projvar 0.19.6

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `projvar`

Dependencies

(25 total, 1 possibly insecure)

Crate	Required	Latest	Status
askalono	`^0.5`	`0.5.0`	up to date
chrono ⚠️	`^0.4`	`0.4.39`	maybe insecure
clap	`^4.4`	`4.5.23`	up to date
cli_utils_hoijui	`^0.9`	`0.9.0`	up to date
const_format	`^0.2`	`0.2.34`	up to date
enum-map	`^2.7`	`2.7.3`	up to date
git-version	`^0.3`	`0.3.9`	up to date
git2	`^0.19`	`0.19.0`	up to date
gix-url	`^0.28`	`0.28.1`	up to date
human-panic	`^2.0`	`2.0.2`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
log	`^0.4`	`0.4.22`	up to date
proc-macro2	`^1.0`	`1.0.92`	up to date
regex	`^1.10`	`1.11.1`	up to date
remain	`^0.2`	`0.2.14`	up to date
repvar	`^0.14`	`0.14.0`	up to date
serde	`^1.0`	`1.0.216`	up to date
serde_json	`^1.0`	`1.0.134`	up to date
spdx	`^0.10`	`0.10.7`	up to date
strum	`^0.26`	`0.26.3`	up to date
strum_macros	`^0.26`	`0.26.4`	up to date
thiserror	`^2.0`	`2.0.9`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.19`	up to date
url	`^2.5`	`2.5.4`	up to date

Dev dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
assert_cmd	`^2.0`	`2.0.16`	up to date
assert_fs	`^1.0`	`1.1.2`	up to date
cmd_lib	`^1.9`	`1.9.5`	up to date
const-fnv1a-hash	`^1.1`	`1.1.0`	up to date
directories	`^5.0`	`5.0.1`	up to date
fake	`^3.0`	`3.0.1`	up to date
predicates	`^3.0`	`3.1.3`	up to date
uuid	`^1.6`	`1.11.0`	up to date

Security Vulnerabilities

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293