Skip to content

Commit 55747d1

Browse files
Nemo157Nemo157
authored
Merge pull request #76 from Satelles157/supply-chain/aggregate
Aggregate new audits
2 parents 4332e0f + 3b03e95 commit 55747d1

File tree

1 file changed

+72
-0
lines changed

1 file changed

+72
-0
lines changed

supply-chain/third-party-audits.toml

+72
Original file line numberDiff line numberDiff line change
@@ -5794,6 +5794,29 @@ aggregated-from = [
57945794
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
57955795
]
57965796

5797+
[[audits.bytemuck]]
5798+
who = "Lukasz Anforowicz <[email protected]>"
5799+
criteria = "ub-risk-3"
5800+
delta = "1.16.3 -> 1.17.0"
5801+
notes = """
5802+
1.17.0 may rely on `union` layout that is not guaranteed by the compiler.
5803+
See https://github.com/Lokathor/bytemuck/pull/268
5804+
"""
5805+
aggregated-from = [
5806+
"https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT",
5807+
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
5808+
]
5809+
5810+
[[audits.bytemuck]]
5811+
who = "Lukasz Anforowicz <[email protected]>"
5812+
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
5813+
delta = "1.16.3 -> 1.17.1"
5814+
notes = "Unsafe review comments can be found in https://crrev.com/c/5813463"
5815+
aggregated-from = [
5816+
"https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT",
5817+
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
5818+
]
5819+
57975820
[[audits.bytemuck]]
57985821
who = [
57995822
"Manish Goregaokar <[email protected]>",
@@ -5867,6 +5890,20 @@ aggregated-from = [
58675890
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
58685891
]
58695892

5893+
[[audits.bytemuck_derive]]
5894+
who = "Lukasz Anforowicz <[email protected]>"
5895+
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
5896+
delta = "1.7.0 -> 1.7.1"
5897+
notes = """
5898+
No impact on safety AFAICT - the delta only specifies a new attribute for
5899+
`proc_macro_derive` to work around re-export issues described at
5900+
https://github.com/Lokathor/bytemuck/issues/159
5901+
"""
5902+
aggregated-from = [
5903+
"https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT",
5904+
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
5905+
]
5906+
58705907
[[audits.byteorder]]
58715908
who = "Alyssa Haroldsen <[email protected]>"
58725909
criteria = ["ub-risk-3", "does-not-implement-crypto"]
@@ -7064,6 +7101,19 @@ aggregated-from = [
70647101
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
70657102
]
70667103

7104+
[[audits.clap]]
7105+
who = "Lukasz Anforowicz <[email protected]>"
7106+
criteria = ["safe-to-run", "does-not-implement-crypto"]
7107+
delta = "4.5.15 -> 4.5.16"
7108+
notes = """
7109+
The only change in the delta is explicitly listing re-exports
7110+
instead of using a `*` wildcard in `pub use clap_derive::{self, *}`.
7111+
"""
7112+
aggregated-from = [
7113+
"https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT",
7114+
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
7115+
]
7116+
70677117
[[audits.clap]]
70687118
who = "Brandon Pitman <[email protected]>"
70697119
criteria = "safe-to-run"
@@ -24633,6 +24683,19 @@ aggregated-from = [
2463324683
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
2463424684
]
2463524685

24686+
[[audits.quote]]
24687+
who = "Lukasz Anforowicz <[email protected]>"
24688+
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
24689+
delta = "1.0.36 -> 1.0.37"
24690+
notes = """
24691+
The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
24692+
`primitive!` macro and 2) adds `impl ToTokens` for `CStr` and `CString`.
24693+
"""
24694+
aggregated-from = [
24695+
"https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT",
24696+
"https://raw.githubusercontent.com/google/supply-chain/main/audits.toml",
24697+
]
24698+
2463624699
[[audits.quote]]
2463724700
who = "Nika Layzell <[email protected]>"
2463824701
criteria = "safe-to-deploy"
@@ -33151,6 +33214,15 @@ aggregated-from = [
3315133214
"https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml",
3315233215
]
3315333216

33217+
[[audits.unicode-xid]]
33218+
who = "Teodor Tanasoaia <[email protected]>"
33219+
criteria = "safe-to-deploy"
33220+
delta = "0.2.4 -> 0.2.5"
33221+
aggregated-from = [
33222+
"https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml",
33223+
"https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml",
33224+
]
33225+
3315433226
[[audits.unicode_ident]]
3315533227
who = "Johan Andersson <[email protected]>"
3315633228
criteria = "safe-to-deploy"

0 commit comments

Comments
 (0)