This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate liquid-core

Dependencies

(9 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anymap^0.120.12.1up to date
 chrono ⚠️^0.40.4.38maybe insecure
 itertools^0.10.00.13.0out of date
 kstring^1.02.0.2out of date
 liquid-derive^0.22.00.26.8out of date
 num-traits^0.20.2.19up to date
 pest^2.02.7.14up to date
 pest_derive^2.02.7.14up to date
 serde^1.01.0.214up to date

Dev dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 difference^2.02.0.0up to date
 serde_yaml ⚠️^0.80.9.34+deprecatedout of date

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References