supply-chain/imports.lock


# cargo-vet imports lock

[[publisher.anyhow]]
version = "1.0.83"
when = "2024-05-06"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.arbitrary]]
version = "1.3.2"
when = "2023-10-30"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"

[[publisher.async-trait]]
version = "0.1.80"
when = "2024-04-11"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.bumpalo]]
version = "3.16.0"
when = "2024-04-08"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"

[[publisher.core-foundation]]
version = "0.9.3"
when = "2022-02-07"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.core-foundation-sys]]
version = "0.8.4"
when = "2023-04-03"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.h2]]
version = "0.4.4"
when = "2024-04-03"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.headers]]
version = "0.4.0"
when = "2023-11-24"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.headers-core]]
version = "0.3.0"
when = "2023-11-24"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.http]]
version = "1.1.0"
when = "2024-03-04"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.http-body-util]]
version = "0.1.1"
when = "2024-03-11"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.httparse]]
version = "1.8.0"
when = "2022-08-30"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hyper]]
version = "1.3.1"
when = "2024-04-16"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hyper-util]]
version = "0.1.3"
when = "2024-01-31"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.mime]]
version = "0.3.17"
when = "2023-03-20"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.num_cpus]]
version = "1.16.0"
when = "2023-06-29"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.paste]]
version = "1.0.15"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.proc-macro2]]
version = "1.0.82"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.rustversion]]
version = "1.0.16"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ryu]]
version = "1.0.18"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde]]
version = "1.0.201"
when = "2024-05-08"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_derive]]
version = "1.0.201"
when = "2024-05-08"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_json]]
version = "1.0.117"
when = "2024-05-08"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.slab]]
version = "0.4.9"
when = "2023-08-22"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.syn]]
version = "2.0.63"
when = "2024-05-11"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.thiserror]]
version = "1.0.60"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.thiserror-impl]]
version = "1.0.60"
when = "2024-05-07"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.tokio-test]]
version = "0.4.4"
when = "2024-03-14"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.try-lock]]
version = "0.2.5"
when = "2023-12-07"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.trybuild]]
version = "1.0.95"
when = "2024-05-09"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.unicase]]
version = "2.7.0"
when = "2023-08-21"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.unicode-normalization]]
version = "0.1.23"
when = "2024-02-20"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.venndb]]
version = "0.4.0"
when = "2024-04-18"
user-id = 1144
user-login = "GlenDC"
user-name = "Glen De Cauwsemaecker"

[[publisher.want]]
version = "0.3.1"
when = "2023-06-14"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.windows-core]]
version = "0.54.0"
when = "2024-02-27"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-result]]
version = "0.1.1"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-targets]]
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-targets]]
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_gnullvm]]
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_aarch64_gnullvm]]
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_i686_gnullvm]]
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnullvm]]
version = "0.48.5"
when = "2023-08-18"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows_x86_64_gnullvm]]
version = "0.52.5"
when = "2024-04-12"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[audits.bytecode-alliance.wildcard-audits.arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2020-01-14"
end = "2024-04-21"
notes = "I am an author of this crate."

[[audits.bytecode-alliance.audits.adler]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm."

[[audits.bytecode-alliance.audits.core-foundation-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.6"
notes = """
The changes here are all typical bindings updates: new functions, types, and
constants. I have not audited all the bindings for ABI conformance.
"""

[[audits.bytecode-alliance.audits.crypto-common]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
version = "0.1.3"

[[audits.bytecode-alliance.audits.http-body]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.0-rc.2"

[[audits.bytecode-alliance.audits.http-body]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.0.0-rc.2 -> 1.0.0"
notes = "Only minor changes made for a stable release."

[[audits.bytecode-alliance.audits.itertools]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.10.5 -> 0.12.1"
notes = """
Minimal `unsafe` usage. Few blocks that existed looked reasonable. Does what it
says on the tin: lots of iterators.
"""

[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"

[[audits.bytecode-alliance.audits.nu-ansi-term]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.46.0"
notes = "one use of unsafe to call windows specific api to get console handle."

[[audits.bytecode-alliance.audits.openssl-probe]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
notes = "IO is only checking for the existence of paths in the filesystem"

[[audits.bytecode-alliance.audits.overload]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = "small crate, only defines macro-rules!, nicely documented as well"

[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""

[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"

[[audits.embark-studios.audits.tap]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.valuable]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "No unsafe usage or ambient capabilities, sane build script"

[audits.fermyon.audits]

[[audits.google.audits.async-stream]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.3.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.async-stream]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.3.4 -> 0.3.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.async-stream-impl]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.3.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.async-stream-impl]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
delta = "0.3.4 -> 0.3.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "2.4.2"
notes = """
Audit notes:

* I've checked for any discussion in Google-internal cl/546819168 (where audit
  of version 2.3.3 happened)
* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]`
* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be
  correct in a straightforward way - they just propagate the marker trait's
  impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type
* Additional discussion and/or notes may be found in https://crrev.com/c/5238056
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bitflags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.4.2 -> 2.5.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.cfg-if]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.clap]]
who = "Ying Hsu <yinghsu@chromium.org>"
criteria = "safe-to-run"
version = "4.5.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.clap_builder]]
who = "Ying Hsu <yinghsu@chromium.org>"
criteria = "safe-to-run"
version = "4.5.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.clap_lex]]
who = "Ying Hsu <yinghsu@chromium.org>"
criteria = "safe-to-run"
version = "0.7.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "agl@chromium.org"
criteria = "safe-to-run"
version = "1.9.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-run"
delta = "1.9.0 -> 1.10.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.either]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-run"
delta = "1.10.0 -> 1.11.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.glob]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.httpdate]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.itertools]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.10.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.10"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

There are a few places where `unsafe` is used.  Unsafe review notes can be found
in https://crrev.com/c/5350697.

Version 1.0.1 of this crate has been added to Chromium in
https://crrev.com/c/3321896.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.10 -> 1.0.11"
notes = """
Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits:

* Bumping up the version
* A touch up of comments
* And my own PR to make `unsafe` blocks more granular:
  https://github.com/dtolnay/itoa/pull/42
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

There are two places where `unsafe` is used.  Unsafe review notes can be found
in https://crrev.com/c/5347418.

This crate has been added to Chromium in https://crrev.com/c/3321895.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.linux-raw-sys]]
who = "Ying Hsu <yinghsu@chromium.org>"
criteria = "safe-to-run"
version = "0.4.13"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.35"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"net\" hit in tests and \"fs\" hit in README.md)
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.35 -> 1.0.36"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.tempfile]]
who = "Ying Hsu <yinghsu@chromium.org>"
criteria = "safe-to-run"
version = "3.10.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.termcolor]]
who = "danakj@chromium.org"
criteria = "safe-to-run"
version = "1.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.termcolor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-run"
delta = "1.4.0 -> 1.4.1"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.tinyvec]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.6.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for some \"unsafe\" appearing in comments:

```
src/arrayvec.rs:    // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on
src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the
src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this
src/lib.rs://! crate* introduces no new `unsafe` code into your project.
src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code
```

This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.unicode-ident]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.12"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

All two functions from the public API of this crate use `unsafe` to avoid bound
checks for an array access.  Cross-module analysis shows that the offsets can
be statically proven to be within array bounds.  More details can be found in
the unsafe review CL at https://crrev.com/c/5350386.

This crate has been added to Chromium in https://crrev.com/c/3891618.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.mozilla.wildcard-audits.core-foundation]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2019-03-29"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.core-foundation-sys]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
user-id = 5946 # Jeff Muizelaar (jrmuizel)
start = "2020-10-14"
end = "2023-05-04"
renew = false
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.unicode-normalization]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139 # Manish Goregaokar (Manishearth)
start = "2019-11-06"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.core-foundation]]
who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.9.4"
notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.crypto-common]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.form_urlencoded]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.2.0 -> 1.2.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.2.0 -> 2.3.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.percent-encoding]]
who = "Valentin Gosu <valentin.gosu@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.3.0 -> 2.3.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"

[[audits.mozilla.audits.subtle]]
who = "Simon Friedberger <simon@mozilla.com>"
criteria = "safe-to-deploy"
version = "2.5.0"
notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"