This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate config-file

Dependencies

(6 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 serde^1.01.0.219up to date
 serde-xml-rs^0.50.6.0out of date
 serde_json^1.01.0.140up to date
 serde_yaml ⚠️^0.80.9.34+deprecatedout of date
 thiserror^1.02.0.12out of date
 toml^0.50.8.20out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.219up to date

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.