{{!--
Copyright 2024 The Chromium Authors
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.

TODO(lukasza: https://github.com/mozilla/cargo-vet/issues/589): Reintroduce
Chromium-specific comments if/when `cargo vet ...  --locked` stops complaining
about them with: "A file in the store is not correctly formatted".  These
should include the copyright comment above, but maybe more importantly they
should include:
    # @generated by tools/crates/gnrt vendor. Do not edit.
--}}

# cargo-vet config file
default-criteria = "safe-to-run"

[cargo-vet]
version = "0.9"

[imports.chromeos]
url = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[imports.chromeos.criteria-map]
crypto-safe = "crypto-safe"
does-not-implement-crypto = "does-not-implement-crypto"
ub-risk-0 = "ub-risk-0"
ub-risk-1 = "ub-risk-1"
ub-risk-2 = "ub-risk-2"
ub-risk-3 = "ub-risk-3"
ub-risk-4 = "ub-risk-4"

[imports.fuchsia]
url = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[imports.fuchsia.criteria-map]
crypto-safe = "crypto-safe"
does-not-implement-crypto = "does-not-implement-crypto"
ub-risk-0 = "ub-risk-0"
ub-risk-1 = "ub-risk-1"
ub-risk-2 = "ub-risk-2"
ub-risk-3 = "ub-risk-3"
ub-risk-4 = "ub-risk-4"

[imports.google]
url = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml"

[imports.google.criteria-map]
crypto-safe = "crypto-safe"
does-not-implement-crypto = "does-not-implement-crypto"
ub-risk-0 = "ub-risk-0"
ub-risk-1 = "ub-risk-1"
ub-risk-2 = "ub-risk-2"
ub-risk-3 = "ub-risk-3"
ub-risk-4 = "ub-risk-4"
{{#each this.policies}}

[policy."{{crate_name}}"]
criteria = [{{#each criteria}}{{#if @first}}{{else}}, {{/if}}"{{this}}"{{/each}}]
{{/each}}

[[exemptions.cxx]]
version = "1.0.130"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024

Delta audit of 1.0.110 -> 1.0.115 has been done in Jan 2024, but because of a
lack of a fully-audited baseline nothing was recorded in audits.toml

Exemption updated to 1.0.116 in Feb 2024.
Exemption updated to 1.0.117 in Feb 2024.
Exemption updated to 1.0.122 in May 2024.
Exemption updated to 1.0.123 in June 2024.
Exemption updated to 1.0.124 in June 2024.
Exemption updated to 1.0.126 in August 2024.
Exemption updated to 1.0.128 in September 2024.
Exemption updated to 1.0.129 in October 2024.
Exemption updated to 1.0.130 in November 2024.
"""

[[exemptions.cxxbridge-macro]]
version = "1.0.130"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024

Delta audit of 1.0.110 -> 1.0.115 has been done in Jan 2024, but because of a
lack of a fully-audited baseline nothing was recorded in audits.toml

Exemption updated to 1.0.116 in Feb 2024.
Exemption updated to 1.0.117 in Feb 2024.
Exemption updated to 1.0.122 in May 2024.
Exemption updated to 1.0.123 in June 2024.
Exemption updated to 1.0.124 in June 2024.
Exemption updated to 1.0.126 in August 2024.
Exemption updated to 1.0.128 in September 2024.
Exemption updated to 1.0.129 in October 2024.
Exemption updated to 1.0.130 in October 2024.
"""

[[exemptions.memchr]]
version = "2.7.4"
criteria = ["safe-to-deploy", "ub-risk-2"]
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024

Bumped up the exemption to 2.7.1 when updating the crates.  When removing
the exemptions in the future we may want to look at the notes in cl/568617493
but even with those notes a review of the whole crate (rather than just the
delta) may be needed for `ub-risk-2`.

Bumped up the exemption to 2.7.2 in April 2024.  The delta was relatively small
and straightfoward (focusing on `target_feature = \"simd128\"`).  Note that an
unfinished audit of 2.7.1 has been started at https://crrev.com/c/5367005 and
I hear that Fuchsia has also been working on reviewing 2.7.1 (so we should check
later if maybe we can just import their audit).

Bumped up the exemption to 2.7.4 in June 2024, with a small and benign delta.
"""

[[exemptions.rand_core]]
version = "0.6.4"
criteria = "crypto-safe"
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024

TODO(b/341950532): Remove this exemption.
"""

[[exemptions.ryu]]
version = "1.0.18"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024.

Delta audit of 1.0.15 -> 1.0.16 has been done in Jan 2024, but because of a
lack of a fully-audited baseline nothing was recorded in audits.toml

Exemption updated to 1.0.17 in Feb 2024.
Exemption updated to 1.0.18 in May 2024.
"""

[[exemptions.syn]]
version = "2.0.87"
criteria = ["safe-to-deploy", "ub-risk-2"]
notes = """
Grandparented-in when setting up `cargo vet` in Jan 2024

Delta audit of 2.0.39 -> syn-2.0.48 has been done in Jan 2024 (including an
`unsafe` review done at https://crrev.com/c/5178771), but because of a lack of
a fully-audited baseline nothing was recorded in audits.toml

Exemption updated to 2.0.50 when updating the crate in Feb 2024.
Exemption updated to 2.0.52 when updating the crate in Mar 2024.
Exemption updated to 2.0.53 when updating the crate.
Exemption updated to 2.0.55 when updating the crate, with notes:
 - Mostly clippy, test changes - no changed unsafe.
Exemption updated to 2.0.59 when updating the crate in Apr 2024.
Exemption updated to 2.0.60 when updating the crate.
Exemption updated to 2.0.63 when updating the crate in May 2024.
Exemption updated to 2.0.65 when updating the crate in May 2024.
Exemption updated to 2.0.66 when updating the crate in May 2024.
Exemption updated to 2.0.68 when updating the crate in June 2024.
Exemption updated to 2.0.69 when updating the crate in July 2024.
Exemption updated to 2.0.71 when updating the crate in July 2024.
Exemption updated to 2.0.72 when updating the crate in July 2024.
Exemption updated to 2.0.74 when updating the crate in August 2024.
Exemption updated to 2.0.76 when updating the crate in August 2024.
Exemption updated to 2.0.77 when updating the crate in September 2024.
Exemption updated to 2.0.79 when updating the crate in October 2024.
Exemption updated to 2.0.85 when updating the crate in October 2024.
Exemption updated to 2.0.87 when updating the crate in November 2024.
"""

[[exemptions.zerocopy]]
version = "0.7.35"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
notes = """
Requires unsafe review audit. Authored in Google and audit should come from there as well.

https://crbug.com/366411886
"""

[[exemptions.zerocopy-derive]]
version = "0.7.35"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
notes = """
Requires unsafe review audit. Authored in Google and audit should come from there as well.
"""