extern/atuin
1
0
Fork 0
mirror of https://github.com/atuinsh/atuin.git synced 2025-02-21 12:52:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

more

Browse Source
This commit is contained in:
Conrad Ludgate 2023-08-19 12:44:18 +01:00
parent bf0eb9ecf6
commit 259be8812d
3 changed files with 252 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
supply-chain/audits.toml
View File

@ -51,6 +51,16 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-run"
version = "0.1.13"
[[audits.either]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.0"
[[audits.errno]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.2"
[[audits.errno-dragonfly]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -61,6 +71,11 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
version = "2.1.0"
[[audits.form_urlencoded]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.2.0"
[[audits.futures-core]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -116,6 +131,11 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
version = "0.4.5"
[[audits.httpdate]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.2 -> 1.0.3"
[[audits.iban_validate]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -131,6 +151,11 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
version = "0.7.2"
[[audits.is-terminal]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.4.7 -> 0.4.9"
[[audits.jurisdiction]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -166,11 +191,21 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.3.0"
[[audits.pkg-config]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.26 -> 0.3.27"
[[audits.pretty_assertions]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-run"
version = "1.4.0"
[[audits.quote]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.31 -> 1.0.33"
[[audits.reqwest-middleware]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -196,6 +231,16 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.1"
[[audits.rustversion]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.14"
[[audits.semver]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
[[audits.serde_plain]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -231,6 +276,16 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-run"
version = "2.1.0"
[[audits.thiserror-impl]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.40 -> 1.0.47"
[[audits.time-core]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.1"
[[audits.tokio-executor-trait]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
@ -286,6 +341,21 @@ who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-run"
version = "0.2.4"
[[audits.unicode-ident]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.11"
[[audits.want]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
[[audits.webpki-roots]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.23.0 -> 0.24.0"
[[audits.wiremock]]
who = "Conrad Ludgate <conradludgate@gmail.com>"
criteria = "safe-to-run"

56
supply-chain/config.toml
View File

@ -326,10 +326,6 @@ criteria = "safe-to-deploy"
version = "2.0.0"
criteria = "safe-to-deploy"
[[exemptions.either]]
version = "1.9.0"
criteria = "safe-to-deploy"
[[exemptions.encode_unicode]]
version = "0.3.6"
criteria = "safe-to-deploy"
@ -342,10 +338,6 @@ criteria = "safe-to-deploy"
version = "1.0.1"
criteria = "safe-to-deploy"
[[exemptions.errno]]
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.etcetera]]
version = "0.8.0"
criteria = "safe-to-deploy"
@ -374,10 +366,6 @@ criteria = "safe-to-deploy"
version = "0.10.14"
criteria = "safe-to-deploy"
[[exemptions.form_urlencoded]]
version = "1.2.0"
criteria = "safe-to-deploy"
[[exemptions.fs-err]]
version = "2.9.0"
criteria = "safe-to-deploy"
@ -454,10 +442,6 @@ criteria = "safe-to-deploy"
version = "1.8.0"
criteria = "safe-to-deploy"
[[exemptions.httpdate]]
version = "1.0.3"
criteria = "safe-to-deploy"
[[exemptions.humantime]]
version = "2.1.0"
criteria = "safe-to-deploy"
@ -502,10 +486,6 @@ criteria = "safe-to-deploy"
version = "2.8.0"
criteria = "safe-to-deploy"
[[exemptions.is-terminal]]
version = "0.4.9"
criteria = "safe-to-deploy"
[[exemptions.iso8601]]
version = "0.4.2"
criteria = "safe-to-deploy"
@ -686,10 +666,6 @@ criteria = "safe-to-deploy"
version = "0.10.2"
criteria = "safe-to-deploy"
[[exemptions.pkg-config]]
version = "0.3.27"
criteria = "safe-to-deploy"
[[exemptions.platforms]]
version = "3.0.2"
criteria = "safe-to-deploy"
@ -706,10 +682,6 @@ criteria = "safe-to-deploy"
version = "0.2.17"
criteria = "safe-to-deploy"
[[exemptions.quote]]
version = "1.0.33"
criteria = "safe-to-deploy"
[[exemptions.rand]]
version = "0.7.3"
criteria = "safe-to-deploy"
@ -826,10 +798,6 @@ criteria = "safe-to-deploy"
version = "0.101.3"
criteria = "safe-to-deploy"
[[exemptions.rustversion]]
version = "1.0.14"
criteria = "safe-to-deploy"
[[exemptions.rusty_paseto]]
version = "0.5.0"
criteria = "safe-to-deploy"
@ -858,10 +826,6 @@ criteria = "safe-to-deploy"
version = "2.9.1"
criteria = "safe-to-deploy"
[[exemptions.semver]]
version = "1.0.18"
criteria = "safe-to-deploy"
[[exemptions.serde]]
version = "1.0.171"
criteria = "safe-to-deploy"
@ -1014,10 +978,6 @@ criteria = "safe-to-deploy"
version = "1.0.47"
criteria = "safe-to-deploy"
[[exemptions.thiserror-impl]]
version = "1.0.47"
criteria = "safe-to-deploy"
[[exemptions.thread_local]]
version = "1.1.7"
criteria = "safe-to-deploy"
@ -1026,10 +986,6 @@ criteria = "safe-to-deploy"
version = "0.3.26"
criteria = "safe-to-deploy"
[[exemptions.time-core]]
version = "0.1.1"
criteria = "safe-to-deploy"
[[exemptions.time-macros]]
version = "0.2.12"
criteria = "safe-to-deploy"
@ -1110,10 +1066,6 @@ criteria = "safe-to-deploy"
version = "1.16.0"
criteria = "safe-to-deploy"
[[exemptions.unicode-ident]]
version = "1.0.11"
criteria = "safe-to-deploy"
[[exemptions.unicode_categories]]
version = "0.1.1"
criteria = "safe-to-deploy"
@ -1138,10 +1090,6 @@ criteria = "safe-to-deploy"
version = "1.4.1"
criteria = "safe-to-deploy"
[[exemptions.want]]
version = "0.3.1"
criteria = "safe-to-deploy"
[[exemptions.wasi]]
version = "0.9.0+wasi-snapshot-preview1"
criteria = "safe-to-deploy"
@ -1178,10 +1126,6 @@ criteria = "safe-to-deploy"
version = "0.3.64"
criteria = "safe-to-deploy"
[[exemptions.webpki-roots]]
version = "0.24.0"
criteria = "safe-to-deploy"
[[exemptions.whoami]]
version = "1.4.1"
criteria = "safe-to-deploy"

182
supply-chain/imports.lock
View File

@ -82,6 +82,28 @@ who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
version = "0.1.3"
[[audits.bytecode-alliance.audits.errno]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "This crate uses libc and windows-sys APIs to get and set the raw OS error value."
[[audits.bytecode-alliance.audits.errno]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.3.1"
notes = "Just a dependency version bump and a bug fix for redox"
[[audits.bytecode-alliance.audits.form_urlencoded]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = """
This is a small crate for working with url-encoded forms which doesn't have any
more than what it says on the tin. Contains one `unsafe` block related to
performance around utf-8 validation which is fairly easy to verify as correct.
"""
[[audits.bytecode-alliance.audits.futures-channel]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -110,6 +132,12 @@ criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
[[audits.bytecode-alliance.audits.httpdate]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "No unsafety, no io"
[[audits.bytecode-alliance.audits.idna]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
@ -121,6 +149,15 @@ crate is broadly used throughout the ecosystem and does not contain anything
suspicious.
"""
[[audits.bytecode-alliance.audits.is-terminal]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.4.7"
notes = """
The is-terminal implementation code is now sync'd up with the prototype
implementation in the Rust standard library.
"""
[[audits.bytecode-alliance.audits.matchers]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -151,6 +188,12 @@ who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
[[audits.bytecode-alliance.audits.pkg-config]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."
[[audits.bytecode-alliance.audits.proc-macro2]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -165,12 +208,23 @@ This is a routine update for new nightly features and new syntax popping up on
nightly, nothing out of the ordinary.
"""
[[audits.bytecode-alliance.audits.quote]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "1.0.23 -> 1.0.27"
[[audits.bytecode-alliance.audits.sct]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.7.0"
notes = "no unsafe, no build, no ambient capabilities"
[[audits.bytecode-alliance.audits.semver]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.17"
notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"
[[audits.bytecode-alliance.audits.slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
@ -202,12 +256,27 @@ This crate has no unsafe code and does not use `std::*`. Skimming the crate it
does not attempt to out of the bounds of what it's already supposed to be doing.
"""
[[audits.bytecode-alliance.audits.unicode-ident]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.8"
[[audits.bytecode-alliance.audits.vcpkg]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "no build.rs, no macros, no unsafe. It reads the filesystem and makes copies of DLLs into OUT_DIR."
[[audits.bytecode-alliance.audits.want]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.bytecode-alliance.audits.webpki-roots]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.22.4 -> 0.23.0"
[[audits.embark-studios.audits.colorchoice]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
@ -220,6 +289,12 @@ criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.0"
notes = "No unsafe usage or ambient capabilities"
[[audits.embark-studios.audits.thiserror-impl]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.40"
notes = "Found no unsafe or ambient capabilities used"
[[audits.embark-studios.audits.utf8parse]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
@ -232,6 +307,12 @@ criteria = "safe-to-deploy"
version = "0.1.0"
notes = "No unsafe usage or ambient capabilities, sane build script"
[[audits.embark-studios.audits.webpki-roots]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.22.4"
notes = "Inspected it to confirm that it only contains data definitions and no runtime code"
[[audits.google.audits.futures]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
@ -314,6 +395,34 @@ criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.6"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.6.1"
notes = """
Straightforward crate providing the Either enum and trait implementations with
no unsafe code.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.either]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.encoding_rs]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
@ -404,6 +513,12 @@ version = "0.1.43"
notes = "All code written or reviewed by Josh Stone."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.pkg-config]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.3.25 -> 0.3.26"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
@ -466,6 +581,48 @@ delta = "1.0.63 -> 1.0.66"
notes = "Removed special support for some really old Rust versions"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.18"
notes = """
`quote` is a utility crate used by proc-macros to generate TokenStreams
conveniently from source code. The bulk of the logic is some complex
interlocking `macro_rules!` macros which are used to parse and build the
`TokenStream` within the proc-macro.
This crate contains no unsafe code, and the internal logic, while difficult to
read, is generally straightforward. I have audited the the quote macros, ident
formatter, and runtime logic.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.27 -> 1.0.28"
notes = "Enabled on wasm targets"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.28 -> 1.0.31"
notes = "Minimal changes and removal of the build.rs"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
[[audits.mozilla.audits.rustc-hash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
@ -473,6 +630,18 @@ version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rustversion]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.9"
notes = """
This crate has a build-time component and procedural macro logic, which I looked
at enough to convince myself it wasn't going to do anything dramatically wrong.
I don't think logic bugs in the version parsing etc can realistically introduce
a security vulnerability.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.sha1]]
who = "Dana Keeler <dkeeler@mozilla.com>"
criteria = "safe-to-deploy"
@ -498,8 +667,21 @@ version = "2.5.0"
notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.time-core]]
who = "Kershaw Chang <kershaw@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-bidi]]
who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
criteria = "safe-to-deploy"
delta = "0.3.8 -> 0.3.13"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.unicode-ident]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.0.8 -> 1.0.9"
notes = "Dependency updates only"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"