Deps.rs

isahc 0.9.14

[![dependency status](https://deps.rs/crate/isahc/0.9.14/status.svg)](https://deps.rs/crate/isahc/0.9.14)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate isahc

Dependencies

(22 total, 7 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^0.51.10.1out of date
 chrono ⚠️^0.40.4.41maybe insecure
 crossbeam-utils^0.80.8.21up to date
 curl^0.4.340.4.48up to date
 curl-sys^0.4.370.4.82+curl-8.14.1up to date
 encoding_rs^0.80.8.35up to date
 flume^0.90.11.1out of date
 futures-lite^1.112.6.0out of date
 http^0.2.11.3.1out of date
 log^0.40.4.27up to date
 mime^0.30.3.17up to date
 once_cell^11.21.3up to date
 parking_lot^0.110.12.4out of date
 publicsuffix^1.52.3.0out of date
 serde^1.01.0.219up to date
 serde_json^1.01.0.140up to date
 slab^0.40.4.10up to date
 sluice^0.50.6.0out of date
 tracing^0.1.170.1.41up to date
 tracing-futures^0.20.2.5up to date
 url^2.22.5.4up to date
 waker-fn^11.2.0up to date

Dev dependencies

(10 total, 4 outdated)

CrateRequiredLatestStatus
 env_logger^0.80.11.8out of date
 flate2^1.01.1.2up to date
 futures^0.30.3.31up to date
 indicatif^0.150.17.12out of date
 rayon^11.10.0up to date
 static_assertions^1.11.1.0up to date
 structopt^0.30.3.26up to date
 tempfile^3.13.20.0up to date
 test-case^1.03.3.1out of date
 tracing-subscriber^0.20.3.19out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References