This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate cargo-generate

Dependencies

(35 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 git2~0.200.20.2up to date
 anstyle~1.01.0.10up to date
 anyhow~1.01.0.98up to date
 auth-git2~0.50.5.8up to date
 clap~4.54.5.38up to date
 console~0.150.15.11up to date
 dialoguer~0.110.11.0up to date
 env_logger~0.110.11.8up to date
 fs-err~3.13.1.0up to date
 gix-config~0.440.45.1out of date
 heck~0.50.5.0up to date
 home~0.50.5.11up to date
 ignore~0.40.4.23up to date
 indexmap~22.9.0up to date
 indicatif~0.170.17.11up to date
 liquid~0.260.26.11up to date
 liquid-core~0.260.26.11up to date
 liquid-derive~0.260.26.10up to date
 liquid-lib~0.260.26.11up to date
 log~0.40.4.27up to date
 names~0.140.14.0up to date
 openssl ⚠️~0.100.10.72maybe insecure
 paste~1.01.0.15up to date
 regex~1.111.11.1up to date
 remove_dir_all~1.01.0.0up to date
 rhai~1.211.21.0up to date
 sanitize-filename~0.60.6.0up to date
 semver~1.01.0.26up to date
 serde~1.01.0.219up to date
 tempfile~3.193.20.0out of date
 thiserror~2.02.0.12up to date
 time~0.30.3.41up to date
 toml~0.80.8.22up to date
 walkdir~2.52.5.0up to date
 cargo-util-schemas~0.8.00.8.1up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 assert_cmd~2.02.0.17up to date
 bstr~1.111.12.0out of date
 indoc~2.02.0.6up to date
 predicates~3.13.1.3up to date
 url~2.52.5.4up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.