This project contains known security vulnerabilities. Find detailed information at the bottom.
serde_arrow(8 total, 1 outdated, 1 insecure, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| arrow-array | ^57 | 57.2.0 | up to date |
| arrow-schema | ^57 | 57.2.0 | up to date |
| arrow2 ⚠️ | ^0.17 | 0.18.0 | insecure |
| bytemuck | ^1 | 1.25.0 | up to date |
| chrono ⚠️ | ^0.4 | 0.4.43 | maybe insecure |
| half | ^2 | 2.7.1 | up to date |
| marrow | ^0.2.5 | 0.2.5 | up to date |
| serde | ^1.0 | 1.0.228 | up to date |
(16 total, 3 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| anyhow | ^1 | 1.0.101 | up to date |
| arrow-json | ^57 | 57.2.0 | up to date |
| arrow-schema | ^57 | 57.2.0 | up to date |
| arrow2_convert | ^0.5.0 | 0.5.0 | up to date |
| bigdecimal | ^0.4 | 0.4.10 | up to date |
| chrono ⚠️ | ^0.4 | 0.4.43 | maybe insecure |
| criterion | ^0.5 | 0.8.2 | out of date |
| jiff | ^0.2 | 0.2.19 | up to date |
| rand | ^0.8 | 0.9.2 | out of date |
| rust_decimal | ^1.33 | 1.40.0 | up to date |
| serde | ^1 | 1.0.228 | up to date |
| serde-transcode | ^1 | 1.1.1 | up to date |
| serde_bytes | ^0.11 | 0.11.19 | up to date |
| serde_json | ^1 | 1.0.149 | up to date |
| simd-json | ^0.13.8 | 0.17.0 | out of date |
| uuid | ^1.10.0 | 1.20.0 | up to date |
chrono: Potential segfault in `localtime_r` invocationsUnix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
No workarounds are known.
arrow2: Out of bounds access in public safe APIRows::row_unchecked() allows out of bounds access to the underlying
buffer without sufficient checks.
The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead.