This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate nexus-actor-utils-rs

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tokio-condvar^0.3.00.3.0up to date

Crate nexus-actor-core-rs

Dependencies

(33 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.1.800.1.88up to date
 backtrace^0.30.3.74up to date
 base64-string-rs^0.0.10.0.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 im^15.0.015.1.0up to date
 num_enum^0.7.20.7.3up to date
 once_cell^1.19.01.21.3up to date
 oni-comb-uri-rs^0.2.10.2.709up to date
 opentelemetry^0.25.00.29.0out of date
 opentelemetry-otlp^0.25.00.29.0out of date
 opentelemetry-stdout^0.25.00.29.0out of date
 opentelemetry_sdk^0.25.00.29.0out of date
 prost^0.13.00.13.5up to date
 prost-types^0.130.13.5up to date
 rand^0.9.0-alpha.20.9.0up to date
 regex^1.10.61.11.1up to date
 serde^1.01.0.219up to date
 serde_json^1.01.0.140up to date
 siphasher^1.0.11.0.1up to date
 static_assertions^1.1.01.1.0up to date
 strum^0.270.27.1up to date
 strum_macros^0.270.27.1up to date
 thiserror^2.0.02.0.12up to date
 time^0.3.360.3.41up to date
 tokio^1.37.01.44.1up to date
 tokio-condvar^0.3.00.3.0up to date
 tonic^0.13.00.13.0up to date
 tonic-types^0.13.00.13.0up to date
 tracing^0.10.1.41up to date
 tracing-futures^0.2.50.2.5up to date
 tracing-opentelemetry^0.30.00.30.0up to date
 tracing-subscriber^0.30.3.19up to date
 uuid^1.9.01.16.0up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 clap^4.5.94.5.34up to date
 governor^0.10.00.10.0up to date
 humantime^2.12.2.0up to date
 rstest^0.25.00.25.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tonic-build^0.13.00.13.0up to date

Crate nexus-actor-message-derive-rs

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.0.361.0.94up to date
 quote^1.0.361.0.40up to date
 syn^2.0.742.0.100up to date

Crate nexus-actor-remote-rs

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-subscriber^0.30.3.19up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tonic-build^0.13.00.13.0up to date

Crate nexus-actor-cluster-rs

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 num_enum^0.7.20.7.3up to date
 once_cell^1.19.01.21.3up to date
 prost^0.13.00.13.5up to date
 prost-types^0.130.13.5up to date
 thiserror^2.0.02.0.12up to date
 tokio^1.37.01.44.1up to date
 tonic^0.13.00.13.0up to date
 tonic-types^0.13.00.13.0up to date
 tracing^0.10.1.41up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-subscriber^0.30.3.19up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tonic-build^0.13.00.13.0up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References