This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate h2

Dependencies

(11 total, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 fnv^1.0.51.0.7up to date
 futures-core^0.30.3.17up to date
 futures-sink^0.30.3.17up to date
 futures-util^0.30.3.17up to date
 http^0.20.2.5up to date
 indexmap^1.5.21.7.0up to date
 slab^0.4.20.4.5up to date
 tokio ⚠️^11.12.0maybe insecure
 tokio-util^0.60.6.8up to date
 tracing^0.1.210.1.29up to date

Dev dependencies

(12 total, 9 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 env_logger^0.5.30.9.0out of date
 hex^0.2.00.4.3out of date
 quickcheck^0.4.11.0.3out of date
 rand^0.3.150.8.4out of date
 rustls^0.190.20.0out of date
 serde^1.0.01.0.130up to date
 serde_json^1.0.01.0.68up to date
 tokio ⚠️^11.12.0maybe insecure
 tokio-rustls^0.220.23.0out of date
 walkdir^1.0.02.3.2out of date
 webpki^0.210.22.0out of date
 webpki-roots^0.210.22.1out of date

Security Vulnerabilities

tokio: Task dropped in wrong thread when aborting `LocalSet` task

RUSTSEC-2021-0072

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.