Deps.rs

bevyengine / bevy

[![dependency status](https://deps.rs/repo/github/bevyengine/bevy/status.svg)](https://deps.rs/repo/github/bevyengine/bevy)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate bevy

Dev dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 rand^0.8.00.8.5up to date
 rand_chacha^0.3.10.3.1up to date
 ron^0.8.00.8.1up to date
 flate2^1.01.0.30up to date
 serde^11.0.202up to date
 bytemuck^1.71.16.0up to date
 futures-lite^2.0.12.3.0up to date
 crossbeam-channel^0.5.00.5.12up to date
 argh^0.1.120.1.12up to date
 thiserror^1.01.0.61up to date

Crate bevy_internal

No external dependencies! 🙌

Crate bevy_mobile_example

No external dependencies! 🙌

Crate ci

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 argh^0.10.1.12up to date
 xshell^0.20.2.6up to date
 bitflags^2.32.5.0up to date

Crate build-templated-pages

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 toml_edit^0.22.70.22.13up to date
 tera^1.151.19.1up to date
 serde^1.01.0.202up to date
 bitflags^2.32.5.0up to date
 hashbrown^0.140.14.5up to date

Crate build-wasm-example

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 xshell^0.20.2.6up to date
 clap^4.04.5.4up to date

Crate example-showcase

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 xshell^0.20.2.6up to date
 clap^4.04.5.4up to date
 ron^0.80.8.1up to date
 toml_edit^0.22.70.22.13up to date
 pbr^1.11.1.1up to date

Crate errors

No external dependencies! 🙌

Crate bevy_a11y

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 accesskit^0.120.14.0out of date

Crate bevy_app

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.202up to date
 downcast-rs^1.2.01.2.1up to date
 thiserror^1.01.0.61up to date

Crate bevy_core

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.202up to date
 uuid^1.01.8.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 crossbeam-channel^0.5.00.5.12up to date
 serde_test^1.01.0.176up to date

Crate bevy_derive

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^1.01.0.36up to date
 syn^2.02.0.64up to date

Crate bevy_diagnostic

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 const-fnv1a-hash^1.1.01.1.0up to date

Crate bevy_ecs

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 petgraph^0.60.6.5up to date
 bitflags^2.32.5.0up to date
 concurrent-queue^2.4.02.5.0up to date
 fixedbitset^0.50.5.7up to date
 serde^11.0.202up to date
 thiserror^1.01.0.61up to date
 nonmax^0.50.5.5up to date
 arrayvec^0.7.40.7.4up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 rand^0.80.8.5up to date
 static_assertions^1.1.01.1.0up to date

Crate bevy_state

No external dependencies! 🙌

Crate bevy_hierarchy

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 smallvec^1.111.13.2up to date

Crate bevy_input

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.202up to date
 thiserror^1.01.0.61up to date
 smol_str^0.20.2.2up to date

Crate bevy_log

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-subscriber^0.3.10.3.18up to date
 tracing-chrome^0.7.00.7.2up to date
 tracing-log^0.2.00.2.0up to date
 tracing-error^0.2.00.2.0up to date
 tracing-tracy^0.11.00.11.0up to date
 tracy-client^0.17.00.17.0up to date

Crate bevy_math

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 glam^0.270.27.0up to date
 thiserror^1.01.0.61up to date
 serde^11.0.202up to date
 libm^0.20.2.8up to date
 approx^0.50.5.1up to date
 rand^0.80.8.5up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.50.5.1up to date
 rand^0.80.8.5up to date
 rand_chacha^0.30.3.1up to date

Crate bevy_ptr

No external dependencies! 🙌

Crate bevy_reflect

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 erased-serde^0.40.4.5up to date
 downcast-rs^1.21.2.1up to date
 thiserror^1.01.0.61up to date
 serde^11.0.202up to date
 smallvec^1.111.13.2up to date
 glam^0.270.27.0up to date
 petgraph^0.60.6.5up to date
 smol_str^0.2.00.2.2up to date
 uuid^1.01.8.0up to date

Dev dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 ron^0.8.00.8.1up to date
 rmp-serde^1.11.3.0up to date
 bincode^1.31.3.3up to date
 serde_json^1.01.0.117up to date
 serde^11.0.202up to date
 static_assertions^1.1.01.1.0up to date

Crate bevy_time

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 crossbeam-channel^0.5.00.5.12up to date
 serde^11.0.202up to date
 thiserror^1.01.0.61up to date

Crate bevy_transform

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.202up to date
 thiserror^1.01.0.61up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date

Crate bevy_utils

Dependencies

(5 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.8.70.8.11up to date
 tracing^0.10.1.40up to date
 web-time^0.21.1.0out of date
 hashbrown^0.140.14.5up to date
 thread_local ⚠️^1.01.1.8maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 static_assertions^1.1.01.1.0up to date

Crate bevy_window

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.202up to date
 raw-window-handle^0.60.6.2up to date
 smol_str^0.20.2.2up to date

Crate bevy_tasks

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 futures-lite^2.0.12.3.0up to date
 async-executor^1.111.11.0up to date
 async-channel^2.2.02.3.1up to date
 async-io^2.0.02.3.2up to date
 concurrent-queue^2.0.02.5.0up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 web-time^0.21.1.0out of date

Crate bevy_animation

Dependencies

(8 total, 1 possibly insecure)

CrateRequiredLatestStatus
 fixedbitset^0.50.5.7up to date
 petgraph^0.60.6.5up to date
 ron^0.80.8.1up to date
 serde^11.0.202up to date
 blake3^1.01.5.1up to date
 thiserror^11.0.61up to date
 thread_local ⚠️^11.1.8maybe insecure
 uuid^1.71.8.0up to date

Crate bevy_asset

Dependencies

(13 total, 1 outdated)

CrateRequiredLatestStatus
 async-broadcast^0.50.7.0out of date
 async-fs^2.02.1.2up to date
 async-lock^3.03.3.0up to date
 crossbeam-channel^0.50.5.12up to date
 downcast-rs^1.21.2.1up to date
 futures-io^0.30.3.30up to date
 futures-lite^2.0.12.3.0up to date
 blake3^1.51.5.1up to date
 parking_lot^0.120.12.2up to date
 ron^0.80.8.1up to date
 serde^11.0.202up to date
 thiserror^1.01.0.61up to date
 uuid^1.01.8.0up to date

Crate bevy_audio

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 rodio^0.170.18.0out of date

Crate bevy_color

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 bytemuck^11.16.0up to date
 serde^1.01.0.202up to date
 thiserror^1.01.0.61up to date
 wgpu-types^0.190.20.0out of date
 encase^0.80.8.0up to date

Crate bevy_core_pipeline

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 serde^11.0.202up to date
 bitflags^2.32.5.0up to date
 radsort^0.10.1.0up to date
 nonmax^0.50.5.5up to date
 smallvec ⚠️^11.13.2maybe insecure
 thiserror^1.01.0.61up to date

Crate bevy_gltf

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 gltf^1.4.01.4.1up to date
 thiserror^1.01.0.61up to date
 base64^0.22.00.22.1up to date
 percent-encoding^2.12.3.1up to date
 serde^1.01.0.202up to date
 serde_json^11.0.117up to date
 smallvec^1.111.13.2up to date

Crate bevy_pbr

Dependencies

(15 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bitflags^2.32.5.0up to date
 fixedbitset^0.50.5.7up to date
 lz4_flex^0.110.11.3up to date
 serde^11.0.202up to date
 bincode^11.3.3up to date
 thiserror^11.0.61up to date
 range-alloc^0.10.1.3up to date
 meshopt^0.20.2.1up to date
 metis^0.20.2.1up to date
 itertools^0.120.13.0out of date
 bytemuck^11.16.0up to date
 radsort^0.10.1.0up to date
 smallvec ⚠️^1.61.13.2maybe insecure
 nonmax^0.50.5.5up to date
 static_assertions^11.1.0up to date

Crate bevy_render

Dependencies

(21 total, 2 outdated)

CrateRequiredLatestStatus
 image^0.250.25.1up to date
 codespan-reporting^0.11.00.11.1up to date
 wgpu^0.19.30.20.0out of date
 naga^0.190.20.0out of date
 serde^11.0.202up to date
 bitflags^2.32.5.0up to date
 bytemuck^1.51.16.0up to date
 downcast-rs^1.2.01.2.1up to date
 thiserror^1.01.0.61up to date
 futures-lite^2.0.12.3.0up to date
 hexasphere^12.012.0.0up to date
 ddsfile^0.5.20.5.2up to date
 ktx2^0.3.00.3.0up to date
 flate2^1.0.221.0.30up to date
 ruzstd^0.6.00.6.0up to date
 basis-universal^0.3.00.3.1up to date
 encase^0.80.8.0up to date
 profiling^11.0.15up to date
 async-channel^2.2.02.3.1up to date
 nonmax^0.50.5.5up to date
 smallvec^1.111.13.2up to date

Crate bevy_dynamic_plugin

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 libloading^0.80.8.3up to date
 thiserror^1.01.0.61up to date

Crate bevy_scene

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.202up to date
 uuid^1.11.8.0up to date
 thiserror^1.01.0.61up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 postcard^1.01.0.8up to date
 bincode^1.31.3.3up to date
 rmp-serde^1.11.3.0up to date

Crate bevy_sprite

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 bytemuck^1.51.16.0up to date
 fixedbitset^0.50.5.7up to date
 guillotiere^0.6.00.6.2up to date
 thiserror^1.01.0.61up to date
 rectangle-pack^0.40.4.2up to date
 bitflags^2.32.5.0up to date
 radsort^0.10.1.0up to date

Crate bevy_text

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 ab_glyph^0.2.60.2.26up to date
 glyph_brush_layout^0.2.10.2.3up to date
 thiserror^1.01.0.61up to date
 serde^11.0.202up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date

Crate bevy_ui

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 taffy^0.40.4.4up to date
 serde^11.0.202up to date
 bytemuck^1.51.16.0up to date
 thiserror^1.0.01.0.61up to date
 nonmax^0.50.5.5up to date
 smallvec^1.111.13.2up to date

Crate bevy_winit

Dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 winit^0.290.30.0out of date
 accesskit_winit^0.170.20.2out of date
 approx^0.50.5.1up to date
 cfg-if^1.01.0.0up to date
 raw-window-handle^0.60.6.2up to date
 serde^1.01.0.202up to date

Crate bevy_gilrs

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 gilrs^0.10.10.10.7up to date
 thiserror^1.01.0.61up to date

Crate bevy_gizmos

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 bytemuck^1.01.16.0up to date

Crate bevy_dev_tools

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.202up to date
 ron^0.8.00.8.1up to date

Crate bevy_macro_utils

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 toml_edit^0.22.70.22.13up to date
 syn^2.02.0.64up to date
 quote^1.01.0.36up to date
 proc-macro2^1.01.0.82up to date

Crate bevy_ecs_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 quote^1.01.0.36up to date
 proc-macro2^1.01.0.82up to date

Crate bevy_state_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 quote^1.01.0.36up to date
 proc-macro2^1.01.0.82up to date

Crate bevy_reflect_derive

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 proc-macro2^1.01.0.82up to date
 quote^1.01.0.36up to date
 uuid^1.11.8.0up to date

Crate bevy_utils_proc_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 quote^1.01.0.36up to date
 proc-macro2^1.01.0.82up to date

Crate bevy_asset_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 proc-macro2^1.01.0.82up to date
 quote^1.01.0.36up to date

Crate bevy_encase_derive

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 encase_derive_impl^0.80.8.0up to date

Crate bevy_mikktspace

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 glam^0.270.27.0up to date

Crate bevy_render_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 proc-macro2^1.01.0.82up to date
 quote^1.01.0.36up to date

Crate bevy_gizmos_macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 syn^2.02.0.64up to date
 proc-macro2^1.01.0.82up to date
 quote^1.01.0.36up to date

Security Vulnerabilities

smallvec: Buffer overflow in SmallVec::insert_many

RUSTSEC-2021-0003

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.

This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.

thread_local: Data race in `Iter` and `IterMut`

RUSTSEC-2022-0006

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.