Deps.rs

cellular_raza-core 0.5.0

[![dependency status](https://deps.rs/crate/cellular_raza-core/0.5.0/status.svg)](https://deps.rs/crate/cellular_raza-core/0.5.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate cellular_raza-core

Dependencies

(25 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 bincode^2.03.0.0out of date
 cellular_raza-concepts^0.5.00.5.0up to date
 cellular_raza-core-proc-macro^0.5.00.5.0up to date
 chrono^0.4.310.4.42up to date
 circ_buffer^0.1.80.1.9up to date
 crossbeam-channel^0.50.5.15up to date
 cudarc^0.180.18.2up to date
 hurdles^1.01.0.1up to date
 itertools^0.140.14.0up to date
 kdam^0.60.6.3up to date
 num^0.40.4.3up to date
 opencl3^0.12.00.12.1up to date
 plotters^0.30.3.7up to date
 pyo3 ⚠️>=0.240.27.2maybe insecure
 quick-xml^0.380.38.4up to date
 rand^0.90.9.2up to date
 rand_chacha^0.90.9.0up to date
 rayon^1.61.11.0up to date
 ron^0.120.12.0up to date
 serde^1.01.0.228up to date
 serde_json^1.01.0.147up to date
 sled^0.340.34.7up to date
 tracing^0.1.400.1.44up to date
 tracing-subscriber ⚠️^0.3.180.3.22maybe insecure
 uniquevec^0.1.00.1.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^33.24.0up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.

tracing-subscriber: Logging user input may result in poisoning logs with ANSI escape sequences

RUSTSEC-2025-0055

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

  • Manipulate terminal title bars
  • Clear screens or modify terminal display
  • Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

This was patched in PR #3368 to escape ANSI control characters from user input.