ScuffleTV / scuffle

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate `scufflecloud-core`

Dependencies

(44 total, 1 outdated, 1 insecure, 4 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
argon2	`^0.5`	`0.5.3`	up to date
async-trait	`^0.1`	`0.1.89`	up to date
axum	`^0.8`	`0.8.6`	up to date
base64	`^0.22`	`0.22.1`	up to date
cedar-policy	`^4`	`4.7.0`	up to date
chrono ⚠️	`^0.4`	`0.4.42`	maybe insecure
derive_more	`^2`	`2.0.1`	up to date
diesel ⚠️	`^2`	`2.3.3`	maybe insecure
diesel-async	`^0.7`	`0.7.4`	up to date
fred	`^10`	`10.1.0`	up to date
hmac	`^0.12`	`0.12.1`	up to date
ipnetwork	`^0.21`	`0.21.1`	up to date
itertools	`^0.14`	`0.14.0`	up to date
pkcs8	`^0.10`	`0.10.2`	up to date
prost	`^0.14`	`0.14.1`	up to date
rand	`^0.8`	`0.9.2`	out of date
reqwest	`^0.12`	`0.12.24`	up to date
rsa ⚠️	`^0.9`	`0.9.8`	insecure
rustls ⚠️	`^0.23`	`0.23.35`	maybe insecure
sailfish	`^0.10`	`0.10.0`	up to date
sailfish-macros	`^0.10`	`0.10.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
sha2	`^0.10`	`0.10.9`	up to date
smart-default	`^0.7`	`0.7.1`	up to date
swagger-ui-dist	`^5`	`5.30.2`	up to date
thiserror	`^2`	`2.0.17`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tonic	`^0.14`	`0.14.2`	up to date
tonic-reflection	`^0.14`	`0.14.2`	up to date
tonic-types	`^0.14`	`0.14.2`	up to date
tonic-web	`^0.14`	`0.14.2`	up to date
totp-rs	`^5`	`5.7.0`	up to date
tower-http	`^0.6`	`0.6.6`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date
ulid	`^1`	`1.2.1`	up to date
url	`^2`	`2.5.7`	up to date
urlencoding	`^2`	`2.1.3`	up to date
uuid	`^1`	`1.18.1`	up to date
webauthn-rs	`^0.5`	`0.5.3`	up to date
woothee	`^0.13.0`	`0.13.0`	up to date

Crate `scufflecloud-core-cedar`

Dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
base64	`^0.22`	`0.22.1`	up to date
cedar-policy	`^4.5`	`4.7.0`	up to date
const_panic	`^0.2`	`0.2.15`	up to date
konst	`^0.4`	`0.4.3`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
tonic	`^0.14`	`0.14.2`	up to date

Crate `scufflecloud-core-db-types`

Dependencies

(9 total, 2 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.42`	maybe insecure
diesel ⚠️	`^2`	`2.3.3`	maybe insecure
ipnetwork	`^0.21`	`0.21.1`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
thiserror	`^2`	`2.0.17`	up to date
ulid	`^1`	`1.2.1`	up to date
uuid	`^1`	`1.18.1`	up to date

Crate `scufflecloud-core-emails`

Dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.42`	maybe insecure
maxminddb	`^0.26`	`0.26.0`	up to date
sailfish	`^0.10`	`0.10.0`	up to date
url	`^2`	`2.5.7`	up to date

Crate `scufflecloud-core-traits`

Dependencies

(11 total, 2 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
diesel ⚠️	`^2`	`2.3.3`	maybe insecure
diesel-async	`^0.7`	`0.7.4`	up to date
fred	`^10`	`10.1.0`	up to date
reqwest	`^0.12`	`0.12.24`	up to date
rustls ⚠️	`^0.23`	`0.23.35`	maybe insecure
tonic	`^0.14`	`0.14.2`	up to date
tonic-types	`^0.14`	`0.14.2`	up to date
tracing	`^0.1`	`0.1.41`	up to date
url	`^2`	`2.5.7`	up to date
webauthn-rs	`^0.5`	`0.5.3`	up to date

Crate `scufflecloud-email`

Dependencies

(21 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
async-trait	`^0.1`	`0.1.89`	up to date
axum	`^0.8`	`0.8.6`	up to date
base64	`^0.22`	`0.22.1`	up to date
http	`^1`	`1.3.1`	up to date
mail-builder	`^0.4`	`0.4.4`	up to date
prost	`^0.14`	`0.14.1`	up to date
reqsign	`^0.18`	`0.18.1`	up to date
reqwest	`^0.12`	`0.12.24`	up to date
rustls ⚠️	`^0.23`	`0.23.35`	maybe insecure
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
smart-default	`^0.7`	`0.7.1`	up to date
thiserror	`^2`	`2.0.17`	up to date
tonic	`^0.14`	`0.14.2`	up to date
tonic-reflection	`^0.14`	`0.14.2`	up to date
tonic-types	`^0.14`	`0.14.2`	up to date
tower-http	`^0.6`	`0.6.6`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scufflecloud-email-traits`

Dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
reqsign	`^0.18`	`0.18.1`	up to date
reqwest	`^0.12`	`0.12.24`	up to date
rustls ⚠️	`^0.23`	`0.23.35`	maybe insecure

Crate `scufflecloud-ext-traits`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
http	`^1`	`1.3.1`	up to date
tonic	`^0.14`	`0.14.2`	up to date
tonic-types	`^0.14`	`0.14.2`	up to date
tracing	`^0.1`	`0.1.41`	up to date
url	`^2`	`2.5.7`	up to date

Crate `scufflecloud-geo-ip`

Dependencies

(10 total, all up-to-date)

Crate	Required	Latest	Status
axum	`^0.8`	`0.8.6`	up to date
futures	`^0.3`	`0.3.31`	up to date
ipnetwork	`^0.21`	`0.21.1`	up to date
maxminddb	`^0.26`	`0.26.0`	up to date
serde	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date
tonic	`^0.14`	`0.14.2`	up to date
tower-layer	`^0.3`	`0.3.3`	up to date
tower-service	`^0.3`	`0.3.3`	up to date
tracing	`^0.1`	`0.1.41`	up to date

Crate `scufflecloud-id`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
diesel ⚠️	`^2`	`2.3.3`	maybe insecure
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date
ulid	`^1`	`1.2.1`	up to date
uuid	`^1`	`1.18.1`	up to date

Crate `scufflecloud-proto`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
prost	`^0.14`	`0.14.1`	up to date
serde	`^1`	`1.0.228`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
glob	`^0.3`	`0.3.3`	up to date

Crate `scufflecloud-video-api`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
smart-default	`^0.7`	`0.7.1`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scufflecloud-video-api-traits`

No external dependencies! 🙌

Crate `scufflecloud-ingest`

Dependencies

(8 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
smart-default	`^0.7`	`0.7.1`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-rustls	`^0.26`	`0.26.4`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scufflecloud-ingest-traits`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
rustls	`^0.23.21`	`0.23.35`	up to date

Crate `scuffle-aac`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date
num-derive	`^0.4`	`0.4.2`	up to date
num-traits	`^0.2`	`0.2.19`	up to date

Crate `scuffle-amf0`

Dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
bytestring	`^1.4`	`1.5.0`	up to date
document-features	`^0.2`	`0.2.12`	up to date
num-derive	`^0.4`	`0.4.2`	up to date
num-traits	`^0.2`	`0.2.19`	up to date
serde	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
serde_derive	`^1`	`1.0.228`	up to date

Crate `scuffle-av1`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `scuffle-batching`

Dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-util	`^0.7`	`0.7.17`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
criterion	`^0.7`	`0.7.0`	up to date
futures	`^0.3`	`0.3.31`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-test	`^0.4`	`0.4.4`	up to date

Crate `scuffle-bootstrap`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.100`	up to date
futures	`^0.3`	`0.3.31`	up to date
pin-project-lite	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
smart-default	`^0.7`	`0.7.1`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scuffle-bootstrap-telemetry`

Dependencies

(15 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
bytes	`^1`	`1.10.1`	up to date
http	`^1`	`1.3.1`	up to date
http-body	`^1`	`1.0.1`	up to date
http-body-util	`^0.1`	`0.1.3`	up to date
prometheus-client	`^0.24`	`0.24.0`	up to date
querystring	`^1`	`1.1.0`	up to date
thiserror	`^2`	`2.0.17`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tracing	`^0.1`	`0.1.41`	up to date
opentelemetry	`^0.31`	`0.31.0`	up to date
opentelemetry-appender-tracing	`^0.31`	`0.31.1`	up to date
opentelemetry_sdk	`^0.31`	`0.31.0`	up to date
tracing-opentelemetry	`^0.32`	`0.32.0`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
reqwest	`^0.12`	`0.12.24`	up to date
rustls ⚠️	`^0.23`	`0.23.35`	maybe insecure

Crate `scuffle-bootstrap-derive`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
darling	`^0.21`	`0.21.3`	up to date
proc-macro2	`^1`	`1.0.103`	up to date
quote	`^1`	`1.0.42`	up to date
syn	`^2`	`2.0.109`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1.42`	`1.43.2`	up to date
prettyplease	`^0.2`	`0.2.37`	up to date

Crate `scuffle-bytes-util`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date
bytestring	`^1`	`1.5.0`	up to date
document-features	`^0.2`	`0.2.12`	up to date
serde	`^1`	`1.0.228`	up to date

Crate `scuffle-cedar-policy`

Dependencies

(11 total, all up-to-date)

Crate	Required	Latest	Status
bon	`^3`	`3.8.1`	up to date
cedar-policy	`^4`	`4.7.0`	up to date
cedar-policy-core	`^4`	`4.7.0`	up to date
const_panic	`^0.2`	`0.2.15`	up to date
document-features	`^0.2`	`0.2.12`	up to date
konst	`^0.4`	`0.4.3`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
smol_str	`^0.3`	`0.3.4`	up to date
thiserror	`^2`	`2.0.17`	up to date

Crate `scuffle-cedar-policy-codegen`

Dependencies

(7 total, all up-to-date)

Crate	Required	Latest	Status
cedar-policy-core	`^4`	`4.7.0`	up to date
heck	`^0.5`	`0.5.0`	up to date
prettyplease	`^0.2`	`0.2.37`	up to date
proc-macro2	`^1`	`1.0.103`	up to date
quote	`^1`	`1.0.42`	up to date
syn	`^2`	`2.0.109`	up to date
thiserror	`^2`	`2.0.17`	up to date

Crate `scuffle-changelog`

Dependencies

(7 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
convert_case	`^0.8`	`0.9.0`	out of date
fmtools	`^0.1`	`0.1.2`	up to date
proc-macro2	`^1`	`1.0.103`	up to date
quote	`^1`	`1.0.42`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
semver	`^1`	`1.0.27`	up to date
syn	`^2`	`2.0.109`	up to date

Crate `scuffle-context`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
futures-lite	`^2`	`2.6.1`	up to date
pin-project-lite	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-util	`^0.7`	`0.7.17`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-test	`^0.4`	`0.4.4`	up to date

Crate `scuffle-expgolomb`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date

Crate `scuffle-ffmpeg`

Dependencies

(12 total, 1 possibly insecure)

Crate	Required	Latest	Status
aliasable	`^0.1`	`0.1.3`	up to date
arc-swap	`^1.7`	`1.7.1`	up to date
bon	`^3.3`	`3.8.1`	up to date
bytes	`^1`	`1.10.1`	up to date
crossbeam-channel	`^0.5`	`0.5.15`	up to date
document-features	`^0.2`	`0.2.12`	up to date
libc	`^0.2`	`0.2.177`	up to date
rusty_ffmpeg	`^0.16.4`	`0.16.7+ffmpeg.8`	up to date
thiserror	`^2.0`	`2.0.17`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tracing	`^0.1`	`0.1.41`	up to date
va_list	`^0.2`	`0.2.1`	up to date

Dev dependencies

(7 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date
insta	`^1`	`1.43.2`	up to date
rand	`^0.9`	`0.9.2`	up to date
sha2	`^0.10`	`0.10.9`	up to date
tempfile	`^3`	`3.23.0`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date
tracing-test	`^0.2`	`0.2.5`	up to date

Crate `scuffle-flv`

Dependencies

(9 total, all up-to-date)

Crate	Required	Latest	Status
bitmask-enum	`^2`	`2.2.5`	up to date
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
num-derive	`^0.4`	`0.4.2`	up to date
num-traits	`^0.2`	`0.2.19`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `scuffle-future-ext`

Dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure

Crate `scuffle-h264`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `scuffle-h265`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
bitflags	`^2`	`2.10.0`	up to date
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `scuffle-http`

Dependencies

(18 total, 1 possibly insecure)

Crate	Required	Latest	Status
bon	`^3`	`3.8.1`	up to date
futures	`^0.3`	`0.3.31`	up to date
pin-project-lite	`^0.2`	`0.2.16`	up to date
thiserror	`^2`	`2.0.17`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
bytes	`^1`	`1.10.1`	up to date
http	`^1`	`1.3.1`	up to date
http-body	`^1`	`1.0.1`	up to date
tracing	`^0.1`	`0.1.41`	up to date
hyper	`^1`	`1.7.0`	up to date
hyper-util	`^0.1`	`0.1.17`	up to date
libc	`^0.2`	`0.2.177`	up to date
h3	`^0.0.8`	`0.0.8`	up to date
h3-quinn	`^0.0.10`	`0.0.10`	up to date
quinn	`^0.11`	`0.11.9`	up to date
tokio-rustls	`^0.26`	`0.26.4`	up to date
tower	`^0.5`	`0.5.2`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
axum	`^0.8`	`0.8.6`	up to date
reqwest	`^0.12`	`0.12.24`	up to date
tokio-test	`^0.4`	`0.4.4`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scuffle-metrics`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
opentelemetry	`^0.31`	`0.31.0`	up to date
opentelemetry_sdk	`^0.31`	`0.31.0`	up to date
parking_lot	`^0.12`	`0.12.5`	up to date
prometheus-client	`^0.24`	`0.24.0`	up to date
tracing	`^0.1`	`0.1.41`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date
opentelemetry-stdout	`^0.31`	`0.31.0`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure

Crate `scuffle-metrics-derive`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
darling	`^0.21`	`0.21.3`	up to date
proc-macro2	`^1`	`1.0.103`	up to date
quote	`^1`	`1.0.42`	up to date
syn	`^2`	`2.0.109`	up to date

Crate `scuffle-mp4`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date
fixed	`^1`	`1.29.0`	up to date
paste	`^1`	`1.0.15`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `nutype-enum`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date

Crate `openapiv3_1`

Dependencies

(9 total, all up-to-date)

Crate	Required	Latest	Status
bon	`^3`	`3.8.1`	up to date
document-features	`^0.2`	`0.2.12`	up to date
indexmap	`^2`	`2.12.0`	up to date
is_empty	`^0.3`	`0.3.0`	up to date
ordered-float	`^5`	`5.1.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
serde_norway	`^0.9`	`0.9.42`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `postcompile`

Dependencies

(11 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
cargo-manifest	`^0.19`	`0.19.1`	up to date
cargo_metadata	`^0.23`	`0.23.0`	up to date
document-features	`^0.2`	`0.2.12`	up to date
prettyplease	`^0.2`	`0.2.37`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
syn	`^2`	`2.0.109`	up to date
target-triple	`^0.1`	`1.0.0`	out of date
toml	`^0.9`	`0.9.8`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `scuffle-pprof`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
pprof	`^0.15`	`0.15.0`	up to date
flate2	`^1`	`1.1.5`	up to date
thiserror	`^2`	`2.0.17`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
rand	`^0.9`	`0.9.2`	up to date

Crate `scuffle-rtmp`

Dependencies

(14 total, 1 possibly insecure)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tracing	`^0.1`	`0.1.41`	up to date
hmac	`^0.12`	`0.12.1`	up to date
rand	`^0.9`	`0.9.2`	up to date
sha2	`^0.10`	`0.10.9`	up to date
bitmask-enum	`^2`	`2.2.5`	up to date
num-derive	`^0.4`	`0.4.2`	up to date
num-traits	`^0.2`	`0.2.19`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
serde_json	`^1`	`1.0.145`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `scuffle-settings`

Dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
clap	`^4`	`4.5.51`	up to date
config	`^0.15.18`	`0.15.18`	up to date
document-features	`^0.2`	`0.2.12`	up to date
minijinja	`^2`	`2.12.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
thiserror	`^2`	`2.0.17`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
serde_derive	`^1`	`1.0.228`	up to date
smart-default	`^0.7`	`0.7.1`	up to date

Crate `scuffle-signal`

Dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
document-features	`^0.2`	`0.2.12`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure

Dev dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
futures	`^0.3`	`0.3.31`	up to date
libc	`^0.2`	`0.2.177`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tokio-test	`^0.4`	`0.4.4`	up to date
tokio-stream	`^0.1`	`0.1.17`	up to date

Crate `tinc`

Dependencies

(24 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
axum	`^0.8`	`0.8.6`	up to date
base64	`^0.22`	`0.22.1`	up to date
bytes	`^1.6.0`	`1.10.1`	up to date
http	`^1`	`1.3.1`	up to date
http-body	`^1`	`1.0.1`	up to date
http-body-util	`^0.1.0`	`0.1.3`	up to date
prost	`^0.14`	`0.14.1`	up to date
prost-types	`^0.14`	`0.14.1`	up to date
tonic	`^0.14`	`0.14.2`	up to date
tonic-prost	`^0.14`	`0.14.2`	up to date
tonic-types	`^0.14`	`0.14.2`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
serde_repr	`^0.1`	`0.1.20`	up to date
chrono	`^0.4.36`	`0.4.42`	up to date
linear-map	`^1.2.0`	`1.2.0`	up to date
linkme	`^0.3`	`0.3.35`	up to date
mediatype	`^0.20`	`0.21.0`	out of date
num-traits	`^0.2.19`	`0.2.19`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
serde_qs	`^0.15.0`	`0.15.0`	up to date
thiserror	`^2`	`2.0.17`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Crate `tinc-build`

Dependencies

(25 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
base64	`^0.22`	`0.22.1`	up to date
bytes	`^1`	`1.10.1`	up to date
cel-parser	`^0.8`	`0.10.1`	out of date
convert_case	`^0.8`	`0.9.0`	out of date
document-features	`^0.2`	`0.2.12`	up to date
fmtools	`^0.1`	`0.1.2`	up to date
heck	`^0.5`	`0.5.0`	up to date
indexmap	`^2`	`2.12.0`	up to date
num-traits	`^0.2`	`0.2.19`	up to date
prettyplease	`^0.2`	`0.2.37`	up to date
proc-macro2	`^1`	`1.0.103`	up to date
prost	`^0.14`	`0.14.1`	up to date
prost-build	`^0.14`	`0.14.1`	up to date
prost-reflect	`^0.16`	`0.16.2`	up to date
prost-types	`^0.14`	`0.14.1`	up to date
quote	`^1`	`1.0.42`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
runtime-format	`^0.1`	`0.1.3`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
syn	`^2`	`2.0.109`	up to date
thiserror	`^2`	`2.0.17`	up to date
tonic-build	`^0.14`	`0.14.2`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `tinc-cel`

Dependencies

(13 total, 2 possibly insecure)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date
chrono ⚠️	`^0.4`	`0.4.42`	maybe insecure
document-features	`^0.2`	`0.2.12`	up to date
email_address	`^0.2`	`0.2.9`	up to date
float-cmp	`^0.10`	`0.10.0`	up to date
fmtools	`^0.1`	`0.1.2`	up to date
linkme	`^0.3`	`0.3.35`	up to date
num-traits	`^0.2`	`0.2.19`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
thiserror	`^2`	`2.0.17`	up to date
ulid	`^1`	`1.2.1`	up to date
url	`^2`	`2.5.7`	up to date
uuid	`^1`	`1.18.1`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
insta	`^1`	`1.43.2`	up to date

Crate `tinc-derive`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
proc-macro2	`^1`	`1.0.103`	up to date
quote	`^1`	`1.0.42`	up to date
syn	`^2`	`2.0.109`	up to date

Crate `tinc-integration-tests`

Dev dependencies

(12 total, 1 possibly insecure)

Crate	Required	Latest	Status
bytes	`^1`	`1.10.1`	up to date
http	`^1`	`1.3.1`	up to date
http-body-util	`^0.1`	`0.1.3`	up to date
insta	`^1`	`1.43.2`	up to date
prost	`^0.14`	`0.14.1`	up to date
prost-types	`^0.14`	`0.14.1`	up to date
rand	`^0.9`	`0.9.2`	up to date
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure
tonic	`^0.14`	`0.14.2`	up to date
tower	`^0.5`	`0.5.2`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
prost-build	`^0.14`	`0.14.1`	up to date

Crate `tinc-pb-prost`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
document-features	`^0.2`	`0.2.12`	up to date
prost	`^0.14`	`0.14.1`	up to date
prost-types	`^0.14`	`0.14.1`	up to date

Build dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
prost	`^0.14`	`0.14.1`	up to date
prost-types	`^0.14`	`0.14.1`	up to date
prost-build	`^0.14`	`0.14.1`	up to date

Crate `scuffle-transmuxer`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1`	`1.5.0`	up to date
bytes	`^1`	`1.10.1`	up to date
thiserror	`^2`	`2.0.17`	up to date
document-features	`^0.2`	`0.2.12`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `xtask`

Dependencies

(18 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.100`	up to date
cargo-platform	`^0.3`	`0.3.1`	up to date
cargo_metadata	`^0.23`	`0.23.0`	up to date
chrono ⚠️	`^0.4`	`0.4.42`	maybe insecure
clap	`^4.5.23`	`4.5.51`	up to date
fmtools	`^0.1`	`0.1.2`	up to date
hex	`^0.4`	`0.4.3`	up to date
home	`^0.5`	`0.5.12`	up to date
indent_write	`^2.2.0`	`2.2.0`	up to date
minijinja	`^2`	`2.12.0`	up to date
num_cpus	`^1`	`1.17.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1.0`	`1.0.145`	up to date
sha2	`^0.10`	`0.10.9`	up to date
toml_edit	`^0.23`	`0.23.7`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.20`	up to date

Crate `protobuf-concat`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date

Crate `rust_analyzer_check`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `rust_analyzer_discover`

Dependencies

(8 total, 1 outdated)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
env_logger	`^0.10`	`0.11.8`	out of date
log	`^0.4`	`0.4.28`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `clippy_test_runner`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `diesel_migration_copy`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `diesel_migration_patcher`

Dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
env_logger	`^0.11`	`0.11.8`	up to date
log	`^0.4`	`0.4.28`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `diesel_migration_runner`

Dependencies

(10 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
env_logger	`^0.11`	`0.11.8`	up to date
log	`^0.4`	`0.4.28`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
testcontainers	`^0.25`	`0.25.2`	up to date
tokio ⚠️	`^1`	`1.48.0`	maybe insecure

Crate `diesel_migration_test`

Dependencies

(7 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
console	`^0.16`	`0.16.1`	up to date
serde	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
similar	`^2.7`	`2.7.0`	up to date

Crate `rustdoc_merger`

Dependencies

(7 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
copy_dir	`^0.1`	`0.1.3`	up to date
lol_html	`^2.6`	`2.7.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `rust_doctest_builder`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `rust_doctest_common`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date

Crate `rust_doctest_runner`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `rustdoc_wrapper`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
camino-tempfile	`^1.4`	`1.4.1`	up to date
clap	`^4.5`	`4.5.51`	up to date

Crate `sync_readme`

Dependencies

(12 total, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
cargo_toml	`^0.22`	`0.22.3`	up to date
clap	`^4.5`	`4.5.51`	up to date
pulldown-cmark	`^0.13`	`0.13.0`	up to date
pulldown-cmark-to-cmark	`^21`	`21.0.0`	up to date
regex ⚠️	`^1`	`1.12.2`	maybe insecure
rustdoc-types	`^0.56`	`0.56.0`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date
serde_json	`^1`	`1.0.145`	up to date
toml	`^0.9`	`0.9.8`	up to date

Crate `sync_readme_common`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
serde	`^1`	`1.0.228`	up to date
serde_derive	`^1`	`1.0.228`	up to date

Crate `sync_readme_test_runner`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
console	`^0.16`	`0.16.1`	up to date
serde_json	`^1`	`1.0.145`	up to date
similar	`^2.7`	`2.7.0`	up to date

Crate `test_runner`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
target-spec	`^3`	`3.5.4`	up to date

Crate `clippy_fixer`

Dependencies

(7 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
env_logger	`^0.11`	`0.11.8`	up to date
log	`^0.4`	`0.4.28`	up to date
rustfix	`^0.9`	`0.9.3`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `sync_readme_fixer`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.100`	up to date
camino	`^1`	`1.2.1`	up to date
clap	`^4.5`	`4.5.51`	up to date
env_logger	`^0.11`	`0.11.8`	up to date
log	`^0.4`	`0.4.28`	up to date
serde_json	`^1`	`1.0.145`	up to date

Crate `test_runner_lib`

Dependencies

(10 total, 2 outdated)

Crate	Required	Latest	Status
camino	`^1`	`1.2.1`	up to date
cargo_metadata	`^0.23`	`0.23.0`	up to date
clap	`^4.5`	`4.5.51`	up to date
guppy	`^0.17`	`0.17.23`	up to date
nextest-filtering	`^0.16`	`0.17.0`	out of date
nextest-metadata	`^0.12`	`0.12.3`	up to date
nextest-runner	`^0.88`	`0.94.0`	out of date
serde_json	`^1`	`1.0.145`	up to date
toml_edit	`^0.23`	`0.23.7`	up to date
walkdir	`^2`	`2.5.0`	up to date

Security Vulnerabilities

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293

`regex`: Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0013

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

Overview

The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.

Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.

Affected versions

All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5.

Mitigations

We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the regex crate.

Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.

Acknowledgements

We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.

We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`rsa`: Marvin Attack: potential key recovery through timing sidechannels

RUSTSEC-2023-0071

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

`diesel`: Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

RUSTSEC-2024-0365

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel:

SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
(Archive link for posterity.) Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data.

It appears Diesel does perform truncating casts in a way that could be problematic, for example: https://github.com/diesel-rs/diesel/blob/ae82c4a5a133db65612b7436356f549bfecda1c7/diesel/src/pg/connection/stmt/mod.rs#L36

This code has existed essentially since the beginning, so it is reasonable to assume that all published versions <= 2.2.2 are affected.

Mitigation

The prefered migration to the outlined problem is to update to a Diesel version newer than 2.2.2, which includes fixes for the problem.

As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.

For web application backends, consider adding some middleware that limits the size of request bodies by default.

Resolution

Diesel now uses #[deny] directives for the following Clippy lints:

to prevent casts that will lead to precision loss or other trunctations. Additionally we performed an audit of the relevant code.

A fix is included in the 2.2.3 release.

`rustls`: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.

ScuffleTV / scuffle

Crate scufflecloud-core

Dependencies

Crate scufflecloud-core-cedar

Dependencies

Crate scufflecloud-core-db-types

Dependencies

Crate scufflecloud-core-emails

Dependencies

Crate scufflecloud-core-traits

Dependencies

Crate scufflecloud-email

Dependencies

Crate scufflecloud-email-traits

Dependencies

Crate scufflecloud-ext-traits

Dependencies

Crate scufflecloud-geo-ip

Dependencies

Crate scufflecloud-id

Dependencies

Crate scufflecloud-proto

Dependencies

Build dependencies

Crate scufflecloud-video-api

Dependencies

Crate scufflecloud-video-api-traits

Crate scufflecloud-ingest

Dependencies

Crate scufflecloud-ingest-traits

Dependencies

Crate scuffle-aac

Dependencies

Crate scuffle-amf0

Dependencies

Dev dependencies

Crate scuffle-av1

Dependencies

Dev dependencies

Crate scuffle-batching

Dependencies

Dev dependencies

Crate scuffle-bootstrap

Dependencies

Dev dependencies

Crate scuffle-bootstrap-telemetry

Dependencies

Dev dependencies

Crate scuffle-bootstrap-derive

Dependencies

Dev dependencies

Crate scuffle-bytes-util

Dependencies

Crate scuffle-cedar-policy

Dependencies

Crate scuffle-cedar-policy-codegen

Dependencies

Crate scuffle-changelog

Dependencies

Crate scuffle-context

Dependencies

Dev dependencies

Crate scuffle-expgolomb

Dependencies

Dev dependencies

Crate scuffle-ffmpeg

Dependencies

Dev dependencies

Crate scuffle-flv

Dependencies

Dev dependencies

Crate scuffle-future-ext

Dependencies

Crate scuffle-h264

Dependencies

Dev dependencies

Crate scuffle-h265

Dependencies

Dev dependencies

Crate scuffle-http

Crate `scufflecloud-core`

Crate `scufflecloud-core-cedar`

Crate `scufflecloud-core-db-types`

Crate `scufflecloud-core-emails`

Crate `scufflecloud-core-traits`

Crate `scufflecloud-email`

Crate `scufflecloud-email-traits`

Crate `scufflecloud-ext-traits`

Crate `scufflecloud-geo-ip`

Crate `scufflecloud-id`

Crate `scufflecloud-proto`

Crate `scufflecloud-video-api`

Crate `scufflecloud-video-api-traits`

Crate `scufflecloud-ingest`

Crate `scufflecloud-ingest-traits`

Crate `scuffle-aac`

Crate `scuffle-amf0`

Crate `scuffle-av1`

Crate `scuffle-batching`

Crate `scuffle-bootstrap`

Crate `scuffle-bootstrap-telemetry`

Crate `scuffle-bootstrap-derive`

Crate `scuffle-bytes-util`

Crate `scuffle-cedar-policy`

Crate `scuffle-cedar-policy-codegen`

Crate `scuffle-changelog`

Crate `scuffle-context`

Crate `scuffle-expgolomb`

Crate `scuffle-ffmpeg`

Crate `scuffle-flv`

Crate `scuffle-future-ext`

Crate `scuffle-h264`

Crate `scuffle-h265`

Crate `scuffle-http`

Crate `scuffle-metrics`

Crate `scuffle-metrics-derive`

Crate `scuffle-mp4`

Crate `nutype-enum`

Crate `openapiv3_1`

Crate `postcompile`

Crate `scuffle-pprof`

Crate `scuffle-rtmp`

Crate `scuffle-settings`

Crate `scuffle-signal`

Crate `tinc`

Crate `tinc-build`

Crate `tinc-cel`

Crate `tinc-derive`

Crate `tinc-integration-tests`

Crate `tinc-pb-prost`

Crate `scuffle-transmuxer`

Crate `xtask`

Crate `protobuf-concat`

Crate `rust_analyzer_check`

Crate `rust_analyzer_discover`

Crate `clippy_test_runner`

Crate `diesel_migration_copy`

Crate `diesel_migration_patcher`

Crate `diesel_migration_runner`

Crate `diesel_migration_test`

Crate `rustdoc_merger`