Deps.rs

fschutt / azul

[![dependency status](https://deps.rs/repo/github/fschutt/azul/status.svg)](https://deps.rs/repo/github/fschutt/azul)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate azul

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date

Crate azul-dll

Dependencies

(15 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.16.50.24.1out of date
 log^0.4.170.4.27up to date
 pyo3-log^0.6.00.12.2out of date
 tfd^0.1.00.1.0up to date
 clipboard2^0.1.10.1.1up to date
 raw-window-handle^0.5.00.6.2out of date
 fern^0.6.10.7.1out of date
 backtrace^0.3.660.3.74up to date
 rust-fontconfig^1.0.01.0.0up to date
 strfmt^0.1.60.2.4out of date
 libm^0.2.20.2.11up to date
 gl-context-loader^0.1.80.1.8up to date
 azul-webrender^0.62.20.62.2up to date
 once_cell^1.17.11.21.3up to date
 bitflags^2.8.02.9.0up to date

Crate azul-docs

Dependencies

(11 total, 2 outdated)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date
 anyhow^1.01.0.97up to date
 indexmap^1.92.8.0out of date
 cargo-license^0.6.10.6.1up to date
 cargo_metadata^0.18.10.19.2out of date
 zip^2.5.02.5.0up to date
 open^5.3.25.3.2up to date
 tempfile^3.19.13.19.1up to date
 comrak^0.37.00.37.0up to date

Crate azul-css

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 libm^0.2.20.2.11up to date
 azul-simplecss^0.1.10.1.1up to date

Crate azul-core

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 libm^0.2.20.2.11up to date
 gl-context-loader^0.1.80.1.8up to date
 highway^0.8.01.3.0out of date
 rust-fontconfig^1.0.01.0.0up to date

Crate azul-layout

Dependencies

(19 total, 7 outdated)

CrateRequiredLatestStatus
 image^0.250.25.6up to date
 rust-fontconfig^1.0.01.0.0up to date
 hyphenation^0.8.30.8.4up to date
 unicode-bidi^0.3.130.3.18up to date
 unicode-segmentation^1.10.11.12.0up to date
 lazy_static^1.5.01.5.0up to date
 unicode-normalization^0.1.210.1.24up to date
 allsorts-subset-browser^0.16.00.16.0up to date
 tinyvec^1.6.01.9.0up to date
 lyon^0.17.101.0.1out of date
 usvg^0.22.00.45.0out of date
 resvg^0.22.00.45.0out of date
 tiny-skia^0.6.50.11.4out of date
 geo-booleanop^0.2.10.3.2out of date
 geo^0.26.00.30.0out of date
 roxmltree^0.14.00.20.0out of date
 xmlwriter^0.1.00.1.0up to date
 xmlparser^0.13.30.13.6up to date
 gl-context-loader^0.1.80.1.8up to date

Crate azul-examples

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date

Crate azul-ios

No external dependencies! 🙌

Crate azul-reftest

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date
 tiny-skia^0.11.40.11.4up to date
 rayon^11.10.0up to date
 image^0.250.25.6up to date
 chrono^0.4.400.4.40up to date
 open^5.3.25.3.2up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.