• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1
2# cargo-vet config file
3default-criteria = "safe-to-run"
4
5[cargo-vet]
6version = "0.9"
7
8[imports.chromeos]
9url = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
10
11[imports.chromeos.criteria-map]
12crypto-safe = "crypto-safe"
13does-not-implement-crypto = "does-not-implement-crypto"
14ub-risk-0 = "ub-risk-0"
15ub-risk-1 = "ub-risk-1"
16ub-risk-2 = "ub-risk-2"
17ub-risk-3 = "ub-risk-3"
18ub-risk-4 = "ub-risk-4"
19
20[imports.fuchsia]
21url = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"
22
23[imports.fuchsia.criteria-map]
24crypto-safe = "crypto-safe"
25does-not-implement-crypto = "does-not-implement-crypto"
26ub-risk-0 = "ub-risk-0"
27ub-risk-1 = "ub-risk-1"
28ub-risk-2 = "ub-risk-2"
29ub-risk-3 = "ub-risk-3"
30ub-risk-4 = "ub-risk-4"
31
32[imports.google]
33url = "https://raw.githubusercontent.com/google/rust-crate-audits/main/manual-sources/google3-audits.toml"
34
35[imports.google.criteria-map]
36crypto-safe = "crypto-safe"
37does-not-implement-crypto = "does-not-implement-crypto"
38ub-risk-0 = "ub-risk-0"
39ub-risk-1 = "ub-risk-1"
40ub-risk-2 = "ub-risk-2"
41ub-risk-3 = "ub-risk-3"
42ub-risk-4 = "ub-risk-4"
43
44[policy."adler2:2.0.0"]
45criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
46
47[policy."aho-corasick:1.1.3"]
48criteria = ["crypto-safe", "safe-to-run"]
49
50[policy."anstyle:1.0.10"]
51criteria = ["crypto-safe", "safe-to-run"]
52
53[policy."anyhow:1.0.93"]
54criteria = ["crypto-safe", "safe-to-run"]
55
56[policy."base64:0.13.1"]
57criteria = ["crypto-safe", "safe-to-run"]
58
59[policy."bitflags:1.3.2"]
60criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
61
62[policy."bitflags:2.6.0"]
63criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
64
65[policy."bstr:1.11.0"]
66criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
67
68[policy."bytemuck:1.19.0"]
69criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
70
71[policy."bytemuck_derive:1.8.0"]
72criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
73
74[policy."byteorder:1.5.0"]
75criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
76
77[policy."bytes:1.8.0"]
78criteria = ["crypto-safe", "safe-to-run"]
79
80[policy."cc:1.2.1"]
81criteria = []
82
83[policy."cfg-if:1.0.0"]
84criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
85
86[policy."clap:4.5.21"]
87criteria = ["crypto-safe", "safe-to-run"]
88
89[policy."clap_builder:4.5.21"]
90criteria = ["crypto-safe", "safe-to-run"]
91
92[policy."clap_lex:0.7.3"]
93criteria = ["crypto-safe", "safe-to-run"]
94
95[policy."codespan-reporting:0.11.1"]
96criteria = ["crypto-safe", "safe-to-run"]
97
98[policy."crc32fast:1.4.2"]
99criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
100
101[policy."cxx:1.0.130"]
102criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
103
104[policy."cxxbridge-cmd:1.0.131"]
105criteria = ["crypto-safe", "safe-to-run"]
106
107[policy."cxxbridge-flags:1.0.130"]
108criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
109
110[policy."cxxbridge-macro:1.0.130"]
111criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
112
113[policy."either:1.13.0"]
114criteria = ["crypto-safe", "safe-to-run"]
115
116[policy."fdeflate:0.3.6"]
117criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
118
119[policy."fend-core:1.5.5"]
120criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
121
122[policy."flate2:1.0.35"]
123criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
124
125[policy."font-types:0.7.3"]
126criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
127
128[policy."getrandom:0.2.15"]
129criteria = ["crypto-safe", "safe-to-run"]
130
131[policy."glob:0.3.1"]
132criteria = ["crypto-safe", "safe-to-run"]
133
134[policy."heck:0.4.1"]
135criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
136
137[policy."hex-literal:0.4.1"]
138criteria = ["crypto-safe", "safe-to-run"]
139
140[policy."hex:0.4.3"]
141criteria = ["crypto-safe", "safe-to-run"]
142
143[policy."itertools:0.11.0"]
144criteria = ["crypto-safe", "safe-to-run"]
145
146[policy."itoa:1.0.14"]
147criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
148
149[policy."lazy_static:1.5.0"]
150criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
151
152[policy."libc:0.2.164"]
153criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
154
155[policy."link-cplusplus:1.0.9"]
156criteria = []
157
158[policy."log:0.4.22"]
159criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
160
161[policy."memchr:2.7.4"]
162criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
163
164[policy."minimal-lexical:0.2.1"]
165criteria = []
166
167[policy."miniz_oxide:0.8.0"]
168criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
169
170[policy."nom:7.1.3"]
171criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
172
173[policy."png:0.17.14"]
174criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
175
176[policy."ppv-lite86:0.2.20"]
177criteria = ["crypto-safe", "safe-to-run"]
178
179[policy."proc-macro2:1.0.89"]
180criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
181
182[policy."prost-derive:0.13.3"]
183criteria = ["crypto-safe", "safe-to-run"]
184
185[policy."prost:0.13.3"]
186criteria = ["crypto-safe", "safe-to-run"]
187
188[policy."qr_code:2.0.0"]
189criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
190
191[policy."quote:1.0.37"]
192criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
193
194[policy."rand:0.8.5"]
195criteria = ["crypto-safe", "safe-to-run"]
196
197[policy."rand_chacha:0.3.1"]
198criteria = ["crypto-safe", "safe-to-run"]
199
200[policy."rand_core:0.6.4"]
201criteria = ["crypto-safe", "safe-to-run"]
202
203[policy."rand_pcg:0.3.1"]
204criteria = ["crypto-safe", "safe-to-run"]
205
206[policy."read-fonts:0.23.2"]
207criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
208
209[policy."regex-automata:0.4.9"]
210criteria = ["crypto-safe", "safe-to-run"]
211
212[policy."regex-syntax:0.8.5"]
213criteria = ["crypto-safe", "safe-to-run"]
214
215[policy."regex:1.11.1"]
216criteria = ["crypto-safe", "safe-to-run"]
217
218[policy."relative-path:1.9.3"]
219criteria = ["crypto-safe", "safe-to-run"]
220
221[policy."rstest:0.22.0"]
222criteria = ["crypto-safe", "safe-to-run"]
223
224[policy."rstest_macros:0.22.0"]
225criteria = ["crypto-safe", "safe-to-run"]
226
227[policy."rstest_reuse:0.7.0"]
228criteria = ["crypto-safe", "safe-to-run"]
229
230[policy."rustc-demangle-capi:0.1.0"]
231criteria = ["crypto-safe", "safe-to-run"]
232
233[policy."rustc-demangle:0.1.24"]
234criteria = ["crypto-safe", "safe-to-run"]
235
236[policy."rustc_version:0.4.1"]
237criteria = ["crypto-safe", "safe-to-run"]
238
239[policy."rustversion:1.0.18"]
240criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
241
242[policy."ryu:1.0.18"]
243criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
244
245[policy."semver:1.0.23"]
246criteria = ["crypto-safe", "safe-to-run"]
247
248[policy."serde:1.0.215"]
249criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
250
251[policy."serde_derive:1.0.215"]
252criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
253
254[policy."serde_json:1.0.133"]
255criteria = ["crypto-safe", "safe-to-run"]
256
257[policy."serde_json_lenient:0.2.3"]
258criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
259
260[policy."shlex:1.3.0"]
261criteria = []
262
263[policy."simd-adler32:0.3.7"]
264criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
265
266[policy."skrifa:0.24.1"]
267criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
268
269[policy."small_ctor:0.1.2"]
270criteria = ["crypto-safe", "safe-to-run"]
271
272[policy."static_assertions:1.1.0"]
273criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
274
275[policy."strsim:0.11.1"]
276criteria = ["crypto-safe", "safe-to-run"]
277
278[policy."strum:0.25.0"]
279criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
280
281[policy."strum_macros:0.25.3"]
282criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
283
284[policy."syn:2.0.87"]
285criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
286
287[policy."termcolor:1.4.1"]
288criteria = ["crypto-safe", "safe-to-run"]
289
290[policy."tinyvec:1.8.0"]
291criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
292
293[policy."unicode-ident:1.0.13"]
294criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
295
296[policy."unicode-linebreak:0.1.5"]
297criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
298
299[policy."unicode-width:0.1.14"]
300criteria = ["crypto-safe", "safe-to-run"]
301
302[policy."wasi:0.11.0+wasi-snapshot-preview1"]
303criteria = []
304
305[policy."winapi-util:0.1.9"]
306criteria = ["crypto-safe", "safe-to-run"]
307
308[policy."windows-sys:0.52.0"]
309criteria = ["crypto-safe", "safe-to-run"]
310
311[policy."windows-targets:0.52.6"]
312criteria = ["crypto-safe", "safe-to-run"]
313
314[policy."windows_aarch64_gnullvm:0.52.6"]
315criteria = []
316
317[policy."windows_aarch64_msvc:0.52.6"]
318criteria = ["crypto-safe", "safe-to-run"]
319
320[policy."windows_i686_gnu:0.52.6"]
321criteria = []
322
323[policy."windows_i686_gnullvm:0.52.6"]
324criteria = []
325
326[policy."windows_i686_msvc:0.52.6"]
327criteria = ["crypto-safe", "safe-to-run"]
328
329[policy."windows_x86_64_gnu:0.52.6"]
330criteria = []
331
332[policy."windows_x86_64_gnullvm:0.52.6"]
333criteria = []
334
335[policy."windows_x86_64_msvc:0.52.6"]
336criteria = ["crypto-safe", "safe-to-run"]
337
338[policy."wycheproof:0.4.0"]
339criteria = ["crypto-safe", "safe-to-run"]
340
341[policy."zerocopy-derive:0.7.35"]
342criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
343
344[policy."zerocopy:0.7.35"]
345criteria = ["crypto-safe", "safe-to-deploy", "ub-risk-2"]
346
347[[exemptions.cxx]]
348version = "1.0.130"
349criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
350notes = """
351Grandparented-in when setting up `cargo vet` in Jan 2024
352
353Delta audit of 1.0.110 -> 1.0.115 has been done in Jan 2024, but because of a
354lack of a fully-audited baseline nothing was recorded in audits.toml
355
356Exemption updated to 1.0.116 in Feb 2024.
357Exemption updated to 1.0.117 in Feb 2024.
358Exemption updated to 1.0.122 in May 2024.
359Exemption updated to 1.0.123 in June 2024.
360Exemption updated to 1.0.124 in June 2024.
361Exemption updated to 1.0.126 in August 2024.
362Exemption updated to 1.0.128 in September 2024.
363Exemption updated to 1.0.129 in October 2024.
364Exemption updated to 1.0.130 in November 2024.
365"""
366
367[[exemptions.cxxbridge-macro]]
368version = "1.0.130"
369criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
370notes = """
371Grandparented-in when setting up `cargo vet` in Jan 2024
372
373Delta audit of 1.0.110 -> 1.0.115 has been done in Jan 2024, but because of a
374lack of a fully-audited baseline nothing was recorded in audits.toml
375
376Exemption updated to 1.0.116 in Feb 2024.
377Exemption updated to 1.0.117 in Feb 2024.
378Exemption updated to 1.0.122 in May 2024.
379Exemption updated to 1.0.123 in June 2024.
380Exemption updated to 1.0.124 in June 2024.
381Exemption updated to 1.0.126 in August 2024.
382Exemption updated to 1.0.128 in September 2024.
383Exemption updated to 1.0.129 in October 2024.
384Exemption updated to 1.0.130 in October 2024.
385"""
386
387[[exemptions.memchr]]
388version = "2.7.4"
389criteria = ["safe-to-deploy", "ub-risk-2"]
390notes = """
391Grandparented-in when setting up `cargo vet` in Jan 2024
392
393Bumped up the exemption to 2.7.1 when updating the crates.  When removing
394the exemptions in the future we may want to look at the notes in cl/568617493
395but even with those notes a review of the whole crate (rather than just the
396delta) may be needed for `ub-risk-2`.
397
398Bumped up the exemption to 2.7.2 in April 2024.  The delta was relatively small
399and straightfoward (focusing on `target_feature = \"simd128\"`).  Note that an
400unfinished audit of 2.7.1 has been started at https://crrev.com/c/5367005 and
401I hear that Fuchsia has also been working on reviewing 2.7.1 (so we should check
402later if maybe we can just import their audit).
403
404Bumped up the exemption to 2.7.4 in June 2024, with a small and benign delta.
405"""
406
407[[exemptions.rand_core]]
408version = "0.6.4"
409criteria = "crypto-safe"
410notes = """
411Grandparented-in when setting up `cargo vet` in Jan 2024
412
413TODO(b/341950532): Remove this exemption.
414"""
415
416[[exemptions.ryu]]
417version = "1.0.18"
418criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
419notes = """
420Grandparented-in when setting up `cargo vet` in Jan 2024.
421
422Delta audit of 1.0.15 -> 1.0.16 has been done in Jan 2024, but because of a
423lack of a fully-audited baseline nothing was recorded in audits.toml
424
425Exemption updated to 1.0.17 in Feb 2024.
426Exemption updated to 1.0.18 in May 2024.
427"""
428
429[[exemptions.syn]]
430version = "2.0.87"
431criteria = ["safe-to-deploy", "ub-risk-2"]
432notes = """
433Grandparented-in when setting up `cargo vet` in Jan 2024
434
435Delta audit of 2.0.39 -> syn-2.0.48 has been done in Jan 2024 (including an
436`unsafe` review done at https://crrev.com/c/5178771), but because of a lack of
437a fully-audited baseline nothing was recorded in audits.toml
438
439Exemption updated to 2.0.50 when updating the crate in Feb 2024.
440Exemption updated to 2.0.52 when updating the crate in Mar 2024.
441Exemption updated to 2.0.53 when updating the crate.
442Exemption updated to 2.0.55 when updating the crate, with notes:
443 - Mostly clippy, test changes - no changed unsafe.
444Exemption updated to 2.0.59 when updating the crate in Apr 2024.
445Exemption updated to 2.0.60 when updating the crate.
446Exemption updated to 2.0.63 when updating the crate in May 2024.
447Exemption updated to 2.0.65 when updating the crate in May 2024.
448Exemption updated to 2.0.66 when updating the crate in May 2024.
449Exemption updated to 2.0.68 when updating the crate in June 2024.
450Exemption updated to 2.0.69 when updating the crate in July 2024.
451Exemption updated to 2.0.71 when updating the crate in July 2024.
452Exemption updated to 2.0.72 when updating the crate in July 2024.
453Exemption updated to 2.0.74 when updating the crate in August 2024.
454Exemption updated to 2.0.76 when updating the crate in August 2024.
455Exemption updated to 2.0.77 when updating the crate in September 2024.
456Exemption updated to 2.0.79 when updating the crate in October 2024.
457Exemption updated to 2.0.85 when updating the crate in October 2024.
458Exemption updated to 2.0.87 when updating the crate in November 2024.
459"""
460
461[[exemptions.zerocopy]]
462version = "0.7.35"
463criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
464notes = """
465Requires unsafe review audit. Authored in Google and audit should come from there as well.
466
467https://crbug.com/366411886
468"""
469
470[[exemptions.zerocopy-derive]]
471version = "0.7.35"
472criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-2"]
473notes = """
474Requires unsafe review audit. Authored in Google and audit should come from there as well.
475"""
476