third_party/rust/chromium_crates_io/supply-chain/audits.toml

# cargo-vet audits file

[criteria.crypto-safe]
description = """
All crypto algorithms in this crate have been reviewed by a relevant expert.

**Note**: If a crate does not implement crypto, use `does-not-implement-crypto`,
which implies `crypto-safe`, but does not require expert review in order to
audit for."""

[criteria.does-not-implement-crypto]
description = """
Inspection reveals that the crate in question does not attempt to implement any
cryptographic algorithms on its own.

Note that certification of this does not require an expert on all forms of
cryptography: it's expected for crates we import to be \"good enough\" citizens,
so they'll at least be forthcoming if they try to implement something
cryptographic. When in doubt, please ask an expert."""
implies = "crypto-safe"

[criteria.ub-risk-0]
description = """
No unsafe code.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0
"""
implies = "ub-risk-1"

[criteria.ub-risk-1]
description = """
Excellent soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1
"""
implies = "ub-risk-2"

[criteria.ub-risk-2]
description = """
Negligible unsoundness or average soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2
"""
implies = "ub-risk-3"

[criteria.ub-risk-3]
description = """
Mild unsoundness or suboptimal soundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
"""
implies = "ub-risk-4"

[criteria.ub-risk-4]
description = """
Extreme unsoundness.

Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
"""

[[audits.adler]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.2"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits (except in comments and in the `README.md` file).

Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''

[[audits.adler2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0"
notes = '''
This audit has been reviewed in https://crrev.com/c/5811890

The crate is fairly easy to read thanks to its small size and rich comments.

I've grepped for `-i cipher`, `-i crypto`, `\bfs\b`, `\bnet\b`, and
`\bunsafe\b`.  There were no hits (except for a comment in `README.md`
and `lib.rs` pointing out "Zero `unsafe`").
'''

[[audits.aho-corasick]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.1.2"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.aho-corasick]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.1.2 -> 1.1.3"

[[audits.anstyle]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.4"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.anstyle]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.4 -> 1.0.6"

[[audits.anstyle]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.6 -> 1.0.7"

[[audits.anstyle]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.7 -> 1.0.8"
notes = "Only Cargo.toml changes in the 1.0.7 => 1.0.8 delta."

[[audits.anstyle]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.8 -> 1.0.9"
notes = "No changes"

[[audits.anstyle]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.9 -> 1.0.10"
notes = "Minor changes related to `write_str`."

[[audits.anyhow]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.75 -> 1.0.79"
notes = """
1.0.75 has been previously audited as \"safe-to-run\",
\"does-not-implement-crypto\" - see
https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L277-L305
The \"1.0.75 -> 1.0.79\" delta meets the same criteria.

This is an incremental/delta audit - we don't claim any particular `ub-risk-N`
level for the baseline or for the final version.  OTOH note that additional
uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the
**delta**  was evaluated as `ub-risk-3` - no known unsoundness but:
* Little safety comments to explain why a particular usage of `unsafe`
  is safe and/or necessary
* Safety analysis couldn't be done locally, but required considering the
  whole crate (e.g. checking if the public `Ref.ptr` is mutated anywhere)
"""

[[audits.anyhow]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.79 -> 1.0.80"

[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.80 -> 1.0.81"

[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.81 -> 1.0.82"

[[audits.anyhow]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.82 -> 1.0.83"
notes = "No change to UB-risk profile either."

[[audits.anyhow]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.83 -> 1.0.86"
notes = "Delta only updates the ensure macro implementation, still safe to run, no crypto"

[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.86 -> 1.0.87"
notes = "Minimal changes, mostly renaming std to core for a type"

[[audits.anyhow]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.87 -> 1.0.89"
notes = "No safety-related changes in this delta"

[[audits.anyhow]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.89 -> 1.0.91"
notes = "Minimal changes"

[[audits.anyhow]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.91 -> 1.0.93"
notes = """
`ensure!` macro tweaks to handle
https://github.com/rust-lang/rfcs/blob/master/text/2582-raw-reference-mir-operator.md
"""

[[audits.anyhow]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.93 -> 1.0.94"
notes = "No behavioral changes"

[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.94 -> 1.0.95"

[[audits.anyhow]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.95 -> 1.0.97"
notes = "Only minor changes to comments, tests, and clippy expectations."

[[audits.arrayvec]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.7.6"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'` and there were
no hits, except for some `net` usage in tests.

The crate has quite a few bits of `unsafe` Rust.  The audit comments can be
found in https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2
'''

[[audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for reasonable, client-controlled usage of
`std::fs` in `AutoCfg::with_dir`.

This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb
The CL description contains a link to a Google-internal document with audit details.
"""

[[audits.autocfg]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.4.0"
notes = "Contains no unsafe"

[[audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.1.0 -> 1.2.0"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and nothing changed from the baseline audit of 1.1.0.  Skimmed through the
1.1.0 => 1.2.0 delta and everything seemed okay.
'''

[[audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.2.0 -> 1.4.0"
notes = "Still no `unsafe`."

[[audits.base64]]
who = "Adam Langley <agl@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.13.1"
notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`"

[[audits.base64]]
who = "amarjotgill <amarjotgill@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.22.1"

[[audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "1.3.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

The crate exposes a function marked as `unsafe`, but doesn't use any
`unsafe` blocks (except for tests of the single `unsafe` function).  I
think this justifies marking this crate as `ub-risk-1`.

Additional review comments can be found at https://crrev.com/c/4723145/31
"""

[[audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.4.2"
notes = """
Audit notes:

* I've checked for any discussion in Google-internal cl/546819168 (where audit
  of version 2.3.3 happened)
* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]`
* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be
  correct in a straightforward way - they just propagate the marker trait's
  impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type
* Additional discussion and/or notes may be found in https://crrev.com/c/5238056
"""

[[audits.bitflags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "2.4.2 -> 2.5.0"

[[audits.bitflags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "2.5.0 -> 2.6.0"
notes = "The changes from the previous version are negligible and thus it retains the same properties."

[[audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "2.6.0 -> 2.8.0"
notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`."

[[audits.bitflags]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "2.8.0 -> 2.9.0"
notes = "Adds a straightforward clear() function, but no new unsafe code."

[[audits.bstr]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.10.0"
notes = """
WARNING: This certification is a result of a **partial** audit.  The
`unicode` feature has **not** been audited.  The unicode feature has
soundness that depends on the correctness of regex automata that are
shipped as binary blobs. They have not been reviewed here.Ability to
track partial audits is tracked in
https://github.com/mozilla/cargo-vet/issues/380.
"""

[[audits.bstr]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.10.0 -> 1.11.0"
notes = "Changes two unsafe blocks to use core::mem::align_of<usize> instead of core::mem::size_of<usize> which shouldn't differ on mainstream platforms."

[[audits.bstr]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.11.0 -> 1.11.1"
notes = "This release just excludes Unicode data files from being published to crates.io"

[[audits.bstr]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.11.1 -> 1.11.3"
notes = "No unsafe changes"

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.16.3"
notes = """
Review notes from the original audit (of 1.14.3) may be found in
https://crrev.com/c/5362675.  Note that this audit has initially missed UB risk
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
Because of this, the original audit has been edited to certify version `1.16.3`
instead (see also https://crrev.com/c/5771867).
"""

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["does-not-implement-crypto", "ub-risk-4"]
delta = "1.13.1 -> 1.14.3"
notes = """
Review notes from the original audit may be found in
https://crrev.com/c/5362675.  Note that this audit has initially missed UB risk
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
Because of this, the original audit has been edited to certify `ub-risk-4`
instead.
"""

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.13.1 -> 1.16.3"
notes = """
The certification of the 1.13.1 => 1.16.1 delta is based on:

* 1.13.1 -> 1.14.3 audit in https://crrev.com/c/5362675.  Note that this audit
  has initially missed UB risk that was fixed in 1.16.2 - see
  https://github.com/Lokathor/bytemuck/pull/258.
* 1.14.3 -> 1.15.0 audit in https://crrev.com/c/5380327
* 1.15.0 -> 1.16.0 audit in https://crrev.com/c/5535688
* 1.16.0 -> 1.16.1 audit in https://crrev.com/c/5650895

When auditing the changes in the 1.16.1 -> 1.16.3 delta it seems that:

* The changes correctly account for ZSTs:
    * Avoiding division-by-zero errors
    * Avoiding UB in `BoxBytes::drop`
* The changes preserve safety gurantees for nearby `unsafe` blocks
"""

[[audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.14.3 -> 1.15.0"

[[audits.bytemuck]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.15.0 -> 1.16.0"

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.16.0 -> 1.16.1"
notes = """
The delta only adds `f16` and `f128` support (with some other minor changes)
and has no impact on the audit criteria.
"""

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-3"
delta = "1.16.3 -> 1.17.0"
notes = """
1.17.0 may rely on `union` layout that is not guaranteed by the compiler.
See https://github.com/Lokathor/bytemuck/pull/268
"""

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.16.3 -> 1.17.1"
notes = "Unsafe review comments can be found in https://crrev.com/c/5813463"

[[audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.17.1 -> 1.18.0"
notes = "No code changes - just altering feature flag arrangements"

[[audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.18.0 -> 1.19.0"
notes = "No code changes - just comment changes and adding the track_caller attribute."

[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.19.0 -> 1.20.0"
notes = "`unsafe` review can be found at https://crrev.com/c/6096767"

[[audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.20.0 -> 1.21.0"
notes = "Unsafe review at https://chromium-review.googlesource.com/c/chromium/src/+/6111154/"

[[audits.bytemuck]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.21.0 -> 1.22.0"
notes = """
This adds new instances of unsafe, but the uses are justified:
- BoxBytes is essentially a Box<[u8], which is Send + Sync, so also marking BoxBytes as Send + Sync is justified.
- core::num::Saturating<T> meets the criteria for Zeroable + Pod, so marking it as such is justified.

See https://crrev.com/c/6321863 for more audit notes.
"""

[[audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.6.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no
hits except for 8 occurrences of `unsafe`.  Additional `unsafe` review comments
can be found in https://crrev.com/c/5445719.
"""

[[audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.6.0 -> 1.6.1"
notes = """
No behavior/code changes AFAICT - only adding
`#[allow(clippy::multiple_bound_locations)]`, doc comments, and making
some cosmetic changes in non-`.rs` files.
"""

[[audits.bytemuck_derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.6.1 -> 1.7.0"
notes = """
Added support for Zeroable enums, which requires them to be represented as an integer and to have 0 as one of their values.

Other trivial/formatting changes.
"""

[[audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.7.0 -> 1.7.1"
notes = """
No impact on safety AFAICT - the delta only specifies a new attribute for
`proc_macro_derive` to work around re-export issues described at
https://github.com/Lokathor/bytemuck/issues/159
"""

[[audits.bytemuck_derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.7.1 -> 1.8.0"
notes = "Unsafe review: https://crrev.com/c/5921014"

[[audits.bytemuck_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.8.0 -> 1.8.1"
notes = "Changes do not impact safety."

[[audits.byteorder]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.5.0"
notes = "Unsafe review in https://crrev.com/c/5838022"

[[audits.bytes]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.4.0 -> 1.5.0"

[[audits.bytes]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.5.0 -> 1.6.0"
notes = "Update removes some unsafe, and includes verifiable safety comments for newly-added unsafe."

[[audits.bytes]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.6.0 -> 1.6.1"
notes = "Very minor update, no unsafe changes"

[[audits.bytes]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.6.1 -> 1.7.1"
notes = "Many changes but they seem to meet the low bar of safe-to-run."

[[audits.bytes]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.7.1 -> 1.7.2"

[[audits.bytes]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.7.2 -> 1.8.0"
notes = "smol change, does not add unsafe code, majority of change is new tests"

[[audits.bytes]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.8.0 -> 1.9.0"
notes = "Reviewed in https://crrev.com/c/6072366."

[[audits.bytes]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.9.0 -> 1.10.0"
notes = """
Reviewed in https://crrev.com/c/6235725. Very large change in buf_impl.rs
as well but no unsafe changes there specifically.
"""

[[audits.calendrical_calculations]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.1.2"
notes = "Contains no unsafe"

[[audits.calendrical_calculations]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.1.2 -> 0.1.3"

[[audits.cfg-if]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.0"
notes = '''
I grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were
no hits.  This is a really small crate (only `lib.rs` which is less than 200
lines + one end-to-end test) so I also skimmed through the macro's definition
and everything looks okay to me.
'''

[[audits.clap]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "4.4.8"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "4.5.0"
notes = "No `unsafe`"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "4.5.15"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits, except for `std::net::IpAddr` usage in
`examples/typed-derive.rs`.
'''

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.8 -> 4.4.14"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.14 -> 4.5.0"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.0 -> 4.5.1"

[[audits.clap]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.1 -> 4.5.2"
notes = "Reviewed in https://crrev.com/c/5362201"

[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.2 -> 4.5.3"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.3 -> 4.5.4"
notes = "Minimal diff - only module naming/nesting-related changes."

[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.4 -> 4.5.7"

[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.7 -> 4.5.8"

[[audits.clap]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.8 -> 4.5.9"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.15 -> 4.5.16"
notes = """
The only change in the delta is explicitly listing re-exports
instead of using a `*` wildcard in `pub use clap_derive::{self, *}`.
"""

[[audits.clap]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.15 -> 4.5.17"
notes = "Minor code change and toml changes."

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.17 -> 4.5.18"

[[audits.clap]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.18 -> 4.5.20"
notes = "Trivial changes"

[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.20 -> 4.5.21"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.21 -> 4.5.23"

[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.23 -> 4.5.27"

[[audits.clap]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.27 -> 4.5.28"

[[audits.clap]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.28 -> 4.5.29"
notes = "No code changes."

[[audits.clap_builder]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "4.4.8"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "4.5.0"
notes = "No `unsafe`"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "4.5.15"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits.
'''

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.8 -> 4.4.14"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.14 -> 4.5.0"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.0 -> 4.5.1"

[[audits.clap_builder]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.1 -> 4.5.2"
notes = "Reviewed in https://crrev.com/c/5362201"

[[audits.clap_builder]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.2 -> 4.5.7"

[[audits.clap_builder]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.7 -> 4.5.8"

[[audits.clap_builder]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.8 -> 4.5.9"

[[audits.clap_builder]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.15 -> 4.5.17"
notes = "No new unsafe, net, fs"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.17 -> 4.5.18"

[[audits.clap_builder]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
delta = "4.5.18 -> 4.5.20"
notes = "No new unsafe"

[[audits.clap_builder]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.20 -> 4.5.21"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.21 -> 4.5.23"

[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.23 -> 4.5.27"

[[audits.clap_builder]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.27 -> 4.5.29"
notes = "Only changed `args_present` method a bit and added a `value` method to `flat_map`."

[[audits.clap_lex]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.6.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.clap_lex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.6.0 -> 0.7.0"

[[audits.clap_lex]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.7.0 -> 0.7.1"

[[audits.clap_lex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.7.1 -> 0.7.2"
notes = "No `.rs` changes in the delta."

[[audits.clap_lex]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.7.2 -> 0.7.3"

[[audits.clap_lex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.7.3 -> 0.7.4"

[[audits.codespan-reporting]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.11.1"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.core_maths]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.1.1"
notes = "Contains no unsafe"

[[audits.crc32fast]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.4.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145.
"""

[[audits.cxx]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.cxx]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.117"
notes = """
Grepped for \"crypt\", \"cipher\" - there were no hits
(except for benign hits in `MODULE.bazel.lock`)
"""

[[audits.cxx]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.122"
notes = """
safe-to-deploy and ub-risk-2 are provided by exemption.
"""

[[audits.cxx]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.117 -> 1.0.119"
notes = "Reviewed in https://crrev.com/c/5362739"

[[audits.cxx]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.119 -> 1.0.120"
notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544."

[[audits.cxx]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.120 -> 1.0.121"

[[audits.cxx]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.122 -> 1.0.123"
notes = "safe-to-deploy and ub-risk-2 are provided by exemption"

[[audits.cxx]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.123 -> 1.0.124"

[[audits.cxx]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.124 -> 1.0.126"

[[audits.cxx]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.129 -> 1.0.130"

[[audits.cxxbridge]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.cxxbridge-cmd]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.110 -> 1.0.115"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.115 -> 1.0.116"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.116 -> 1.0.117"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.117 -> 1.0.118"

[[audits.cxxbridge-cmd]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.118 -> 1.0.119"
notes = "Reviewed in https://crrev.com/c/5362136"

[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.119 -> 1.0.120"
notes = "Version bump only."

[[audits.cxxbridge-cmd]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.120 -> 1.0.121"

[[audits.cxxbridge-cmd]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.121 -> 1.0.122"

[[audits.cxxbridge-cmd]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.122 -> 1.0.123"

[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.123 -> 1.0.124"
notes = "No changes except to dependencies"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.124 -> 1.0.126"
notes = """
Only minor changes:

* Using `let Some(foo) = ... else { ... }` pattern in a few places.
* Exposing an extra constructor for `rust::Slice`.
"""

[[audits.cxxbridge-cmd]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.126 -> 1.0.128"

[[audits.cxxbridge-cmd]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.128 -> 1.0.129"

[[audits.cxxbridge-cmd]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.129 -> 1.0.130"

[[audits.cxxbridge-cmd]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.130 -> 1.0.131"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.131 -> 1.0.134"
notes = "No code changes in the delta."

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.134 -> 1.0.135"
notes = """
Minimal change in `syntax/parse.rs`
(coming from my https://github.com/dtolnay/cxx/pull/1414)
"""

[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.135 -> 1.0.136"

[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.136 -> 1.0.137"
notes = "The delta just removes some clippy opt-outs."

[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.137 -> 1.0.140"

[[audits.cxxbridge-cmd]]
who = "Takuto Ikuta <tikuta@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.140 -> 1.0.141"

[[audits.cxxbridge-flags]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.cxxbridge-flags]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.122"
notes = "no grep hits for cipher, crypto, fs, net, or unsafe"

[[audits.cxxbridge-flags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.122 -> 1.0.123"

[[audits.cxxbridge-flags]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.123 -> 1.0.124"
notes = "No changes in this delta"

[[audits.cxxbridge-flags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.124 -> 1.0.126"
notes = "No changes in this delta"

[[audits.cxxbridge-flags]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.126 -> 1.0.128"

[[audits.cxxbridge-flags]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.128 -> 1.0.129"

[[audits.cxxbridge-flags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.129 -> 1.0.130"

[[audits.cxxbridge-flags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.130 -> 1.0.131"
notes = "no grep hits for cipher, crypto, fs, net, or unsafe"

[[audits.cxxbridge-flags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.131 -> 1.0.135"
notes = "No code changes in the delta"

[[audits.cxxbridge-flags]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.135 -> 1.0.136"

[[audits.cxxbridge-flags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.136 -> 1.0.137"
notes = "The delta just removes `#![allow(clippy::let_and_return)]` from `lib.rs`."

[[audits.cxxbridge-flags]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.137 -> 1.0.140"

[[audits.cxxbridge-flags]]
who = "Takuto Ikuta <tikuta@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.140 -> 1.0.141"

[[audits.cxxbridge-macro]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.122"
notes = """
no grep hits for cipher, crypto.

safe-to-deploy and ub-risk-2 are provided by exemption.
"""

[[audits.cxxbridge-macro]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.122 -> 1.0.123"

[[audits.cxxbridge-macro]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.123 -> 1.0.124"

[[audits.cxxbridge-macro]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.124 -> 1.0.126"

[[audits.cxxbridge-macro]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.129 -> 1.0.130"

[[audits.data-encoding]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-3"
version = "2.7.0"
notes = """
https://github.com/ia0/data-encoding/issues/75 was partially addressed via
`#[doc(hidden)]` added in https://github.com/ia0/data-encoding/pull/76, but the
original repro from issue #75 can still trigger Undefined Behavior through
public APIs exposed by the `data-encoding` crate (without using `unsafe`, and
without using APIs named something like `internal_field_do_not_use`).

Additionally, the discussion in
https://github.com/ia0/data-encoding/issues/124 leans toward `unsafe`
encapsulation at a crate level, requiring crate-**global** reasoning to
prove soundness of public crate APIs.  Specifically, the crate currently
has a internal function that can cause Undefined Behavior if the caller
doesn't uphold certain (implied, not explicitly documented) safety
requirements.  The fact that such function is not marked as `unsafe`
effectively means that safety audit can't terminate and use **local**
reasoning near `unsafe` expression boundaries.
"""

[[audits.diplomat]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.9.0"
notes = "Unsafe code pertaining to defining FFI interfaces"

[[audits.diplomat-runtime]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.9.0"
notes = "Unsafe code pertaining to defining FFI-compatible types, with safety comments."

[[audits.diplomat_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.9.0"
notes = "No unsafe code"

[[audits.displaydoc]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.2.5"
notes = "No unsafe code"

[[audits.either]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.9.0"

[[audits.either]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "1.13.0"
notes = "Unsafe code pertaining to wrapping Pin APIs. Mostly passes invariants down."

[[audits.either]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.9.0 -> 1.10.0"

[[audits.either]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.0 -> 1.11.0"

[[audits.either]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.11.0 -> 1.12.0"
notes = "Only changes the MSRV and adds a (safe) trait specialization."

[[audits.either]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.12.0 -> 1.13.0"

[[audits.either]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "1.13.0 -> 1.14.0"
notes = """
Inheriting ub-risk-1 from the baseline review of 1.13.0. While the delta has some diffs in unsafe code, they are either:
- migrating code to use helper macros
- migrating match patterns to take advantage of default bindings mode from RFC 2005
Either way, the result is code that does exactly the same thing and does not change the risk of UB.

See https://crrev.com/c/6323164 for more audit details.
"""

[[audits.equivalent]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.1 -> 1.0.2"
notes = "No changes to any .rs files or Rust code."

[[audits.fdeflate]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.3.4"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits.

Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''

[[audits.fdeflate]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.3.4 -> 0.3.5"

[[audits.fdeflate]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.3.5 -> 0.3.6"
notes = "No unsafe, no crypto, mysterious tables replaced with const expressions"

[[audits.fdeflate]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.3.6 -> 0.3.7"

[[audits.fend-core]]
who = "jiwan@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.4.6"

[[audits.fend-core]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.4.6 -> 1.4.8"

[[audits.fend-core]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.4.8 -> 1.4.9"

[[audits.fend-core]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.4.9 -> 1.5.0"

[[audits.fend-core]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.5.0 -> 1.5.1"
notes = "Only `Cargo.toml` changes + defining two new measurement units."

[[audits.fend-core]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.5.1 -> 1.5.2"
notes = "No unsafe, no crypto"

[[audits.fend-core]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.5.2 -> 1.5.3"
notes = "No new unsafe, fs, net."

[[audits.fend-core]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.5.3 -> 1.5.5"

[[audits.fixed_decimal]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.6.0"
notes = "Contains no unsafe"

[[audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.30"
notes = '''
WARNING: This certification is a result of a **partial** audit.  The
`any_zlib` code has **not** been audited.  Ability to track partial
audits is tracked in https://github.com/mozilla/cargo-vet/issues/380
Chromium does use the `any_zlib` feature(s).  Accidentally depending on
this feature in the future is prevented using the `ban_features` feature
of `gnrt` - see:
https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml

Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.

All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`:

* The code under `src/ffi/...` will not be used because the `mod c`
  declaration in `src/ffi/mod.rs` depends on the `any_zlib` config
* 7 uses of `unsafe` in `src/mem.rs` also all depend on the
  `any_zlib` config:
    - 2 in `fn set_dictionary` (under `impl Compress`)
    - 2 in `fn set_level` (under `impl Compress`)
    - 3 in `fn set_dictionary` (under `impl Decompress`)

All hits of `'\bfs\b'` are in comments, or example code, or test code
(but not in product code).

There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`.
'''

[[audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.30 -> 1.0.31"
notes = """
WARNING: This certification is a result of a **partial** audit.  The
`any_zlib` code has **not** been audited.  See the audit of 1.0.30 for
more details.

Only benign changes:

* Comment-only changes in `.rs` files
* Also changing dependency version in `Cargo.toml`, but this is for `any_zlib`
  feature which is not used in Chromium (i.e. this is a *partial* audit - see
  the previous audit notes for 1.0.30)
"""

[[audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.31 -> 1.0.33"
notes = """
WARNING: This certification is a result of a **partial** audit.  The
`any_zlib` code has **not** been audited.  See the audit of 1.0.30 for
more details.

This delta audit has been reviewed in https://crrev.com/c/5811890
The delta can be seen at https://diff.rs/flate2/1.0.31/1.0.33
The delta bumps up `miniz_oxide` dependency to `0.8.0`
The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium
and therefore hasn't been covered by this partial audit.
"""

[[audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.33 -> 1.0.34"
notes = """
WARNING: This certification is a result of a **partial** audit.  The
`any_zlib` code has **not** been audited.  See the audit of 1.0.30 for
more details.

The delta can be seen at https://diff.rs/flate2/1.0.33/1.0.34
The delta bumps up `libz-rs-sys` dependency from `0.2.1` to `0.3.0`
The delta in `lib.rs` only tweaks comments and has no code changes.
The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium
and therefore hasn't been covered by this partial audit.
"""

[[audits.flate2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.34 -> 1.0.35"
notes = "There are no significant code changes in this delta (just one string constant change). Note that prior audits may have been partial."

[[audits.flate2]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.35 -> 1.1.0"
notes = """
This is a delta audit from a **partial** audit (**not** covering zlib-related crate features which are not used by Chromium). The delta does not appear to any new unsafety or unsoundness. Changes consist of:
- deriving more impls, e.g. for Clone or Default
- migrating away from deprecated things in the rand crate
- general improvements, e.g.:
  - slice::copy_from_slice instead of a for loop
  - Result::map_err instead of Result::unwrap
  - use helpers for converting numerics to/from little-endian bytes
  - nicer conversions between miniz_oxide::MZFlush and  FlushCompress/FlushDecompress
- cfg soup changes in FFI for the C zlib backends–though Chromium does not use these backends
"""

[[audits.foldhash]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.1.3"
notes = """
`ub-risk-2` review notes can be found in https://crrev.com/c/6071306/5/third_party/rust/chromium_crates_io/vendor/foldhash-0.1.3/src/seed.rs

`does-not-implement-crypto` based on `README.md` which explicitly says that
\"Foldhash is **not appropriate for any cryptographic purpose**.\"
"""

[[audits.foldhash]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.1.3 -> 0.1.4"
notes = "No changes to safety-relevant code"

[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.4.2"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.

The initial version of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/a59c3c448941f92f870d0c18c6d53d5c6104ab72
The CL description contains a link to a Google-internal document with audit details.
"""

[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.5.2"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no
hits except for 3 `unsafe impl bytemuck::SomeTrait for ...`.  Each `impl` had a
reasonable safety comment and there were no actual `unsafe` blocks, so I think
this can be treated as `ub-risk-1`.  Additional `unsafe` review comments can be
found in https://crrev.com/c/5445719.

For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""

[[audits.font-types]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.4.2 -> 0.4.3"
notes = "Reviewed in https://crrev.com/c/5362378. No new use of unsafe."

[[audits.font-types]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.2 -> 0.5.3"

[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.3 -> 0.5.4"
notes = """
The delta just adds `impl From<GlyphId> for u32` - no impact on `unsafe impl`s
elsewhere.
"""

[[audits.font-types]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.4 -> 0.5.5"
notes = "No unsafe changes."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.5 -> 0.6.0"
notes = "This change comprises changes to understand larger GlyphId and compatibility with older Mac TrueType fonts. No unsafe code is introduced."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.6.0 -> 0.7.1"
notes = "No new unsafe, mostly changes about int24 as a new OpenType type, and moving Pen from Skrifa."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.7.1 -> 0.7.2"
notes = "Explicit inlining of some type conversion. No new unsafe."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.7.2 -> 0.7.3"
notes = "Wrapping math for Fixed type, no new unsafe."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.7.3 -> 0.8.2"
notes = "No new unsafe, more inlining, checked add. Minor spec compliance issues."

[[audits.font-types]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.8.2 -> 0.8.3"
notes = "Changes to reading IndexSubtable, reverting adding Tag::NULL associated constant."

[[audits.getrandom]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.2.11"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.getrandom]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "0.2.11 -> 0.2.12"

[[audits.getrandom]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.2.12 -> 0.2.14"

[[audits.getrandom]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.2.14 -> 0.2.15"

[[audits.glob]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.3.1"
notes = """
No unsafe. The crate's purpose is to find files based on a glob, so it
uses the fs module for that and returns lists of paths. There's no net
usage or crypto.
"""

[[audits.glob]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.3.1 -> 0.3.2"
notes = "Still no unsafe"

[[audits.heck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.4.1"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.

`heck` (version `0.3.3`) has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""

[[audits.hex-literal]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.1"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.icu_calendar]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Contains no unsafe"

[[audits.icu_calendar_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_capi]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Despite being an FFI crate, it is 100% safe code since it uses Diplomat for bindings."

[[audits.icu_casemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Safety review: One bit of unsafe DST construction from constant values. One checklisted ULE impl for a simple type wrapping RawBytesULE."

[[audits.icu_casemap_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_collator]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
 - enum construction from discriminant with masks or other checks
 - from_u32 for Hangul Jamo, with math that is in range
 - from_u32 from a packed type that maintains a valid char invariant
"""

[[audits.icu_collator_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_collections]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.0.0-beta1"
notes = """
Two instances of unsafe :
 - Non-safety related unsafe API that imposes additional invariants
 - `from_utf8` for known-UTF8 integer

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""

[[audits.icu_datetime]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
  - Checklisted ULE impls
  - from-utf8 code based on type invariants

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""

[[audits.icu_datetime_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_decimal]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Contains no unsafe"

[[audits.icu_decimal_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_experimental]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.2.0"

[[audits.icu_experimental_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.2.0-dev"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_list]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.0.0-beta1"
notes = "Simple well-commented unsafe around regex-automata DFA construction."

[[audits.icu_list_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_locale]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Covariant transform transmute; since rustc does not understand that ZeroMap is invariant"

[[audits.icu_locale_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
  - A checklisted ULE impl
  - from-utf8 code on known-ASCII
  - Some unchecked indexing around maintained invariants

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""

[[audits.icu_locale_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_normalizer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "2.0.0-beta1"

[[audits.icu_normalizer_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_pattern]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.3.0"
notes = """
Simple unsafe around repr(transparent), and one checklist-commented VarULE impl.

Comments improved in https://github.com/unicode-org/icu4x/pull/6056
"""

[[audits.icu_plurals]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.0.0-beta1"
notes = """
Unsafe code pertaining to checklisted ULE/VarULE impls.

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""

[[audits.icu_plurals_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_properties]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "2.0.0-beta1"

[[audits.icu_properties_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_provider]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
  - Minor unsafe transmutes between types which are identical but not type-system-provably so.
  - One unsafe EqULE impl
  - Some repr(transparent) transmutes
  - A from_utf8_unchecked for an ascii-validated string

Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056
"""

[[audits.icu_provider_adapters]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Contains no unsafe"

[[audits.icu_provider_baked]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "2.0.0-beta1"

[[audits.icu_provider_macros]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Does not contain any unsafe code"

[[audits.icu_segmenter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.0.0-beta1"
notes = "Unsafe code pertaining to unchecked indexing, with length checks right before it"

[[audits.icu_segmenter_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.icu_timezone]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0-beta1"
notes = "Simple, commented unsafe code around string mutation with checked ASCII-only bytes"

[[audits.icu_timezone_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"

[[audits.indexmap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "2.7.1"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`
and there were no hits.

There is a little bit of `unsafe` Rust code - the audit can be found at
https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2
'''

[[audits.itertools]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.11.0"
notes = """
This is 12K lines of code, plus 6K lines of tests and benchmarks.
It has minimal use of unsafe and so I have paged though it all with \"::\"
highlighted and paid attention to which imported functions are being called.
"""

[[audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.10"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

There are a few places where `unsafe` is used.  Unsafe review notes can be found
in https://crrev.com/c/5350697.

Version 1.0.1 of this crate has been added to Chromium in
https://crrev.com/c/3321896.
'''

[[audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.10 -> 1.0.11"
notes = """
Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits:

* Bumping up the version
* A touch up of comments
* And my own PR to make `unsafe` blocks more granular:
  https://github.com/dtolnay/itoa/pull/42
"""

[[audits.itoa]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.11 -> 1.0.14"
notes = """
Unsafe review at https://crrev.com/c/6051067
"""

[[audits.itoa]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.14 -> 1.0.15"
notes = "Only minor rustdoc changes."

[[audits.ixdtf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.3.0"
notes = "Contains no unsafe"

[[audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.4.0"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

There are two places where `unsafe` is used.  Unsafe review notes can be found
in https://crrev.com/c/5347418.

This crate has been added to Chromium in https://crrev.com/c/3321895.
'''

[[audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.4.0 -> 1.5.0"
notes = "Unsafe review notes: https://crrev.com/c/5650836"

[[audits.libm]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.2.11"

[[audits.litemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.7.4"
notes = "Contains no unsafe"

[[audits.litemap]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.7.4 -> 0.7.5"
notes = "Delta implements the entry API but doesn't add or change any unsafe code."

[[audits.log]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.4.22"
notes = """
Unsafe review in https://docs.google.com/document/d/1IXQbD1GhTRqNHIGxq6yy7qHqxeO4CwN5noMFXnqyDIM/edit?usp=sharing

Unsafety is generally very well-documented, with one exception, which we
describe in the review doc.
"""

[[audits.log]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.20 -> 0.4.21"
notes = """
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.  I also skimmed
through the 0.4.20 => 0.4.21 delta and there was no new crypto-related code AFAICT.
"""

[[audits.log]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.21 -> 0.4.22"

[[audits.log]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.4.22 -> 0.4.25"
notes = "No impact on `unsafe` usage in `lib.rs`."

[[audits.log]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.4.25 -> 0.4.26"
notes = "Only trivial code and documentation changes."

[[audits.memchr]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "2.7.2 -> 2.7.4"

[[audits.minimal-lexical]]
who = "danakj@chromium.org"
criteria = "ub-risk-3"
version = "0.2.1"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4977110
- Unsound unsafe blocks present.
- Safe traits that can cause soundness bugs.
"""

[[audits.miniz_oxide]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.7.4"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits, except for some mentions of "unsafe" in the `README.md`
and in a comment in `src/deflate/core.rs`.  The comment discusses whether a
function should be treated as unsafe, but there is no actual `unsafe` code, so
the crate meets the `ub-risk-0` criteria.

Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''

[[audits.miniz_oxide]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.7.4 -> 0.8.0"
notes = '''
This delta audit has been reviewed in https://crrev.com/c/5811890

The delta can be inspected at https://diff.rs/miniz_oxide/0.7.4/0.8.0
and is fairly small (changes related to `const fn` and to `adler2`
switch).

I've grepped for `-i cipher`, `-i crypto`, `\bfs\b`, `\bnet\b`, and
`\bunsafe\b`.  There were no hits (except for comments in `core.rs`
and in `Readme.md`).
'''

[[audits.miniz_oxide]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.8.0 -> 0.8.2"

[[audits.miniz_oxide]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.8.2 -> 0.8.3"

[[audits.miniz_oxide]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.8.3 -> 0.8.4"
notes = "No big changes. Replaces some array with Box and other minor changes."

[[audits.miniz_oxide]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.8.4 -> 0.8.5"
notes = "No additions of or changes to unsafe code. Delta consists of a bug fix + cleanups/changes to make it easier for the compiler to elide checks."

[[audits.nom]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-1"]
version = "7.1.3"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""

[[audits.num-bigint]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.4.6"

[[audits.num-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.1.46"
notes = "Contains no unsafe"

[[audits.num-rational]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.4.2"
notes = "Contains no unsafe"

[[audits.num-traits]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.2.19"
notes = "Contains a single line of float-to-int unsafe with decent safety comments"

[[audits.png]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.17.13"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits except for reasonable, client-controlled usage of
`std::fs::File` in tests in `src/encoder.rs`, tests in `src/decoder/stream.rs`,
and in some example code.

Note that some additional, internal notes about an older version of this crate
can be found at go/image-crate-chromium-security-review.
'''

[[audits.png]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.17.13 -> 0.17.14"

[[audits.png]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.17.14 -> 0.17.15"

[[audits.png]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.17.15 -> 0.17.16"

[[audits.potential_utf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.1.0"
notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly."

[[audits.ppv-lite86]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.2.17"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.ppv-lite86]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.2.17 -> 0.2.20"
notes = "Using zerocopy to reduce unsafe usage."

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.78"
notes = """
Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for a benign \"fs\" hit in a doc comment)

Notes from the `unsafe` review can be found in https://crrev.com/c/5385745.
"""

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.69 -> 1.0.76"
notes = """
1.0.69 has been previously audited as \"safe-to-run\",
\"does-not-implement-crypto\" - see
https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L3939-L3979
The \"1.0.69 -> 1.0.76\" delta meets the same criteria.

This is an incremental/delta audit - we don't claim any particular `ub-risk-N`
level for the baseline or for the final version.  OTOH note that additional
uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the
**delta**  was evaluated as `ub-risk-2`.  There are some new `unsafe` blocks
but they seem sound - additional `unsafe` audit notes can be found in
https://crrev.com/c/5178771/comment/32dbab4e_c7402137 and
https://crrev.com/c/5178771/4/third_party/rust/chromium_crates_io/vendor/proc-macro2-1.0.76/src/wrapper.rs#783
"""

[[audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.78 -> 1.0.79"

[[audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.79 -> 1.0.80"

[[audits.proc-macro2]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.80 -> 1.0.81"
notes = "Comment changes only"

[[audits.proc-macro2]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.81 -> 1.0.82"

[[audits.proc-macro2]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.82 -> 1.0.83"
notes = "Substantive change is replacing String with Box<str>, saving memory."

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.83 -> 1.0.84"
notes = "Only doc comment changes in `src/lib.rs`."

[[audits.proc-macro2]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.84 -> 1.0.85"
notes = "Test-only changes."

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.85 -> 1.0.86"
notes = """
Comment-only changes in `build.rs`.
Reordering of `Cargo.toml` entries.
Just bumping up the version number in `lib.rs`.
Config-related changes in `test_size.rs`.
"""

[[audits.proc-macro2]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.86 -> 1.0.87"
notes = "No new unsafe interactions."

[[audits.proc-macro2]]
who = "Liza Burakova <liza@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.87 -> 1.0.89"
notes = """
Biggest change is adding error handling in build.rs.
Some config related changes in wrapper.rs.
"""

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.89 -> 1.0.92"
notes = """
I looked at the delta and the previous discussion at
https://chromium-review.googlesource.com/c/chromium/src/+/5385745/3#message-a8e2813129fa3779dab15acede408ee26d67b7f3
and the changes look okay to me (including the `unsafe fn from_str_unchecked`
changes in `wrapper.rs`).
"""

[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.92 -> 1.0.93"
notes = "No `unsafe`-related changes."

[[audits.proc-macro2]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.93 -> 1.0.94"
notes = "Minor doc changes and clippy lint adjustments+fixes."

[[audits.prost]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.12.3"

[[audits.prost]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.3 -> 0.12.4"

[[audits.prost]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.4 -> 0.12.6"
notes = "No concerning changes for safe-to-run."

[[audits.prost]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.6 -> 0.13.3"

[[audits.prost]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.13.3 -> 0.13.4"

[[audits.prost]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.13.4 -> 0.13.5"
notes = "Touches one function with unsafe inside, but it only adds the const keyword so should not really change anything. Converts a `from` to `as` as well."

[[audits.prost-derive]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.12.3"

[[audits.prost-derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.12.3 -> 0.12.5"

[[audits.prost-derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.5 -> 0.12.6"
notes = "No changes here; presumably a bump of the `prost` crate."

[[audits.prost-derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.6 -> 0.13.3"

[[audits.prost-derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.13.3 -> 0.13.4"
notes = "No code changes in this delta."

[[audits.prost-derive]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.13.4 -> 0.13.5"
notes = "No code changes in this delta."

[[audits.qr_code]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0"
notes = """
* This crate was imported into Chromium back in May 2023:
    - CL: https://crrev.com/c/4497329
    - Google-internal audit notes: go/qr-code-chromium-security-review
* Certification today is mostly based on the old audit.
  The only checks performed today are:
    - `grep`ped for `unsafe` and verified that the only hit comes
      from `#![forbid(unsafe_code)]`
"""

[[audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.0.33"
notes = 'Grepped for `\bunsafe\b` - there were no hits'

[[audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.35"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"net\" hit in tests and \"fs\" hit in README.md)
"""

[[audits.quote]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.35 -> 1.0.36"

[[audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.36 -> 1.0.37"
notes = """
The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
`primitive!` macro and 2) adds `impl ToTokens` for `CStr` and `CString`.
"""

[[audits.quote]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.37 -> 1.0.38"
notes = "Still no unsafe"

[[audits.quote]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.38 -> 1.0.39"
notes = "Only minor changes for clippy lints and documentation."

[[audits.rand]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.8.5"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rand_chacha]]
who = "Allen Webb <allenwebb@google.com>"
criteria = "crypto-safe"
version = "0.3.1"
notes = """
This crate doesn't actually implement ChaCha, it uses the implementation in
`c2-chacha`.  Note that this review has been internally tracked in b/330501364.
"""

[[audits.rand_pcg]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.3.1"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.read-fonts]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.19.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for a benign \"fs\" hit in a comment).

For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.25.3"
notes = """
Fixes for hdmx processing (use explicit record size), overflow fixes for packed
point numbers. Fixes for midpoint computation, and follow-up fix to reinstate
FreeType equivalence. Feature gating experimential spec features.
"""

[[audits.read-fonts]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.0 -> 0.19.1"

[[audits.read-fonts]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.1 -> 0.19.2"
notes = """
The delta is a bug fix in `src/tables/cmap.rs`.
No new `unsafe` - still `ub-risk-0`.
"""

[[audits.read-fonts]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.2 -> 0.19.3"
notes = "No unsafe."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.3 -> 0.20.0"
notes = """
Contains changes for:
* Adding IntSet, SparseBitSet
* Support for VARC
* Improved AAT support
* Fuzzer overflow fixes, and avoiding timeouts in CMAP
* Closure computations for subsetting of COLR
* large glyphId support.
"""

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.20.0 -> 0.22.0"
notes = "Changes for incremental font transfer, Ankr, Feat tables, and support for getting access to the SVG document from the SVG table, as well as Avar2."

[[audits.read-fonts]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.0 -> 0.22.1"

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.1 -> 0.22.3"
notes = "Support for the hdmx table, inlining optimizations. Crate has no unsafe code."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.3 -> 0.23.0"
notes = "More lenient parsing of CFF fonts with invalid BlueValues, incremental font transfer implementation of glyph keyed patching. No unsafe code in crate."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.23.0 -> 0.23.2"
notes = "Some IFT changes, and better compatibility with empty PrivateDict in CFF."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.25.3 -> 0.26.0"
notes = "Added min_byte_range() method, expose IndexSubtableList for bitmaps. No new unsafe. Gvar delta API changes."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.26.0 -> 0.27.1"
notes = "IFT impl behind feature flag."

[[audits.read-fonts]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.27.1 -> 0.27.2"
notes = "CFF charsets support, font_builder related changes, clippy fixes."

[[audits.regex]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.10.2"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.regex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.2 -> 1.10.3"

[[audits.regex]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.3 -> 1.10.4"
notes = "Docs changes only."

[[audits.regex]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.4 -> 1.10.5"

[[audits.regex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.5 -> 1.10.6"
notes = "The delta has minimal changes in `pattern.rs`."

[[audits.regex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.6 -> 1.11.0"

[[audits.regex]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.11.0 -> 1.11.1"

[[audits.regex-automata]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.3"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.regex-automata]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.3 -> 0.4.5"

[[audits.regex-automata]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.5 -> 0.4.6"
notes = "Reviewed in https://crrev.com/c/5362200"

[[audits.regex-automata]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.6 -> 0.4.7"

[[audits.regex-automata]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.7 -> 0.4.8"

[[audits.regex-automata]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.8 -> 0.4.9"
notes = "New API: `BuildError.is_size_limit_exceeded`."

[[audits.regex-syntax]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.8.2"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.regex-syntax]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.8.5"
notes = "Contains no unsafe"

[[audits.regex-syntax]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.8.2 -> 0.8.3"

[[audits.regex-syntax]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.8.3 -> 0.8.4"

[[audits.regex-syntax]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.8.4 -> 0.8.5"

[[audits.relative-path]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.9.3"
notes = """
There is no net or fs usage, no crypto.
There is unsafe to convert pointers from str to RelativePath, where the latter
is a transparent wrapper around str so the pointer will be to a valid
type/value always.
"""

[[audits.rstest]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.17.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rstest]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.17.0 -> 0.22.0"
notes = "No new unsafe. fs and net usage, but only in its own tests."

[[audits.rstest_macros]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.17.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rstest_macros]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.22.0"
notes = """
There is no fs or net usage directly, though there is fs
usage through the glob crate to get lists of files if the user
asks for it in their macro.

There is no unsafe. Scanned through all the code.
"""

[[audits.rstest_reuse]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.5.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rstest_reuse]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.5.0 -> 0.7.0"
notes = "No new unsafe, looked through the changes which were minimal."

[[audits.rust_decimal]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.36.0"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits except:

* Some reasonable `fs` usage in `build.rs`, under `make/scripts`, in one test
* A single `unsafe` usage in one test.  I think this still qualifies this crate
  as `ub-risk-0`.  FWIW the test usage seems sound - see:
  https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2/third_party/rust/chromium_crates_io/vendor/rust_decimal-1.36.0/tests/decimal_tests.rs
'''

[[audits.rustc-demangle]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.23"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rustc-demangle]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.23 -> 0.1.24"

[[audits.rustc_version]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.rustc_version]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.0 -> 0.4.1"
notes = "No unsafe, net or fs."

[[audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.0.14"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for:

* Using trivially-safe `unsafe` in test code:

    ```
    tests/test_const.rs:unsafe fn _unsafe() {}
    tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
    ```

* Using `unsafe` in a string:

    ```
    src/constfn.rs:            \"unsafe\" => Qualifiers::Unsafe,
    ```

* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
  which is later read back via `include!` used in `src/lib.rs`.

Version `1.0.6` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""

[[audits.rustversion]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.14 -> 1.0.15"

[[audits.rustversion]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.15 -> 1.0.16"

[[audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.16 -> 1.0.17"
notes = "Just updates windows compat"

[[audits.rustversion]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.17 -> 1.0.18"

[[audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.18 -> 1.0.19"
notes = "No unsafe, just doc changes"

[[audits.rustversion]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.19 -> 1.0.20"
notes = "Only minor updates to documentation and the mock today used for testing."

[[audits.semver]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.20"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.20 -> 1.0.21"

[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.21 -> 1.0.22"

[[audits.semver]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.22 -> 1.0.23"

[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.23 -> 1.0.24"
notes = "Minor, `ptr_eq`-related changes."

[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.24 -> 1.0.25"
notes = "No changes in `.rs` files except `doc` attribute changes in `lib.rs`."

[[audits.semver]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.25 -> 1.0.26"
notes = "Only minor documentation updates."

[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.197"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.

There were some hits for `net`, but they were related to serialization and
not actually opening any connections or anything like that.

There were 2 hits of `unsafe` when grepping:
* In `fn as_str` in `impl Buf`
* In `fn serialize` in `impl Serialize for net::Ipv4Addr`

Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this
review also covered `serde_json_lenient`).

Version 1.0.130 of the crate has been added to Chromium in
https://crrev.com/c/3265545.  The CL description contains a link to a
(Google-internal, sorry) document with a mini security review.
"""

[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.197 -> 1.0.198"

[[audits.serde]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.198 -> 1.0.201"

[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.201 -> 1.0.202"
notes = "Trivial changes"

[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.202 -> 1.0.203"
notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes"

[[audits.serde]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.203 -> 1.0.204"

[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.204 -> 1.0.207"
notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`."

[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.207 -> 1.0.209"
notes = """
The delta carries fairly small changes in `src/private/de.rs` and
`src/private/ser.rs` (see https://crrev.com/c/5812194/2..5).  AFAICT the
delta has no impact on the `unsafe`, `from_utf8_unchecked`-related parts
of the crate (in `src/de/format.rs` and `src/ser/impls.rs`).
"""

[[audits.serde]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.209 -> 1.0.210"
notes = "Almost no new code - just feature rearrangement"

[[audits.serde]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.210 -> 1.0.213"

[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.213 -> 1.0.214"
notes = "No unsafe, no crypto"

[[audits.serde]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.214 -> 1.0.215"

[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.215 -> 1.0.216"
notes = "The delta makes minor changes in `build.rs` - switching to the `?` syntax sugar."

[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.216 -> 1.0.217"
notes = "Minimal changes, nothing unsafe"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.0.193"
notes = 'Grepped for `\bunsafe\b` - there were no hits'

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.195"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.196"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.197"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"

[[audits.serde_derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.197 -> 1.0.201"

[[audits.serde_derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.201 -> 1.0.202"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.202 -> 1.0.203"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"

[[audits.serde_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.203 -> 1.0.204"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.204 -> 1.0.207"
notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits'

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.207 -> 1.0.209"
notes = '''
There are no code changes in this delta - see https://crrev.com/c/5812194/2..5

I've neverthless also grepped for `-i cipher`, `-i crypto`, `\bfs\b`,
`\bnet\b`, and `\bunsafe\b`.  There were no hits.
'''

[[audits.serde_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.209 -> 1.0.210"
notes = "Almost no new code - just feature rearrangement"

[[audits.serde_derive]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.210 -> 1.0.213"
notes = "Grepped for 'unsafe', 'crypt', 'cipher', 'fs', 'net' - there were no hits"

[[audits.serde_derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.213 -> 1.0.214"
notes = "No changes to unsafe, no crypto"

[[audits.serde_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.214 -> 1.0.215"
notes = "Minor changes should not impact UB risk"

[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.215 -> 1.0.216"
notes = "The delta adds `#[automatically_derived]` in a few places.  Still no `unsafe`."

[[audits.serde_derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.216 -> 1.0.217"
notes = "No changes"

[[audits.serde_json]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.108"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.108 -> 1.0.111"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.111 -> 1.0.113"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.113 -> 1.0.114"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.114 -> 1.0.115"

[[audits.serde_json]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.115 -> 1.0.116"
notes = "No changes that affect safety to run, and no crypto"

[[audits.serde_json]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.116 -> 1.0.117"

[[audits.serde_json]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.117 -> 1.0.120"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.120 -> 1.0.122"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.122 -> 1.0.124"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.124 -> 1.0.127"

[[audits.serde_json]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.127 -> 1.0.128"

[[audits.serde_json]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.128 -> 1.0.132"
notes = """
Methods moved into new deserializer trait in de.rs.
New methods for converting Number to i128 or u128 in number.rs
No new unsafe changes.
"""

[[audits.serde_json]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.132 -> 1.0.133"
notes = "No changes affecting safety-to-run and still no crypto"

[[audits.serde_json]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.133 -> 1.0.134"

[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.134 -> 1.0.137"

[[audits.serde_json]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.137 -> 1.0.138"

[[audits.serde_json]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.138 -> 1.0.140"
notes = "Only minor fixes for clippy and documentation updates."

[[audits.serde_json_lenient]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.1.8"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.

There were some hits for `fs` and `net`, but they were in comments.

Unsafe review comments can be found in https://crrev.com/c/5350573/2.
There were 8 hits of `unsafe` when grepping.

Version 0.1.4 of the crate was added to Chromium in
https://crrev.com/c/3511416.
"""

[[audits.serde_json_lenient]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.1.8 -> 0.2.0"
notes = """
Reviewed in https://crrev.com/c/5361256
"""

[[audits.serde_json_lenient]]
who = "djmitche@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.2.0 -> 0.2.1"
notes = """
Reviewed in https://crrev.com/c/5385822
"""

[[audits.serde_json_lenient]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.2.1 -> 0.2.3"

[[audits.serde_json_lenient]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.2.3 -> 0.2.4"

[[audits.sfv]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.9.4"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits.
'''

[[audits.sfv]]
who = "amarjotgill <amarjotgill@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.10.4"

[[audits.simd-adler32]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.3.7"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

Audit comments for 1.3.2 can be found at https://crrev.com/c/4723145.
"""

[[audits.skrifa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.19.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"fs\" hit in `skrifa-0.19.0/src/color/traversal_tests/mod.rs`).

For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""

[[audits.skrifa]]
who = "drott@chromium.org"
criteria = ["ub-risk-1", "safe-to-deploy", "does-not-implement-crypto"]
delta = "0.15.2 -> 0.15.4"

[[audits.skrifa]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-0"]
delta = "0.19.0 -> 0.19.1"
notes = "Crate has `forbid_unsafe` and no unsafe code. Changes all appear font-related and safe."

[[audits.skrifa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.1 -> 0.19.2"

[[audits.skrifa]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.2 -> 0.19.3"

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.3 -> 0.20.0"
notes = "Contains mainly preparatory autohint changes and data tables."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.20.0 -> 0.22.0"
notes = "Changes for adding autohinting support. Crates forbids unsafe code."

[[audits.skrifa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.0 -> 0.22.1"

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.1 -> 0.22.3"
notes = "Matching FreeType advances more closely, through usage of hdmx and other fixes. Path retrieval speedups."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.22.3 -> 0.23.0"
notes = "Incremental Font Transfer patchset implementation removed, important fixes for path retrievel from CFF fonts with empty PrivateDict."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.23.0 -> 0.24.0"
notes = "Skrifa updates for using wrapping arithmetic in CFF private dict parsing."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.24.0 -> 0.24.1"
notes = "COLRv1 bounds fix, fixes for underflows/overflows."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.24.1 -> 0.26.3"
notes = "Support for fonts that rely on hinting (like FreeType's \"tricky\" font detection). Overflow fixes, cycle detection in autohinting. cff overflow fixes."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.26.3 -> 0.26.4"
notes = "Improvements for computing advances for hinted variable fonts, when hvar is missing."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.26.4 -> 0.26.5"
notes = "Contains fixes for hdmx metrics for fonts such as Arimo, Tinos, Market Sans."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.26.5 -> 0.27.0"
notes = "Mostly a fuzzer fix, rejecting oversized composite outlines."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.27.0 -> 0.28.0"
notes = "Minor clippy fix."

[[audits.skrifa]]
who = "Dominik Röttsches <drott@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.28.0 -> 0.28.1"
notes = "Fix for gsub hang, limits to cmap 12 iterator."

[[audits.small_ctor]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.1"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.small_ctor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.1 -> 0.1.2"
notes = "I don't fully understand the changes in `lib.rs` but they seem to meet the low bar of `safe-to-run`."

[[audits.smallvec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto"]
version = "1.13.2"

[[audits.smallvec]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto"]
delta = "1.13.2 -> 1.14.0"
notes = """
WARNING: This certification is a result of a **partial** audit. The
`malloc_size_of` feature has **not** been audited. This feature does
not explicitly document its safety requirements.
See also https://chromium-review.googlesource.com/c/chromium/src/+/6275133/comment/ea0d7a93_98051a2e/
and https://github.com/servo/malloc_size_of/issues/8.
This feature is banned in gnrt_config.toml.
"""

[[audits.stable_deref_trait]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.2.0"
notes = "Purely a trait, crates using this should be carefully vetted since self-referential stuff can be super tricky around various unsafe rust edges."

[[audits.static_assertions]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits except for one `unsafe`.

The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code
never runs) and is only introduced for some compile-time checks.  Additional
unsafe review comments can be found in https://crrev.com/c/5353376.

This crate has been added to Chromium in https://crrev.com/c/3736562.  The CL
description contains a link to a document with an additional security review.
"""

[[audits.strck]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto"]
version = "1.0.0"

[[audits.strsim]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.10.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.strsim]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "0.11.0"
notes = "No `unsafe`"

[[audits.strsim]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.10.0 -> 0.11.0"

[[audits.strsim]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.11.0 -> 0.11.1"

[[audits.strum]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.25.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.strum_macros]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.25.3"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.syn]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.109"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.synstructure]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.13.1"
notes = "Exposes unsafe codegen APIs but does not itself contain unsafe"

[[audits.termcolor]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.termcolor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.4.0"
notes = "No `unsafe`."

[[audits.termcolor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.4.0 -> 1.4.1"

[[audits.tinystr]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.8.0"

[[audits.tinyvec]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.6.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for some \"unsafe\" appearing in comments:

```
src/arrayvec.rs:    // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on
src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the
src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this
src/lib.rs://! crate* introduces no new `unsafe` code into your project.
src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code
```

This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b
"""

[[audits.tinyvec]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.6.0 -> 1.6.1"

[[audits.tinyvec]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.6.1 -> 1.7.0"

[[audits.tinyvec]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.7.0 -> 1.8.0"

[[audits.tinyvec]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.8.0 -> 1.8.1"

[[audits.tinyvec]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.8.1 -> 1.9.0"
notes = """
Larger delta, but no unsafe code introduced. Deltas for:
- borsh (Binary Object Representation Serializer for Hashing) serialization/deserialization support behind the `borsh` feature.
- trait implementations to interoperate with the generic-array crate
- miscellaneous helper functions and support code, e.g. `into_vec()`.
"""

[[audits.unicode-bidi]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.3.18"
notes = "Contains one line of repr(transparent) unsafe"

[[audits.unicode-ident]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.12"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.

All two functions from the public API of this crate use `unsafe` to avoid bound
checks for an array access.  Cross-module analysis shows that the offsets can
be statically proven to be within array bounds.  More details can be found in
the unsafe review CL at https://crrev.com/c/5350386.

This crate has been added to Chromium in https://crrev.com/c/3891618.
'''

[[audits.unicode-ident]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.12 -> 1.0.13"
notes = "Lots of table updates, and tables are assumed correct with unsafe `.get_unchecked()`, so ub-risk-2 is appropriate"

[[audits.unicode-ident]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.13 -> 1.0.14"
notes = "Minimal delta in `.rs` files: new test assertions + doc changes."

[[audits.unicode-ident]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.14 -> 1.0.15"
notes = "No changes relevant to any of these criteria."

[[audits.unicode-ident]]
who = "Liza Burakova <liza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.15 -> 1.0.16"

[[audits.unicode-linebreak]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.1.5"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.

Version `0.1.2` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb
The CL description contains a link to a Google-internal document with audit details.
"""

[[audits.unicode-width]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.11"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.unicode-width]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.11 -> 0.1.12"

[[audits.unicode-width]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.12 -> 0.1.13"

[[audits.unicode-width]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.13 -> 0.1.14"

[[audits.utf16_iter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "1.0.5"

[[audits.utf8_iter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "1.0.4"

[[audits.winapi]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.3.9"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.winapi-util]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.6"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.winapi-util]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.6 -> 0.1.8"

[[audits.winapi-util]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.8 -> 0.1.9"
notes = "The delta only changes Cargo.toml."

[[audits.write16]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.0"
notes = "No unsafe code."

[[audits.writeable]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.6.0"
notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward."

[[audits.wycheproof]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""

[[audits.yoke]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto"]
version = "0.7.5"

[[audits.yoke-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.7.5"
notes = "Custom derive implementing the `Yokeable` trait. Generally generates simple code that asserts covariance."

[[audits.zerofrom]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.1.5"
notes = "Contains no unsafe"

[[audits.zerofrom-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.1.5"
notes = "Contains no unsafe"

[[audits.zerotrie]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.2.0"
notes = "Minor repr(transparent) unsafe code. Improved comments in https://github.com/unicode-org/icu4x/pull/6054"

[[audits.zerovec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.11.0"

[[audits.zerovec-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "does-not-implement-crypto"
version = "0.11.0"

[[trusted.hashbrown]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 2915 # Amanieu d'Antras (Amanieu)
start = "2019-04-02"
end = "2026-02-04"
notes = """
Chromium implicitly trusts the Rust toolchain (e.g. the `rustc` and
`cargo` binaries maintained and published by the
https://github.com/rust-lang organization and packaged and distributed
via Chromium's `tools/rust/package_rust.py` scripts).  Here we extend
this trust to the libraries that are maintained and published by
the same organization under https://github.com/rust-lang/hashbrown.

user-id 2915 maps to https://crates.io/users/Amanieu who has
published https://crates.io/crates/hashbrown/0.15.2
"""

[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 51017
start = "2020-03-17"
end = "2025-05-23"
notes = """
Chromium implicitly trusts the Rust toolchain (e.g. the `rustc` and
`cargo` binaries maintained and published by the
https://github.com/rust-lang organization and packaged and distributed
via Chromium's `tools/rust/package_rust.py` scripts).  Here we extend
this trust to the system libraries that are maintained and published by
the same organization.

user-id 51017 maps to https://crates.io/users/JohnTitor who has
published https://crates.io/crates/libc/0.2.154
"""

[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 5820
start = "2020-03-17"
end = "2025-05-23"
notes = """
Same justification as for the other `trusted.libc` entry above.

user-id 5820 maps to https://crates.io/users/the8472 who has published
https://crates.io/crates/libc/0.2.155
"""

[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 55123 # rust-lang-owner
start = "2024-08-15"
end = "2025-08-26"
notes = """
Same justification as for the other `trusted.libc` entry above.

user-id 55123 maps to https://crates.io/users/rust-lang-owner who has published
https://crates.io/crates/libc/0.2.158
"""

[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 55123 # rust-lang-owner
start = "2024-10-17"
end = "2025-10-24"
notes = """
Same justification as for the other `trusted.libc` entry above.

user-id 55123 maps to https://crates.io/users/rust-lang-owner who has published
https://crates.io/crates/libc/0.2.161
"""

[[trusted.libm]]
criteria = ["safe-to-deploy", "ub-risk-2"]
user-id = 55123 # rust-lang-owner
start = "2024-10-26"
end = "2026-02-02"

[[trusted.windows-sys]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-15"
end = "9999-05-15"
notes = """
This crate and its deps are published by Microsoft as the official Rust SDK for Windows APIs at https://github.com/microsoft/windows-rs

user-id 64539 maps to https://crates.io/users/kennykerr who has published version 0.52.0.
"""

[[trusted.windows-targets]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2022-09-09"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""

[[trusted.windows_aarch64_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-05"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""

[[trusted.windows_i686_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""

[[trusted.windows_x86_64_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""