This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate wgpu-hal

Dependencies

(26 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrayvec^0.70.7.1up to date
 ash ⚠️^0.330.33.3+1.2.191maybe insecure
 bit-set^0.50.5.2up to date
 bitflags^1.01.3.2up to date
 block^0.10.1.6up to date
 foreign-types^0.30.5.0out of date
 fxhash^0.2.10.2.1up to date
 glow^0.110.11.0up to date
 gpu-alloc^0.50.5.2up to date
 gpu-descriptor^0.20.2.1up to date
 inplace_it^0.3.30.3.3up to date
 log^0.40.4.14up to date
 naga^0.6.30.7.1out of date
 parking_lot^0.110.11.2up to date
 range-alloc^0.10.1.2up to date
 raw-window-handle^0.30.3.3up to date
 renderdoc-sys^0.7.10.7.1up to date
 thiserror^11.0.30up to date
 wgpu-types^0.100.11.0out of date
 core-graphics-types^0.10.1.1up to date
 metal^0.23.10.23.1up to date
 objc^0.2.50.2.7up to date
 khronos-egl^4.14.1.0up to date
 libloading^0.70.7.1up to date
 d3d12^0.4.10.4.1up to date
 winapi^0.30.3.9up to date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 env_logger^0.80.9.0out of date
 naga^0.60.7.1out of date
 winit^0.250.25.0up to date

Security Vulnerabilities

ash: Reading on uninitialized memory may cause UB ( `util::read_spv()` )

RUSTSEC-2021-0090

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.