security(cargo): vet our own package

billf · billf · commit 2d314114a45b · 2025-06-18T14:50:21.000-07:00
diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
@@ -31,6 +31,12 @@ notes = """
 - use of Box to store global data
 """
 
+[[audits.wasm-component-trampoline]]
+who = "bill fumerola <bill@andyl.com>"
+criteria = "safe-to-deploy"
+version = "0.1.1"
+notes = "internal audit, no use of unsafe, filesystem access limited to integration tests"
+
 [[trusted.anyhow]]
 criteria = "safe-to-deploy"
 user-id = 3618 # David Tolnay (dtolnay)
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
@@ -75,7 +75,3 @@ criteria = "safe-to-deploy"
 [[exemptions.trait-variant]]
 version = "0.1.2"
 criteria = "safe-to-deploy"
-
-[[exemptions.wasm-component-trampoline]]
-version = "0.1.2-pre"
-criteria = "safe-to-deploy"
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
@@ -1,6 +1,10 @@
 
 # cargo-vet imports lock
 
+[[unpublished.wasm-component-trampoline]]
+version = "0.1.2-pre"
+audited_as = "0.1.1"
+
 [[publisher.anyhow]]
 version = "1.0.98"
 when = "2025-04-14"
