This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
sp-io(17 total, 13 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| parity-scale-codec | ^2.0.0 | 3.7.5 | out of date |
| futures | ^0.3.1 | 0.3.31 | up to date |
| hash-db | ^0.15.2 | 0.16.0 | out of date |
| libsecp256k1 ⚠️ | ^0.3.4 | 0.7.2 | out of date |
| log | ^0.4.8 | 0.4.27 | up to date |
| parking_lot | ^0.11.1 | 0.12.4 | out of date |
| sp-core | ^3.0.0 | 36.1.0 | out of date |
| sp-externalities | ^0.9.0 | 0.30.0 | out of date |
| sp-keystore | ^0.9.0 | 0.42.0 | out of date |
| sp-runtime-interface | ^3.0.0 | 29.0.1 | out of date |
| sp-state-machine | ^0.9.0 | 0.45.0 | out of date |
| sp-std | ^3.0.0 | 14.0.0 | out of date |
| sp-tracing | ^3.0.0 | 17.1.0 | out of date |
| sp-trie | ^3.0.0 | 39.1.0 | out of date |
| sp-wasm-interface | ^3.0.0 | 21.0.1 | out of date |
| tracing | ^0.1.22 | 0.1.41 | up to date |
| tracing-core | ^0.1.17 | 0.1.34 | up to date |
libsecp256k1: libsecp256k1 allows overflowing signatureslibsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified.
The error is resolved in 0.5.0 by adding a check_overflow flag.