This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate fse_dump

Dependencies

(17 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 bus^22.4.1up to date
 byteorder^11.5.0up to date
 clap^24.5.41out of date
 crossbeam ⚠️^00.8.4maybe insecure
 crossbeam-channel^00.5.15up to date
 csv^11.3.1up to date
 env_logger^00.11.8up to date
 flate2^1.01.1.2up to date
 hashbrown ⚠️^00.15.4maybe insecure
 lazy_static^11.5.0up to date
 log^0.40.4.27up to date
 parking_lot^00.12.4up to date
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date
 structopt^00.3.26up to date
 walkdir^22.5.0up to date

Security Vulnerabilities

crossbeam: MsQueue and SegQueue suffer from double-free

RUSTSEC-2018-0009

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.

The flaw was corrected by wrapping elements inside queues in a ManuallyDrop.

Thanks to @c0gent for reporting the issue.

hashbrown: Borsh serialization of HashMap is non-canonical

RUSTSEC-2024-0402

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be considered distinct.

This was patched in 0.15.1.