From 9616ead607d916f398acdedf176580f9785c7329 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Tue, 25 Apr 2023 10:57:28 -0700 Subject: [PATCH] `cargo vet` audits for guest profiling support (#6284) These audits are necessary for in-process guest profiling support, currently under development in PR #6282. --- supply-chain/audits.toml | 21 +++++++++++++++++++++ supply-chain/imports.lock | 20 ++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 82cb719732..e446604d25 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -239,6 +239,16 @@ criteria = "safe-to-run" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." +[[audits.bitflags]] +who = "Jamey Sharp " +criteria = "safe-to-deploy" +delta = "2.1.0 -> 2.2.1" +notes = """ +This version adds unsafe impls of traits from the bytemuck crate when built +with that library enabled, but I believe the impls satisfy the documented +safety requirements for bytemuck. The other changes are minor. +""" + [[audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" @@ -629,6 +639,17 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" +[[audits.fxprof-processed-profile]] +who = "Jamey Sharp " +criteria = "safe-to-deploy" +version = "0.6.0" +notes = """ +No unsafe code, I/O, or powerful imports. This is a straightforward set of data +structures representing the Firefox \"processed\" profile format, with serde +serialization support. All logic is trivial: either unit conversion, or +hash-consing to support de-duplication required by the format. +""" + [[audits.gimli]] who = "Alex Crichton " criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b2e9078c65..bbfe037e3b 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -143,12 +143,32 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.bitflags]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 2.0.2" +notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.bitflags]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.debugid]] +who = "Gabriele Svelto " +criteria = "safe-to-deploy" +version = "0.8.0" +notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.either]] who = "Nika Layzell " criteria = "safe-to-deploy"