The `ring` crate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations. ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don't care about that platform, I added exemptions for all of these crates, so we don't have to audit them. The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.
This commit is contained in:
Pat Hickey
@@ -817,6 +817,23 @@ criteria = "safe-to-deploy"
|
||||
delta = "0.36.7 -> 0.36.8"
|
||||
notes = "The Bytecode Alliance is the author of this crate."
|
||||
|
||||
[[audits.rustls]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.21.0"
|
||||
notes = "no unsafe code, ambient capabilities only used in tests"
|
||||
|
||||
[[audits.rustls-webpki]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.100.1"
|
||||
|
||||
[[audits.sct]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.7.0"
|
||||
notes = "no unsafe, no build, no ambient capabilities"
|
||||
|
||||
[[audits.semver]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
@@ -901,6 +918,12 @@ criteria = "safe-to-deploy"
|
||||
version = "0.3.1"
|
||||
notes = "unsafety is used for smuggling std::task::Context as a raw pointer. Lifetime and type safety appears to be taken care of correctly."
|
||||
|
||||
[[audits.tokio-rustls]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.24.0"
|
||||
notes = "no unsafe, no build, no ambient capabilities"
|
||||
|
||||
[[audits.tokio-util]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
@@ -967,6 +990,11 @@ who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.3.0"
|
||||
|
||||
[[audits.wasm-bindgen-shared]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.83 -> 0.2.80"
|
||||
|
||||
[[audits.wasm-coredump-builder]]
|
||||
who = "Alex Crichton <alex@alexcrichton.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
@@ -1602,6 +1630,11 @@ criteria = "safe-to-deploy"
|
||||
delta = "1.0.48 -> 1.0.49"
|
||||
notes = "The Bytecode Alliance is the author of this crate."
|
||||
|
||||
[[audits.webpki-roots]]
|
||||
who = "Pat Hickey <phickey@fastly.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.22.4 -> 0.23.0"
|
||||
|
||||
[[audits.windows-sys]]
|
||||
who = "Dan Gohman <dev@sunfishcode.online>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
Reference in New Issue
Block a user