This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate isahc

Dependencies

(22 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^0.51.6.1out of date
 chrono ⚠️^0.40.4.38maybe insecure
 crossbeam-utils^0.80.8.20up to date
 curl^0.4.340.4.46up to date
 curl-sys^0.4.370.4.73+curl-8.8.0up to date
 encoding_rs^0.80.8.34up to date
 flume^0.90.11.0out of date
 futures-lite^1.112.3.0out of date
 http^0.2.11.1.0out of date
 log^0.40.4.22up to date
 mime^0.30.3.17up to date
 once_cell^11.19.0up to date
 parking_lot^0.110.12.3out of date
 publicsuffix^1.52.2.3out of date
 serde^1.01.0.204up to date
 serde_json^1.01.0.120up to date
 slab^0.40.4.9up to date
 sluice^0.50.5.5up to date
 tracing^0.1.170.1.40up to date
 tracing-futures^0.20.2.5up to date
 url^2.22.5.2up to date
 waker-fn^11.2.0up to date

Dev dependencies

(10 total, 4 outdated)

CrateRequiredLatestStatus
 env_logger^0.80.11.3out of date
 flate2^1.01.0.30up to date
 futures^0.30.3.30up to date
 indicatif^0.150.17.8out of date
 rayon^11.10.0up to date
 static_assertions^1.11.1.0up to date
 structopt^0.30.3.26up to date
 tempfile^3.13.10.1up to date
 test-case^1.03.3.1out of date
 tracing-subscriber^0.20.3.18out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References