Deps.rs

holochain_persistence_file 0.0.18

[![dependency status](https://deps.rs/crate/holochain_persistence_file/0.0.18/status.svg)](https://deps.rs/crate/holochain_persistence_file/0.0.18)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate holochain_persistence_file

Dependencies

(9 total, 7 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 glob=0.3.00.3.1out of date
 holochain_json_api=0.0.230.0.50out of date
 holochain_persistence_api=0.0.180.0.18up to date
 lazy_static=1.4.01.4.0up to date
 multihash ⚠️=0.8.00.19.1out of date
 serde=1.0.1041.0.198out of date
 serde_derive=1.0.1041.0.198out of date
 serde_test=1.0.1041.0.176out of date
 uuid=0.7.11.8.0out of date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 tempfile=3.0.73.10.1out of date

Security Vulnerabilities

multihash: Unexpected panic in multihash `from_slice` parsing code

RUSTSEC-2020-0068

In versions prior 0.11.3 it's possible to make from_slice panic by feeding it certain malformed input. It's never documented that from_slice (and from_bytes which wraps it) can panic, and its' return type (Result<Self, DecodeError>) suggests otherwise.

In practice, from_slice/from_bytes is frequently used in networking code (for example in rust-libp2p) and is being called with unsanitized data from untrusted sources. This can allow attackers to cause DoS by causing an unexpected panic in the network client's code.