osmpbf 0.3.8

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `osmpbf`

Dependencies

(5 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
byteorder	`^1.4`	`1.5.0`	up to date
flate2	`^1.0`	`1.1.9`	up to date
memmap2	`^0.5`	`0.9.10`	out of date
protobuf ⚠️	`^3.1`	`3.7.2`	maybe insecure
rayon	`^1.5`	`1.11.0`	up to date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
assert_approx_eq	`^1.1.0`	`1.1.0`	up to date
criterion	`^0.3`	`0.8.2`	out of date

Security Vulnerabilities

`protobuf`: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.