github
/
cranelift
mirror of https://github.com/bytecodealliance/wasmtime.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11740 Commits
49 Branches
140 Tags
128 MiB
Tree: 8d9bbb81c9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d9bbb81c9'
${ noResults }
cranelift/supply-chain/imports.lock

702 lines
23 KiB
Raw Normal View History

Enable cargo-vet (#4444) * Initialize cargo-vet on wasmtime. * Add cargo-vet to CI. * Add README.
2 years ago
# cargo-vet imports lock
fuzz: randomize block lowering order (#6254) * fuzz: randomize block lowering order Co-authored-by: Moritz Waser <mzrw.dev@pm.me> Co-authored-by: Remo Senekowitsch <contact@remlse.dev> * fix block lowering order randomization Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * simplify control plane internals Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * avoid unnecessary allocations Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * remove unused change_order function Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * add arbitrary 1.3.0 to cargo vet imports lock Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * optimize ControlPlane::shuffle Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * clarify shuffle being a noop without chaos mode Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * reorder only direct successors of a block Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * rename get_permutation -> shuffled Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> --------- Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me>
2 years ago
[[publisher.arbitrary]]
version = "1.3.0"
when = "2023-03-13"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
wasmtime: Overhaul trampolines (#6262) This commit splits `VMCallerCheckedFuncRef::func_ptr` into three new function pointers: `VMCallerCheckedFuncRef::{wasm,array,native}_call`. Each one has a dedicated calling convention, so callers just choose the version that works for them. This is as opposed to the previous behavior where we would chain together many trampolines that converted between calling conventions, sometimes up to four on the way into Wasm and four more on the way back out. See [0] for details. [0] https://github.com/bytecodealliance/rfcs/blob/main/accepted/tail-calls.md#a-review-of-our-existing-trampolines-calling-conventions-and-call-paths Thanks to @bjorn3 for the initial idea of having multiple function pointers for different calling conventions. This is generally a nice ~5-10% speed up to our call benchmarks across the board: both Wasm-to-host and host-to-Wasm. The one exception is typed calls from Wasm to the host, which have a minor regression. We hypothesize that this is because the old hand-written assembly trampolines did not maintain a call frame and do a tail call, but the new Cranelift-generated trampolines do maintain a call frame and do a regular call. The regression is only a couple nanoseconds, which seems well-explained by these differences explain, and ultimately is not a big deal. However, this does lead to a ~5% code size regression for compiled modules. Before, we compiled a trampoline per escaping function's signature and we deduplicated these trampolines by signature. Now we compile two trampolines per escaping function: one for if the host calls via the array calling convention and one for it the host calls via the native calling convention. Additionally, we compile a trampoline for every type in the module, in case there is a native calling convention function from the host that we `call_indirect` of that type. Much of this is in the `.eh_frame` section in the compiled module, because each of our trampolines needs an entry there. Note that the `.eh_frame` section is not required for Wasmtime's correctness, and you can disable its generation to shrink compiled module code size; we just emit it to play nice with external unwinders and profilers. We believe there are code size gains available for follow up work to offset this code size regression in the future. Backing up a bit: the reason each Wasm module needs to provide these Wasm-to-native trampolines is because `wasmtime::Func::wrap` and friends allow embedders to create functions even when there is no compiler available, so they cannot bring their own trampoline. Instead the Wasm module has to supply it. This in turn means that we need to look up and patch in these Wasm-to-native trampolines during roughly instantiation time. But instantiation is super hot, and we don't want to add more passes over imports or any extra work on this path. So we integrate with `wasmtime::InstancePre` to patch these trampolines in ahead of time. Co-Authored-By: Jamey Sharp <jsharp@fastly.com> Co-Authored-By: Alex Crichton <alex@alexcrichton.com> prtest:full
2 years ago
[[publisher.bumpalo]]
version = "3.12.0"
when = "2023-01-17"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
fuzz: randomize block lowering order (#6254) * fuzz: randomize block lowering order Co-authored-by: Moritz Waser <mzrw.dev@pm.me> Co-authored-by: Remo Senekowitsch <contact@remlse.dev> * fix block lowering order randomization Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * simplify control plane internals Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * avoid unnecessary allocations Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * remove unused change_order function Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * add arbitrary 1.3.0 to cargo vet imports lock Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * optimize ControlPlane::shuffle Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * clarify shuffle being a noop without chaos mode Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * reorder only direct successors of a block Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> * rename get_permutation -> shuffled Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me> --------- Co-authored-by: Falk Zwimpfer <24669719+FalkZ@users.noreply.github.com> Co-authored-by: Moritz Waser <mzrw.dev@pm.me>
2 years ago
[[publisher.derive_arbitrary]]
version = "1.3.0"
when = "2023-03-13"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
cranelift: Update regalloc2 (#6327)
2 years ago
[[publisher.regalloc2]]
version = "0.8.1"
when = "2023-05-01"
user-id = 3726
user-login = "cfallin"
user-name = "Chris Fallin"
cargo-vet all remaining dependency bumps
2 years ago
[[publisher.unicode-segmentation]]
version = "1.10.1"
when = "2023-01-31"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.unicode-width]]
version = "0.1.9"
when = "2021-09-16"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
[[publisher.unicode-xid]]
version = "0.2.3"
when = "2022-05-02"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"
Update core dump generation in the cli to use wasm-encoder (#6306) * Update coredump generation in the cli to use wasm_encoder * Add deny.toml exception for wasm-encoder 0.25.0 * add missing newline * update custom section in fuzzing crate
2 years ago
[[publisher.wasm-encoder]]
version = "0.26.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wasm-encoder]]
version = "0.27.0"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Refactor test-programs to build modules and components (#6385) * wasi-tests and wasi-http-tests no longer have their own workspace * wasi-tests: fix warnings * rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs The style is cribbed from preview2-prototying repo, but I ended up refactoring it a bit. * better escaping should help with windows? * long form cap-std-sync and tokio test suites * convert wasi-http test * fixes, comments * apply cargo fmt to whole workspace * bump test-programs and wasi-http-tests to all use common dependency versions wit-bindgen 0.6.0 and wit-component 0.7.4 * add new audits * cargo vet prune * package and supply chain updates to fix vulnerabilities h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all * deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser prtest:full * convert more dependencies to { workspace = true } Alex asked me to do thsi for wit-component and wit-bindgen, and I found a few more (cfg-if, tempfile, filecheck, anyhow... I also reorganized the workspace dependencies section to make the ones our team maintains more clearly separated from our external dependencies. * test-programs build: ensure that the user writes a #[test] for each module, component * fix build of wasi-tests on windows * misspelled macos * mark wasi-tests crate test=false so we dont try building it natively... * mark wasi-http-tests test=false as well * try getting the cargo keys right * just exclude wasi-tests and wasi-http-tests in run-tests.sh * interesting paths fails on windows * misspelling so nice i did it twice * new cargo deny exception: ignore all of wit-bindgen's dependencies * auto-import wildcard vets
1 year ago
[[publisher.wasm-metadata]]
version = "0.3.1"
when = "2023-03-06"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
cargo-vet all remaining dependency bumps
2 years ago
[[publisher.wasm-metadata]]
version = "0.5.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Refactor test-programs to build modules and components (#6385) * wasi-tests and wasi-http-tests no longer have their own workspace * wasi-tests: fix warnings * rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs The style is cribbed from preview2-prototying repo, but I ended up refactoring it a bit. * better escaping should help with windows? * long form cap-std-sync and tokio test suites * convert wasi-http test * fixes, comments * apply cargo fmt to whole workspace * bump test-programs and wasi-http-tests to all use common dependency versions wit-bindgen 0.6.0 and wit-component 0.7.4 * add new audits * cargo vet prune * package and supply chain updates to fix vulnerabilities h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all * deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser prtest:full * convert more dependencies to { workspace = true } Alex asked me to do thsi for wit-component and wit-bindgen, and I found a few more (cfg-if, tempfile, filecheck, anyhow... I also reorganized the workspace dependencies section to make the ones our team maintains more clearly separated from our external dependencies. * test-programs build: ensure that the user writes a #[test] for each module, component * fix build of wasi-tests on windows * misspelled macos * mark wasi-tests crate test=false so we dont try building it natively... * mark wasi-http-tests test=false as well * try getting the cargo keys right * just exclude wasi-tests and wasi-http-tests in run-tests.sh * interesting paths fails on windows * misspelling so nice i did it twice * new cargo deny exception: ignore all of wit-bindgen's dependencies * auto-import wildcard vets
1 year ago
[[publisher.wasm-metadata]]
version = "0.6.0"
when = "2023-05-15"
Update wasm-tools crates (#6215) While bringing in no major updates for Wasmtime I've taken this opportunity to list myself for `cargo vet` with wildcard audits of this family of crates. That means I shouldn't need to further add any more entries in the future for updating these crates and additionally any other organizations using these audits will automatically be able to have audits for version that I publish. While here I also ran `cargo vet prune` which was able to remove a number of our exemptions.
2 years ago
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update to latest wasm-tools crates (#6378) * Update to latest wasm-tools crates This commit pushes through the full update of the wasm-tools crates through Wasmtime. There are two major features which changed, both related to components, which required updates in Wasmtime: * Resource types are now implemented in wasm-tools and they're not yet implemented in Wasmtime so I've stubbed out the integration point with panics as reminders to come back and implement them. * There are new validation rules about how aggregate types must be named. This doesn't affect runtime internals at all but was done on behalf of code generators. This did however affect a number of tests which have to ensure that types are exported. * Fix more tests * Add vet entries
2 years ago
[[publisher.wasm-mutate]]
version = "0.2.24"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wasm-mutate]]
version = "0.2.25"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update to latest wasm-tools crates (#6378) * Update to latest wasm-tools crates This commit pushes through the full update of the wasm-tools crates through Wasmtime. There are two major features which changed, both related to components, which required updates in Wasmtime: * Resource types are now implemented in wasm-tools and they're not yet implemented in Wasmtime so I've stubbed out the integration point with panics as reminders to come back and implement them. * There are new validation rules about how aggregate types must be named. This doesn't affect runtime internals at all but was done on behalf of code generators. This did however affect a number of tests which have to ensure that types are exported. * Fix more tests * Add vet entries
2 years ago
[[publisher.wasm-smith]]
version = "0.12.7"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wasm-smith]]
version = "0.12.8"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
cargo-vet all remaining dependency bumps
2 years ago
[[publisher.wasmparser]]
version = "0.104.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wasmparser]]
version = "0.105.0"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update to latest wasm-tools crates (#6378) * Update to latest wasm-tools crates This commit pushes through the full update of the wasm-tools crates through Wasmtime. There are two major features which changed, both related to components, which required updates in Wasmtime: * Resource types are now implemented in wasm-tools and they're not yet implemented in Wasmtime so I've stubbed out the integration point with panics as reminders to come back and implement them. * There are new validation rules about how aggregate types must be named. This doesn't affect runtime internals at all but was done on behalf of code generators. This did however affect a number of tests which have to ensure that types are exported. * Fix more tests * Add vet entries
2 years ago
[[publisher.wasmprinter]]
version = "0.2.56"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wasmprinter]]
version = "0.2.57"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update to latest wasm-tools crates (#6378) * Update to latest wasm-tools crates This commit pushes through the full update of the wasm-tools crates through Wasmtime. There are two major features which changed, both related to components, which required updates in Wasmtime: * Resource types are now implemented in wasm-tools and they're not yet implemented in Wasmtime so I've stubbed out the integration point with panics as reminders to come back and implement them. * There are new validation rules about how aggregate types must be named. This doesn't affect runtime internals at all but was done on behalf of code generators. This did however affect a number of tests which have to ensure that types are exported. * Fix more tests * Add vet entries
2 years ago
[[publisher.wast]]
version = "57.0.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wast]]
version = "58.0.0"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update to latest wasm-tools crates (#6378) * Update to latest wasm-tools crates This commit pushes through the full update of the wasm-tools crates through Wasmtime. There are two major features which changed, both related to components, which required updates in Wasmtime: * Resource types are now implemented in wasm-tools and they're not yet implemented in Wasmtime so I've stubbed out the integration point with panics as reminders to come back and implement them. * There are new validation rules about how aggregate types must be named. This doesn't affect runtime internals at all but was done on behalf of code generators. This did however affect a number of tests which have to ensure that types are exported. * Fix more tests * Add vet entries
2 years ago
[[publisher.wat]]
version = "1.0.63"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates to latest versions. (#6394) * Update wasm-tools crates to latest versions. This included stubbing out unimplemented GC-related things and updating coredump generation to include the coredump spec changes. * cargo vet * address review comments
2 years ago
[[publisher.wat]]
version = "1.0.64"
when = "2023-05-15"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
cargo-vet all remaining dependency bumps
2 years ago
[[publisher.wit-bindgen]]
version = "0.6.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wit-bindgen-core]]
version = "0.6.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wit-bindgen-rust]]
version = "0.6.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wit-bindgen-rust-lib]]
version = "0.6.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
[[publisher.wit-bindgen-rust-macro]]
version = "0.6.0"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Refactor test-programs to build modules and components (#6385) * wasi-tests and wasi-http-tests no longer have their own workspace * wasi-tests: fix warnings * rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs The style is cribbed from preview2-prototying repo, but I ended up refactoring it a bit. * better escaping should help with windows? * long form cap-std-sync and tokio test suites * convert wasi-http test * fixes, comments * apply cargo fmt to whole workspace * bump test-programs and wasi-http-tests to all use common dependency versions wit-bindgen 0.6.0 and wit-component 0.7.4 * add new audits * cargo vet prune * package and supply chain updates to fix vulnerabilities h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all * deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser prtest:full * convert more dependencies to { workspace = true } Alex asked me to do thsi for wit-component and wit-bindgen, and I found a few more (cfg-if, tempfile, filecheck, anyhow... I also reorganized the workspace dependencies section to make the ones our team maintains more clearly separated from our external dependencies. * test-programs build: ensure that the user writes a #[test] for each module, component * fix build of wasi-tests on windows * misspelled macos * mark wasi-tests crate test=false so we dont try building it natively... * mark wasi-http-tests test=false as well * try getting the cargo keys right * just exclude wasi-tests and wasi-http-tests in run-tests.sh * interesting paths fails on windows * misspelling so nice i did it twice * new cargo deny exception: ignore all of wit-bindgen's dependencies * auto-import wildcard vets
1 year ago
[[publisher.wit-component]]
version = "0.7.4"
when = "2023-03-10"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"
cargo-vet all remaining dependency bumps
2 years ago
[[publisher.wit-component]]
version = "0.8.2"
when = "2023-04-27"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Refactor test-programs to build modules and components (#6385) * wasi-tests and wasi-http-tests no longer have their own workspace * wasi-tests: fix warnings * rewrite the test-programs build.rs to generate {package}_modules.rs and _components.rs The style is cribbed from preview2-prototying repo, but I ended up refactoring it a bit. * better escaping should help with windows? * long form cap-std-sync and tokio test suites * convert wasi-http test * fixes, comments * apply cargo fmt to whole workspace * bump test-programs and wasi-http-tests to all use common dependency versions wit-bindgen 0.6.0 and wit-component 0.7.4 * add new audits * cargo vet prune * package and supply chain updates to fix vulnerabilities h2 upgraded from 0.3.16 -> 0.3.19 to fix vulnerability tempfile upgraded from 0.3.3 -> 0.3.5 to eliminate dep on vulnerable remove_dir_all * deny: temporarily allow duplicate wasm-encoder, wasmparser, wit-parser prtest:full * convert more dependencies to { workspace = true } Alex asked me to do thsi for wit-component and wit-bindgen, and I found a few more (cfg-if, tempfile, filecheck, anyhow... I also reorganized the workspace dependencies section to make the ones our team maintains more clearly separated from our external dependencies. * test-programs build: ensure that the user writes a #[test] for each module, component * fix build of wasi-tests on windows * misspelled macos * mark wasi-tests crate test=false so we dont try building it natively... * mark wasi-http-tests test=false as well * try getting the cargo keys right * just exclude wasi-tests and wasi-http-tests in run-tests.sh * interesting paths fails on windows * misspelling so nice i did it twice * new cargo deny exception: ignore all of wit-bindgen's dependencies * auto-import wildcard vets
1 year ago
[[publisher.wit-component]]
version = "0.9.0"
when = "2023-05-16"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update wasm-tools crates (#6215) While bringing in no major updates for Wasmtime I've taken this opportunity to list myself for `cargo vet` with wildcard audits of this family of crates. That means I shouldn't need to further add any more entries in the future for updating these crates and additionally any other organizations using these audits will automatically be able to have audits for version that I publish. While here I also ran `cargo vet prune` which was able to remove a number of our exemptions.
2 years ago
[[publisher.wit-parser]]
cargo-vet all remaining dependency bumps
2 years ago
version = "0.7.1"
when = "2023-04-27"
Update wasm-tools crates (#6215) While bringing in no major updates for Wasmtime I've taken this opportunity to list myself for `cargo vet` with wildcard audits of this family of crates. That means I shouldn't need to further add any more entries in the future for updating these crates and additionally any other organizations using these audits will automatically be able to have audits for version that I publish. While here I also ran `cargo vet prune` which was able to remove a number of our exemptions.
2 years ago
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"
Update `wasmprinter` and `wasm-mutate` deps (#5983) * Bump wasm-mutate and wasmprinter deps * Add wildcard audits for wasmprinter and wasm-mutate * Add wildcard audit for bumpalo
2 years ago
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla's aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
[[audits.embark-studios.audits.anyhow]]
who = "Johan Andersson <opensource@embark-studios.com>"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
criteria = "safe-to-deploy"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
version = "1.0.58"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
[[audits.embark-studios.audits.cty]]
who = "Johan Andersson <opensource@embark-studios.com>"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
criteria = "safe-to-deploy"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
version = "0.2.2"
notes = "Inspected it and is a tiny crate with just type definitions"
add supply chain audits for #5929&#39;s rustls changes (#6137) The `ring` crate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations. ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don&#39;t care about that platform, I added exemptions for all of these crates, so we don&#39;t have to audit them. The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.
2 years ago
[[audits.embark-studios.audits.webpki-roots]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.22.4"
notes = "Inspected it to confirm that it only contains data definitions and no runtime code"
Update a few dependencies to pull in `cargo vet` entries (#6247) This trims down the `[exemptions]` list ever-so-slightly by following the suggestions of `cargo vet suggest` and updating a few crates across some minor versions.
2 years ago
[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
Bump cargo-vet to 0.6.1 (#6110) * Bump cargo-vet to 0.6.1. * Add Fuchsia and prune.
2 years ago
[[audits.google.audits.libfuzzer-sys]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.miniz_oxide]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "0.6.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
cargo-vet all remaining dependency bumps
2 years ago
[[audits.google.audits.proc-macro-error-attr]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
Bump cargo-vet to 0.6.1 (#6110) * Bump cargo-vet to 0.6.1. * Add Fuchsia and prune.
2 years ago
[[audits.google.audits.static_assertions]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.1.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/main/cargo-vet/audits.toml?format=TEXT"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
[[audits.isrg.audits.block-buffer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"
[[audits.isrg.audits.opaque-debug]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.0"
[[audits.isrg.audits.universal-hash]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.4.1"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
add supply chain audits for #5929&#39;s rustls changes (#6137) The `ring` crate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations. ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don&#39;t care about that platform, I added exemptions for all of these crates, so we don&#39;t have to audit them. The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.
2 years ago
[[audits.isrg.audits.untrusted]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.7.1"
[[audits.isrg.audits.wasm-bindgen-shared]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.2.83"
cargo-vet all remaining dependency bumps
2 years ago
[[audits.mozilla.wildcard-audits.unicode-segmentation]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139
start = "2019-05-15"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-width]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139
start = "2019-12-05"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.wildcard-audits.unicode-xid]]
who = "Manish Goregaokar <manishsmail@gmail.com>"
criteria = "safe-to-deploy"
user-id = 1139
start = "2019-07-25"
end = "2024-05-03"
notes = "All code written or reviewed by Manish"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.57 -> 1.0.61"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
delta = "1.0.58 -> 1.0.57"
notes = "No functional differences, just CI config and docs."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.61 -> 1.0.62"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.62 -> 1.0.68"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.anyhow]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.69"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.autocfg]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "All code written or reviewed by Josh Stone."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
`cargo vet` audits for guest profiling support (#6284) These audits are necessary for in-process guest profiling support, currently under development in PR #6282.
2 years ago
[[audits.mozilla.audits.bitflags]]
who = "Alex Franchuk <afranchuk@mozilla.com>"
criteria = "safe-to-deploy"
delta = "1.3.2 -> 2.0.2"
notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.bitflags]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "2.0.2 -> 2.1.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Upgrade sha2 to 0.10.2 in wasmtime (#4749)
2 years ago
[[audits.mozilla.audits.crypto-common]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.6"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
wasmtime: In-process sampling profiler (#6282) * wasmtime: In-process sampling profiler Unlike the existing profiling options, this works on all platforms and does not rely on any external profiling tools like perf or VTune. On the other hand, it can only profile time spent in the WebAssembly guest, not in Wasmtime itself or other host code. Also it can&#39;t measure time as precisely as platform-native tools can. The profile is saved in the Firefox processed format, which can be viewed using https://profiler.firefox.com/. * Ensure func_offset is populated * Refactor * Review comments * Move GuestProfiler to the wasmtime crate * Document the new GuestProfiler API * Add TODO comments for future work * Use module_offset, not func_offset, as fallback PC * Minimize work done during `sample()` Use fxprof_processed_profile&#39;s support for looking up symbols to avoid looking up the same PC more than once per profile. * Keep profiler state in the store Also extend the documentation based on review comments. * Import debugid audit from Mozilla again
2 years ago
[[audits.mozilla.audits.debugid]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.8.0"
notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
[[audits.mozilla.audits.either]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.6.1"
notes = """
Straightforward crate providing the Either enum and trait implementations with
no unsafe code.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
Upgrade sha2 to 0.10.2 in wasmtime (#4749)
2 years ago
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.encoding_rs]]
who = "Henri Sivonen <hsivonen@hsivonen.fi>"
criteria = "safe-to-deploy"
version = "0.8.31"
notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Update several dependencies. (#6171) This updates to rustix 0.37.13, which contains some features we can use to implement more features in wasi-common for the wasi-sockets API. This also pulls in several other updates to avoid having multiple versions of rustix. This does introduce multiple versions of windows-sys, as the errno and tokio crates are currently using 0.45 while rustix and other dependencies have updated to 0.48; PRs updating these are already in flight so this will hopefully be resolved soon. It also includes cap-std 1.0.14, which disables the use of `openat2` and `statx` on Android, fixing a bug where some Android devices crash the process when those syscalls are executed.
2 years ago
[[audits.mozilla.audits.env_logger]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.9.3"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.env_logger]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.0"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.flagset]]
who = "Ryan Hunt <rhunt@eqrion.net>"
criteria = "safe-to-deploy"
version = "0.4.3"
notes = "Uses no ambient capabilities, vetted the one instance of unsafe."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.fnv]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.7"
notes = "Simple hasher implementation with no unsafe code."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.fxhash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.1"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Add a `wasmtime::component::bindgen!` macro (#5317) * Import Wasmtime support from the `wit-bindgen` repo This commit imports the `wit-bindgen-gen-host-wasmtime-rust` crate from the `wit-bindgen` repository into the upstream Wasmtime repository. I&#39;ve chosen to not import the full history here since the crate is relatively small and doesn&#39;t have a ton of complexity. While the history of the crate is quite long the current iteration of the crate&#39;s history is relatively short so there&#39;s not a ton of import there anyway. The thinking is that this can now continue to evolve in-tree. * Refactor `wasmtime-component-macro` a bit Make room for a `wit_bindgen` macro to slot in. * Add initial support for a `bindgen` macro * Add tests for `wasmtime::component::bindgen!` * Improve error forgetting `async` feature * Add end-to-end tests for bindgen * Add an audit of `unicase` * Add a license to the test-helpers crate * Add vet entry for `pulldown-cmark` * Update publish script with new crate * Try to fix publish script * Update audits * Update lock file
2 years ago
[[audits.mozilla.audits.half]]
who = "John M. Schanck <jschanck@mozilla.com>"
criteria = "safe-to-deploy"
version = "1.8.2"
notes = """
This crate contains unsafe code for bitwise casts to/from binary16 floating-point
format. I've reviewed these and found no issues. There are no uses of ambient
capabilities.
"""
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Add a `wasmtime::component::bindgen!` macro (#5317) * Import Wasmtime support from the `wit-bindgen` repo This commit imports the `wit-bindgen-gen-host-wasmtime-rust` crate from the `wit-bindgen` repository into the upstream Wasmtime repository. I&#39;ve chosen to not import the full history here since the crate is relatively small and doesn&#39;t have a ton of complexity. While the history of the crate is quite long the current iteration of the crate&#39;s history is relatively short so there&#39;s not a ton of import there anyway. The thinking is that this can now continue to evolve in-tree. * Refactor `wasmtime-component-macro` a bit Make room for a `wit_bindgen` macro to slot in. * Add initial support for a `bindgen` macro * Add tests for `wasmtime::component::bindgen!` * Improve error forgetting `async` feature * Add end-to-end tests for bindgen * Add an audit of `unicase` * Add a license to the test-helpers crate * Add vet entry for `pulldown-cmark` * Update publish script with new crate * Try to fix publish script * Update audits * Update lock file
2 years ago
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.hashbrown]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
version = "0.12.3"
notes = "This version is used in rust's libstd, so effectively we're already trusting it"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Add vet entries for coredump support (#5878) * Update the `num_cpus` crate Audits for this update provided from our import from Mozilla. * Add vet entries for coredump support
2 years ago
[[audits.mozilla.audits.hermit-abi]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.2.6"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.lazy_static]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = "I have read over the macros, and audited the unsafe code."
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
Add vet entries for coredump support (#5878) * Update the `num_cpus` crate Audits for this update provided from our import from Mozilla. * Add vet entries for coredump support
2 years ago
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.log]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
version = "0.4.17"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Add cargo-vet entries for dependency update (#5778) This adds vet entries for the updates being performed in #5513
2 years ago
[[audits.mozilla.audits.memoffset]]
who = "Gabriele Svelto <gsvelto@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.6.5 -> 0.7.1"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Add cargo-vet entries for dependency update (#5778) This adds vet entries for the updates being performed in #5513
2 years ago
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.num-integer]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.1.45"
notes = "All code written or reviewed by Josh Stone."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.num-iter]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.1.43"
notes = "All code written or reviewed by Josh Stone."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.num-traits]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.2.15"
notes = "All code written or reviewed by Josh Stone."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
Add vet entries for coredump support (#5878) * Update the `num_cpus` crate Audits for this update provided from our import from Mozilla. * Add vet entries for coredump support
2 years ago
[[audits.mozilla.audits.num_cpus]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.13.1 -> 1.14.0"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Add vet entries for coredump support (#5878) * Update the `num_cpus` crate Audits for this update provided from our import from Mozilla. * Add vet entries for coredump support
2 years ago
[[audits.mozilla.audits.num_cpus]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.14.0 -> 1.15.0"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Add vet entries for coredump support (#5878) * Update the `num_cpus` crate Audits for this update provided from our import from Mozilla. * Add vet entries for coredump support
2 years ago
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
[[audits.mozilla.audits.once_cell]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.12.0 -> 1.13.1"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Import cargo-vet audits from Mozilla (#4792) * Bump cargo-vet to 0.3. * Add Mozilla as a trusted import for audits.
2 years ago
Add cargo-vet updates for audit backlog. (#5708)
2 years ago
[[audits.mozilla.audits.once_cell]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.13.1 -> 1.16.0"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Add cargo-vet updates for audit backlog. (#5708)
2 years ago
cargo-vet all remaining dependency bumps
2 years ago
[[audits.mozilla.audits.proc-macro2]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.39"
notes = """
`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided
`proc_macro` crate, or as a fallback implementation of the crate, depending on
where it is used.
If using this crate on older versions of rustc (1.56 and earlier), it will
temporarily replace the panic handler while initializing in order to detect if
it is running within a `proc_macro`, which could lead to surprising behaviour.
This should not be an issue for more recent compiler versions, which support
`proc_macro::is_available()`.
The `proc-macro2` crate's fallback behaviour is not identical to the complex
behaviour of the rustc compiler (e.g. it does not perform unicode normalization
for identifiers), however it behaves well enough for its intended use-case
(tests and scripts processing rust code).
`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to
allow bypassing checks in the fallback implementation when constructing
`Literal` using `from_str_unchecked`. This was intended to only be used by the
`quote!` macro, however it has been removed
(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078),
and is likely completely unused. Even when used, this API shouldn't be able to
cause unsoundness.
"""
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.39 -> 1.0.43"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.43 -> 1.0.49"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.proc-macro2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.49 -> 1.0.51"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.quote]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.0.18"
notes = """
`quote` is a utility crate used by proc-macros to generate TokenStreams
conveniently from source code. The bulk of the logic is some complex
interlocking `macro_rules!` macros which are used to parse and build the
`TokenStream` within the proc-macro.
This crate contains no unsafe code, and the internal logic, while difficult to
read, is generally straightforward. I have audited the the quote macros, ident
formatter, and runtime logic.
"""
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
cargo-vet all remaining dependency bumps
2 years ago
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.21"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.quote]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.21 -> 1.0.23"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update a few dependencies to pull in `cargo vet` entries (#6247) This trims down the `[exemptions]` list ever-so-slightly by following the suggestions of `cargo vet suggest` and updating a few crates across some minor versions.
2 years ago
[[audits.mozilla.audits.rayon]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.5.3"
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.rayon-core]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "1.9.3"
notes = "All code written or reviewed by Josh Stone or Niko Matsakis."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Bump regalloc2 to 0.7.0 (#6237) * Bump RA2 to 0.7.0 * Certify the RA2 update * Import the rustc-hash audit * Updates for regalloc2 prtest:full * Update tests
2 years ago
[[audits.mozilla.audits.rustc-hash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Straightforward crate with no unsafe code, does what it says on the tin."
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update a few dependencies to pull in `cargo vet` entries (#6247) This trims down the `[exemptions]` list ever-so-slightly by following the suggestions of `cargo vet suggest` and updating a few crates across some minor versions.
2 years ago
[[audits.mozilla.audits.similar]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
Algorithm crate implemented entirely in safe rust. Does no platform-specific
logic, only implementing diffing and string manipulation algorithms.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
wasi-http supply chain audit (#6121) * add cargo-deny exception for duplicate versions of windows-sys * cargo vetting for all new deps introduced by https://github.com/bytecodealliance/wasmtime/pull/5929 The audits are straightforward. The exemptions, as always, need to be justified: * core-foundation, core-foundation-sys, security-framework, security-framework-sys: these are large crates which are FFI bindings to Mac OS frameworks. As such they contain tons of unsafe code to make these FFI calls and manage memory. These crates are too big to audit. * schannel: same as the above, except this is a windows component, which I&#39;m also unfamiliar with. * openssl, openssl-sys: also large FFI bindings which are impractical to audit. * futures-macro, futures-task: while not as complex as futures-util, these are beyond my personal understanding of futures to vet practically. I&#39;ve asked Alex to look at auditing these, and he will after he returns from vacation next week. * futures-util: 25kloc of code, over 149 instances of the substring &#34;unsafe&#34; (case insensitive), this is impractical to audit in the extreme. * h2, http, httparse, hyper, mio, tokio: this so-called tokio/hyper family are very large and challenging to audit. Bobby Holley has indicated that he is working to get the AWS engineers who maintain these crates to publish their own audits, which we can then import. We expect to exempt these until those imports are available.
2 years ago
[[audits.mozilla.audits.slab]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.6 -> 0.4.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
[[audits.mozilla.audits.socket2]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.4.4 -> 0.4.7"
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
[[audits.mozilla.audits.synstructure]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "0.12.6"
notes = """
I am the primary author of the `synstructure` crate, and its current
maintainer. The one use of `unsafe` is unnecessary, but documented and
harmless. It will be removed in the next version.
"""
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update wasm-tools dependencies (#4970) * Update wasm-tools dependencies This update brings in a number of features such as: * The component model binary format and AST has been slightly adjusted in a few locations. Names are dropped from parameters/results now in the internal representation since they were not used anyway. At this time the ability to bind a multi-return function has not been exposed. * The `wasmparser` validator pass will now share allocations with prior functions, providing what&#39;s probably a very minor speedup for Wasmtime itself. * The text format for many component-related tests now requires named parameters. * Some new relaxed-simd instructions are updated to be ignored. I hope to have a follow-up to expose the multi-return ability to the embedding API of components. * Update audit information for new crates
2 years ago
Update the wasm-tools family of crates (#5310) Most of the changes here are the updates to the component model which includes optional URL fields in imports/exports.
2 years ago
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.1.20"
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
Update the wasm-tools family of crates (#5310) Most of the changes here are the updates to the component model which includes optional URL fields in imports/exports.
2 years ago
[[audits.mozilla.audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.20 -> 0.1.21"
Update cargo-vet imports (#5959) * Switch cargo-vet import to Mozilla&#39;s aggregated audit set. * Import audits from embark studios. * Import audits from chromeos. * Import audits from ISRG.
2 years ago
aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"