-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7a49896
commit cce9914
Showing
1 changed file
with
141 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1577,6 +1577,16 @@ The following system implementations have additional `unsafe` code modifications | |
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.getset]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "0.1.3" | ||
| notes = """ | ||
| Does what it says on the tin. The proc macro generates unsurprising and obvious | ||
| code, and does not produce unsafe code or access any imports. | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.gimli]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2206,6 +2216,27 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f | |
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[audits.nonempty]] | ||
| who = "Kris Nuttycombe <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "0.11.0" | ||
| notes = """ | ||
| Additional use of `unsafe` to wrap `NonZeroUsize::new_unchecked`; in both cases | ||
| the argument to this method is `<Vec length or capacity> + 1`; in general this | ||
| is safe with the exception that if an existing `Vec` has length or capacity | ||
| `usize::MAX` this could wrap into zero; it would be better to use the safe | ||
| operation and then `expect` to generate a panic, rather than risk undefined | ||
| behavior. | ||
| Additions are: | ||
| - no_std support | ||
| - sorting | ||
| - `nonzero` module (just wrappers | ||
| - `serde` support | ||
| - `nonempty macro` (trivial, verified safe) | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.num-bigint]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2670,12 +2701,33 @@ criteria = "safe-to-deploy" | |
| delta = "0.12.1 -> 0.12.3" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.1 -> 0.13.4" | ||
| notes = """ | ||
| - The new `unsafe` block in `encoded_len_varint` has correct safety documentation. | ||
| - The other changes to `unsafe` code are a move of existing `unsafe` code. | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-build]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.12.1 -> 0.12.3" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-build]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.1 -> 0.13.4" | ||
| notes = """ | ||
| - Changes to generated code make sense. | ||
| - Changes to `protoc` path handling don't alter existing usages (just allow the | ||
| path to be explicitly set). | ||
| """ | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-derive]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -2689,12 +2741,24 @@ delta = "0.12.3 -> 0.12.6" | |
| notes = "Changes to proc macro code are to fix lints after bumping MSRV." | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-derive]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.1 -> 0.13.4" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-types]] | ||
| who = "Daira-Emma Hopwood <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.12.1 -> 0.12.3" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.prost-types]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.13.1 -> 0.13.4" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.quanta]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -3837,6 +3901,13 @@ criteria = "safe-to-deploy" | |
| delta = "0.12.0 -> 0.12.1" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.tonic-build]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| delta = "0.12.1 -> 0.12.3" | ||
| notes = "Changes to generated code make sense and don't result in anything unexpected." | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.tracing-appender]] | ||
| who = "Jack Grigg <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -4184,6 +4255,13 @@ criteria = "safe-to-deploy" | |
| delta = "0.2.0 -> 0.3.0" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash_note_encryption]] | ||
| who = "Kris Nuttycombe <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
| version = "0.4.1" | ||
| notes = "Additive-only change that exposes the ability to decrypt by pk_d and esk. No functional changes." | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[audits.zcash_primitives]] | ||
| who = "Kris Nuttycombe <[email protected]>" | ||
| criteria = "safe-to-deploy" | ||
|
|
@@ -4302,6 +4380,13 @@ start = "2021-09-22" | |
| end = "2024-09-21" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.halo2_gadgets]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2022-02-15" | ||
| end = "2025-12-16" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.halo2_gadgets]] | ||
| criteria = ["safe-to-deploy", "crypto-reviewed"] | ||
| user-id = 1244 | ||
|
|
@@ -4330,6 +4415,13 @@ start = "2023-02-24" | |
| end = "2024-09-21" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.halo2_poseidon]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2024-12-13" | ||
| end = "2025-12-16" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.halo2_proofs]] | ||
| criteria = ["safe-to-deploy", "crypto-reviewed"] | ||
| user-id = 1244 | ||
|
|
@@ -4400,6 +4492,13 @@ start = "2024-09-25" | |
| end = "2025-10-02" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.memuse]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2021-09-03" | ||
| end = "2025-12-16" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.orchard]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 169181 | ||
|
|
@@ -4449,6 +4548,13 @@ start = "2024-08-12" | |
| end = "2025-10-02" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.pczt]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 169181 | ||
| start = "2024-12-17" | ||
| end = "2025-12-17" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.sapling-crypto]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 169181 | ||
|
|
@@ -4505,6 +4611,13 @@ start = "2022-12-15" | |
| end = "2025-04-22" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.sinsemilla]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2024-12-13" | ||
| end = "2025-12-16" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.windows-sys]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 64539 | ||
|
|
@@ -4722,6 +4835,13 @@ start = "2022-10-19" | |
| end = "2025-04-22" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_encoding]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2021-08-31" | ||
| end = "2025-12-13" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_encoding]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 1244 | ||
|
|
@@ -4869,6 +4989,13 @@ start = "2021-03-26" | |
| end = "2025-10-02" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_protocol]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2024-12-13" | ||
| end = "2025-12-13" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_protocol]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 169181 | ||
|
|
@@ -4897,6 +5024,20 @@ start = "2023-12-07" | |
| end = "2025-03-18" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_transparent]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
| start = "2024-12-14" | ||
| end = "2025-12-16" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zcash_transparent]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 169181 | ||
| start = "2024-12-17" | ||
| end = "2025-12-17" | ||
| aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" | ||
|
|
||
| [[trusted.zip32]] | ||
| criteria = "safe-to-deploy" | ||
| user-id = 6289 | ||
|
|
||