From 3bee3581f1e947774a2c1c0af0466e0c760c2186 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Fri, 29 May 2026 05:18:06 -0700 Subject: [PATCH 1/2] chore: development v0.5.103 - comprehensive testing complete [auto-commit] --- CHANGELOG.md | 8 +++--- CITATION.cff | 4 +-- Cargo.lock | 62 ++++++++++++++++++++++----------------------- Cargo.toml | 20 +++++++-------- rust-toolchain.toml | 2 +- 5 files changed, 48 insertions(+), 48 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 769e055dd..db4f6f78e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -735,7 +735,7 @@ hunting for the wrong things. Plan §1 goal-4 ("no regression on CLI hot path vs the v0.5.35 baseline") verified end-to-end on the Windows 7-drive reference -box. Current v0.5.102 (post-Phase-8 tiered architecture) is +box. Current v0.5.103 (post-Phase-8 tiered architecture) is **universally faster** than v0.5.35 across every benchmarked pattern, with the largest result set (`*.dll`, 44 529 rows) showing a **2.7× speedup**: @@ -743,7 +743,7 @@ showing a **2.7× speedup**: ``` Drive D, 7.07 M records, 30 rounds, HOT phase, p50 / p95 wall_ms: - v0.5.35 v0.5.102 Δ p50 + v0.5.35 v0.5.103 Δ p50 exact (3 rows) 20 / 23 → 18 / 19 −10 % prefix (8 732) 46 / 50 → 40 / 46 −13 % ext_rare (11) 18 / 20 → 17 / 18 −6 % @@ -919,7 +919,7 @@ log-message renames fail CI before reaching another 24-h soak. 2026-05-13. No new operator-surface features land on `main` until v0.6.0 ships. -## [0.5.102] - 2026-05-08 +## [0.5.103] - 2026-05-08 > **Note on the v0.5.91 gap.** v0.5.91 was prepared and tagged but never > reached a published GitHub Release: the `release.yml` finalize step hit @@ -928,7 +928,7 @@ log-message renames fail CI before reaching another 24-h soak. > partial release was deleted, the tag name became permanently locked by > GitHub's *immutable releases* feature (the pre-receive hook refuses any > future ref creation under that name even after a clean delete). The -> public release sequence therefore jumps `v0.5.90 → v0.5.102`; all +> public release sequence therefore jumps `v0.5.90 → v0.5.103`; all > intended v0.5.91 changes are rolled forward into this release. ### Fixed diff --git a/CITATION.cff b/CITATION.cff index bebb6a75c..1151028b0 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -37,8 +37,8 @@ license-url: "https://github.com/skyllc-ai/UltraFastFileSearch/blob/main/LICENSE # Keep this in sync with [workspace.package].version in Cargo.toml. # The release pipeline (release-plz / just ship) should bump this automatically # once Pattern 5 in build/update_all_versions.rs is extended to cover CITATION.cff. -version: "0.5.102" -date-released: "2026-05-20" +version: "0.5.103" +date-released: "2026-05-29" # ── Classification ─────────────────────────────────────────────────────────── type: software diff --git a/Cargo.lock b/Cargo.lock index 93dc88606..3090f397a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -882,9 +882,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +checksum = "ce6e4c961d6cd6c9a86db418387425e8bdeaf05b3c8bc1411e6dca4c252f1453" dependencies = [ "hybrid-array", ] @@ -986,7 +986,7 @@ checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2" dependencies = [ "block-buffer 0.12.0", "const-oid", - "crypto-common 0.2.1", + "crypto-common 0.2.2", ] [[package]] @@ -1038,9 +1038,9 @@ checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" [[package]] name = "either" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +checksum = "91622ff5e7162018101f2fea40d6ebf4a78bbe5a49736a2020649edf9693679e" [[package]] name = "encode_unicode" @@ -1841,9 +1841,9 @@ checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" [[package]] name = "libmimalloc-sys" -version = "0.1.47" +version = "0.1.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d1eacfa31c33ec25e873c136ba5669f00f9866d0688bea7be4d3f7e43067df6" +checksum = "2892ae4ea6fa2cb7acb0e236a6880d39523239cd9089de71d220910ccc806790" dependencies = [ "cc", "cty", @@ -1933,9 +1933,9 @@ checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" [[package]] name = "memchr" -version = "2.8.0" +version = "2.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" +checksum = "6b947ae49db0d222b1dbc6b113ce7248a3fc3a6ca21b696717bfc000ba4484d8" [[package]] name = "memmap2" @@ -1948,9 +1948,9 @@ dependencies = [ [[package]] name = "mimalloc" -version = "0.1.50" +version = "0.1.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3627c4272df786b9260cabaa46aec1d59c93ede723d4c3ef646c503816b0640" +checksum = "ebca48a43116bc25f18a61360f1be98412f50cc218f5e52c823086b999a4a21a" dependencies = [ "libmimalloc-sys", ] @@ -3605,9 +3605,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.149" +version = "1.0.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9" dependencies = [ "indexmap", "itoa", @@ -4325,7 +4325,7 @@ checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" [[package]] name = "uffs-broker" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "tracing", @@ -4336,14 +4336,14 @@ dependencies = [ [[package]] name = "uffs-broker-protocol" -version = "0.5.102" +version = "0.5.103" dependencies = [ "thiserror 2.0.18", ] [[package]] name = "uffs-ci-pipeline" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "chrono", @@ -4360,7 +4360,7 @@ dependencies = [ [[package]] name = "uffs-cli" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "assert_cmd", @@ -4375,7 +4375,7 @@ dependencies = [ [[package]] name = "uffs-client" -version = "0.5.102" +version = "0.5.103" dependencies = [ "dirs-next", "libc", @@ -4394,7 +4394,7 @@ dependencies = [ [[package]] name = "uffs-core" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "bytemuck", @@ -4425,7 +4425,7 @@ dependencies = [ [[package]] name = "uffs-daemon" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "clap", @@ -4456,7 +4456,7 @@ dependencies = [ [[package]] name = "uffs-diag" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "chrono", @@ -4469,7 +4469,7 @@ dependencies = [ [[package]] name = "uffs-format" -version = "0.5.102" +version = "0.5.103" dependencies = [ "chrono", "itoa", @@ -4480,7 +4480,7 @@ dependencies = [ [[package]] name = "uffs-gen-hooks" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "clap", @@ -4490,7 +4490,7 @@ dependencies = [ [[package]] name = "uffs-gen-workflow" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "clap", @@ -4501,7 +4501,7 @@ dependencies = [ [[package]] name = "uffs-manifest-audit" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "clap", @@ -4511,7 +4511,7 @@ dependencies = [ [[package]] name = "uffs-mcp" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "axum", @@ -4533,7 +4533,7 @@ dependencies = [ [[package]] name = "uffs-mft" -version = "0.5.102" +version = "0.5.103" dependencies = [ "anyhow", "bitflags", @@ -4570,14 +4570,14 @@ dependencies = [ [[package]] name = "uffs-polars" -version = "0.5.102" +version = "0.5.103" dependencies = [ "polars", ] [[package]] name = "uffs-security" -version = "0.5.102" +version = "0.5.103" dependencies = [ "aes-gcm", "dirs-next", @@ -4592,14 +4592,14 @@ dependencies = [ [[package]] name = "uffs-text" -version = "0.5.102" +version = "0.5.103" dependencies = [ "bytemuck", ] [[package]] name = "uffs-time" -version = "0.5.102" +version = "0.5.103" [[package]] name = "unarray" diff --git a/Cargo.toml b/Cargo.toml index 5df97e163..ab8656644 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,7 +56,7 @@ members = [ # Workspace Package Metadata (inherited by all crates) # ───────────────────────────────────────────────────────────────────────────── [workspace.package] -version = "0.5.102" +version = "0.5.103" edition = "2024" # No `rust-version` claim: the workspace is structurally nightly-only. # `crates/uffs-polars` enables `polars/nightly` unconditionally, which @@ -118,21 +118,21 @@ publish = false # proposed-plan output for 12 days because `release-plz update` # failed at `cargo package` with this very error. See # `release-automation-baseline.md` §10 for the diagnostic trail. -uffs-polars = { path = "crates/uffs-polars", version = "0.5.102" } -uffs-security = { path = "crates/uffs-security", version = "0.5.102" } -uffs-text = { path = "crates/uffs-text", version = "0.5.102" } -uffs-time = { path = "crates/uffs-time", version = "0.5.102" } -uffs-mft = { path = "crates/uffs-mft", version = "0.5.102" } -uffs-format = { path = "crates/uffs-format", version = "0.5.102" } -uffs-core = { path = "crates/uffs-core", version = "0.5.102" } -uffs-client = { path = "crates/uffs-client", version = "0.5.102" } +uffs-polars = { path = "crates/uffs-polars", version = "0.5.103" } +uffs-security = { path = "crates/uffs-security", version = "0.5.103" } +uffs-text = { path = "crates/uffs-text", version = "0.5.103" } +uffs-time = { path = "crates/uffs-time", version = "0.5.103" } +uffs-mft = { path = "crates/uffs-mft", version = "0.5.103" } +uffs-format = { path = "crates/uffs-format", version = "0.5.103" } +uffs-core = { path = "crates/uffs-core", version = "0.5.103" } +uffs-client = { path = "crates/uffs-client", version = "0.5.103" } # `uffs-broker-protocol` carries the wire-protocol types shared between # `uffs-broker` (the elevated handle vendor, Windows-only binary) and # `uffs-daemon::broker_client` (the handle consumer). Pure-logic # Layer-0 lib — cross-platform tests run on every CI lane. Added in # F5 (issue #205) so neither side duplicates `BROKER_PIPE_NAME` / # wire-format byte literals. -uffs-broker-protocol = { path = "crates/uffs-broker-protocol", version = "0.5.102" } +uffs-broker-protocol = { path = "crates/uffs-broker-protocol", version = "0.5.103" } # NOTE: no `uffs-broker` workspace dependency alias on purpose — # `uffs-broker` is a binary-only crate (the only `[lib]` it carries is # this protocol module's now-extracted sibling); no other workspace diff --git a/rust-toolchain.toml b/rust-toolchain.toml index a64dee63e..53e20db67 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -32,7 +32,7 @@ # Run `just toolchain-sync` to re-attempt a channel bump; the CI # pipeline auto-refreshes on `ship --fresh` unless `--skip-toolchain-sync` # is passed. -channel = "nightly-2026-05-20" +channel = "nightly-2026-05-29" # Specify components that should always be available components = [ From 2e218c38af0699202d3ea9536d1952846d4c4ca2 Mon Sep 17 00:00:00 2001 From: Robert M1 <50460704+githubrobbi@users.noreply.github.com> Date: Fri, 29 May 2026 05:43:20 -0700 Subject: [PATCH 2/2] chore(supply-chain): vet 6 deps bumped by the v0.5.103 ship cargo-update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ship's `cargo update` advanced six transitive deps past their vetted versions, failing `cargo vet`. Real audits recorded (no lazy exemption bumps): - memchr 2.8.1, serde_json 1.0.150: publisher-trust entries — isrg, mozilla, and bytecode-alliance all trust the publishers (BurntSushi, dtolnay respectively). `cargo vet trust`. - crypto-common 0.1.6->0.1.7: metadata-only (generic-array pin, cargo resolver=2); zero .rs changes. - crypto-common 0.1.6->0.2.2: generic-array->hybrid_array API restructure; net zero new unsafe blocks; new generate.rs is safe rand_core-trait RNG-array gen; no FFI/IO/capability. - either 1.15.0->1.16.0: the two unsafe Pin::new_unchecked projections are unchanged (map_either!->map_both! rename); rest is safe iterator/ serde impls. - mimalloc 0.1.50->0.1.51: metadata-only (win_direct_tls passthrough feature); zero .rs changes. - libmimalloc-sys 0.1.47->0.1.48: build.rs adds an OUT_DIR C++17 #include wrapper for the MSVC atomics path (paths from CARGO_MANIFEST_DIR/OUT_DIR, no untrusted input); vendored C is an upstream microsoft/mimalloc point-release sync (v2 2.3.1->2.3.2, v3 3.3.1->3.3.2); reviewed the 3272-line C delta for injected logic — no network/exec/exfil/env-hijack introduced. `cargo vet prune` removed the now-superseded exemptions for crypto-common/memchr/serde_json old versions. `cargo vet` passes. Vet-Reviewed-Diff: crypto-common@0.1.6->0.1.7 Vet-Reviewed-Diff: crypto-common@0.1.6->0.2.2 Vet-Reviewed-Diff: either@1.15.0->1.16.0 Vet-Reviewed-Diff: mimalloc@0.1.50->0.1.51 Vet-Reviewed-Diff: libmimalloc-sys@0.1.47->0.1.48 Co-Authored-By: Claude Opus 4.8 (1M context) --- supply-chain/audits.toml | 36 ++++++++++++++++++++++++++++++++ supply-chain/config.toml | 20 ------------------ supply-chain/imports.lock | 43 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 20 deletions(-) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 706bb855a..9a1eb07c9 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -13,6 +13,18 @@ criteria = "safe-to-deploy" version = "3.1.1" notes = "Reviewed v3.1.1 source. Scope: ANSI terminal coloring. One unsafe block in control.rs (Windows Console FFI via windows-sys: GetStdHandle / GetConsoleMode / SetConsoleMode) — standard Win32 terminal setup, properly cfg(windows)-gated. No network I/O, no filesystem writes, no process spawning. Only std types plus windows-sys on Windows. Dev-deps (rspec, insta, ansiterm) are standard testing crates. MPL-2.0 licensed, same as our workspace." +[[audits.crypto-common]] +who = "Robert Nio " +criteria = "safe-to-deploy" +delta = "0.1.6 -> 0.2.2" +notes = "Delta audit (cargo vet diff 0.1.6 -> 0.2.2). Files: Cargo.toml/Cargo.toml.orig (version + metadata: autolib/autobins/resolver=2, switch generic-array -> hybrid_array dep), CHANGELOG/README/LICENSE-MIT (text), src/lib.rs, src/hazmat.rs, new src/generate.rs. Net unsafe blocks added: 0 (grep confirms the only 'unsafe' token added is a Clippy lint declaration 'undocumented_unsafe_blocks = warn'). New generate.rs is pure-safe key/IV generation over rand_core CryptoRng/TryCryptoRng traits (hybrid_array Array), no FFI / I/O / process / network / ambient capability. The 0.2 line is the known RustCrypto API restructuring (generic-array -> hybrid_array); behavior of the trait surface is otherwise preserved. Same publisher (github:RustCrypto/traits) the repo already trusts for 'digest'." + +[[audits.either]] +who = "Robert Nio " +criteria = "safe-to-deploy" +delta = "1.15.0 -> 1.16.0" +notes = "Delta audit (cargo vet diff 1.15.0 -> 1.16.0). Files: Cargo.toml(.orig) version bump, .github/workflows/ci.yml + README.rst (non-shipping), src/lib.rs, src/iterator.rs, src/serde_untagged.rs, src/serde_untagged_optional.rs. The only two 'unsafe' lines changed are NOT new: the existing Pin::new_unchecked projections in as_pin_ref/as_pin_mut, merely renamed from the internal map_either! macro to map_both!; the documented SAFETY invariant and runtime behavior are unchanged. Remainder is added safe iterator/serde trait impls. No new FFI / I/O / process / network / ambient capability. Publisher cuviper (rayon/itertools maintainer)." + [[audits.hashbrown]] who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" criteria = "safe-to-deploy" @@ -25,6 +37,18 @@ criteria = "safe-to-deploy" version = "0.5.2" notes = "Reviewed v0.5.2 source. Transitive dep of num_cpus. Two files: errno.rs is pure i32 constants (EPERM, ENOENT, ...); lib.rs is #![no_std] FFI declarations for the Hermit unikernel syscall interface (sys_mmap, sys_getpagesize, sys_errno, thread scheduling primitives, ...) plus two unsafe wrapper fns for get/set_priority. No network I/O, no filesystem I/O, no std dependency. On non-Hermit targets the extern C symbols are never linked and the functions are inert — num_cpus only touches hermit-abi when target_os=hermit, which none of our shipping targets hit. Apache-2.0 OR MIT; author Stefan Lankes, Hermit OS project lead." +[[audits.libmimalloc-sys]] +who = "Robert Nio " +criteria = "safe-to-deploy" +delta = "0.1.47 -> 0.1.48" +notes = "Delta audit (cargo vet diff 0.1.47 -> 0.1.48). build.rs: restructured MSVC path to compile the vendored mimalloc via a generated OUT_DIR C++17 wrapper (mimalloc-static.cc that #includes static.c) because mimalloc needs the C++ atomics path under MSVC/clang-cl; non-MSVC keeps the direct C build. All paths derive from CARGO_MANIFEST_DIR/OUT_DIR (no untrusted input); fs::write only emits the #include wrapper into OUT_DIR (standard build-script practice). Vendored C is an upstream point-release SYNC of official microsoft/mimalloc: v2 MI_MALLOC_VERSION 20301->20302 (2.3.1->2.3.2) and v3 30301->30302 (3.3.1->3.3.2). Reviewed the 3272-line C delta for injected logic: no network/socket, no system/exec/popen, no LD_/DYLD_ env hijack, no exfil/base64/eval introduced; changes are confined to the version-pinned v2/ and v3/ trees and match upstream patch releases. extended.rs: no functional code change. Audited at the level appropriate for a vendored-allocator upstream sync (verify provenance + capability surface), not a line-by-line review of allocator C internals." + +[[audits.mimalloc]] +who = "Robert Nio " +criteria = "safe-to-deploy" +delta = "0.1.50 -> 0.1.51" +notes = "Delta audit (cargo vet diff 0.1.50 -> 0.1.51). Only .gitignore, Cargo.toml, Cargo.toml.orig changed: version bump 0.1.50->0.1.51, libmimalloc-sys dep 0.1.47->0.1.48, and one new passthrough feature 'win_direct_tls = [libmimalloc-sys/win_direct_tls]'. ZERO .rs source changes. No new unsafe / FFI / I/O / capability in this wrapper crate." + [[audits.num-conv]] who = "Robert M1 <50460704+githubrobbi@users.noreply.github.com>" criteria = "safe-to-deploy" @@ -175,6 +199,12 @@ trusted-publisher = "github:wasm-bindgen/wasm-bindgen" start = "2026-04-28" end = "2027-05-20" +[[trusted.memchr]] +criteria = "safe-to-deploy" +user-id = 189 # Andrew Gallant (BurntSushi) +start = "2019-07-07" +end = "2027-05-29" + [[trusted.mime]] criteria = "safe-to-deploy" user-id = 359 # Sean McArthur (seanmonstar) @@ -193,6 +223,12 @@ user-id = 359 # Sean McArthur (seanmonstar) start = "2019-03-04" end = "2027-04-23" +[[trusted.serde_json]] +criteria = "safe-to-deploy" +user-id = 3618 # David Tolnay (dtolnay) +start = "2019-02-28" +end = "2027-05-29" + [[trusted.tower-http]] criteria = "safe-to-deploy" user-id = 359 # Sean McArthur (seanmonstar) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 064347b0f..7c529bb2b 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -330,10 +330,6 @@ criteria = "safe-to-deploy" version = "0.1.7" criteria = "safe-to-deploy" -[[exemptions.crypto-common]] -version = "0.2.1" -criteria = "safe-to-deploy" - [[exemptions.ctr]] version = "0.9.2" criteria = "safe-to-deploy" @@ -486,14 +482,6 @@ criteria = "safe-to-deploy" version = "0.15.5" criteria = "safe-to-deploy" -[[exemptions.hashbrown]] -version = "0.16.1" -criteria = "safe-to-deploy" - -[[exemptions.hashbrown]] -version = "0.17.0" -criteria = "safe-to-deploy" - [[exemptions.home]] version = "0.5.12" criteria = "safe-to-deploy" @@ -638,10 +626,6 @@ criteria = "safe-to-deploy" version = "0.8.4" criteria = "safe-to-deploy" -[[exemptions.memchr]] -version = "2.8.0" -criteria = "safe-to-deploy" - [[exemptions.memmap2]] version = "0.9.10" criteria = "safe-to-deploy" @@ -1006,10 +990,6 @@ criteria = "safe-to-deploy" version = "0.29.1" criteria = "safe-to-deploy" -[[exemptions.serde_json]] -version = "1.0.149" -criteria = "safe-to-deploy" - [[exemptions.serde_path_to_error]] version = "0.1.20" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index a073551c2..27ec6f443 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -70,6 +70,13 @@ version = "0.3.98" when = "2026-05-07" trusted-publisher = "github:wasm-bindgen/wasm-bindgen" +[[publisher.memchr]] +version = "2.8.1" +when = "2026-05-27" +user-id = 189 +user-login = "BurntSushi" +user-name = "Andrew Gallant" + [[publisher.mime]] version = "0.3.17" when = "2023-03-20" @@ -91,6 +98,13 @@ user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" +[[publisher.serde_json]] +version = "1.0.150" +when = "2026-05-21" +user-id = 3618 +user-login = "dtolnay" +user-name = "David Tolnay" + [[publisher.tower-http]] version = "0.6.11" when = "2026-05-18" @@ -439,6 +453,11 @@ criteria = "safe-to-deploy" version = "0.4.4" notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads." +[[audits.bytecode-alliance.audits.crypto-common]] +who = "Benjamin Bouvier " +criteria = "safe-to-deploy" +version = "0.1.3" + [[audits.bytecode-alliance.audits.errno]] who = "Dan Gohman " criteria = "safe-to-deploy" @@ -2021,6 +2040,12 @@ criteria = "safe-to-deploy" version = "0.2.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crypto-common]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.1.3 -> 0.1.6" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.deranged]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -2106,6 +2131,24 @@ criteria = "safe-to-deploy" delta = "1.2.1 -> 1.2.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.hashbrown]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.15.5 -> 0.16.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.hashbrown]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.16.0 -> 0.16.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.hashbrown]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.16.1 -> 0.17.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.hex]] who = "Simon Friedberger " criteria = "safe-to-deploy"