Skip to content

Commit

Permalink
Update aggregated cargo-vet audits
Browse files Browse the repository at this point in the history
  • Loading branch information
@str4d @github-actions
str4d authored and github-actions[bot] committed Jul 20, 2024
1 parent 8d2c621 commit eee59e2
Showing 1 changed file with 116 additions and 8 deletions.
124 changes: 116 additions & 8 deletions supply-chain/audits.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ delta = "0.17.0 -> 0.19.0"
notes = "Only change to unsafe code is to reduce the scope of some unsafe blocks."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.addr2line]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.21.0 -> 0.22.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.aead]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -501,6 +507,13 @@ criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.clearscreen]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.1 -> 3.0.0"
notes = "Changes to stdin FD handling look fine (moving to newer safer APIs)."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.constant_time_eq]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
Expand Down Expand Up @@ -580,6 +593,13 @@ now usable with the new MSRV) instead of dropping via casting.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.crossbeam-channel]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.5.12 -> 0.5.13"
notes = "Macro changes look fine."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.crossbeam-deque]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -701,6 +721,18 @@ criteria = "safe-to-deploy"
delta = "4.1.1 -> 4.1.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.curve25519-dalek]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
delta = "4.1.2 -> 4.1.3"
notes = """
- New unsafe is adding `core::ptr::read_volatile` calls for black box
optimization barriers.
- `build.rs` changes are to use `CARGO_CFG_TARGET_POINTER_WIDTH` instead of
`TARGET` and the `platforms` crate for deciding on the target pointer width.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.curve25519-dalek-derive]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = ["safe-to-deploy", "crypto-reviewed"]
Expand Down Expand Up @@ -802,6 +834,17 @@ delta = "1.0.113 -> 1.0.122"
notes = "Build script changes only affect lints."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.cxx]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.122 -> 1.0.124"
notes = """
- Change to `build.rs` is to use `error_in_core` rustc feature.
- Change to `cxx.cc` uses the same technique for `char` as is already in use for
`isize` to check if it is an alias for `[u]int8_t`.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.cxxbridge-flags]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -979,6 +1022,13 @@ delta = "1.0.113 -> 1.0.122"
notes = "Only changes to lints."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.122 -> 1.0.124"
notes = "Only changes to lints."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.darling]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -1136,6 +1186,13 @@ criteria = "safe-to-deploy"
delta = "0.3.3 -> 0.3.8"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.errno]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.3.8 -> 0.3.9"
notes = "Only affects `visionos` target, which is treated the same as `macos` etc."
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.fastrand]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -1169,6 +1226,12 @@ criteria = "safe-to-deploy"
delta = "2.0.1 -> 2.0.2"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.fastrand]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.ff]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -2658,6 +2721,12 @@ criteria = "safe-to-deploy"
delta = "1.10.2 -> 1.10.4"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.regex]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.10.4 -> 1.10.5"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.regex-automata]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -2728,6 +2797,12 @@ criteria = "safe-to-deploy"
delta = "0.1.22 -> 0.1.23"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.rustc-demangle]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "0.1.23 -> 0.1.24"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.rustc_version]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -2834,6 +2909,12 @@ criteria = "safe-to-deploy"
delta = "1.0.16 -> 1.0.17"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.ryu]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.scopeguard]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -3052,6 +3133,16 @@ criteria = "safe-to-deploy"
delta = "1.0.110 -> 1.0.116"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.serde_json]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "1.0.116 -> 1.0.117"
notes = """
`build.rs` change is to use `cargo:rustc-check-cfg` to check for features it was
already using.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.sha2]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -3914,6 +4005,16 @@ dependency on the `rustix` crate.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.which]]
who = "Jack Grigg <jack@electriccoin.co>"
criteria = "safe-to-deploy"
delta = "4.4.2 -> 6.0.1"
notes = """
Mostly refactoring to newer APIs. New `winsafe` dependency is only used to check
for extensionless Windows executables.
"""
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[audits.winapi-util]]
who = "Daira-Emma Hopwood <daira@jacaranda.org>"
criteria = "safe-to-run"
Expand Down Expand Up @@ -4201,7 +4302,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2022-09-09"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_aarch64_gnullvm]]
Expand All @@ -4215,7 +4316,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2022-09-01"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_aarch64_msvc]]
Expand All @@ -4229,7 +4330,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2021-11-05"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_i686_gnu]]
Expand All @@ -4243,7 +4344,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2021-10-28"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_i686_gnullvm]]
Expand All @@ -4253,6 +4354,13 @@ start = "2024-04-02"
end = "2025-05-15"
aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

[[trusted.windows_i686_gnullvm]]
criteria = "safe-to-deploy"
user-id = 64539
start = "2024-04-02"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_i686_msvc]]
criteria = "safe-to-deploy"
user-id = 64539
Expand All @@ -4264,7 +4372,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2021-10-27"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_x86_64_gnu]]
Expand All @@ -4278,7 +4386,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2021-10-28"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_x86_64_gnullvm]]
Expand All @@ -4292,7 +4400,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2022-09-01"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.windows_x86_64_msvc]]
Expand All @@ -4306,7 +4414,7 @@ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/sup
criteria = "safe-to-deploy"
user-id = 64539
start = "2021-10-27"
end = "2024-06-21"
end = "2025-07-19"
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

[[trusted.zcash]]
Expand Down

0 comments on commit eee59e2

Please sign in to comment.