Deps.rs

wry 0.7.0

[![dependency status](https://deps.rs/crate/wry/0.7.0/status.svg)](https://deps.rs/crate/wry/0.7.0)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate wry

Dependencies

(24 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 image^0.230.23.14insecure
 infer^0.30.4.0out of date
 libc^0.20.2.93up to date
 log^0.40.4.14up to date
 once_cell^1.71.7.2up to date
 serde^1.01.0.125up to date
 serde_json^1.01.0.64up to date
 thiserror^1.01.0.24up to date
 url^2.22.2.1up to date
 async-channel^1.61.6.1up to date
 cairo-rs^0.90.9.1up to date
 gdk^0.130.13.2up to date
 gdk-pixbuf^0.90.9.0up to date
 gio^0.90.9.1up to date
 glib^0.100.10.3up to date
 gtk^0.90.9.2up to date
 webkit2gtk^0.110.11.0up to date
 cocoa^0.240.24.0up to date
 core-graphics^0.220.22.2up to date
 objc^0.20.2.7up to date
 objc_id^0.10.1.1up to date
 tauri-winit^0.240.24.0up to date
 webview2^0.1.0-beta.1N/Aup to date
 winapi^0.30.3.9up to date

Security Vulnerabilities

image: Mutable reference with immutable provenance

RUSTSEC-2020-0073

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::as_ptr. Instead, slice::as_mut_ptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the derived pointer.

There is no evidence for miscompilation, exploitable or otherwise, caused by this bug. Further investigation on Zulip suggests that the unoptimized generated LLVM IR does not contain any UB itself, effectively mitigating further effects.