Deps.rs

prometheus-client 0.15.1

[![dependency status](https://deps.rs/crate/prometheus-client/0.15.1/status.svg)](https://deps.rs/crate/prometheus-client/0.15.1)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate prometheus-client

Dependencies

(4 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 dtoa^1.01.0.10up to date
 itoa^1.01.0.15up to date
 owning_ref ⚠️^0.40.4.1insecure
 prometheus-client-derive-text-encode^0.2.00.3.0out of date

Dev dependencies

(7 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-std^11.13.1up to date
 criterion^0.30.6.0out of date
 http-types^22.12.0up to date
 pyo3 ⚠️^0.150.25.1out of date
 quickcheck^11.0.3up to date
 rand^0.8.40.9.1out of date
 tide^0.160.16.0up to date

Security Vulnerabilities

owning_ref: Multiple soundness issues in `owning_ref`

RUSTSEC-2022-0040

  • OwningRef::map_with_owner is unsound and may result in a use-after-free.
  • OwningRef::map is unsound and may result in a use-after-free.
  • OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
  • The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM noalias attribute.

safer_owning_ref is a replacement crate which fixes these issues. No patched versions of the original crate are available, and the maintainer is unresponsive.

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.