Deps.rs

vrp-cli 1.25.0

[![dependency status](https://deps.rs/crate/vrp-cli/1.25.0/status.svg)](https://deps.rs/crate/vrp-cli/1.25.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate vrp-cli

Dependencies

(13 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 clap^4.5.204.5.51up to date
 csv^1.3.11.4.0up to date
 ctrlc^3.4.53.5.1up to date
 js-sys^0.3.720.3.82up to date
 num_cpus^1.16.01.17.0up to date
 pyo3 ⚠️^0.22.60.27.1out of date
 serde^1.0.2141.0.228up to date
 serde-wasm-bindgen^0.6.50.6.5up to date
 serde_json^1.0.1321.0.145up to date
 vrp-core^1.25.01.25.0up to date
 vrp-pragmatic^1.25.01.25.0up to date
 vrp-scientific^1.25.01.25.0up to date
 wasm-bindgen^0.2.950.2.105up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^3.14.03.23.0up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.