diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 74e190378ca2..cac9cdbc2bfd 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -166,6 +166,17 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.4" +[[audits.comedy]] +who = "Nick Alexander " +criteria = "safe-to-deploy" +version = "0.2.0" +notes = """ +The comedy crate was written by Adam Gashlin for Mozilla's use. The entire +comedy 0.2.0 crate is full of `unsafe` code and makes many assumptions about +memory and layout, but there is no particular processing of untrusted input +here. +""" + [[audits.cpufeatures]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -332,6 +343,16 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" +[[audits.filetime_win]] +who = "Nick Alexander " +criteria = "safe-to-deploy" +version = "0.2.0" +notes = """ +filetime_win was written by Adam Gashlin for Mozilla's use. The `unsafe` code +blocks in filetime_win 0.2.0 are straight-forward invocations of `mem::zeroed` +and expected invocations of Win32 APIs (with error handling as appropriate). +""" + [[audits.flagset]] who = "Ryan Hunt " criteria = "safe-to-deploy" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 494a8e10e74f..369ffd80eeba 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -331,10 +331,6 @@ criteria = "safe-to-deploy" version = "0.11.1" criteria = "safe-to-deploy" -[[exemptions.comedy]] -version = "0.2.0" -criteria = "safe-to-deploy" - [[exemptions.cookie]] version = "0.16.0" criteria = "safe-to-run" @@ -527,10 +523,6 @@ criteria = "safe-to-deploy" version = "0.4.4" criteria = "safe-to-deploy" -[[exemptions.filetime_win]] -version = "0.2.0" -criteria = "safe-to-deploy" - [[exemptions.flate2]] version = "1.0.24" criteria = "safe-to-deploy"