This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate kaspa-miner

Dependencies

(15 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 tonic^0.12.30.14.6out of date
 tokio^1.381.52.3up to date
 prost^0.13.50.14.4out of date
 tokio-stream^0.10.1.18up to date
 num_cpus^11.17.0up to date
 rand^0.80.10.2out of date
 blake2b_simd^1.0.01.0.4up to date
 clap^44.6.1up to date
 log^0.40.4.33up to date
 env_logger^0.100.11.11out of date
 arc-swap^1.6.01.9.2up to date
 keccak^0.10.2.0out of date
 parking_lot^0.120.12.5up to date
 shuttle^0.60.9.1out of date
 chrono ⚠️^0.40.4.45maybe insecure

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 sha3^0.100.12.0out of date

Build dependencies

(4 total, 3 outdated)

CrateRequiredLatestStatus
 tonic-build^0.12.30.14.6out of date
 prost-build^0.13.50.14.4out of date
 prost-types^0.13.50.14.4out of date
 cc^11.2.66up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References