Deps.rs

containerd / rust-extensions

[![dependency status](https://deps.rs/repo/github/containerd/rust-extensions/status.svg)](https://deps.rs/repo/github/containerd/rust-extensions)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate containerd-client

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 hyper-util^0.1.200.1.20up to date

Crate containerd-shim-logging

No external dependencies! 🙌

Crate runc

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tokio-pipe^0.2.120.2.12up to date

Crate containerd-runc-shim

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 rustix^1.11.1.4up to date
 tokio-eventfd^0.2.20.2.2up to date

Crate containerd-shim

Dependencies

(7 total, 3 outdated)

CrateRequiredLatestStatus
 which^8.0.08.0.2up to date
 go-flag^0.1.00.1.0up to date
 sha2^0.100.11.0out of date
 signal-hook^0.3.180.4.4out of date
 tracing^0.10.1.44up to date
 mio^1.11.2.0up to date
 windows-sys^0.52.00.61.2out of date

Crate containerd-shim-protos

Dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 protobuf ⚠️^3.73.7.2maybe insecure
 ttrpc^0.80.9.0out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 ctrlc^3.53.5.2up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 ttrpc-codegen^0.6.00.6.0up to date

Crate containerd-snapshots

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 async-stream^0.3.60.3.6up to date
 tokio-stream^0.10.1.18up to date

Security Vulnerabilities

protobuf: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.