From 85d70a154a16e369ad4b5ea8566615ab17b850dc Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Wed, 30 Nov 2022 08:46:45 -0800 Subject: [PATCH] Update audits --- supply-chain/config.toml | 8 -------- supply-chain/imports.lock | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 0c6dd16468f9..c59b1fa869f4 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -338,10 +338,6 @@ criteria = "safe-to-deploy" version = "0.10.0" criteria = "safe-to-deploy" -[[exemptions.half]] -version = "1.8.2" -criteria = "safe-to-run" - [[exemptions.hermit-abi]] version = "0.1.19" criteria = "safe-to-deploy" @@ -738,10 +734,6 @@ criteria = "safe-to-deploy" version = "1.0.137" criteria = "safe-to-deploy" -[[exemptions.serde_cbor]] -version = "0.11.2" -criteria = "safe-to-run" - [[exemptions.serde_derive]] version = "1.0.137" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index c89595997bcd..1cfb9fa28b7c 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -169,6 +169,16 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.6 -> 0.2.7" +[[audits.mozilla.audits.half]] +who = "John M. Schanck " +criteria = "safe-to-deploy" +version = "1.8.2" +notes = """ +This crate contains unsafe code for bitwise casts to/from binary16 floating-point +format. I've reviewed these and found no issues. There are no uses of ambient +capabilities. +""" + [[audits.mozilla.audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -288,6 +298,16 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.0.143 -> 1.0.144" +[[audits.mozilla.audits.serde_cbor]] +who = "R. Martinho Fernandes " +criteria = "safe-to-deploy" +version = "0.11.1" + +[[audits.mozilla.audits.serde_cbor]] +who = "John M. Schanck " +criteria = "safe-to-deploy" +delta = "0.11.1 -> 0.11.2" + [[audits.mozilla.audits.serde_derive]] who = "Mike Hommey " criteria = "safe-to-deploy"