This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate azul

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date

Crate azul-dll

Dependencies

(15 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 pyo3 ⚠️^0.16.50.24.2out of date
 log^0.4.170.4.27up to date
 pyo3-log^0.6.00.12.3out of date
 tfd^0.1.00.1.0up to date
 clipboard2^0.1.10.1.1up to date
 raw-window-handle^0.5.00.6.2out of date
 fern^0.6.10.7.1out of date
 backtrace^0.3.660.3.74up to date
 rust-fontconfig^1.0.11.0.1up to date
 strfmt^0.1.60.2.4out of date
 libm^0.2.20.2.13up to date
 gl-context-loader^0.1.80.1.8up to date
 azul-webrender^0.62.20.62.2up to date
 once_cell^1.17.11.21.3up to date
 bitflags^2.8.02.9.0up to date

Crate azul-docs

Dependencies

(15 total, 3 outdated)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date
 anyhow^1.01.0.98up to date
 indexmap^1.92.9.0out of date
 cargo-license^0.6.10.6.1up to date
 cargo_metadata^0.18.10.19.2out of date
 zip^2.5.02.6.1up to date
 open^5.3.25.3.2up to date
 tempfile^3.19.13.19.1up to date
 comrak^0.37.00.38.0out of date
 chrono^0.4.400.4.40up to date
 image^0.250.25.6up to date
 base64^0.22.10.22.1up to date
 serde_yaml^0.90.9.34+deprecatedup to date

Crate azul-css

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 libm^0.2.20.2.13up to date
 azul-simplecss^0.1.10.1.1up to date

Crate azul-core

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 libm^0.2.20.2.13up to date
 gl-context-loader^0.1.80.1.8up to date
 highway^0.8.01.3.0out of date
 rust-fontconfig^1.0.11.0.1up to date

Crate azul-layout

Dependencies

(18 total, all up-to-date)

CrateRequiredLatestStatus
 image^0.250.25.6up to date
 rust-fontconfig^1.0.11.0.1up to date
 hyphenation^0.8.40.8.4up to date
 unicode-bidi^0.3.180.3.18up to date
 unicode-segmentation^1.12.01.12.0up to date
 unicode-normalization^0.1.240.1.24up to date
 allsorts-subset-browser^0.16.00.16.0up to date
 tinyvec^1.9.01.9.0up to date
 lyon^1.0.11.0.1up to date
 usvg^0.45.00.45.1up to date
 resvg^0.45.00.45.1up to date
 tiny-skia^0.11.40.11.4up to date
 geo-booleanop^0.3.20.3.2up to date
 geo^0.30.00.30.0up to date
 roxmltree^0.20.00.20.0up to date
 xmlwriter^0.1.00.1.0up to date
 xmlparser^0.13.60.13.6up to date
 gl-context-loader^0.1.80.1.8up to date

Crate azul-examples

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 serde_derive^11.0.219up to date
 serde_json^11.0.140up to date

Crate azul-ios

No external dependencies! 🙌

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.