This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate starling

Dependencies

(26 total, 4 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 bincode^1.3.31.3.3up to date
 blake2-rfc^0.2.180.2.18up to date
 serde^1.0.1381.0.216up to date
 serde_json^1.0.821.0.133up to date
 ciborium^0.2.00.2.2up to date
 serde_yaml^0.8.240.9.34+deprecatedout of date
 serde-pickle^1.1.11.2.0up to date
 ron^0.7.10.8.1out of date
 groestl^0.10.10.10.1up to date
 openssl ⚠️^0.10.400.10.68maybe insecure
 tiny-keccak^2.0.22.0.2up to date
 hashbrown^0.12.10.15.2out of date
 rocksdb ⚠️^0.18.00.22.0out of date
 seahash^4.1.04.1.0up to date
 fxhash^0.2.10.2.1up to date
 rand^0.8.50.8.5up to date
 digest^0.10.30.10.7up to date
 blake2^0.10.40.10.6up to date
 md2^0.10.10.10.2up to date
 md4^0.10.10.10.2up to date
 md-5^0.10.10.10.6up to date
 ripemd^0.1.10.1.3up to date
 sha-1^0.10.00.10.1up to date
 sha2^0.10.20.10.8up to date
 sha3^0.10.10.10.8up to date
 whirlpool^0.10.10.10.4up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.3.50.5.1out of date
 rand^0.8.50.8.5up to date

Security Vulnerabilities

rocksdb: Out-of-bounds read when opening multiple column families with TTL

RUSTSEC-2022-0046

Affected versions of this crate called the RocksDB C API rocksdb_open_column_families_with_ttl() with a pointer to a single integer TTL value, but one TTL value for each column family is expected.

This is only relevant when using rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple column families.

This bug has been fixed in v0.19.0.

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.