This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate schemeguardian

Dependencies

(21 total, 11 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-std^0.99.51.12.0out of date
 bincode^1.1.41.3.3up to date
 branca ⚠️^0.9.00.10.1out of date
 chrono ⚠️^0.4.70.4.37maybe insecure
 custom_codes^1.0.32.0.4out of date
 either^1.51.10.0up to date
 failure^0.1.50.1.8up to date
 lazy_static^1.3.01.4.0up to date
 r2d2^0.8.50.8.10up to date
 rand^0.70.8.5out of date
 rust-argon2^0.5.02.1.0out of date
 rusty_ulid^0.9.02.0.0out of date
 secrecy^0.2.20.8.0out of date
 serde^1.01.0.197up to date
 serde_derive^1.01.0.197up to date
 serde_json^1.0.401.0.115up to date
 sled^0.27.00.34.7out of date
 toml^0.5.10.8.12out of date
 uhttp_sse^0.5.10.5.1up to date
 untrusted^0.6.20.9.0out of date
 zeroize^0.9.21.7.0out of date

Security Vulnerabilities

branca: Unexpected panic when decoding tokens

RUSTSEC-2020-0075

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding.

The documentation stated that an error should have been reported instead.

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References