From f90bd1a4141e076bbdd2bf8299cae130aa94b443 Mon Sep 17 00:00:00 2001
From: Erich Gubler <erichdongubler@gmail.com>
Date: Thu, 2 May 2024 18:17:33 +0000
Subject: [PATCH] Bug 1893057 - chore: audit `zerocopy` 0.7.32,
 `zerocopy-derive` 0.7.32 r=webgpu-reviewers,supply-chain-reviewers,jimb

Lifted from D208390, rather than authored by myself, to obviate merge
conflicts.

Differential Revision: https://phabricator.services.mozilla.com/D208793
---
 supply-chain/audits.toml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index 1aba85d7525e..470e09e94d4f 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -4777,6 +4777,24 @@ who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"
 version = "0.7.3"
 
+[[audits.zerocopy]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.7.32"
+notes = """
+This crate is `no_std` so doesn't use any side-effectful std functions. It
+contains quite a lot of `unsafe` code, however. I verified portions of this. It
+also has a large, thorough test suite. The project claims to run tests with
+Miri to have stronger soundness checks, and also claims to use formal
+verification tools to prove correctness.
+"""
+
+[[audits.zerocopy-derive]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.7.32"
+notes = "Clean, safe macros for zerocopy."
+
 [[audits.zerofrom]]
 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"