This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate mjai-reviewer

Dependencies

(14 total, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^11.0.97up to date
 serde_json^11.0.140up to date
 tera^11.20.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 ureq^33.0.9up to date
 opener^0.70.7.2up to date
 dunce^11.0.5up to date
 humantime-serde^11.1.1up to date
 url^22.5.4up to date
 serde_with^33.12.0up to date
 minify-html^0.150.15.0up to date
 fluent-templates^0.130.13.0up to date
 clap^44.5.32up to date
 serde^11.0.219up to date

Crate convlog

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^11.0.140up to date
 serde_tuple^11.1.0up to date
 serde_repr^0.10.1.20up to date
 thiserror^22.0.12up to date
 num_enum^0.70.7.3up to date
 ahash^0.80.8.11up to date
 serde_with^33.12.0up to date
 serde^11.0.219up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References