This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate fred

Dependencies

(41 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arc-swap^1.71.7.1up to date
 async-trait^0.10.1.83up to date
 bytes^1.61.8.0up to date
 bytes-utils^0.1.30.1.4up to date
 crossbeam-queue^0.30.3.11up to date
 float-cmp^0.90.10.0out of date
 fred-macros^0.10.1.0up to date
 futures^0.30.3.31up to date
 futures-io^0.30.3.31up to date
 futures-lite^2.32.5.0up to date
 glommio^0.9.00.9.0up to date
 hickory-resolver^0.24.10.24.1up to date
 local-sync^0.1.10.1.1up to date
 log^0.40.4.22up to date
 monoio^0.2.40.2.4up to date
 monoio-codec^0.3.40.3.4up to date
 monoio-native-tls^0.4.00.4.0up to date
 monoio-rustls^0.4.00.4.0up to date
 native-tls^0.20.2.12up to date
 nom^7.17.1.3up to date
 oneshot^0.1.80.1.8up to date
 parking_lot^0.120.12.3up to date
 pin-project^1.1.51.1.7up to date
 rand^0.80.8.5up to date
 redis-protocol^5.0.15.0.1up to date
 rustls ⚠️^0.230.23.16maybe insecure
 rustls-native-certs^0.70.8.0out of date
 semver^1.01.0.23up to date
 serde_json^11.0.132up to date
 sha-1^0.100.10.1up to date
 socket2^0.50.5.7up to date
 tokio^1.341.41.1up to date
 tokio-native-tls^0.30.3.1up to date
 tokio-rustls^0.260.26.0up to date
 tokio-stream^0.10.1.16up to date
 tokio-util^0.70.7.12up to date
 tracing^0.10.1.40up to date
 tracing-futures^0.20.2.5up to date
 trust-dns-resolver^0.230.23.2up to date
 url^2.42.5.3up to date
 urlencoding^2.12.1.3up to date

Dev dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 axum^0.70.7.7up to date
 base64^0.22.00.22.1up to date
 maplit^1.01.0.2up to date
 pretty_env_logger^0.50.5.0up to date
 serde^1.01.0.215up to date
 subprocess^0.20.2.9up to date
 tokio-stream^0.10.1.16up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.