diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index c93f2275b..b4611bbcf 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -254,6 +254,26 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.11.2 -> 2.12.0" +[[audits.nonempty]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +version = "0.11.0" +notes = """ +Additional use of `unsafe` to wrap `NonZeroUsize::new_unchecked`; in both cases +the argument to this method is ` + 1`; in general this +is safe with the exception that if an existing `Vec` has length or capacity +`usize::MAX` this could wrap into zero; it would be better to use the safe +operation and then `expect` to generate a panic, rather than risk undefined +behavior. + +Additions are: +- no_std support +- sorting +- `nonzero` module (just wrappers +- `serde` support +- `nonempty macro` (trivial, verified safe) +""" + [[audits.num-bigint]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 9b91b97fa..068db66d2 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -765,10 +765,6 @@ criteria = "safe-to-deploy" version = "0.8.3" criteria = "safe-to-deploy" -[[exemptions.nonempty]] -version = "0.7.0" -criteria = "safe-to-deploy" - [[exemptions.notify]] version = "6.1.1" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 961de26e3..418274054 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -77,13 +77,6 @@ user-id = 6289 user-login = "str4d" user-name = "Jack Grigg" -[[publisher.orchard]] -version = "0.10.1" -when = "2024-12-17" -user-id = 169181 -user-login = "nuttycom" -user-name = "Kris Nuttycombe" - [[publisher.pczt]] version = "0.1.0" when = "2024-12-17"