This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate async-compression

Dependencies

(12 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 brotli^3.3.03.3.2up to date
 bytes^0.5.01.1.0out of date
 bzip2^0.4.10.4.3up to date
 flate2^1.0.111.0.22up to date
 futures-core^0.3.00.3.17up to date
 futures-io^0.3.00.3.17up to date
 zstd^0.7.00.9.0+zstd.1.5.0out of date
 memchr^2.2.12.4.1up to date
 pin-project-lite^0.2.00.2.7up to date
 tokio ⚠️^0.3.01.11.0out of date
 xz2^0.1.60.1.6up to date
 zstd-safe^3.0.04.1.1+zstd.1.5.0out of date

Dev dependencies

(10 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^0.6.01.1.0out of date
 futures^0.3.50.3.17up to date
 futures-test^0.3.50.3.17up to date
 futures_codec^0.4.10.4.1up to date
 ntest^0.7.30.7.3up to date
 proptest^0.9.41.0.0out of date
 proptest-derive^0.1.20.3.0out of date
 rand^0.7.20.8.4out of date
 tokio ⚠️^0.3.01.11.0out of date
 tokio-util^0.6.00.6.8up to date

Security Vulnerabilities

tokio: Task dropped in wrong thread when aborting `LocalSet` task

RUSTSEC-2021-0072

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.