Deps.rs

fschutt / azul

[![dependency status](https://deps.rs/repo/github/fschutt/azul/status.svg)](https://deps.rs/repo/github/fschutt/azul)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate azul

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.228up to date
 serde_derive^11.0.228up to date

Crate azul-dll

Dependencies

(23 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.16.50.26.0out of date
 log^0.4.170.4.28up to date
 pyo3-log^0.6.00.13.1out of date
 tfd^0.1.00.1.0up to date
 clipboard2^0.1.10.1.1up to date
 raw-window-handle^0.5.00.6.2out of date
 fern^0.6.10.7.1out of date
 backtrace^0.3.660.3.76up to date
 rust-fontconfig^1.0.11.0.2up to date
 strfmt^0.1.60.2.5out of date
 libm^0.2.20.2.15up to date
 gl-context-loader^0.1.80.1.8up to date
 azul-webrender^0.62.20.62.2up to date
 once_cell^1.17.11.21.3up to date
 bitflags^2.8.02.9.4up to date
 winapi^0.3.90.3.9up to date
 cgl^0.3.20.3.2up to date
 dispatch2^0.2.00.3.0out of date
 objc2^0.6.00.6.3up to date
 block2^0.6.00.6.2up to date
 objc2-core-foundation^0.3.00.3.2up to date
 objc2-foundation^0.3.00.3.2up to date
 objc2-app-kit^0.3.00.3.2up to date

Crate azul-docs

Dependencies

(15 total, 4 outdated)

CrateRequiredLatestStatus
 serde^11.0.228up to date
 serde_derive^11.0.228up to date
 serde_json^11.0.145up to date
 anyhow^1.01.0.100up to date
 indexmap^1.92.11.4out of date
 cargo-license^0.6.10.7.0out of date
 cargo_metadata^0.18.10.23.0out of date
 zip^5.0.05.1.1up to date
 open^5.3.25.3.2up to date
 tempfile^3.19.13.23.0up to date
 comrak^0.37.00.43.0out of date
 chrono^0.4.400.4.42up to date
 image^0.250.25.8up to date
 base64^0.22.10.22.1up to date
 serde_yaml^0.90.9.34+deprecatedup to date

Crate azul-css

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 libm^0.2.20.2.15up to date
 azul-simplecss^0.1.10.1.1up to date

Crate azul-core

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 libm^0.2.20.2.15up to date
 gl-context-loader^0.1.80.1.8up to date
 highway^0.8.01.3.0out of date
 rust-fontconfig^1.0.11.0.2up to date

Crate azul-layout

Dependencies

(19 total, 2 outdated)

CrateRequiredLatestStatus
 image^0.250.25.8up to date
 rust-fontconfig^1.0.11.0.2up to date
 tinyvec^1.9.01.10.0up to date
 lyon^1.0.11.0.16up to date
 usvg^0.45.00.45.1up to date
 resvg^0.45.00.45.1up to date
 tiny-skia^0.11.40.11.4up to date
 geo-booleanop^0.3.20.3.2up to date
 geo^0.30.00.31.0out of date
 roxmltree^0.20.00.21.0out of date
 xmlwriter^0.1.00.1.0up to date
 xmlparser^0.13.60.13.6up to date
 gl-context-loader^0.1.80.1.8up to date
 unicode-bidi^0.3.180.3.18up to date
 thiserror^2.0.162.0.17up to date
 hyphenation^0.8.40.8.4up to date
 unicode-segmentation^1.12.01.12.0up to date
 unicode-normalization^0.1.240.1.24up to date
 lru^0.16.10.16.1up to date

Crate azul-examples

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.228up to date
 serde_derive^11.0.228up to date
 serde_json^11.0.145up to date

Crate azul-ios

No external dependencies! 🙌

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.