alacritty / alacritty

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `alacritty`

Dependencies

(18 total, 3 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
ahash	`^0.8.3`	`0.8.3`	up to date
bitflags	`^2.2.1`	`2.4.0`	up to date
clap	`^4.2.7`	`4.4.4`	up to date
copypasta	`^0.8.1`	`0.8.2`	up to date
crossfont	`^0.5.0`	`0.5.1`	up to date
glutin	`^0.30.4`	`0.30.10`	up to date
home	`^0.5.5`	`0.5.5`	up to date
libc	`^0.2`	`0.2.148`	up to date
log	`^0.4`	`0.4.20`	up to date
notify	`^5.1.0`	`6.1.1`	out of date
once_cell	`^1.12`	`1.18.0`	up to date
parking_lot	`^0.12.0`	`0.12.1`	up to date
serde	`^1`	`1.0.188`	up to date
serde_json	`^1`	`1.0.107`	up to date
serde_yaml ⚠️	`^0.8`	`0.9.25`	out of date
toml	`^0.7.1`	`0.8.0`	out of date
unicode-width	`^0.1`	`0.1.11`	up to date
winit	`^0.29.1-beta`	`0.28.6`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
clap_complete	`^4.2.3`	`4.4.1`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
gl_generator	`^0.14.0`	`0.14.0`	up to date

Crate `alacritty_terminal`

Dependencies

(14 total, 4 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
base64	`^0.13.0`	`0.21.4`	out of date
bitflags	`^2.2.1`	`2.4.0`	up to date
home	`^0.5.5`	`0.5.5`	up to date
libc	`^0.2`	`0.2.148`	up to date
log	`^0.4`	`0.4.20`	up to date
mio	`^0.6.20`	`0.8.8`	out of date
mio-extras	`^2`	`2.0.6`	up to date
parking_lot	`^0.12.0`	`0.12.1`	up to date
regex-automata	`^0.3.6`	`0.3.8`	up to date
serde	`^1`	`1.0.188`	up to date
serde_yaml ⚠️	`^0.8`	`0.9.25`	out of date
toml	`^0.7.1`	`0.8.0`	out of date
unicode-width	`^0.1`	`0.1.11`	up to date
vte	`^0.11.1`	`0.11.1`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
serde_json	`^1.0.0`	`1.0.107`	up to date

Crate `alacritty_config`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
log	`^0.4.17`	`0.4.20`	up to date
serde	`^1.0.163`	`1.0.188`	up to date
toml	`^0.7.1`	`0.8.0`	out of date

Crate `alacritty_config_derive`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
proc-macro2	`^1.0.24`	`1.0.67`	up to date
quote	`^1.0.7`	`1.0.33`	up to date
syn	`^2.0.16`	`2.0.37`	up to date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
log	`^0.4.11`	`0.4.20`	up to date
serde	`^1.0.117`	`1.0.188`	up to date
toml	`^0.7.1`	`0.8.0`	out of date

Security Vulnerabilities

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

alacritty / alacritty

Crate alacritty

Dependencies

Dev dependencies

Build dependencies

Crate alacritty_terminal

Dependencies

Dev dependencies

Crate alacritty_config

Dependencies

Crate alacritty_config_derive

Dependencies

Dev dependencies

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

Crate `alacritty`

Crate `alacritty_terminal`

Crate `alacritty_config`

Crate `alacritty_config_derive`

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization