bf1aaba06d
The `ring` crate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations. ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don't care about that platform, I added exemptions for all of these crates, so we don't have to audit them. The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.
This directory contains the state for cargo-vet, a tool to help projects ensure that third-party Rust dependencies have been audited by a trusted entity. More about the tool can be found here: https://mozilla.github.io/cargo-vet/ The audits.toml file may be imported by other projects, and therefore should be handled with care. Ask for help if you're not sure.