This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate unleash-edge

Dependencies

(44 total, 18 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-cors^0.7.00.7.0up to date
 actix-http^3.6.03.9.0up to date
 actix-middleware-etag^0.3.00.4.2out of date
 actix-service^2.0.22.0.2up to date
 actix-web^4.5.14.9.0up to date
 ahash^0.8.100.8.11up to date
 anyhow^1.0.801.0.95up to date
 async-trait^0.1.800.1.83up to date
 chrono^0.4.380.4.39up to date
 cidr^0.2.20.3.0out of date
 clap^4.5.44.5.23up to date
 clap-markdown^0.1.30.1.4up to date
 dashmap^5.5.36.1.0out of date
 futures^0.3.300.3.31up to date
 futures-core^0.3.300.3.31up to date
 iter_tools^0.15.00.24.0out of date
 itertools^0.12.10.13.0out of date
 lazy_static^1.4.01.5.0up to date
 num_cpus^1.16.01.16.0up to date
 opentelemetry^0.21.00.27.1out of date
 opentelemetry-prometheus^0.14.10.27.0out of date
 opentelemetry-semantic-conventions^0.13.00.27.0out of date
 opentelemetry_sdk^0.21.20.27.1out of date
 prometheus^0.13.40.13.4up to date
 prometheus-static-metric^0.5.10.5.1up to date
 rand^0.8.50.8.5up to date
 redis^0.25.30.27.6out of date
 reqwest^0.11.270.12.11out of date
 rustls ⚠️^0.22.20.23.20out of date
 rustls-pemfile^2.1.22.2.0up to date
 rustls-pki-types^1.6.01.10.1up to date
 semver^1.0.231.0.24up to date
 serde^1.0.2001.0.217up to date
 serde_json^1.0.1161.0.134up to date
 serde_qs^0.12.00.13.0out of date
 shadow-rs^0.27.10.37.0out of date
 tokio^1.36.01.42.0up to date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.19up to date
 ulid^1.1.21.1.3up to date
 unleash-types^0.120.14.0out of date
 unleash-yggdrasil^0.12.00.14.1out of date
 utoipa^4.2.35.3.0out of date
 utoipa-swagger-ui^7.0.18.1.0out of date

Dev dependencies

(10 total, 2 outdated)

CrateRequiredLatestStatus
 actix-http^3.6.03.9.0up to date
 actix-http-test^3.2.03.2.0up to date
 actix-service^2.0.22.0.2up to date
 env_logger^0.11.30.11.6up to date
 maplit^1.0.21.0.2up to date
 rand^0.8.50.8.5up to date
 test-case^3.3.13.3.1up to date
 testcontainers^0.16.70.23.1out of date
 testcontainers-modules^0.4.20.11.4out of date
 tracing-test^0.2.40.2.5up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.