This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate servo-devtools

Dependencies

(22 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 atomic_refcell^0.1.140.1.14up to date
 base64^0.22.10.22.1up to date
 chrono ⚠️^0.40.4.45maybe insecure
 crossbeam-channel^0.50.5.15up to date
 servo-devtools-traits=0.3.00.3.0up to date
 servo-embedder-traits=0.3.00.3.0up to date
 headers^0.40.4.1up to date
 http^1.41.4.2up to date
 log^0.4.300.4.33up to date
 servo-malloc-size-of=0.3.00.3.0up to date
 malloc_size_of_derive^0.10.1.3up to date
 servo-net=0.3.00.3.0up to date
 servo-net-traits=0.3.00.3.0up to date
 servo-profile-traits=0.3.00.3.0up to date
 rand^0.90.10.1out of date
 rustc-hash^2.1.22.1.2up to date
 serde^1.0.2281.0.228up to date
 serde_json^1.01.0.150up to date
 servo-base=0.3.00.3.0up to date
 servo-config=0.3.00.3.0up to date
 servo-url=0.3.00.3.0up to date
 uuid^1.23.11.23.4up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References