Bug 1893057 - chore: audit zerocopy 0.7.32, zerocopy-derive 0.7.32 r=webgpu-reviewers,supply-chain-reviewers,jimb

Lifted from D208390, rather than authored by myself, to obviate merge conflicts. Differential Revision: https://phabricator.services.mozilla.com/D208793
2024-05-02 18:17:33 +00:00 · 2024-05-02 18:17:33 +00:00 · f90bd1a414
commit f90bd1a414
parent aae0f0767b
1 changed files with 18 additions and 0 deletions
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@ -4777,6 +4777,24 @@ who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"
 version = "0.7.3"

+[[audits.zerocopy]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.7.32"
+notes = """
+This crate is `no_std` so doesn't use any side-effectful std functions. It
+contains quite a lot of `unsafe` code, however. I verified portions of this. It
+also has a large, thorough test suite. The project claims to run tests with
+Miri to have stronger soundness checks, and also claims to use formal
+verification tools to prove correctness.
+"""
+
+[[audits.zerocopy-derive]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.7.32"
+notes = "Clean, safe macros for zerocopy."
+
 [[audits.zerofrom]]
 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"