jsonrpsee-ws-client 0.2.0

Crate jsonrpsee-ws-client

Dependencies

(16 total, 7 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.88`	up to date
fnv	`^1`	`1.0.7`	up to date
futures	`^0.3.14`	`0.3.31`	up to date
jsonrpsee-types	`^0.2.0`	`0.25.1`	out of date
log	`^0.4`	`0.4.27`	up to date
pin-project	`^1`	`1.1.10`	up to date
rustls ⚠️	`^0.19.1`	`0.23.28`	out of date
rustls-native-certs	`^0.5.0`	`0.8.1`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
soketto	`^0.5`	`0.8.1`	out of date
thiserror	`^1`	`2.0.12`	out of date
tokio ⚠️	`^1`	`1.46.0`	maybe insecure
tokio-rustls	`^0.22`	`0.26.2`	out of date
tokio-util	`^0.6`	`0.7.15`	out of date
url	`^2`	`2.5.4`	up to date

Crate

Required

Latest

Status

async-trait

^0.1

0.1.88

up to date

fnv

^1

1.0.7

up to date

futures

^0.3.14

0.3.31

up to date

jsonrpsee-types

^0.2.0

0.25.1

out of date

log

^0.4

0.4.27

up to date

pin-project

^1

1.1.10

up to date

rustls ⚠️

^0.19.1

0.23.28

out of date

rustls-native-certs

^0.5.0

0.8.1

out of date

serde

^1

1.0.219

up to date

serde_json

^1

1.0.140

up to date

soketto

^0.5

0.8.1

out of date

thiserror

^1

2.0.12

out of date

tokio ⚠️

^1

1.46.0

maybe insecure

tokio-rustls

^0.22

0.26.2

out of date

tokio-util

^0.6

0.7.15

out of date

url

^2

2.5.4

up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
env_logger	`^0.8`	`0.11.8`	out of date

Crate

Required

Latest

Status

env_logger

^0.8

0.11.8

out of date

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

Deps.rs

jsonrpsee-ws-client 0.2.0

Crate `jsonrpsee-ws-client`

Dependencies

Dev dependencies

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

Workarounds

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

jsonrpsee-ws-client 0.2.0

Crate jsonrpsee-ws-client

Dependencies

Dev dependencies

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

Workarounds

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

Crate `jsonrpsee-ws-client`

`tokio`: reject_remote_clients Configuration corruption

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input