Deps.rs

compio-quic 0.1.0

[![dependency status](https://deps.rs/crate/compio-quic/0.1.0/status.svg)](https://deps.rs/crate/compio-quic/0.1.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate compio-quic

Dependencies

(17 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 compio-buf^0.5.00.5.0up to date
 compio-io^0.4.00.4.1up to date
 compio-log^0.1.00.1.0up to date
 compio-net^0.5.00.5.1up to date
 compio-runtime^0.5.00.5.1up to date
 flume^0.11.00.11.1up to date
 futures-util^0.3.290.3.31up to date
 h3^0.0.60.0.6up to date
 libc^0.2.1490.2.162up to date
 quinn-proto^0.11.80.11.9up to date
 rustc-hash^2.0.02.0.0up to date
 rustls ⚠️^0.23.10.23.16maybe insecure
 rustls-native-certs^0.8.00.8.0up to date
 rustls-platform-verifier^0.3.30.4.0out of date
 thiserror^1.0.632.0.3out of date
 webpki-roots^0.26.30.26.6up to date
 windows-sys^0.52.00.59.0out of date

Dev dependencies

(13 total, all up-to-date)

CrateRequiredLatestStatus
 compio-dispatcher^0.4.00.4.0up to date
 compio-driver^0.5.00.5.1up to date
 compio-fs^0.5.00.5.1up to date
 compio-macros^0.1.20.1.2up to date
 compio-runtime^0.5.00.5.1up to date
 criterion^0.5.10.5.1up to date
 http^1.1.01.1.0up to date
 quinn^0.11.50.11.6up to date
 rand^0.8.50.8.5up to date
 rcgen^0.13.10.13.1up to date
 socket2^0.5.60.5.7up to date
 tokio^1.33.01.41.1up to date
 tracing-subscriber^0.3.180.3.18up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.