corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1774084 - Update cargo-vet to June 13th. r=supply-chain-reviewers,Gankra

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D149179
This commit is contained in:
Bobby Holley
2022-06-13 23:00:44 +00:00
parent 092ed594c9
commit b2c499d1c5
3 changed files with 26 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
supply-chain/audits.toml
View File

@@ -3,36 +3,36 @@
[[audits.atomic_refcell]] [[audits.atomic_refcell]]
who = "Bobby Holley <bholley@mozilla.com>" who = "Bobby Holley <bholley@mozilla.com>"
notes = "I maintain this crate and have reviewed every line."
criteria = "safe-to-deploy" criteria = "safe-to-deploy"
version = "0.1.8" version = "0.1.8"
notes = "I maintain this crate and have reviewed every line."
[[audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
[[audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
[[audits.linked-hash-map]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.4"
notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
[[audits.log]] [[audits.log]]
who = "Mike Hommey <mh+mozilla@glandium.org>" who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy" criteria = "safe-to-deploy"
version = "0.4.17" version = "0.4.17"
[[audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
criteria = "safe-to-deploy"
version = "0.5.2"
[[audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
criteria = "safe-to-deploy"
version = "0.6.3"
[[audits.linked-hash-map]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
criteria = "safe-to-deploy"
version = "0.5.4"
[[audits.thin-vec]] [[audits.thin-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>" who = "Aria Beingessner <a.beingessner@gmail.com>"
notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."
criteria = "safe-to-deploy" criteria = "safe-to-deploy"
version = "0.2.5" version = "0.2.5"
notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."

12
supply-chain/config.toml
View File

@@ -16,9 +16,9 @@ notes = "Used for automation."
[policy.gkrust-gtest] [policy.gkrust-gtest]
criteria = "safe-to-run" criteria = "safe-to-run"
notes = "Used for testing." notes = "Used for testing."
[policy.gkrust-shared.dependency-criteria]
tokio-reactor = [] [policy.gkrust-shared]
tokio-threadpool = [] dependency-criteria = { tokio-reactor = [], tokio-threadpool = [] }
[policy.gkrust_shared] [policy.gkrust_shared]
notes = "The dependencies on tokio-reactor and tokio-threadpools are just a hack to pin the version used by audioipc-{client,server}. Suppress vetting on those for the same reasons behind the policy entries." notes = "The dependencies on tokio-reactor and tokio-threadpools are just a hack to pin the version used by audioipc-{client,server}. Suppress vetting on those for the same reasons behind the policy entries."
@@ -32,15 +32,13 @@ criteria = "safe-to-run"
notes = "Used for testing." notes = "Used for testing."
[policy.l10nregistry] [policy.l10nregistry]
dependency-criteria = { fluent-testing = "safe-to-run", tokio = "safe-to-run" }
notes = "This crate has two testing-only dependencies which are specified as regular-but-optional rather than a dev-dependencies, because they need to be available to both benchmarks and integration tests." notes = "This crate has two testing-only dependencies which are specified as regular-but-optional rather than a dev-dependencies, because they need to be available to both benchmarks and integration tests."
[policy.l10nregistry.dependency-criteria]
fluent-testing = "safe-to-run"
tokio = "safe-to-run"
[policy.webdriver] [policy.webdriver]
criteria = "safe-to-run" criteria = "safe-to-run"
notes = "Used for automation." notes = "Used for automation."
[[unaudited.adler]] [[unaudited.adler]]
version = "1.0.2" version = "1.0.2"
criteria = "safe-to-deploy" criteria = "safe-to-deploy"

2
taskcluster/ci/fetch/toolchains.yml
View File

@@ -664,4 +664,4 @@ cargo-vet:
fetch: fetch:
type: git type: git
repo: https://github.com/mozilla/cargo-vet repo: https://github.com/mozilla/cargo-vet
revision: 8760068d704a23312c434d9342b1ecc5f35d1109 revision: a0c319c5b7622ba53ef58a6e8c93ad660c3dca82