alacritty / alacritty

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `alacritty`

Dependencies

(18 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
clap	`^3.0.0`	`4.0.29`	out of date
log	`^0.4`	`0.4.17`	up to date
fnv	`^1`	`1.0.7`	up to date
serde	`^1`	`1.0.149`	up to date
serde_yaml ⚠️	`^0.8`	`0.9.14`	out of date
serde_json	`^1`	`1.0.89`	up to date
glutin	`^0.30.2`	`0.30.2`	up to date
winit	`^0.27.4`	`0.27.5`	up to date
notify-debouncer-mini	`^0.2.1`	`0.2.1`	up to date
parking_lot	`^0.12.0`	`0.12.1`	up to date
crossfont	`^0.5.0`	`0.5.1`	up to date
copypasta	`^0.8.1`	`0.8.1`	up to date
raw-window-handle	`^0.5.0`	`0.5.0`	up to date
libc	`^0.2`	`0.2.138`	up to date
unicode-width	`^0.1`	`0.1.10`	up to date
bitflags	`^1`	`1.3.2`	up to date
dirs	`^4.0.0`	`4.0.0`	up to date
once_cell	`^1.12`	`1.16.0`	up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
clap_complete	`^3.0.0`	`4.0.6`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
gl_generator	`^0.14.0`	`0.14.0`	up to date

Crate `alacritty_terminal`

Dependencies

(13 total, 4 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.138`	up to date
bitflags	`^1`	`1.3.2`	up to date
parking_lot	`^0.12.0`	`0.12.1`	up to date
serde	`^1`	`1.0.149`	up to date
serde_yaml ⚠️	`^0.8`	`0.9.14`	out of date
vte	`^0.10.0`	`0.11.0`	out of date
mio	`^0.6.20`	`0.8.5`	out of date
mio-extras	`^2`	`2.0.6`	up to date
log	`^0.4`	`0.4.17`	up to date
unicode-width	`^0.1`	`0.1.10`	up to date
base64	`^0.13.0`	`0.13.1`	up to date
regex-automata	`^0.1.9`	`0.2.0`	out of date
dirs	`^4.0.0`	`4.0.0`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
serde_json	`^1.0.0`	`1.0.89`	up to date

Crate `alacritty_config`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
log	`^0.4.17`	`0.4.17`	up to date
serde_yaml	`^0.8.24`	`0.9.14`	out of date
serde	`^1.0.137`	`1.0.149`	up to date

Crate `alacritty_config_derive`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
syn	`^1.0.53`	`1.0.105`	up to date
proc-macro2	`^1.0.24`	`1.0.47`	up to date
quote	`^1.0.7`	`1.0.21`	up to date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
serde	`^1.0.117`	`1.0.149`	up to date
serde_yaml	`^0.8.14`	`0.9.14`	out of date
log	`^0.4.11`	`0.4.17`	up to date

Security Vulnerabilities

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

alacritty / alacritty

Crate alacritty

Dependencies

Dev dependencies

Build dependencies

Crate alacritty_terminal

Dependencies

Dev dependencies

Crate alacritty_config

Dependencies

Crate alacritty_config_derive

Dependencies

Dev dependencies

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

Crate `alacritty`

Crate `alacritty_terminal`

Crate `alacritty_config`

Crate `alacritty_config_derive`

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization