diesel 2.2.4

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `diesel`

Dependencies

(24 total, 1 possibly insecure)

Crate	Required	Latest	Status
bigdecimal	`>=0.0.13, <0.5.0`	`0.4.6`	up to date
bitflags	`^2.0.0`	`2.6.0`	up to date
byteorder	`^1.0`	`1.5.0`	up to date
chrono	`^0.4.20`	`0.4.38`	up to date
diesel_derives	`~2.2.0`	`2.2.3`	up to date
ipnet	`^2.5.0`	`2.10.1`	up to date
ipnetwork	`>=0.12.2, <0.21.0`	`0.20.0`	up to date
itoa	`^1.0.0`	`1.0.11`	up to date
libc	`^0.2.0`	`0.2.164`	up to date
libsqlite3-sys ⚠️	`>=0.17.2, <0.31.0`	`0.30.1`	maybe insecure
mysqlclient-src	`^0.1.0`	`0.1.2`	up to date
mysqlclient-sys	`>=0.2.5, <0.5.0`	`0.4.1`	up to date
num-bigint	`>=0.2.0, <0.5.0`	`0.4.6`	up to date
num-integer	`^0.1.39`	`0.1.46`	up to date
num-traits	`^0.2.0`	`0.2.19`	up to date
percent-encoding	`^2.1.0`	`2.3.1`	up to date
pq-src	`^0.3`	`0.3.2`	up to date
pq-sys	`>=0.4.0, <0.7.0`	`0.6.3`	up to date
quickcheck	`^1.0.3`	`1.0.3`	up to date
r2d2	`>=0.8.2, <0.9.0`	`0.8.10`	up to date
serde_json	`>=0.8.0, <2.0`	`1.0.133`	up to date
time	`^0.3.9`	`0.3.36`	up to date
url	`^2.1.0`	`2.5.3`	up to date
uuid	`>=0.7.0, <2.0.0`	`1.11.0`	up to date

Dev dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
cfg-if	`^1`	`1.0.0`	up to date
dotenvy	`^0.15`	`0.15.7`	up to date
ipnetwork	`>=0.12.2, <0.21.0`	`0.20.0`	up to date
quickcheck	`^1.0.3`	`1.0.3`	up to date
tempfile	`^3.10.1`	`3.14.0`	up to date

Security Vulnerabilities

`libsqlite3-sys`: `libsqlite3-sys` via C SQLite CVE-2022-35737

RUSTSEC-2022-0090

It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function.

As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite here.