This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate tower

Dependencies

(13 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 futures-core^0.30.3.17up to date
 futures-util^0.30.3.17up to date
 hdrhistogram^6.07.3.0out of date
 indexmap^1.0.21.7.0up to date
 pin-project^11.0.8up to date
 rand^0.80.8.4up to date
 slab^0.40.4.4up to date
 tokio ⚠️^11.11.0maybe insecure
 tokio-stream^0.1.00.1.7up to date
 tokio-util^0.6.30.6.8up to date
 tower-layer^0.3.10.3.1up to date
 tower-service^0.30.3.1up to date
 tracing^0.1.20.1.27up to date

Dev dependencies

(9 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 futures^0.30.3.17up to date
 hdrhistogram^6.07.3.0out of date
 http^0.20.2.4up to date
 quickcheck^0.91.0.3out of date
 tokio ⚠️^11.11.0maybe insecure
 tokio-stream^0.10.1.7up to date
 tokio-test^0.40.4.2up to date
 tower-test^0.40.4.0up to date
 tracing-subscriber^0.2.140.2.22up to date

Security Vulnerabilities

tokio: Task dropped in wrong thread when aborting `LocalSet` task

RUSTSEC-2021-0072

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.