This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
apimock(14 total, 1 outdated, 2 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| console | ^0 | 0.16.1 | up to date |
| csv | ^1 | 1.4.0 | up to date |
| http-body-util | ^0 | 0.1.3 | up to date |
| hyper | ^1 | 1.8.1 | up to date |
| hyper-util | ^0 | 0.1.19 | up to date |
| json5 | ^0 | 1.3.0 | out of date |
| log | ^0 | 0.4.29 | up to date |
| rhai | ^1 | 1.23.6 | up to date |
| rustls ⚠️ | ^0 | 0.23.35 | maybe insecure |
| serde | ^1 | 1.0.228 | up to date |
| serde_json | ^1 | 1.0.145 | up to date |
| tokio | ^1.44 | 1.48.0 | up to date |
| tokio-rustls ⚠️ | ^0 | 0.26.4 | maybe insecure |
| toml | ^0 | 0.9.8 | up to date |
(4 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| local-ip-address | ^0 | 0.6.8 | up to date |
| rand | ^0 | 0.9.2 | up to date |
| rcgen | ^0 | 0.14.6 | up to date |
| reqwest | ^0 | 0.12.26 | up to date |
tokio-rustls: tokio-rustls reads may cause excessive memory usagetokio-rustls does not call process_new_packets immediately after read,
so the expected termination condition wants_read always returns true.
As long as new incoming data arrives faster than it is processed
and the reader does not return pending, data will be buffered.
This may cause DoS.
rustls: rustls network-reachable panic in `Acceptor::accept`A bug introduced in rustls 0.23.13 leads to a panic if the received
TLS ClientHello is fragmented. Only servers that use
rustls::server::Acceptor::accept() are affected.
Servers that use tokio-rustls's LazyConfigAcceptor API are affected.
Servers that use tokio-rustls's TlsAcceptor API are not affected.
Servers that use rustls-ffi's rustls_acceptor_accept API are affected.