This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate kct
Dependencies (3 total, all up-to-date)
Crate kct_cli
No external dependencies! 🙌
Crate kct_compiler
No external dependencies! 🙌
Crate kct_helper
No external dependencies! 🙌
Crate kct_jsonnet
Dependencies (5 total, all up-to-date)
Crate kct_kube
Dependencies (5 total, 2 outdated, 1 possibly insecure)
Crate Required Latest Status once_cell ^1.18.0
1.21.3
up to date regex ^1.9.1
1.11.1
up to date k8s-openapi ^0.17.0
0.24.0
out of date kube ^0.81.0
0.99.0
out of date openssl ⚠️ ^0.10.55
0.10.72
maybe insecure
Crate kct_package
Dependencies (3 total, 1 outdated)
Crate Required Latest Status globwalk ^0.8.0
0.9.1
out of date semver ^1.0.18
1.0.26
up to date url ^2.4.0
2.5.4
up to date
Crate kct_testing
Dependencies (2 total, all up-to-date)
Crate Required Latest Status fs_extra ^1.3.0
1.3.0
up to date tempfile ^3.8.0
3.19.1
up to date
Security Vulnerabilities openssl
: Use-After-Free in `Md::fetch` and `Cipher::fetch`RUSTSEC-2025-0022
When a Some(...)
value was passed to the properties
argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop
's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.