Deps.rs

leetcode-cli 0.2.12

[![dependency status](https://deps.rs/crate/leetcode-cli/0.2.12/status.svg)](https://deps.rs/crate/leetcode-cli/0.2.12)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate leetcode-cli

Dependencies

(15 total, 10 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 clap^2.33.04.5.4out of date
 colored^1.9.12.1.0out of date
 diesel ⚠️^1.4.32.1.6out of date
 dirs^2.0.25.0.1out of date
 env_logger^0.7.10.11.3out of date
 keyring^0.7.12.3.2out of date
 log^0.40.4.21up to date
 openssl ⚠️^0.10.260.10.64maybe insecure
 pyo3^0.8.50.21.2out of date
 rand^0.7.20.8.5out of date
 reqwest^0.9.240.12.4out of date
 serde^1.0.1041.0.198up to date
 serde_derive^1.0.1041.0.198up to date
 serde_json^1.0.441.0.116up to date
 toml^0.5.50.8.12out of date

Security Vulnerabilities

diesel: Fix a use-after-free bug in diesels Sqlite backend

RUSTSEC-2021-0037

We've misused sqlite3_column_name. The SQLite documentation states that the following:

The returned string pointer is valid until either the prepared statement is destroyed by sqlite3_finalize() or until the statement is automatically reprepared by the first call to sqlite3_step() for a particular run or until the next call to sqlite3_column_name() or sqlite3_column_name16() on the same column.

As part of our query_by_name infrastructure we've first received all field names for the prepared statement and stored them as string slices for later use. After that we called sqlite3_step() for the first time, which invalids the pointer and therefore the stored string slice.

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.