diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 20d22b719e..5dfa660686 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -817,6 +817,23 @@ criteria = "safe-to-deploy" delta = "0.36.7 -> 0.36.8" notes = "The Bytecode Alliance is the author of this crate." +[[audits.rustls]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.21.0" +notes = "no unsafe code, ambient capabilities only used in tests" + +[[audits.rustls-webpki]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.100.1" + +[[audits.sct]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.7.0" +notes = "no unsafe, no build, no ambient capabilities" + [[audits.semver]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -901,6 +918,12 @@ criteria = "safe-to-deploy" version = "0.3.1" notes = "unsafety is used for smuggling std::task::Context as a raw pointer. Lifetime and type safety appears to be taken care of correctly." +[[audits.tokio-rustls]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.24.0" +notes = "no unsafe, no build, no ambient capabilities" + [[audits.tokio-util]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -967,6 +990,11 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.0" +[[audits.wasm-bindgen-shared]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "0.2.83 -> 0.2.80" + [[audits.wasm-coredump-builder]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -1602,6 +1630,11 @@ criteria = "safe-to-deploy" delta = "1.0.48 -> 1.0.49" notes = "The Bytecode Alliance is the author of this crate." +[[audits.webpki-roots]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +delta = "0.22.4 -> 0.23.0" + [[audits.windows-sys]] who = "Dan Gohman " criteria = "safe-to-deploy" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 9d9bb54c93..9492be5e20 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -426,6 +426,11 @@ criteria = "safe-to-deploy" version = "0.1.24" criteria = "safe-to-deploy" +[[exemptions.js-sys]] +version = "0.3.57" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" + [[exemptions.js-sys]] version = "0.3.57" criteria = "safe-to-run" @@ -733,6 +738,11 @@ criteria = "safe-to-deploy" version = "0.5.3" criteria = "safe-to-deploy" +[[exemptions.ring]] +version = "0.16.20" +criteria = "safe-to-deploy" +notes = "contains assembly language and object file implementations of crypto primitives for a very large number of platforms" + [[exemptions.rsa]] version = "0.5.0" criteria = "safe-to-deploy" @@ -961,25 +971,46 @@ criteria = "safe-to-deploy" version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" +[[exemptions.wasm-bindgen]] +version = "0.2.80" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" + [[exemptions.wasm-bindgen]] version = "0.2.80" criteria = "safe-to-run" +[[exemptions.wasm-bindgen-backend]] +version = "0.2.80" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" + [[exemptions.wasm-bindgen-backend]] version = "0.2.80" criteria = "safe-to-run" +[[exemptions.wasm-bindgen-macro]] +version = "0.2.80" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" + [[exemptions.wasm-bindgen-macro]] version = "0.2.80" criteria = "safe-to-run" +[[exemptions.wasm-bindgen-macro-support]] +version = "0.2.80" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" + [[exemptions.wasm-bindgen-macro-support]] version = "0.2.80" criteria = "safe-to-run" -[[exemptions.wasm-bindgen-shared]] -version = "0.2.80" -criteria = "safe-to-run" +[[exemptions.web-sys]] +version = "0.3.57" +criteria = "safe-to-deploy" +notes = "dependency of ring for wasm32 browser platform, which our project does not target" [[exemptions.web-sys]] version = "0.3.57" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 09054c4440..b50fdf6acb 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -32,6 +32,12 @@ criteria = "safe-to-deploy" version = "0.2.2" notes = "Inspected it and is a tiny crate with just type definitions" +[[audits.embark-studios.audits.webpki-roots]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +version = "0.22.4" +notes = "Inspected it to confirm that it only contains data definitions and no runtime code" + [[audits.google.audits.libfuzzer-sys]] who = "ChromeOS" criteria = "safe-to-run" @@ -71,6 +77,16 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.4.1" +[[audits.isrg.audits.untrusted]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.7.1" + +[[audits.isrg.audits.wasm-bindgen-shared]] +who = "David Cook " +criteria = "safe-to-deploy" +version = "0.2.83" + [[audits.mozilla.audits.autocfg]] who = "Josh Stone " criteria = "safe-to-deploy"