This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate azul-dll

Dependencies

(23 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.16.50.27.0out of date
 log^0.4.170.4.28up to date
 pyo3-log^0.6.00.13.1out of date
 tfd^0.1.00.1.0up to date
 clipboard2^0.1.10.1.1up to date
 raw-window-handle^0.5.00.6.2out of date
 fern^0.6.10.7.1out of date
 backtrace^0.3.660.3.76up to date
 rust-fontconfig^1.0.11.0.3up to date
 strfmt^0.1.60.2.5out of date
 libm^0.2.20.2.15up to date
 gl-context-loader^0.1.80.1.9up to date
 azul-webrender^0.62.20.62.2up to date
 once_cell^1.17.11.21.3up to date
 bitflags^2.8.02.10.0up to date
 winapi^0.3.90.3.9up to date
 cgl^0.3.20.3.2up to date
 dispatch2^0.2.00.3.0out of date
 objc2^0.6.00.6.3up to date
 block2^0.6.00.6.2up to date
 objc2-core-foundation^0.3.00.3.2up to date
 objc2-foundation^0.3.00.3.2up to date
 objc2-app-kit^0.3.00.3.2up to date

Crate azul-docs

Dependencies

(26 total, 7 outdated)

CrateRequiredLatestStatus
 serde^11.0.228up to date
 serde_derive^11.0.228up to date
 serde_json^11.0.145up to date
 anyhow^1.01.0.100up to date
 indexmap^1.92.12.0out of date
 cargo-license^0.6.10.7.0out of date
 cargo_metadata^0.18.10.23.0out of date
 zip^5.0.06.0.0out of date
 open^5.3.25.3.2up to date
 tempfile^3.19.13.23.0up to date
 comrak^0.37.00.44.0out of date
 chrono^0.4.400.4.42up to date
 image^0.250.25.8up to date
 base64^0.22.10.22.1up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 syn^2.0.1012.0.107up to date
 quote^1.0.401.0.41up to date
 ignore^0.4.230.4.24up to date
 regex^1.11.11.12.2up to date
 cargo_toml^0.22.10.22.3up to date
 proc-macro2^1.0.811.0.101up to date
 toml^0.8.220.9.8out of date
 rayon^1.101.11.0up to date
 walkdir^22.5.0up to date
 thiserror^1.02.0.17out of date
 once_cell^1.201.21.3up to date

Crate azul-layout

Dependencies

(20 total, 2 outdated)

CrateRequiredLatestStatus
 image^0.250.25.8up to date
 rust-fontconfig^1.0.11.0.3up to date
 tinyvec^1.9.01.10.0up to date
 lyon^1.0.11.0.16up to date
 usvg^0.45.00.45.1up to date
 resvg^0.45.00.45.1up to date
 tiny-skia^0.11.40.11.4up to date
 geo-booleanop^0.3.20.3.2up to date
 geo^0.30.00.31.0out of date
 roxmltree^0.20.00.21.1out of date
 xmlwriter^0.1.00.1.0up to date
 xmlparser^0.13.60.13.6up to date
 gl-context-loader^0.1.80.1.9up to date
 unicode-bidi^0.3.180.3.18up to date
 thiserror^2.0.162.0.17up to date
 hyphenation^0.8.40.8.4up to date
 unicode-segmentation^1.12.01.12.0up to date
 unicode-normalization^0.1.240.1.24up to date
 lru^0.16.10.16.2up to date
 taffy^0.9.10.9.1up to date

Crate azul-core

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 libm^0.2.20.2.15up to date
 gl-context-loader^0.1.80.1.9up to date
 highway^0.8.01.3.0out of date
 rust-fontconfig^1.0.11.0.3up to date

Crate azul-css

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 libm^0.2.20.2.15up to date
 azul-simplecss^0.1.10.1.1up to date
 highway^1.11.3.0up to date
 dirs-next^2.02.0.0up to date
 serde^1.01.0.228up to date
 serde_json^1.01.0.145up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.