Deps.rs

bevyengine / bevy

[![dependency status](https://deps.rs/repo/github/bevyengine/bevy/status.svg)](https://deps.rs/repo/github/bevyengine/bevy)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate bevy

Dev dependencies

(18 total, 1 outdated)

CrateRequiredLatestStatus
 rand^0.8.00.8.5up to date
 rand_chacha^0.3.10.3.1up to date
 ron^0.8.00.8.1up to date
 flate2^1.01.0.34up to date
 serde^11.0.215up to date
 serde_json^11.0.132up to date
 bytemuck^1.71.19.0up to date
 futures-lite^2.0.12.5.0up to date
 async-std^1.131.13.0up to date
 crossbeam-channel^0.5.00.5.13up to date
 argh^0.1.120.1.12up to date
 thiserror^1.02.0.3out of date
 event-listener^5.3.05.3.1up to date
 hyper^11.5.0up to date
 http-body-util^0.10.1.2up to date
 anyhow^11.0.93up to date
 macro_rules_attribute^0.20.2.0up to date
 accesskit^0.170.17.0up to date

Crate bevy_internal

No external dependencies! 🙌

Crate bevy_render

Dependencies

(16 total, all up-to-date)

CrateRequiredLatestStatus
 image^0.25.20.25.5up to date
 codespan-reporting^0.11.00.11.1up to date
 wgpu^2323.0.0up to date
 naga^2323.0.0up to date
 serde^11.0.215up to date
 bytemuck^1.51.19.0up to date
 downcast-rs^1.2.01.2.1up to date
 derive_more^11.0.0up to date
 futures-lite^2.0.12.5.0up to date
 ktx2^0.3.00.3.0up to date
 encase^0.100.10.0up to date
 profiling^11.0.16up to date
 async-channel^2.3.02.3.1up to date
 nonmax^0.50.5.5up to date
 smallvec^1.111.13.2up to date
 offset-allocator^0.20.2.0up to date

Crate bevy_mobile_example

No external dependencies! 🙌

Crate ci

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 argh^0.10.1.12up to date
 xshell^0.20.2.6up to date
 bitflags^2.32.6.0up to date

Crate build-templated-pages

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 toml_edit^0.22.70.22.22up to date
 tera^1.151.20.0up to date
 serde^1.01.0.215up to date
 bitflags^2.32.6.0up to date
 hashbrown^0.140.15.1out of date

Crate build-wasm-example

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 xshell^0.20.2.6up to date
 clap^4.04.5.21up to date

Crate example-showcase

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 xshell^0.20.2.6up to date
 clap^4.04.5.21up to date
 ron^0.80.8.1up to date
 toml_edit^0.22.70.22.22up to date
 pbr^1.11.1.1up to date
 regex^1.10.51.11.1up to date

Crate errors

No external dependencies! 🙌

Crate bevy_a11y

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 accesskit^0.170.17.0up to date

Crate bevy_app

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 downcast-rs^1.2.01.2.1up to date
 derive_more^11.0.0up to date

Crate bevy_core

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.215up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 crossbeam-channel^0.5.00.5.13up to date
 serde_test^1.01.0.177up to date

Crate bevy_derive

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^1.01.0.37up to date
 syn^2.02.0.87up to date

Crate bevy_diagnostic

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 const-fnv1a-hash^1.1.01.1.0up to date

Crate bevy_ecs

Dependencies

(10 total, 1 possibly insecure)

CrateRequiredLatestStatus
 petgraph^0.60.6.5up to date
 bitflags^2.32.6.0up to date
 concurrent-queue^2.5.02.5.0up to date
 disqualified^1.01.0.0up to date
 fixedbitset^0.50.5.7up to date
 serde^11.0.215up to date
 derive_more^11.0.0up to date
 nonmax^0.50.5.5up to date
 arrayvec^0.7.40.7.6up to date
 smallvec ⚠️^11.13.2maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 rand^0.80.8.5up to date
 static_assertions^1.1.01.1.0up to date

Crate bevy_state

No external dependencies! 🙌

Crate bevy_hierarchy

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 disqualified^1.01.0.0up to date
 smallvec^1.111.13.2up to date

Crate bevy_input

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 serde^11.0.215up to date
 derive_more^11.0.0up to date
 smol_str^0.20.3.2out of date

Crate bevy_log

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-subscriber^0.3.10.3.18up to date
 tracing-chrome^0.7.00.7.2up to date
 tracing-log^0.2.00.2.0up to date
 tracing-error^0.2.00.2.0up to date
 tracing-tracy^0.11.00.11.3up to date
 tracy-client^0.17.00.17.4up to date

Crate bevy_math

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 glam^0.290.29.2up to date
 derive_more^11.0.0up to date
 itertools^0.13.00.13.0up to date
 serde^11.0.215up to date
 libm^0.20.2.11up to date
 approx^0.50.5.1up to date
 rand^0.80.8.5up to date
 rand_distr^0.4.30.4.3up to date
 smallvec^1.111.13.2up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.50.5.1up to date
 rand^0.80.8.5up to date
 rand_chacha^0.30.3.1up to date
 glam^0.290.29.2up to date

Crate bevy_ptr

No external dependencies! 🙌

Crate bevy_reflect

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 erased-serde^0.40.4.5up to date
 disqualified^1.01.0.0up to date
 downcast-rs^1.21.2.1up to date
 derive_more^11.0.0up to date
 serde^11.0.215up to date
 smallvec^1.111.13.2up to date
 assert_type_match^0.1.10.1.1up to date
 glam^0.290.29.2up to date
 petgraph^0.60.6.5up to date
 smol_str^0.2.00.3.2out of date
 uuid^1.01.11.0up to date
 wgpu-types^2323.0.0up to date

Dev dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 ron^0.8.00.8.1up to date
 rmp-serde^1.11.3.0up to date
 bincode^1.31.3.3up to date
 serde_json^1.01.0.132up to date
 serde^11.0.215up to date
 static_assertions^1.1.01.1.0up to date

Crate bevy_time

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 crossbeam-channel^0.5.00.5.13up to date
 serde^11.0.215up to date

Crate bevy_transform

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.215up to date
 derive_more^11.0.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date

Crate bevy_utils

Dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.8.70.8.11up to date
 tracing^0.10.1.40up to date
 hashbrown^0.14.20.15.1out of date
 thread_local ⚠️^1.01.1.8maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 static_assertions^1.1.01.1.0up to date

Crate bevy_window

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.215up to date
 raw-window-handle^0.60.6.2up to date
 smol_str^0.20.3.2out of date

Crate bevy_tasks

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 futures-lite^2.0.12.5.0up to date
 async-executor^1.111.13.1up to date
 async-channel^2.3.02.3.1up to date
 async-io^2.0.02.4.0up to date
 concurrent-queue^2.0.02.5.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 web-time^1.11.1.0up to date

Crate bevy_animation

Dependencies

(9 total, 2 possibly insecure)

CrateRequiredLatestStatus
 petgraph^0.60.6.5up to date
 ron^0.80.8.1up to date
 serde^11.0.215up to date
 blake3^1.01.5.4up to date
 derive_more^11.0.0up to date
 either^1.131.13.0up to date
 thread_local ⚠️^11.1.8maybe insecure
 uuid^1.71.11.0up to date
 smallvec ⚠️^11.13.2maybe insecure

Crate bevy_asset

Dependencies

(18 total, 1 outdated)

CrateRequiredLatestStatus
 stackfuture^0.30.3.0up to date
 atomicow^1.01.0.0up to date
 async-broadcast^0.50.7.1out of date
 async-fs^2.02.1.2up to date
 async-lock^3.03.4.0up to date
 bitflags^2.32.6.0up to date
 crossbeam-channel^0.50.5.13up to date
 downcast-rs^1.21.2.1up to date
 disqualified^1.01.0.0up to date
 either^1.131.13.0up to date
 futures-io^0.30.3.31up to date
 futures-lite^2.0.12.5.0up to date
 blake3^1.51.5.4up to date
 parking_lot^0.120.12.3up to date
 ron^0.80.8.1up to date
 serde^11.0.215up to date
 derive_more^11.0.0up to date
 uuid^1.01.11.0up to date

Crate bevy_audio

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 rodio^0.190.20.1out of date

Crate bevy_color

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 bytemuck^11.19.0up to date
 serde^1.01.0.215up to date
 derive_more^11.0.0up to date
 wgpu-types^2323.0.0up to date
 encase^0.100.10.0up to date

Crate bevy_core_pipeline

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 serde^11.0.215up to date
 bitflags^2.32.6.0up to date
 radsort^0.10.1.1up to date
 nonmax^0.50.5.5up to date
 smallvec ⚠️^11.13.2maybe insecure
 derive_more^11.0.0up to date

Crate bevy_dev_tools

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.215up to date
 ron^0.8.00.8.1up to date

Crate bevy_gilrs

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 gilrs^0.11.00.11.0up to date
 derive_more^11.0.0up to date

Crate bevy_gizmos

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 bytemuck^1.01.19.0up to date

Crate bevy_gltf

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 gltf^1.4.01.4.1up to date
 derive_more^11.0.0up to date
 base64^0.22.00.22.1up to date
 percent-encoding^2.12.3.1up to date
 serde^1.01.0.215up to date
 serde_json^11.0.132up to date
 smallvec^1.111.13.2up to date

Crate bevy_image

Dependencies

(12 total, all up-to-date)

CrateRequiredLatestStatus
 image^0.25.20.25.5up to date
 bitflags^2.32.6.0up to date
 bytemuck^1.51.19.0up to date
 wgpu^2323.0.0up to date
 serde^11.0.215up to date
 derive_more^11.0.0up to date
 futures-lite^2.0.12.5.0up to date
 ddsfile^0.5.20.5.2up to date
 ktx2^0.3.00.3.0up to date
 flate2^1.0.221.0.34up to date
 ruzstd^0.7.00.7.2up to date
 basis-universal^0.3.00.3.1up to date

Crate bevy_pbr

Dependencies

(15 total, 1 possibly insecure)

CrateRequiredLatestStatus
 bitflags^2.32.6.0up to date
 fixedbitset^0.50.5.7up to date
 derive_more^11.0.0up to date
 lz4_flex^0.110.11.3up to date
 range-alloc^0.1.30.1.3up to date
 half^22.4.1up to date
 meshopt^0.40.4.0up to date
 metis^0.20.2.2up to date
 itertools^0.130.13.0up to date
 bitvec^11.0.1up to date
 bytemuck^11.19.0up to date
 radsort^0.10.1.1up to date
 smallvec ⚠️^1.61.13.2maybe insecure
 nonmax^0.50.5.5up to date
 static_assertions^11.1.0up to date

Crate bevy_picking

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 crossbeam-channel^0.50.5.13up to date
 uuid^1.11.11.0up to date

Crate bevy_remote

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^11.0.93up to date
 hyper^11.5.0up to date
 serde^11.0.215up to date
 serde_json^11.0.132up to date
 http-body-util^0.10.1.2up to date
 async-channel^22.3.1up to date

Crate bevy_scene

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.215up to date
 uuid^1.11.11.0up to date
 derive_more^11.0.0up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 postcard^1.01.0.10up to date
 bincode^1.31.3.3up to date
 rmp-serde^1.11.3.0up to date

Crate bevy_sprite

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 bytemuck^11.19.0up to date
 fixedbitset^0.50.5.7up to date
 guillotiere^0.6.00.6.2up to date
 derive_more^11.0.0up to date
 rectangle-pack^0.40.4.2up to date
 bitflags^2.32.6.0up to date
 radsort^0.10.1.1up to date
 nonmax^0.50.5.5up to date
 serde^11.0.215up to date

Crate bevy_text

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 cosmic-text^0.120.12.1up to date
 derive_more^11.0.0up to date
 serde^11.0.215up to date
 smallvec^1.131.13.2up to date
 unicode-bidi^0.3.130.3.17up to date
 sys-locale^0.3.00.3.2up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date

Crate bevy_ui

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 taffy^0.50.6.1out of date
 serde^11.0.215up to date
 bytemuck^1.51.19.0up to date
 derive_more^11.0.0up to date
 nonmax^0.50.5.5up to date
 smallvec^1.111.13.2up to date
 accesskit^0.170.17.0up to date

Crate bevy_winit

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 winit^0.300.30.5up to date
 accesskit_winit^0.230.23.0up to date
 approx^0.50.5.1up to date
 cfg-if^1.01.0.0up to date
 raw-window-handle^0.60.6.2up to date
 serde^1.01.0.215up to date
 bytemuck^1.51.19.0up to date
 wgpu-types^2323.0.0up to date
 accesskit^0.170.17.0up to date

Crate bevy_encase_derive

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 encase_derive_impl^0.100.10.0up to date

Crate bevy_render_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 proc-macro2^1.01.0.89up to date
 quote^1.01.0.37up to date

Crate bevy_mesh

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 bitflags^2.32.6.0up to date
 bytemuck^1.51.19.0up to date
 wgpu^2323.0.0up to date
 serde^11.0.215up to date
 hexasphere^15.015.0.0up to date
 derive_more^11.0.0up to date

Crate bevy_macro_utils

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 toml_edit^0.22.70.22.22up to date
 syn^2.02.0.87up to date
 quote^1.01.0.37up to date
 proc-macro2^1.01.0.89up to date

Crate bevy_ecs_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 quote^1.01.0.37up to date
 proc-macro2^1.01.0.89up to date

Crate bevy_state_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 quote^1.01.0.37up to date
 proc-macro2^1.01.0.89up to date

Crate bevy_reflect_derive

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.89up to date
 quote^1.01.0.37up to date
 syn^2.02.0.87up to date
 uuid^1.11.11.0up to date

Crate bevy_utils_proc_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 quote^1.01.0.37up to date
 proc-macro2^1.01.0.89up to date

Crate bevy_animation_derive

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.89up to date
 quote^1.01.0.37up to date
 syn^2.02.0.87up to date

Crate bevy_asset_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 proc-macro2^1.01.0.89up to date
 quote^1.01.0.37up to date

Crate bevy_gizmos_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.87up to date
 proc-macro2^1.01.0.89up to date
 quote^1.01.0.37up to date

Crate bevy_mikktspace

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 glam^0.29.00.29.2up to date
 libm^0.20.2.11up to date

Security Vulnerabilities

smallvec: Buffer overflow in SmallVec::insert_many

RUSTSEC-2021-0003

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.

This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.

thread_local: Data race in `Iter` and `IterMut`

RUSTSEC-2022-0006

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.