This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate mina-rs-base

Dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 ark-ec^0.3.00.5.0out of date
 getrandom^0.20.3.3out of date

Crate mina-consensus

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^11.0.140up to date
 anyhow^11.0.98up to date
 wasm-bindgen-test^0.30.3.50up to date

Crate mina-crypto

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 blake2^0.100.10.6up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date

Crate mina-merkle

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 serde_json^11.0.140up to date
 rocksdb^0.19.00.23.0out of date

Crate mina-network

Dependencies

(4 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 hashbrown^0.120.15.3out of date
 libp2p ⚠️^0.440.55.0out of date
 serde_json^11.0.140up to date
 getrandom^0.20.3.3out of date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^11.0.98up to date
 tokio ⚠️^1.181.45.1maybe insecure
 wasm-bindgen-test^0.30.3.50up to date

Crate mina-ledger

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 rocksdb^0.19.00.23.0out of date

Crate proof-systems

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^11.0.140up to date

Crate bin-prot

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 byteorder^1.41.5.0up to date
 num^0.40.4.3up to date
 thiserror^12.0.12out of date

Crate bin_prot_checker

No external dependencies! 🙌

Crate test-fixtures

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date

Crate test-serialization

Dev dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 anyhow^11.0.98up to date
 criterion^0.30.6.0out of date
 pretty_assertions^11.4.1up to date
 rand^0.80.9.1out of date
 serde_json^11.0.140up to date
 wasm-bindgen-test^0.30.3.50up to date

Crate mina-serialization-types

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^11.0.98up to date
 pretty_assertions^11.4.1up to date
 wasm-bindgen-test^0.30.3.50up to date

Crate mina-serialization-types-macros

No external dependencies! 🙌

Crate versioned

No external dependencies! 🙌

Crate mina-secrets

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 xsalsa20poly1305^0.90.9.1up to date
 getrandom^0.20.3.3out of date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^11.0.98up to date
 wasm-bindgen-test^0.30.3.50up to date

Security Vulnerabilities

libp2p: libp2p Lack of resource management DoS

RUSTSEC-2022-0084

libp2p allows a potential attacker to cause victim p2p node to run out of memory

The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service (DoS) vector

Users should upgrade or reference the DoS mitigation strategies.

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);