isahc 0.9.14

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `isahc`

Dependencies

(22 total, 6 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
bytes	`^0.5`	`1.6.0`	out of date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
crossbeam-utils	`^0.8`	`0.8.19`	up to date
curl	`^0.4.34`	`0.4.46`	up to date
curl-sys	`^0.4.37`	`0.4.72+curl-8.6.0`	up to date
encoding_rs	`^0.8`	`0.8.34`	up to date
flume	`^0.9`	`0.11.0`	out of date
futures-lite	`^1.11`	`2.3.0`	out of date
http	`^0.2.1`	`1.1.0`	out of date
log	`^0.4`	`0.4.21`	up to date
mime	`^0.3`	`0.3.17`	up to date
once_cell	`^1`	`1.19.0`	up to date
parking_lot	`^0.11`	`0.12.1`	out of date
publicsuffix	`^1.5`	`2.2.3`	out of date
serde	`^1.0`	`1.0.198`	up to date
serde_json	`^1.0`	`1.0.116`	up to date
slab	`^0.4`	`0.4.9`	up to date
sluice	`^0.5`	`0.5.5`	up to date
tracing	`^0.1.17`	`0.1.40`	up to date
tracing-futures	`^0.2`	`0.2.5`	up to date
url	`^2.2`	`2.5.0`	up to date
waker-fn	`^1`	`1.1.1`	up to date

Dev dependencies

(10 total, 4 outdated)

Crate	Required	Latest	Status
env_logger	`^0.8`	`0.11.3`	out of date
flate2	`^1.0`	`1.0.28`	up to date
futures	`^0.3`	`0.3.30`	up to date
indicatif	`^0.15`	`0.17.8`	out of date
rayon	`^1`	`1.10.0`	up to date
static_assertions	`^1.1`	`1.1.0`	up to date
structopt	`^0.3`	`0.3.26`	up to date
tempfile	`^3.1`	`3.10.1`	up to date
test-case	`^1.0`	`3.3.1`	out of date
tracing-subscriber	`^0.2`	`0.3.18`	out of date

Security Vulnerabilities

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293