github
/
cranelift
mirror of https://github.com/bytecodealliance/wasmtime.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10316 Commits
49 Branches
140 Tags
128 MiB
Tree: 8b245178a5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8b245178a5'
${ noResults }
cranelift/supply-chain/audits.toml

323 lines
9.0 KiB
Raw Normal View History

Enable cargo-vet (#4444) * Initialize cargo-vet on wasmtime. * Add cargo-vet to CI. * Add README.
2 years ago
# cargo-vet audits file
Add some more audits for my own crates (#4837) Mostly stuff that Firefox is using and asked me to publish audits for, but a couple are in our dep tree as well.
2 years ago
[[audits.arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "I am the author of this crate."
[[audits.arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.4"
notes = "I am the author of this crate."
Cranelift: Use bump allocation in `remove_constant_phis` pass (#4710) * Cranelift: Use bump allocation in `remove_constant_phis` pass This makes compilation 2-6% faster for Sightglass&#39;s bz2 benchmark: ``` compilation :: cycles :: benchmarks/bz2/benchmark.wasm Δ = 7290648.36 ± 4245152.07 (confidence = 99%) bump.so is 1.02x to 1.06x faster than main.so! [166388177 183238542.98 214732518] bump.so [172836648 190529191.34 217514271] main.so compilation :: cycles :: benchmarks/pulldown-cmark/benchmark.wasm No difference in performance. [182220055 225793551.12 277857575] bump.so [193212613 227784078.61 277175335] main.so compilation :: cycles :: benchmarks/spidermonkey/benchmark.wasm No difference in performance. [3848442474 4295214144.37 4665127241] bump.so [3969505457 4262415290.10 4563869974] main.so ``` * Add audit for `bumpalo` * Add an audit of `arrayvec` version 0.7.2 * Remove unnecessary `collect` into `Vec` I wasn&#39;t able to measure any perf difference here, but its nice to do anyways. * Use a `SecondaryMap` for keeping track of summaries
2 years ago
[[audits.arrayvec]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.7.2"
notes = """
Well documented invariants, good assertions for those invariants in unsafe code,
and tested with MIRI to boot. LGTM.
"""
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
[[audits.atty]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.14"
notes = """
Contains only unsafe code for what this crate's purpose is and only accesses
the environment's terminal information when asked. Does its stated purpose and
no more.
"""
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.backtrace]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.66"
notes = "I am the author of this crate."
Cranelift: Use bump allocation in `remove_constant_phis` pass (#4710) * Cranelift: Use bump allocation in `remove_constant_phis` pass This makes compilation 2-6% faster for Sightglass&#39;s bz2 benchmark: ``` compilation :: cycles :: benchmarks/bz2/benchmark.wasm Δ = 7290648.36 ± 4245152.07 (confidence = 99%) bump.so is 1.02x to 1.06x faster than main.so! [166388177 183238542.98 214732518] bump.so [172836648 190529191.34 217514271] main.so compilation :: cycles :: benchmarks/pulldown-cmark/benchmark.wasm No difference in performance. [182220055 225793551.12 277857575] bump.so [193212613 227784078.61 277175335] main.so compilation :: cycles :: benchmarks/spidermonkey/benchmark.wasm No difference in performance. [3848442474 4295214144.37 4665127241] bump.so [3969505457 4262415290.10 4563869974] main.so ``` * Add audit for `bumpalo` * Add an audit of `arrayvec` version 0.7.2 * Remove unnecessary `collect` into `Vec` I wasn&#39;t able to measure any perf difference here, but its nice to do anyways. * Use a `SecondaryMap` for keeping track of summaries
2 years ago
[[audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "3.9.1"
notes = "I am the author of this crate."
Optimize the WASI `random_get` implementation. (#4917) * Optimize the WASI `random_get` implementation. Use `StdRng` instead of the `OsRng` in the default implementation of `random_get`. This uses a userspace CSPRNG, making `random_get` 3x faster in simple benchmarks. * Update cargo-vet audits for cap-std 0.25.3. * Update all cap-std packages to 0.25.3.
2 years ago
[[audits.cap-fs-ext]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.25.3"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.cap-primitives]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.25.3"
notes = "The Bytecode Alliance is the author of this crate"
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
[[audits.cap-rand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
Optimize the WASI `random_get` implementation. (#4917) * Optimize the WASI `random_get` implementation. Use `StdRng` instead of the `OsRng` in the default implementation of `random_get`. This uses a userspace CSPRNG, making `random_get` 3x faster in simple benchmarks. * Update cargo-vet audits for cap-std 0.25.3. * Update all cap-std packages to 0.25.3.
2 years ago
version = "0.25.3"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.cap-std]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.25.3"
notes = "The Bytecode Alliance is the author of this crate"
[[audits.cap-tempfile]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-run"
version = "0.25.3"
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
notes = "The Bytecode Alliance is the author of this crate"
[[audits.cap-time-ext]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
Optimize the WASI `random_get` implementation. (#4917) * Optimize the WASI `random_get` implementation. Use `StdRng` instead of the `OsRng` in the default implementation of `random_get`. This uses a userspace CSPRNG, making `random_get` 3x faster in simple benchmarks. * Update cargo-vet audits for cap-std 0.25.3. * Update all cap-std packages to 0.25.3.
2 years ago
version = "0.25.3"
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.cc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.73"
notes = "I am the author of this crate."
[[audits.cfg-if]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
Add some more audits for my own crates (#4837) Mostly stuff that Firefox is using and asked me to publish audits for, but a couple are in our dep tree as well.
2 years ago
[[audits.derive_arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "I am the author of this crate."
[[audits.derive_arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.4"
notes = "I am the author of this crate."
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
[[audits.file-per-thread-logger]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.5"
notes = """
Contains no unsafe code but does write log files to the filesystem. Log files
are only created when requested by the application, however, and otherwise
only does its stated purpose.
"""
[[audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation."
Add some more audits for my own crates (#4837) Mostly stuff that Firefox is using and asked me to publish audits for, but a couple are in our dep tree as well.
2 years ago
[[audits.id-arena]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "2.2.1"
notes = "I am the author of this crate."
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
[[audits.is-terminal]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "Contains only unsafe code for interacting with the crate's intended purpose."
Add some more audits for my own crates (#4837) Mostly stuff that Firefox is using and asked me to publish audits for, but a couple are in our dep tree as well.
2 years ago
[[audits.leb128]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.5"
notes = "I am the author of this crate."
cranelift: Upgrade libm to 0.2.4 (#4670) * cranelift: Upgrade libm to 0.2.4 This resolves an issue with incorrect fmaf on the x86_64-pc-windows-gnu target under some inputs. See: #4517 * supply-chain: Vet `libm` 0.2.4
2 years ago
[[audits.libm]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.4"
notes = """
This diff primarily fixes a few issues with the `fma`-related functions,
but also contains some other minor fixes as well. Everything looks A-OK and
as expected.
"""
Add some audits for some low-hanging fruit (#4836) I looked through some of our smaller dependencies to vet them and add an audit for them. These were the ones that were all &#34;obviously correct&#34; to me before I ran out of steam reviewing other crates.
2 years ago
[[audits.memfd]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.6.1"
notes = """
Does not interact with the system in any way than otherwise instructed to.
Contains unsafe blocks but are encapsulated and required for the operation at
hand.
"""
Add some more audits for my own crates (#4837) Mostly stuff that Firefox is using and asked me to publish audits for, but a couple are in our dep tree as well.
2 years ago
[[audits.peeking_take_while]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."
Upgrade regalloc2 -&gt; 0.3.2 (#4603) Includes a modest improvement in memory usage and performance by removing analysis that was only used during fuzzing.
2 years ago
[[audits.regalloc2]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
delta = "0.3.1 -> 0.3.2"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.21"
notes = "I am the author of this crate."
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.system-interface]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.22.0"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.14.0"
notes = "The Bytecode Alliance is the author of this crate."
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.15.0"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.16.0"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wasm-mutate]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.5"
notes = "The Bytecode Alliance is the author of this crate."
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wasm-mutate]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.6"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wasm-mutate]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.7"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wasm-smith]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.11.2"
notes = "The Bytecode Alliance is the author of this crate."
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wasm-smith]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.11.3"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wasm-smith]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.11.4"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.87.0"
notes = "The Bytecode Alliance is the author of this crate."
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.88.0"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.89.0"
notes = "The Bytecode Alliance is the author of this crate."
[[audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.89.1"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wasmprinter]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.37"
notes = "The Bytecode Alliance is the author of this crate."
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wasmprinter]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.38"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wasmprinter]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.2.39"
notes = "The Bytecode Alliance is the author of this crate."
Fill out some initial audit metadata (#4527) This fills out a few items which come from the wasm-tools repository as well as a few crates that I&#39;m personally the author of.
2 years ago
[[audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "35.0.2"
notes = "The Bytecode Alliance is the author of this crate."
Bump wat/wast crates (#4524) * Bump wat/wast crates Pull in upstream updates, nothing major, just keeping up-to-date. * Record audit log for new crates
2 years ago
[[audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "44.0.0"
notes = "The Bytecode Alliance is the author of this crate"
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "45.0.0"
notes = "The Bytecode Alliance is the author of this crate"
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "46.0.0"
notes = "The Bytecode Alliance is the author of this crate."
Bump wat/wast crates (#4524) * Bump wat/wast crates Pull in upstream updates, nothing major, just keeping up-to-date. * Record audit log for new crates
2 years ago
[[audits.wat]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.46"
notes = "The Bytecode Alliance is the author of this crate."
Enable cargo-vet (#4444) * Initialize cargo-vet on wasmtime. * Add cargo-vet to CI. * Add README.
2 years ago
Add `*.wast` support for invoking components (#4526) This commit builds on bytecodealliance/wasm-tools#690 to add support to testing of the component model to execute functions when running `*.wast` files. This support is all built on #4442 as functions are invoked through a &#34;dynamic&#34; API. Right now the testing and integration is fairly crude but I&#39;m hoping that we can try to improve it over time as necessary. For now this should provide a hopefully more convenient syntax for unit tests and the like.
2 years ago
[[audits.wat]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.47"
notes = "The Bytecode Alliance is the author of this crate."
Upgrade wasm-tools crates, namely the component model (#4715) * Upgrade wasm-tools crates, namely the component model This commit pulls in the latest versions of all of the `wasm-tools` family of crates. There were two major changes that happened in `wasm-tools` in the meantime: * bytecodealliance/wasm-tools#697 - this commit introduced a new API for more efficiently reading binary operators from a wasm binary. The old `Operator`-based reading was left in place, however, and continues to be what Wasmtime uses. I hope to update Wasmtime in a future PR to use this new API, but for now the biggest change is... * bytecodealliance/wasm-tools#703 - this commit was a major update to the component model AST. This commit almost entirely deals with the fallout of this change. The changes made to the component model were: 1. The `unit` type no longer exists. This was generally a simple change where the `Unit` case in a few different locations were all removed. 2. The `expected` type was renamed to `result`. This similarly was relatively lightweight and mostly just a renaming on the surface. I took this opportunity to rename `val::Result` to `val::ResultVal` and `types::Result` to `types::ResultType` to avoid clashing with the standard library types. The `Option`-based types were handled with this as well. 3. The payload type of `variant` and `result` types are now optional. This affected many locations that calculate flat type representations, ABI information, etc. The `#[derive(ComponentType)]` macro now specifically handles Rust-defined `enum` types which have no payload to the equivalent in the component model. 4. Functions can now return multiple parameters. This changed the signature of invoking component functions because the return value is now bound by `ComponentNamedList` (renamed from `ComponentParams`). This had a large effect in the tests, fuzz test case generation, etc. 5. Function types with 2-or-more parameters/results must uniquely name all parameters/results. This mostly affected the text format used throughout the tests. I haven&#39;t added specifically new tests for multi-return but I changed a number of tests to use it. Additionally I&#39;ve updated the fuzzers to all exercise multi-return as well so I think we should get some good coverage with that. * Update version numbers * Use crates.io
2 years ago
[[audits.wat]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.48"
notes = "The Bytecode Alliance is the author of this crate."