This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate i-slint-core

Dependencies

(43 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 auto_enums^0.8.00.8.7up to date
 bitflags^2.4.22.9.0up to date
 bytemuck^1.13.11.22.0up to date
 cfg-if^11.0.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 clru^0.6.00.6.2up to date
 const-field-offset^0.1.50.1.5up to date
 derive_more^1.0.02.0.1out of date
 euclid^0.22.10.22.11up to date
 fontdb^0.23.00.23.0up to date
 fontdue^0.9.00.9.3up to date
 gettext-rs^0.7.10.7.2up to date
 i-slint-common=1.10.01.10.0up to date
 i-slint-core-macros=1.10.01.10.0up to date
 image^0.250.25.5up to date
 integer-sqrt^0.1.50.1.5up to date
 lyon_algorithms^1.01.0.5up to date
 lyon_extra^1.0.11.0.3up to date
 lyon_geom^1.01.0.6up to date
 lyon_path^1.01.0.7up to date
 num-traits^0.20.2.19up to date
 once_cell^1.51.21.1up to date
 pin-project^11.1.10up to date
 pin-weak^1.11.1.0up to date
 portable-atomic^11.11.0up to date
 raw-window-handle^0.60.6.2up to date
 resvg^0.45.00.45.0up to date
 rgb^0.8.270.8.50up to date
 rustybuzz^0.20.00.20.1up to date
 scoped-tls-hkt^0.10.1.5up to date
 scopeguard^1.1.01.2.0up to date
 serde^1.0.1631.0.219up to date
 slab^0.4.30.4.9up to date
 static_assertions^1.11.1.0up to date
 strum^0.27.10.27.1up to date
 sys-locale^0.3.20.3.2up to date
 unicode-linebreak^0.1.50.1.5up to date
 unicode-script^0.5.70.5.7up to date
 unicode-segmentation^1.12.01.12.0up to date
 vtable^0.20.2.1up to date
 wasm-bindgen^0.20.2.100up to date
 web-sys^0.3.720.3.77up to date
 web-time^1.01.1.0up to date

Dev dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 async-compat^0.2.40.2.4up to date
 fontdb^0.23.00.23.0up to date
 rustybuzz^0.20.00.20.1up to date
 serde_json^1.0.961.0.140up to date
 tempfile^3.12.03.19.0up to date
 tiny-skia^0.11.00.11.4up to date
 tokio^1.351.44.1up to date
 ttf-parser^0.250.25.1up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References