Deps.rs

cargo-generate 0.18.5

[![dependency status](https://deps.rs/crate/cargo-generate/0.18.5/status.svg)](https://deps.rs/crate/cargo-generate/0.18.5)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate cargo-generate

Dependencies

(33 total, 16 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow~1.01.0.98up to date
 auth-git2~0.50.5.8up to date
 clap~4.44.5.41out of date
 console~0.150.16.0out of date
 dialoguer~0.110.11.0up to date
 env_logger~0.100.11.8out of date
 fs-err^2.93.1.1out of date
 git2~0.180.20.2out of date
 gix-config~0.310.45.1out of date
 heck~0.40.5.0out of date
 home~0.50.5.11up to date
 ignore~0.40.4.23up to date
 indexmap~22.10.0up to date
 indicatif~0.170.18.0out of date
 liquid~0.260.26.11up to date
 liquid-core~0.260.26.11up to date
 liquid-derive~0.260.26.10up to date
 liquid-lib~0.260.26.11up to date
 log~0.40.4.27up to date
 names~0.140.14.0up to date
 openssl ⚠️~0.100.10.73maybe insecure
 paste~1.01.0.15up to date
 path-absolutize~3.13.1.1up to date
 regex~1.101.11.1out of date
 remove_dir_all~0.81.0.0out of date
 rhai~1.161.22.2out of date
 sanitize-filename~0.50.6.0out of date
 semver~1.01.0.26up to date
 serde~1.01.0.219up to date
 tempfile~3.83.20.0out of date
 thiserror~1.02.0.12out of date
 toml~0.80.9.2out of date
 walkdir~2.42.5.0out of date

Dev dependencies

(6 total, 3 outdated)

CrateRequiredLatestStatus
 assert_cmd~2.02.0.17up to date
 bstr~1.81.12.0out of date
 cargo-husky~1.51.5.0up to date
 indoc~2.02.0.6up to date
 predicates~3.03.1.3out of date
 url~2.42.5.4out of date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.