Deps.rs

aws-smithy-runtime 0.57.2

[![dependency status](https://deps.rs/crate/aws-smithy-runtime/0.57.2/status.svg)](https://deps.rs/crate/aws-smithy-runtime/0.57.2)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate aws-smithy-runtime

Dependencies

(20 total, 10 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aws-smithy-async^0.57.21.2.1out of date
 aws-smithy-http^0.57.20.60.11out of date
 aws-smithy-protocol-test^0.57.20.62.0out of date
 aws-smithy-runtime-api^0.57.21.7.2out of date
 aws-smithy-types^0.57.21.2.6out of date
 bytes^11.7.2up to date
 fastrand^2.0.02.1.1up to date
 http^0.2.81.1.0out of date
 http-body^0.4.41.0.1out of date
 hyper^0.14.261.4.1out of date
 hyper-rustls^0.240.27.3out of date
 once_cell^1.18.01.19.0up to date
 pin-project-lite^0.2.70.2.14up to date
 pin-utils^0.1.00.1.0up to date
 rustls ⚠️^0.21.80.23.13out of date
 serde^11.0.210up to date
 serde_json^11.0.128up to date
 tokio^1.251.40.0up to date
 tracing^0.1.370.1.40up to date
 tracing-subscriber^0.3.160.3.18up to date

Dev dependencies

(9 total, 3 outdated)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date
 aws-smithy-async^0.57.21.2.1out of date
 aws-smithy-runtime-api^0.57.21.7.2out of date
 aws-smithy-types^0.57.21.2.6out of date
 futures-util^0.3.280.3.30up to date
 pretty_assertions^1.4.01.4.1up to date
 tokio^1.251.40.0up to date
 tracing-subscriber^0.3.160.3.18up to date
 tracing-test^0.2.10.2.5up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.