This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
cargo-generate(36 total, 9 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| anstyle | ~1.0 | 1.0.11 | up to date |
| anyhow | ~1.0 | 1.0.98 | up to date |
| auth-git2 | ~0.5 | 0.5.8 | up to date |
| cargo-util-schemas | ~0.7 | 0.8.2 | out of date |
| clap | ~4.5 | 4.5.40 | up to date |
| console | ~0.15 | 0.16.0 | out of date |
| dialoguer | ~0.11 | 0.11.0 | up to date |
| env_logger | ~0.11 | 0.11.8 | up to date |
| fs-err | ~3.0 | 3.1.1 | out of date |
| git2 | ~0.19 | 0.20.2 | out of date |
| gix-config | ~0.40 | 0.45.1 | out of date |
| heck | ~0.5 | 0.5.0 | up to date |
| home | ~0.5 | 0.5.11 | up to date |
| ignore | ~0.4 | 0.4.23 | up to date |
| indexmap | ~2 | 2.10.0 | up to date |
| indicatif | ~0.17 | 0.17.12 | up to date |
| liquid | ~0.26 | 0.26.11 | up to date |
| liquid-core | ~0.26 | 0.26.11 | up to date |
| liquid-derive | ~0.26 | 0.26.10 | up to date |
| liquid-lib | ~0.26 | 0.26.11 | up to date |
| log | ~0.4 | 0.4.27 | up to date |
| names | ~0.14 | 0.14.0 | up to date |
| openssl ⚠️ | ~0.10 | 0.10.73 | maybe insecure |
| paste | ~1.0 | 1.0.15 | up to date |
| path-absolutize | ~3.1 | 3.1.1 | up to date |
| regex | ~1.11 | 1.11.1 | up to date |
| remove_dir_all | ~0.8 | 1.0.0 | out of date |
| rhai | ~1.20 | 1.22.2 | out of date |
| sanitize-filename | ~0.5 | 0.6.0 | out of date |
| semver | ~1.0 | 1.0.26 | up to date |
| serde | ~1.0 | 1.0.219 | up to date |
| tempfile | ~3.13 | 3.20.0 | out of date |
| thiserror | ~2.0 | 2.0.12 | up to date |
| time | ~0.3 | 0.3.41 | up to date |
| toml | ~0.8 | 0.8.23 | up to date |
| walkdir | ~2.5 | 2.5.0 | up to date |
(5 total, 1 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| assert_cmd | ~2.0 | 2.0.17 | up to date |
| bstr | ~1.10 | 1.12.0 | out of date |
| indoc | ~2.0 | 2.0.6 | up to date |
| predicates | ~3.1 | 3.1.3 | up to date |
| url | ~2.5 | 2.5.4 | up to date |
openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.