duniter / dubp-rs-libs

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `dubp`

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
rusty-hook	`^0.11.2`	`0.11.2`	up to date

Crate `dubp-block`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
json-pest-parser	`^0.3.0`	`0.3.0`	up to date
serde	`1.0.*`	`1.0.200`	up to date
serde_json	`1.0.*`	`1.0.116`	up to date
log	`0.4.*`	`0.4.21`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
bincode	`^1.2.0`	`1.3.3`	up to date
pretty_assertions	`^0.6.1`	`1.4.0`	out of date
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `dubp-common`

Dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
serde	`^1.0.105`	`1.0.200`	up to date
serde_json	`^1.0.57`	`1.0.116`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date
zerocopy	`^0.3.0`	`0.7.33`	out of date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
bincode	`^1.2.0`	`1.3.3`	up to date
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `dubp-documents`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
beef	`^0.5.0`	`0.5.2`	up to date
log	`0.4.*`	`0.4.21`	up to date
serde	`1.0.*`	`1.0.200`	up to date
serde_json	`1.0.*`	`1.0.116`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
maplit	`^1.0.2`	`1.0.2`	up to date
pretty_assertions	`^0.6.1`	`1.4.0`	out of date
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `dubp-documents-parser`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
json-pest-parser	`^0.3.0`	`0.3.0`	up to date
pest	`^2.1.3`	`2.7.10`	up to date
pest_derive	`^2.1.0`	`2.7.10`	up to date
serde_json	`1.0.*`	`1.0.116`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `dubp-wallet`

Dependencies

(5 total, 1 outdated)

Crate	Required	Latest	Status
byteorder	`^1.3.4`	`1.5.0`	up to date
serde	`1.0.*`	`1.0.200`	up to date
smallvec	`^1.6.1`	`1.13.2`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date
zerocopy	`^0.3.0`	`0.7.33`	out of date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
maplit	`^1.0.2`	`1.0.2`	up to date
pretty_assertions	`^0.6.1`	`1.4.0`	out of date
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `duniter-bda-types`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
arrayvec	`^0.7`	`0.7.4`	up to date
bincode	`^1.3`	`1.3.3`	up to date
serde	`^1.0.105`	`1.0.200`	up to date
smallvec ⚠️	`^1.6.0`	`1.13.2`	maybe insecure
thiserror	`^1.0.20`	`1.0.59`	up to date

Crate `duniter-peer`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
beef	`^0.5.0`	`0.5.2`	up to date
log	`0.4.*`	`0.4.21`	up to date
serde	`1.0.*`	`1.0.200`	up to date
serde_json	`1.0.*`	`1.0.116`	up to date
smallvec	`^1.6.1`	`1.13.2`	up to date
thiserror	`^1.0.20`	`1.0.59`	up to date

Dev dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
maplit	`^1.0.2`	`1.0.2`	up to date
pretty_assertions	`^0.6.1`	`1.4.0`	out of date
unwrap	`^1.2.1`	`1.2.1`	up to date

Crate `dup-crypto`

Dependencies

(14 total, 7 outdated)

Crate	Required	Latest	Status
arrayvec	`^0.7`	`0.7.4`	up to date
base64	`^0.13.0`	`0.22.1`	out of date
blake3	`^0.3.7`	`1.5.1`	out of date
bs58	`^0.4.0`	`0.5.1`	out of date
byteorder	`^1.3.4`	`1.5.0`	up to date
curve25519-dalek	`^3.1`	`4.1.2`	out of date
chacha20poly1305	`^0.7.1`	`0.10.1`	out of date
ed25519-bip32	`^0.3.2`	`0.4.1`	out of date
hex	`^0.4.2`	`0.4.3`	up to date
once_cell	`^1.5.2`	`1.19.0`	up to date
serde	`^1.0.123`	`1.0.200`	up to date
thiserror	`^1.0.24`	`1.0.59`	up to date
zerocopy	`^0.3.0`	`0.7.33`	out of date
zeroize	`^1.2.0`	`1.7.0`	up to date

Dev dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
bincode	`^1.3.1`	`1.3.3`	up to date
sodiumoxide	`^0.2.6`	`0.2.7`	up to date
unwrap	`^1.2.1`	`1.2.1`	up to date
criterion	`^0.3.4`	`0.5.1`	out of date

Security Vulnerabilities

`smallvec`: Buffer overflow in SmallVec::insert_many

RUSTSEC-2021-0003

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.

This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.

duniter / dubp-rs-libs

Crate dubp

Dev dependencies

Crate dubp-block

Dependencies

Dev dependencies

Crate dubp-common

Dependencies

Dev dependencies

Crate dubp-documents

Dependencies

Dev dependencies

Crate dubp-documents-parser

Dependencies

Dev dependencies

Crate dubp-wallet

Dependencies

Dev dependencies

Crate duniter-bda-types

Dependencies

Crate duniter-peer

Dependencies

Dev dependencies

Crate dup-crypto

Dependencies

Dev dependencies

Security Vulnerabilities

smallvec: Buffer overflow in SmallVec::insert_many

Crate `dubp`

Crate `dubp-block`

Crate `dubp-common`

Crate `dubp-documents`

Crate `dubp-documents-parser`

Crate `dubp-wallet`

Crate `duniter-bda-types`

Crate `duniter-peer`

Crate `dup-crypto`

`smallvec`: Buffer overflow in SmallVec::insert_many