This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
cargo-generate(35 total, 5 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| git2 | ~0.20 | 0.20.4 | up to date |
| anstyle | ~1.0 | 1.0.13 | up to date |
| anyhow | ~1.0 | 1.0.101 | up to date |
| auth-git2 | ~0.5 | 0.5.8 | up to date |
| clap | ~4.5 | 4.5.58 | up to date |
| console | ~0.16 | 0.16.2 | up to date |
| dialoguer | ~0.12 | 0.12.0 | up to date |
| env_logger | ~0.11 | 0.11.9 | up to date |
| fs-err | ~3.1 | 3.3.0 | out of date |
| gix-config | ~0.46 | 0.52.0 | out of date |
| heck | ~0.5 | 0.5.0 | up to date |
| home | ~0.5 | 0.5.12 | up to date |
| ignore | ~0.4 | 0.4.25 | up to date |
| indexmap | ~2 | 2.13.0 | up to date |
| indicatif | ~0.18 | 0.18.3 | up to date |
| liquid | ~0.26 | 0.26.11 | up to date |
| liquid-core | ~0.26 | 0.26.11 | up to date |
| liquid-derive | ~0.26 | 0.26.10 | up to date |
| liquid-lib | ~0.26 | 0.26.11 | up to date |
| log | ~0.4 | 0.4.29 | up to date |
| names | ~0.14 | 0.14.0 | up to date |
| openssl ⚠️ | ~0.10 | 0.10.75 | maybe insecure |
| paste | ~1.0 | 1.0.15 | up to date |
| regex | ~1.12 | 1.12.3 | up to date |
| remove_dir_all | ~1.0 | 1.0.0 | up to date |
| rhai | ~1.23 | 1.24.0 | out of date |
| sanitize-filename | ~0.6 | 0.6.0 | up to date |
| semver | ~1.0 | 1.0.27 | up to date |
| serde | ~1.0 | 1.0.228 | up to date |
| tempfile | ^3.23.0 | 3.25.0 | up to date |
| thiserror | ~2.0 | 2.0.18 | up to date |
| time | ~0.3 | 0.3.47 | up to date |
| toml | ~0.9 | 1.0.0+spec-1.1.0 | out of date |
| walkdir | ~2.5 | 2.5.0 | up to date |
| cargo-util-schemas | ~0.10.1 | 0.11.0 | out of date |
(5 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| assert_cmd | ~2.1 | 2.1.2 | up to date |
| bstr | ~1.12 | 1.12.1 | up to date |
| indoc | ~2.0 | 2.0.7 | up to date |
| predicates | ~3.1 | 3.1.4 | up to date |
| url | ~2.5 | 2.5.8 | up to date |
openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.