This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate jwt-authorizer

Dependencies

(20 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 axum^0.70.8.4out of date
 chrono ⚠️^0.40.4.41maybe insecure
 futures-core^0.30.3.31up to date
 futures-util^0.30.3.31up to date
 headers^0.40.4.1up to date
 http^1.01.3.1up to date
 http-body-util^0.1.00.1.3up to date
 jsonwebtoken^9.29.3.1up to date
 pin-project^1.01.1.10up to date
 reqwest^0.110.12.22out of date
 serde^1.01.0.219up to date
 serde_json^1.01.0.140up to date
 thiserror^1.02.0.12out of date
 time^0.30.3.41up to date
 tokio^1.251.46.1up to date
 tower-http^0.50.6.6out of date
 tower-layer^0.30.3.3up to date
 tower-service^0.30.3.3up to date
 tracing^0.10.1.41up to date
 tracing-subscriber^0.30.3.19up to date

Dev dependencies

(4 total, 2 outdated)

CrateRequiredLatestStatus
 hyper^1.1.01.6.0up to date
 lazy_static^1.4.01.5.0up to date
 tower^0.4.130.5.2out of date
 wiremock^0.5.220.6.4out of date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References