Deps.rs

actix / actix-net

[![dependency status](https://deps.rs/repo/github/actix/actix-net/status.svg)](https://deps.rs/repo/github/actix/actix-net)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-codec

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 bitflags^22.10.0up to date
 bytes^11.10.1up to date
 futures-core^0.3.70.3.31up to date
 futures-sink^0.3.70.3.31up to date
 memchr^2.32.7.6up to date
 pin-project-lite^0.20.2.16up to date
 tokio^1.44.21.48.0up to date
 tokio-util^0.70.7.16up to date
 tracing^0.1.300.1.41up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.50.7.0out of date
 tokio-test^0.4.20.4.4up to date

Crate actix-macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 quote^11.0.41up to date
 syn^22.0.108up to date
 proc-macro2^1.0.601.0.103up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^22.11.0up to date
 futures-util^0.3.170.3.31up to date
 rustversion-msrv^0.1000.100.0up to date
 trybuild^11.0.113up to date

Crate actix-rt

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 actix-macros^0.2.30.2.4up to date
 futures-core^0.30.3.31up to date
 tokio^1.44.21.48.0up to date
 tokio-uring^0.50.5.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tokio^1.44.21.48.0up to date

Crate actix-server

Dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^2.102.11.0up to date
 actix-service^22.0.3up to date
 actix-utils^33.0.1up to date
 futures-core^0.3.170.3.31up to date
 futures-util^0.3.170.3.31up to date
 mio^11.1.0up to date
 socket2^0.60.6.1up to date
 tokio^1.44.21.48.0up to date
 tracing^0.1.300.1.41up to date
 tokio-uring^0.50.5.0up to date

Dev dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 actix-codec^0.50.5.2up to date
 actix-rt^2.82.11.0up to date
 bytes^11.10.1up to date
 futures-util^0.3.170.3.31up to date
 pretty_env_logger^0.50.5.0up to date
 static_assertions^11.1.0up to date
 tokio^1.44.21.48.0up to date
 tokio-util^0.70.7.16up to date
 tracing-subscriber^0.30.3.20up to date

Crate actix-service

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 futures-core^0.3.170.3.31up to date
 pin-project-lite^0.20.2.16up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^22.11.0up to date
 actix-utils^33.0.1up to date
 futures-util^0.3.170.3.31up to date

Crate actix-tls

Dependencies

(19 total, 4 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 actix-rt^2.22.11.0up to date
 actix-service^22.0.3up to date
 actix-utils^33.0.1up to date
 futures-core^0.3.70.3.31up to date
 impl-more^0.10.3.1out of date
 pin-project-lite^0.2.70.2.16up to date
 tokio^1.44.21.48.0up to date
 tokio-util^0.70.7.16up to date
 tracing^0.1.300.1.41up to date
 http^11.3.1up to date
 openssl ⚠️^0.10.550.10.74maybe insecure
 tokio-openssl^0.60.6.5up to date
 rustls-pki-types^11.13.0up to date
 tokio-rustls^0.260.26.4up to date
 webpki-roots^0.261.0.3out of date
 rustls-native-certs^0.80.8.2up to date
 tokio-native-tls^0.30.3.1up to date
 rustls ⚠️^0.21.60.23.34out of date
 rustls-webpki^0.101.40.103.7out of date

Dev dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 actix-codec^0.50.5.2up to date
 actix-rt^2.22.11.0up to date
 actix-server^22.6.0up to date
 bytes^11.10.1up to date
 futures-util^0.3.170.3.31up to date
 hickory-resolver^0.250.25.2up to date
 itertools^0.140.14.0up to date
 pretty_env_logger^0.50.5.0up to date
 rcgen^0.130.14.5out of date
 rustls-pemfile^22.2.0up to date
 tokio-rustls^0.260.26.4up to date

Crate actix-tracing

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 actix-service^22.0.3up to date
 actix-utils^33.0.1up to date
 tracing^0.1.350.1.41up to date
 tracing-futures^0.20.2.5up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^22.11.0up to date
 slab^0.40.4.11up to date

Crate actix-utils

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 local-waker^0.10.1.4up to date
 pin-project-lite^0.20.2.16up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^22.11.0up to date
 futures-util^0.3.170.3.31up to date
 static_assertions^1.11.1.0up to date

Crate bytestring

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.21.10.1up to date
 serde_core^11.0.228up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 ahash^0.80.8.12up to date
 serde_json^11.0.145up to date
 static_assertions^1.11.1.0up to date

Crate local-channel

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 futures-core^0.3.170.3.31up to date
 futures-sink^0.3.170.3.31up to date
 local-waker^0.10.1.4up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 futures-util^0.3.170.3.31up to date
 tokio^1.44.21.48.0up to date

Crate local-waker

No external dependencies! 🙌

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.