This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate deno

Dependencies

(105 total, 38 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anstream^0.6.140.6.18up to date
 async-trait^0.1.730.1.83up to date
 base64^0.21.70.22.1out of date
 bincode=1.3.31.3.3up to date
 bytes^1.4.01.9.0up to date
 cache_control=0.2.00.2.0up to date
 chrono ⚠️^0.40.4.39maybe insecure
 clap=4.5.164.5.23out of date
 clap_complete=4.5.244.5.40out of date
 clap_complete_fig=4.5.24.5.2up to date
 color-print^0.3.50.3.7up to date
 console_static_text=0.8.10.8.2out of date
 dashmap^5.5.36.1.0out of date
 data-encoding^2.3.32.6.0up to date
 deno_ast=0.44.00.44.0up to date
 deno_cache_dir=0.14.00.15.0out of date
 deno_config=0.39.30.40.0out of date
 deno_core^0.324.00.326.0out of date
 deno_doc=0.161.20.162.1out of date
 deno_graph=0.86.30.86.3up to date
 deno_lint=0.68.20.69.0out of date
 deno_lockfile=0.23.20.23.2up to date
 deno_npm=0.26.00.26.0up to date
 deno_npm_cache^0.2.00.3.0out of date
 deno_package_json^0.2.10.2.1up to date
 deno_path_util=0.2.10.2.2out of date
 deno_resolver^0.14.00.15.0out of date
 deno_runtime^0.191.00.192.0out of date
 deno_semver=0.6.10.6.1up to date
 deno_task_shell=0.20.20.20.2up to date
 deno_telemetry^0.4.00.5.0out of date
 deno_terminal^0.2.00.2.0up to date
 dhat^0.3.30.3.3up to date
 dissimilar=1.0.41.0.9out of date
 dotenvy^0.15.70.15.7up to date
 dprint-plugin-json=0.19.40.19.4up to date
 dprint-plugin-jupyter=0.1.50.1.5up to date
 dprint-plugin-markdown=0.17.80.17.8up to date
 dprint-plugin-typescript=0.93.30.93.3up to date
 env_logger=0.10.00.11.5out of date
 fancy-regex=0.10.00.14.0out of date
 faster-hex^0.90.10.0out of date
 flate2^1.0.301.0.35up to date
 fs3^0.5.00.5.0up to date
 glob^0.3.10.3.1up to date
 http^1.01.2.0up to date
 http-body^1.01.0.1up to date
 http-body-util^0.1.20.1.2up to date
 hyper-util=0.1.70.1.10out of date
 import_map=0.20.10.21.0out of date
 indexmap^22.7.0up to date
 jsonc-parser=0.26.20.26.2up to date
 junction=0.2.01.2.0out of date
 runtimelib=0.19.00.24.0out of date
 lazy-regex^33.3.0up to date
 libc^0.2.1260.2.168up to date
 libsui^0.5.00.5.0up to date
 libz-sys^1.1.201.1.20up to date
 log^0.4.200.4.22up to date
 lsp-types=0.97.00.97.0up to date
 malva=0.11.00.11.1out of date
 markup_fmt=0.18.00.18.0up to date
 memmem^0.1.10.1.1up to date
 monch=0.5.00.5.0up to date
 nix=0.27.10.29.0out of date
 node_resolver^0.21.00.22.0out of date
 notify=6.1.17.0.0out of date
 once_cell^1.17.11.20.2up to date
 open^5.0.15.3.1up to date
 p256^0.13.20.13.2up to date
 pathdiff^0.2.10.2.3up to date
 percent-encoding^2.3.02.3.1up to date
 phf^0.110.11.2up to date
 pretty_yaml=0.5.00.5.0up to date
 quick-junit^0.3.50.5.1out of date
 rand=0.8.50.8.5up to date
 regex^1.7.01.11.1up to date
 ring^0.17.00.17.8up to date
 rustyline=13.0.015.0.0out of date
 rustyline-derive=0.7.00.11.0out of date
 serde^1.0.1491.0.216up to date
 serde_repr=0.1.160.1.19out of date
 sha2^0.10.80.10.8up to date
 shell-escape=0.1.50.1.5up to date
 spki^0.70.7.3up to date
 sqlformat=0.3.20.3.3out of date
 strsim^0.11.10.11.1up to date
 tar=0.4.400.4.43out of date
 tempfile^3.4.03.14.0up to date
 text-size=1.1.01.1.1out of date
 text_lines=0.6.00.6.0up to date
 thiserror^2.0.32.0.7up to date
 tokio^1.36.01.42.0up to date
 tokio-util^0.7.40.7.13up to date
 deno_tower_lsp^0.1.00.1.0up to date
 tracing^0.10.1.41up to date
 twox-hash=1.6.32.1.0out of date
 typed-arena=2.0.22.0.2up to date
 uuid^1.3.01.11.0up to date
 walkdir=2.3.22.5.0out of date
 which^4.2.57.0.0out of date
 winapi=0.3.90.3.9up to date
 zeromq=0.4.10.4.1up to date
 zip^2.1.62.2.2up to date
 zstd=0.12.40.13.2out of date

Dev dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 deno_bench_util^0.176.00.177.0out of date
 pretty_assertions=1.4.01.4.1out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References