding]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.3.2 -> 2.3.3"
[[audits.debugid]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.8.0"
notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it."
[[audits.deranged]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.3.11"
notes = """
This crate contains a decent bit of `unsafe` code, however all internal
unsafety is verified with copious assertions (many are compile-time), and
otherwise the unsafety is documented and left to the caller to verify.
"""
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.0 -> 1.1.1"
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.1 -> 1.1.3"
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.3 -> 1.2.1"
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.2.1 -> 1.2.3"
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.3.0 -> 1.3.1"
[[audits.derive_more]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.99.17 -> 1.0.0-beta.2"
[[audits.devd-rs]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.4 -> 0.3.5"
[[audits.devd-rs]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.5 -> 0.3.6"
[[audits.digest]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.10.3 -> 0.10.6"
[[audits.diplomat]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "This crate is FFI wrapper generator using by ICU4X ffi libraries. This uses unsafe code to convert paramenters, I have reviewed this and generated headers."
[[audits.diplomat]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
[[audits.diplomat]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.7.0"
[[audits.diplomat]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.0"
[[audits.diplomat-runtime]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "This crate is FFI wrapper generator runtime using by ICU4X ffi libraries. This uses unsafe code for memory access of FFI. I have reviewed carefully."
[[audits.diplomat-runtime]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
[[audits.diplomat-runtime]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.7.0"
[[audits.diplomat-runtime]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.0"
[[audits.diplomat_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "This crate contains unsafe code, no network and no file access."
[[audits.diplomat_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.5.2@git:8d125999893fedfdf30595e97334c21ec4b18da9"
[[audits.diplomat_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.5.2 -> 0.7.0"
[[audits.diplomat_core]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.7.0 -> 0.8.0"
[[audits.displaydoc]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
version = "0.2.3"
notes = """
This crate is convenient macros to implement core::fmt::Display trait.
Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access.
It meets the criteria for safe-to-deploy.
"""
[[audits.displaydoc]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.3 -> 0.2.4"
[[audits.document-features]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.8"
[[audits.document-features]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.8 -> 0.2.9"
[[audits.document-features]]
who = "Erich Gubler <erichdongubler@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.10"
[[audits.dogear]]
who = "Sammy Khamis <skhamis@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.0"
notes = "The repository for this crate belongs in the Mozilla org."
[[audits.dtoa-short]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.3"
[[audits.dwrote]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.11.0"
notes = "All code written or reviewed by Mozilla staff."
[[audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
[[audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
[[audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
[[audits.embed-manifest]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = "Necessary dependencies, all environment variable access is for build script vars set by cargo."
[[audits.encoding_c]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.9.8"
notes = "I, Henri Sivonen, wrote encoding_c for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/issues/79#issuecomment-1211870361"
[[audits.encoding_c_mem]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.2.6"
notes = """
I, Henri Sivonen, wrote encoding_c_mem for Gecko even though it is published via crates.io. There are two caveats: 1) the C API is designed to be used together with mozilla::Span and is unidiomatic for zero-length inputs otherwise. 2) It is idiomatic in C and C
++ to pass uninitialized buffers as output buffers. This is generally documented to be UB in Rust, but idiomatic C and C++ usage here relies on this not actually being UB for buffers of integers (which these buffers are). See https://github.com/hsivonen/encoding_rs/i
ssues/79#issuecomment-1211870361
"""
[[audits.encoding_rs]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.8.31"
notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
[[audits.encoding_rs]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.8.31 -> 0.8.32"
[[audits.enum-map]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "2.7.3"
[[audits.enum-map-derive]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.17.0"
[[audits.enum-primitive-derive]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.2"
[[audits.enumset]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.11 -> 1.0.12"
[[audits.enumset]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.12 -> 1.1.2"
[[audits.enumset_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
[[audits.enumset_derive]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.6.1 -> 0.8.1"
[[audits.env_logger]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.9.3"
[[audits.env_logger]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.0"
[[audits.errno]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.3"
[[audits.extend]]
who = "Ben Dean-Kawamura <bdk@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.1.2"
notes = "Inspected the crate and noted that the impl block comes directly from the proc-macro input. If no new code can be added by this crate, I don't think there can be any issues."
[[audits.extend]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.1.2 -> 1.2.0"
[[audits.fallible_collections]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.4 -> 0.4.5"
[[audits.fallible_collections]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.5 -> 0.4.6"
notes = "The changes in this version are mine."
[[audits.fallible_collections]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.6 -> 0.4.9"
notes = "Mostly soundness fixes."
[[audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
[[audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.9.0"
[[audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 2.0.0"
[[audits.fastrand]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.1.0"
[[audits.filetime_win]]
who = "Nick Alexander <nalexander@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.0"
notes = """
filetime_win was written by Adam Gashlin for Mozilla's use. The `unsafe` code
blocks in filetime_win 0.2.0 are straight-forward invocations of `mem::zeroed`
and expected invocations of Win32 APIs (with error handling as appropriate).
"""
[[audits.flagset]]
who = "Ryan Hunt <rhunt@eqrion.net>"
criteria = "safe-to-deploy"
version = "0.4.3"
notes = "Uses no ambient capabilities, vetted the one instance of unsafe."
[[audits.flate2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.24 -> 1.0.25"
[[audits.flate2]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.28 -> 1.0.30"
notes = "Some new unsafe code, however it has been verified and there are unit tests as well."
[[audits.fluent]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.16.0"
[[audits.fluent-bundle]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.15.2"
[[audits.fluent-fallback]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.6.0"
[[audits.fluent-fallback]]
who = "Greg Tatum <tatum.creative@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.7.0"
[[audits.fluent-langneg]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.13.0"
[[audits.fluent-pseudo]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.3.1"
[[audits.fluent-syntax]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-deploy"
version = "0.11.0"
[[audits.fluent-testing]]
who = "Zibi Braniecki <zibi@unicode.org>"
criteria = "safe-to-run"
version = "0.0.2"
[[audits.fluent-testing]]
who = "Greg Tatum <tatum.creative@gmail.com>"
criteria = "safe-to-run"
delta = "0.0.2 -> 0.0.3"
[[audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
[[audits.foreign-types]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.3.2 -> 0.5.0"
[[audits.foreign-types-macros]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.2.3"
[[audits.foreign-types-shared]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.1.1 -> 0.3.1"
[[audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
[[audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.2.1"
[[audits.fs-err]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.7.0 -> 2.8.1"
[[audits.fs-err]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "2.8.1 -> 2.9.0"
[[audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
[[audits.futures]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.28"
[[audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
[[audits.futures-channel]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.26"
[[audits.futures-channel]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
[[audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
[[audits.futures-core]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.26"
[[audits.futures-core]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
[[audits.futures-executor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures-executor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures-executor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
[[audits.futures-executor]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.23"
[[audits.futures-executor]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
[[audits.futures-io]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures-io]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures-io]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
[[audits.futures-io]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.23"
[[audits.futures-io]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.28"
[[audits.futures-macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.21 -> 0.3.23"
[[audits.futures-macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.23 -> 0.3.25"
[[audits.futures-macro]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"