alacritty / alacritty

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `alacritty`

Dependencies

(15 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
clap	`^3.0.0`	`3.0.10`	up to date
log	`^0.4`	`0.4.14`	up to date
fnv	`^1`	`1.0.7`	up to date
serde	`^1`	`1.0.133`	up to date
serde_yaml ⚠️	`^0.8`	`0.8.23`	maybe insecure
serde_json	`^1`	`1.0.75`	up to date
glutin	`^0.28.0`	`0.28.0`	up to date
notify	`^4`	`4.0.17`	up to date
parking_lot	`^0.11.0`	`0.11.2`	up to date
crossfont	`^0.3.1`	`0.3.2`	up to date
copypasta	`^0.7.0`	`0.7.1`	up to date
libc	`^0.2`	`0.2.112`	up to date
unicode-width	`^0.1`	`0.1.9`	up to date
bitflags	`^1`	`1.3.2`	up to date
dirs	`^3.0.1`	`4.0.0`	out of date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
clap_complete	`^3.0.0`	`3.0.4`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
gl_generator	`^0.14.0`	`0.14.0`	up to date

Crate `alacritty_terminal`

Dependencies

(13 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.112`	up to date
bitflags	`^1`	`1.3.2`	up to date
parking_lot	`^0.11.0`	`0.11.2`	up to date
serde	`^1`	`1.0.133`	up to date
serde_yaml ⚠️	`^0.8`	`0.8.23`	maybe insecure
vte	`^0.10.0`	`0.10.1`	up to date
mio	`^0.6.20`	`0.8.0`	out of date
mio-extras	`^2`	`2.0.6`	up to date
log	`^0.4`	`0.4.14`	up to date
unicode-width	`^0.1`	`0.1.9`	up to date
base64	`^0.13.0`	`0.13.0`	up to date
regex-automata	`^0.1.9`	`0.1.10`	up to date
dirs	`^3.0.1`	`4.0.0`	out of date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
serde_json	`^1.0.0`	`1.0.75`	up to date

Crate `alacritty_config_derive`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
syn	`^1.0.53`	`1.0.85`	up to date
proc-macro2	`^1.0.24`	`1.0.36`	up to date
quote	`^1.0.7`	`1.0.14`	up to date

Dev dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
serde_yaml	`^0.8.14`	`0.8.23`	up to date
serde	`^1.0.117`	`1.0.133`	up to date
log	`^0.4.11`	`0.4.14`	up to date

Security Vulnerabilities

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

alacritty / alacritty

Crate alacritty

Dependencies

Dev dependencies

Build dependencies

Crate alacritty_terminal

Dependencies

Dev dependencies

Crate alacritty_config_derive

Dependencies

Dev dependencies

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

Crate `alacritty`

Crate `alacritty_terminal`

Crate `alacritty_config_derive`

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization