Deps.rs

finch 0.3.0

[![dependency status](https://deps.rs/crate/finch/0.3.0/status.svg)](https://deps.rs/crate/finch/0.3.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate finch

Dependencies

(14 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bincode^1.2.01.3.3up to date
 capnp ⚠️^0.9.40.19.3out of date
 clap^2.33.04.5.4out of date
 failure^0.1.20.1.8up to date
 memmap^0.7.00.7.0up to date
 murmurhash3^0.0.50.0.5up to date
 ndarray^0.120.15.6out of date
 needletail^0.3.10.5.1out of date
 numpy^0.7.00.21.0out of date
 pyo3^0.8.20.21.2out of date
 rayon^1.2.01.10.0up to date
 serde^1.0.1011.0.198up to date
 serde_derive^1.0.1011.0.198up to date
 serde_json^1.0.411.0.116up to date

Dev dependencies

(3 total, 3 outdated)

CrateRequiredLatestStatus
 assert_cmd^0.102.0.14out of date
 predicates^13.1.0out of date
 proptest^0.9.01.4.0out of date

Security Vulnerabilities

capnp: out-of-bounds read possible when setting list-of-pointers

RUSTSEC-2022-0068

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data.

The C++ Cap'n Proto library is also affected by this bug. See the advisory on the main Cap'n Proto repo for a succinct description of the exact circumstances in which the problem can arise.