Deps.rs

NicolasLagaillardie / mpst_rust_github

[![dependency status](https://deps.rs/repo/github/NicolasLagaillardie/mpst_rust_github/status.svg)](https://deps.rs/repo/github/NicolasLagaillardie/mpst_rust_github)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate mpstthree

Dependencies

(15 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 crossbeam-channel^0.5.120.5.14up to date
 either^1.11.01.15.0up to date
 hyper^1.3.11.6.0up to date
 hyper-tls^0.6.00.6.0up to date
 hyper-util^0.1.30.1.10up to date
 http-body-util^0.10.1.3up to date
 tokio^1.37.01.44.1up to date
 regex^1.10.41.11.1up to date
 petgraph^0.6.40.7.1out of date
 protobuf ⚠️^3.4.03.7.2maybe insecure
 protobuf-codegen^3.4.03.7.2up to date
 protoc-bin-vendored^3.0.03.1.0up to date
 once_cell^1.19.01.21.1up to date
 Inflector^0.11.40.11.4up to date
 rand^0.8.50.9.0out of date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date
 trybuild^1.0.911.0.104up to date
 ntest^0.9.20.9.3up to date

Crate mpst-seq-proc

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 syn^2.0.602.0.100up to date
 quote^1.0.361.0.40up to date
 proc-macro2^1.0.811.0.94up to date
 itertools^0.12.10.14.0out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 trybuild^1.0.911.0.104up to date

Security Vulnerabilities

protobuf: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.