xxchan commented on issue #6706:
❯ cargo vet Vetting Failed! 7 unvetted dependencies: equivalent:1.0.0 missing ["safe-to-deploy"] hashbrown:0.14.0 missing ["safe-to-deploy"] serde_spanned:0.6.3 missing ["safe-to-deploy"] toml:0.7.6 missing ["safe-to-deploy"] toml_datetime:0.6.3 missing ["safe-to-deploy"] toml_edit:0.19.12 missing ["safe-to-deploy"] winnow:0.4.8 missing ["safe-to-deploy"] recommended audits for safe-to-deploy: Command Publisher Used By Audit Size cargo vet diff toml 0.7.4 0.7.6 epage winch-tools, wasmtime-cache, and 3 others 3 files changed, 26 insertions(+), 15 deletions(-) NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml epage cargo vet inspect equivalent 1.0.0 cuviper indexmap 402 lines NOTE: this project trusts Josh Stone (cuviper) - consider cargo vet trust equivalent or cargo vet trust --all cuviper cargo vet inspect serde_spanned 0.6.3 epage toml and toml_edit 563 lines NOTE: this project trusts Ed Page (epage) - consider cargo vet trust serde_spanned or cargo vet trust --all epage cargo vet inspect toml_datetime 0.6.3 epage toml and toml_edit 976 lines NOTE: cargo vet import zcash would eliminate this NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml_datetime or cargo vet trust --all epage cargo vet diff hashbrown 0.13.2 0.14.0 Amanieu indexmap 23 files changed, 1885 insertions(+), 573 deletions(-) NOTE: cargo vet import zcash would eliminate this NOTE: this project trusts Amanieu d'Antras (Amanieu) - consider cargo vet trust hashbrown or cargo vet trust --all Amanieu cargo vet inspect toml_edit 0.19.12 epage toml 16229 lines NOTE: this project trusts Ed Page (epage) - consider cargo vet trust toml_edit epage cargo vet inspect winnow 0.4.8 epage toml_edit 26666 lines NOTE: this project trusts Ed Page (epage) - consider cargo vet trust winnow or cargo vet trust --all epage estimated audit backlog: 47335 lines Use |cargo vet certify| to record the audits.
xxchan commented on issue #6706:
cc @jameysharp
jameysharp commented on issue #6706:
I haven't forgotten about this.
For one thing, I got sidetracked looking at zstd due to your previous PR. Fixes to zstd bugs are merged now (gyscos/zstd-rs#231) so once that's released we should bump that too.
Meanwhile I've audited the changes to the
toml
crate itself and it's fine, but there are some larger changes in crates it depends on that I got a little stuck reading through.
Last updated: Dec 23 2024 at 13:07 UTC