This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate hg-parser

Dependencies

(11 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bitflags^1.02.5.0out of date
 byteorder^1.31.5.0up to date
 chrono ⚠️^0.40.4.37maybe insecure
 flate2^1.01.0.28up to date
 jemallocator^0.30.5.4out of date
 lazy_static^1.31.4.0up to date
 lru-cache^0.10.1.2up to date
 nom^4.27.1.3out of date
 ordered-parallel-iterator^0.10.1.1up to date
 rayon^1.01.10.0up to date
 sha-1^0.80.10.1out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References