From d60e04cab7b5670ae12c8451cfcbac863f23d20b Mon Sep 17 00:00:00 2001 From: Chris Fallin Date: Fri, 15 Nov 2024 09:34:09 -0800 Subject: [PATCH] cargo-vet audit for allocator-api2 0.2.18 -> 0.2.20. --- supply-chain/audits.toml | 13 +++++++++++-- supply-chain/imports.lock | 20 +++++++++++++------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index a0d8ea3acb38..6fc5f57f6e28 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -171,7 +171,7 @@ notes = "The Bytecode Alliance is the author of this crate." [[wildcard-audits.regalloc2]] who = "Chris Fallin " criteria = "safe-to-deploy" -user-id = 3726 +user-id = 3726 # Chris Fallin (cfallin) start = "2021-12-03" end = "2025-07-30" notes = "We (Bytecode Alliance) are the primary authors of regalloc2 and co-develop it with Cranelift/Wasmtime, with the same code-review, testing/fuzzing, and security standards." @@ -179,7 +179,7 @@ notes = "We (Bytecode Alliance) are the primary authors of regalloc2 and co-deve [[wildcard-audits.regalloc2]] who = "Trevor Elliott " criteria = "safe-to-deploy" -user-id = 187138 # Trevor Elliott (elliottt) +user-id = 187138 start = "2022-11-29" end = "2025-07-30" notes = """ @@ -935,6 +935,15 @@ Shuffling of features in this update and while there are updates to `unsafe` code it's no different than before and the usage remains the same. """ +[[audits.allocator-api2]] +who = "Chris Fallin " +criteria = "safe-to-deploy" +delta = "0.2.18 -> 0.2.20" +notes = """ +The changes appear to be reasonable updates from Rust's stdlib imported into +`allocator-api2`'s copy of this code. +""" + [[audits.ambient-authority]] who = "Dan Gohman " criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 26b8811c1771..d26260b518fc 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -267,8 +267,8 @@ user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.bumpalo]] -version = "3.14.0" -when = "2023-09-14" +version = "3.16.0" +when = "2024-04-08" user-id = 696 user-login = "fitzgen" user-name = "Nick Fitzgerald" @@ -669,11 +669,11 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.regalloc2]] -version = "0.10.2" -when = "2024-09-11" -user-id = 187138 -user-login = "elliottt" -user-name = "Trevor Elliott" +version = "0.11.0" +when = "2024-11-15" +user-id = 3726 +user-login = "cfallin" +user-name = "Chris Fallin" [[publisher.regex]] version = "1.9.1" @@ -1653,6 +1653,12 @@ end = "2024-05-03" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.allocator-api2]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy"