Deps.rs

re_protos 0.23.2

[![dependency status](https://deps.rs/crate/re_protos/0.23.2/status.svg)](https://deps.rs/crate/re_protos/0.23.2)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate re_protos

Dependencies

(15 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrow^54.3.155.0.0out of date
 jiff^0.2.30.2.13up to date
 prost^0.13.30.13.5up to date
 prost-types^0.13.30.13.5up to date
 pyo3 ⚠️^0.23.30.24.2out of date
 re_build_info^0.23.20.23.2up to date
 re_byte_size^0.23.20.23.2up to date
 re_chunk^0.23.20.23.2up to date
 re_log_types^0.23.20.23.2up to date
 re_sorbet^0.23.20.23.2up to date
 re_tuid^0.23.20.23.2up to date
 serde^11.0.219up to date
 thiserror^1.02.0.12out of date
 tonic^0.12.30.13.1out of date
 url^2.32.5.4up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.