twilight-gateway 0.15.4

Crate twilight-gateway

Dependencies

(17 total, 6 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
bitflags	`^1`	`2.5.0`	out of date
flate2	`^1.0.24`	`1.0.30`	up to date
futures-util	`^0.3`	`0.3.30`	up to date
native-tls	`^0.2.8`	`0.2.11`	up to date
rand	`^0.8`	`0.8.5`	up to date
rustls-native-certs	`^0.6`	`0.7.0`	out of date
rustls ⚠️	`^0.20`	`0.23.5`	out of date
serde	`^1`	`1.0.200`	up to date
serde_json	`^1`	`1.0.116`	up to date
simd-json	`>=0.4, <0.11`	`0.13.10`	out of date
tokio ⚠️	`^1.19`	`1.37.0`	maybe insecure
tokio-tungstenite	`^0.18`	`0.21.0`	out of date
tracing	`^0.1`	`0.1.40`	up to date
twilight-gateway-queue	`^0.15.4`	`0.15.4`	up to date
twilight-http	`^0.15.4`	`0.15.4`	up to date
twilight-model	`^0.15.4`	`0.15.4`	up to date
webpki-roots	`^0.22`	`0.26.1`	out of date

Crate

Required

Latest

Status

bitflags

^1

2.5.0

out of date

flate2

^1.0.24

1.0.30

up to date

futures-util

^0.3

0.3.30

up to date

native-tls

^0.2.8

0.2.11

up to date

rand

^0.8

0.8.5

up to date

rustls-native-certs

^0.6

0.7.0

out of date

rustls ⚠️

^0.20

0.23.5

out of date

serde

^1

1.0.200

up to date

serde_json

^1

1.0.116

up to date

simd-json

>=0.4, <0.11

0.13.10

out of date

tokio ⚠️

^1.19

1.37.0

maybe insecure

tokio-tungstenite

^0.18

0.21.0

out of date

tracing

^0.1

0.1.40

up to date

twilight-gateway-queue

^0.15.4

0.15.4

up to date

twilight-http

^0.15.4

0.15.4

up to date

twilight-model

^0.15.4

0.15.4

up to date

webpki-roots

^0.22

0.26.1

out of date

Dev dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.82`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_test	`^1.0.136`	`1.0.176`	up to date
static_assertions	`^1`	`1.1.0`	up to date
tokio ⚠️	`^1.12`	`1.37.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate

Required

Latest

Status

anyhow

^1

1.0.82

up to date

futures

^0.3

0.3.30

up to date

serde_test

^1.0.136

1.0.176

up to date

static_assertions

^1

1.1.0

up to date

tokio ⚠️

^1.12

1.37.0

maybe insecure

tracing-subscriber

^0.3

0.3.18

up to date

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

Deps.rs

twilight-gateway 0.15.4

Crate `twilight-gateway`

Dependencies

Dev dependencies

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

Workarounds

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

twilight-gateway 0.15.4

Crate twilight-gateway

Dependencies

Dev dependencies

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

Workarounds

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

Crate `twilight-gateway`

`tokio`: reject_remote_clients Configuration corruption

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input