kamu-data / kamu-cli

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `container-runtime`

Dependencies

(10 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
cfg-if	`^1`	`1.0.0`	up to date
dill	`^0.9`	`0.9.1`	up to date
libc	`^0.2`	`0.2.158`	up to date
regex ⚠️	`^1`	`1.10.6`	maybe insecure
serde	`^1`	`1.0.209`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date

Dev dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tempfile	`^3`	`3.12.0`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-data-utils`

Dependencies

(14 total, all up-to-date)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
arrow	`^52`	`52.2.0`	up to date
arrow-json	`^52`	`52.2.0`	up to date
arrow-digest	`^52`	`52.0.0`	up to date
datafusion	`^41`	`41.0.0`	up to date
digest	`^0.10`	`0.10.7`	up to date
hex	`^0.4`	`0.4.3`	up to date
pretty_assertions	`^1`	`1.4.0`	up to date
sha3	`^0.10`	`0.10.8`	up to date
tracing	`^0.1`	`0.1.40`	up to date
thiserror	`^1`	`1.0.63`	up to date
url	`^2`	`2.5.2`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `database-common`

Dependencies

(17 total, 3 outdated, 3 possibly insecure)

Crate	Required	Latest	Status
aws-config	`^0.57`	`1.5.5`	out of date
aws-sdk-secretsmanager	`^0.35`	`1.44.0`	out of date
aws-credential-types	`^0.57`	`1.2.1`	out of date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
hex	`^0.4`	`0.4.3`	up to date
hmac	`^0.12`	`0.12.1`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
serde_json	`^1`	`1.0.127`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
serde	`^1`	`1.0.209`	up to date
sha2	`^0.10`	`0.10.8`	up to date
uuid	`^1`	`1.10.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure

Crate `database-common-macros`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
quote	`^1`	`1.0.37`	up to date
syn	`^2`	`2.0.77`	up to date

Crate `kamu-datafusion-cli`

Dependencies

(16 total, 4 outdated, 3 possibly insecure)

Crate	Required	Latest	Status
arrow	`^52`	`52.2.0`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
aws-config	`^0.57`	`1.5.5`	out of date
aws-credential-types	`^0.57`	`1.2.1`	out of date
clap	`^4`	`4.5.16`	up to date
datafusion	`^41`	`41.0.0`	up to date
datafusion-common	`^41`	`41.0.0`	up to date
dirs	`^5`	`5.0.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
object_store ⚠️	`^0.10.1`	`0.11.0`	out of date
parking_lot	`^0.12`	`0.12.3`	up to date
parquet	`^52`	`52.2.0`	up to date
regex ⚠️	`^1`	`1.10.6`	maybe insecure
rustyline	`^11`	`14.0.0`	out of date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
url	`^2`	`2.5.2`	up to date

Crate `enum-variants`

No external dependencies! 🙌

Crate `event-sourcing`

Dependencies

(6 total, all up-to-date)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
serde	`^1`	`1.0.209`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
futures	`^0.3`	`0.3.30`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `event-sourcing-macros`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
syn	`^2`	`2.0.77`	up to date
quote	`^1`	`1.0.37`	up to date

Crate `http-common`

Dependencies

(4 total, 2 outdated)

Crate	Required	Latest	Status
axum	`^0.6`	`0.7.5`	out of date
http	`^0.2`	`1.1.0`	out of date
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Crate `internal-error`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
thiserror	`^1`	`1.0.63`	up to date

Crate `kamu-cli-puppet`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
assert_cmd	`^2`	`2.0.16`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
tempfile	`^3`	`3.12.0`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
async-trait	`^0.1`	`0.1.82`	up to date
datafusion	`^41`	`41.0.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date

Crate `messaging-outbox`

Dependencies

(11 total, 1 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
mockall	`^0.11`	`0.13.0`	out of date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
paste	`^1`	`1.0.15`	up to date
serde	`^1`	`1.0.209`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `multiformats`

Dependencies

(9 total, all up-to-date)

Crate	Required	Latest	Status
bs58	`^0.5`	`0.5.1`	up to date
digest	`^0.10`	`0.10.7`	up to date
ed25519-dalek	`^2`	`2.1.1`	up to date
hex	`^0.4`	`0.4.3`	up to date
rand	`^0.8`	`0.8.5`	up to date
sha3	`^0.10`	`0.10.8`	up to date
serde	`^1`	`1.0.209`	up to date
thiserror	`^1`	`1.0.63`	up to date
unsigned-varint	`^0.8`	`0.8.0`	up to date

Crate `random-names`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
rand	`^0.8`	`0.8.5`	up to date

Crate `kamu-repo-tools`

Dependencies

(5 total, 2 possibly insecure)

Crate	Required	Latest	Status
clap	`^4`	`4.5.16`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
regex ⚠️	`^1`	`1.10.6`	maybe insecure
semver	`^1`	`1.0.23`	up to date
toml	`^0.8`	`0.8.19`	up to date

Dev dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
glob	`^0.3`	`0.3.1`	up to date
grep-searcher	`^0.1`	`0.1.13`	up to date
grep-regex	`^0.1`	`0.1.12`	up to date
indoc	`^2`	`2.0.5`	up to date

Crate `time-source`

Dependencies

(4 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
futures	`^0.3`	`0.3.30`	up to date

Crate `tracing-perfetto`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
conv	`^0.3`	`0.3.3`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
tracing	`^0.1`	`0.1.40`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-accounts`

Dependencies

(16 total, 1 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
base32	`^0.5.0`	`0.5.1`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
crc32fast	`^1.4.2`	`1.4.2`	up to date
jsonwebtoken	`^9`	`9.3.0`	up to date
lazy_static	`^1`	`1.5.0`	up to date
merge	`^0.1`	`0.1.0`	up to date
mockall	`^0.11`	`0.13.0`	out of date
rand	`^0.8`	`0.8.5`	up to date
reusable	`^0.1`	`0.1.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure

Crate `kamu-auth-rebac`

Dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
strum	`^0.26`	`0.26.3`	up to date
thiserror	`^1`	`1.0.63`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure

Crate `kamu-core`

Dependencies

(18 total, 2 outdated, 3 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
bytes	`^1`	`1.7.1`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
http	`^0.2`	`1.1.0`	out of date
pathdiff	`^0.2`	`0.2.1`	up to date
pin-project	`^1`	`1.1.5`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
datafusion	`^41`	`41.0.0`	up to date
object_store ⚠️	`^0.10`	`0.11.0`	out of date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date

Crate `kamu-datasets`

Dependencies

(10 total, 2 possibly insecure)

Crate	Required	Latest	Status
aes-gcm	`^0.10.3`	`0.10.3`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
merge	`^0.1`	`0.1.0`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
uuid	`^1`	`1.10.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure

Crate `kamu-flow-system`

Dependencies

(11 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
cron	`^0.12`	`0.12.1`	up to date
lazy_static	`^1`	`1.5.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
datafusion	`^41`	`41.0.0`	up to date

Crate `opendatafabric`

Dependencies

(20 total, 2 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
digest	`^0.10`	`0.10.7`	up to date
futures-core	`^0.3`	`0.3.30`	up to date
thiserror	`^1`	`1.0.63`	up to date
bitflags	`^2`	`2.6.0`	up to date
like	`^0.3`	`0.3.1`	up to date
sha3	`^0.10`	`0.10.8`	up to date
url	`^2`	`2.5.2`	up to date
ed25519-dalek	`^2`	`2.1.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
base64	`^0.22`	`0.22.1`	up to date
flatbuffers	`^24`	`24.3.25`	up to date
hex	`^0.4`	`0.4.3`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date
serde_yaml	`^0.9`	`0.9.34+deprecated`	up to date
prost	`^0.12`	`0.13.2`	out of date
tonic	`^0.11`	`0.12.2`	out of date
arrow	`^52`	`52.2.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date

Crate `kamu-task-system`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
serde	`^1`	`1.0.209`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio-stream	`^0.1`	`0.1.15`	up to date

Crate `kamu-accounts-services`

Dependencies

(12 total, 2 possibly insecure)

Crate	Required	Latest	Status
argon2	`^0.5`	`0.5.3`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
jsonwebtoken	`^9`	`9.3.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
password-hash	`^0.5`	`0.5.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date

Crate `kamu-auth-rebac-services`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
serde_json	`^1`	`1.0.127`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-datasets-services`

Dependencies

(10 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
thiserror	`^1`	`1.0.63`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Crate `kamu-flow-system-services`

Dependencies

(13 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
serde_with	`^3`	`3.9.0`	up to date

Dev dependencies

(8 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
cron	`^0.12`	`0.12.1`	up to date
indoc	`^2`	`2.0.5`	up to date
mockall	`^0.11`	`0.13.0`	out of date
pretty_assertions	`^1`	`1.4.0`	up to date
tempfile	`^3`	`3.12.0`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-task-system-services`

Dependencies

(7 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_json	`^1`	`1.0.127`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
test-log	`^0.2`	`0.2.16`	up to date

Crate `kamu`

Dependencies

(59 total, 17 outdated, 5 possibly insecure)

Crate	Required	Latest	Status
flatbuffers	`^24`	`24.3.25`	up to date
hex	`^0.4`	`0.4.3`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
serde_with	`^3`	`3.9.0`	up to date
serde_yaml	`^0.9`	`0.9.34+deprecated`	up to date
flate2	`^1`	`1.0.33`	up to date
reqwest	`^0.11`	`0.12.7`	out of date
ringbuf	`^0.3`	`0.4.4`	out of date
secrecy	`^0.8`	`0.8.0`	up to date
zip	`^0.6`	`2.2.0`	out of date
datafusion	`^41`	`41.0.0`	up to date
digest	`^0.10`	`0.10.7`	up to date
object_store ⚠️	`^0.10`	`0.11.0`	out of date
parking_lot	`^0.12`	`0.12.3`	up to date
sha3	`^0.10`	`0.10.8`	up to date
aws-config	`^0.57`	`1.5.5`	out of date
aws-sdk-s3	`^0.35`	`1.47.0`	out of date
aws-smithy-http	`^0.57`	`0.60.10`	out of date
aws-smithy-types	`^0.57`	`1.2.4`	out of date
aws-credential-types	`^0.57`	`1.2.1`	out of date
trust-dns-resolver	`^0.23`	`0.23.2`	up to date
http	`^0.2`	`1.1.0`	out of date
async-recursion	`^1`	`1.1.1`	up to date
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
bytes	`^1`	`1.7.1`	up to date
cfg-if	`^1`	`1.0.0`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dashmap	`^6`	`6.0.1`	up to date
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
glob	`^0.3`	`0.3.1`	up to date
hyper ⚠️	`^0.14`	`1.4.1`	out of date
itertools	`^0.13`	`0.13.0`	up to date
libc	`^0.2`	`0.2.158`	up to date
like	`^0.3`	`0.3.1`	up to date
mockall	`^0.11`	`0.13.0`	out of date
pin-project	`^1`	`1.1.5`	up to date
petgraph	`^0.6.4`	`0.6.5`	up to date
rand	`^0.8`	`0.8.5`	up to date
regex ⚠️	`^1`	`1.10.6`	maybe insecure
tempfile	`^3`	`3.12.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tokio-util	`^0.7`	`0.7.11`	up to date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
walkdir	`^2`	`2.5.0`	up to date
tower	`^0.4`	`0.5.0`	out of date
tower-http	`^0.4`	`0.5.2`	out of date
axum	`^0.6`	`0.7.5`	out of date
alloy	`^0.2`	`0.3.1`	out of date
curl	`^0.4`	`0.4.46`	up to date
curl-sys	`^0.4`	`0.4.74+curl-8.9.0`	up to date
datafusion-ethers	`^41`	`41.0.0`	up to date
datafusion-functions-json	`^0.41`	`0.41.0`	up to date
rumqttc	`^0.23`	`0.24.0`	out of date

Dev dependencies

(9 total, 1 possibly insecure)

Crate	Required	Latest	Status
criterion	`^0.5`	`0.5.1`	up to date
datafusion	`^41`	`41.0.0`	up to date
filetime	`^0.2`	`0.2.25`	up to date
indoc	`^2`	`2.0.5`	up to date
nanoid	`^0.4.0`	`0.4.0`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-ingest-datafusion`

Dependencies

(19 total, 3 outdated, 3 possibly insecure)

Crate	Required	Latest	Status
datafusion	`^41`	`41.0.0`	up to date
digest	`^0.10`	`0.10.7`	up to date
geo-types	`^0.7`	`0.7.13`	up to date
geojson	`^0.24`	`0.24.1`	up to date
glob	`^0.3`	`0.3.1`	up to date
object_store ⚠️	`^0.10`	`0.11.0`	out of date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
sha3	`^0.10`	`0.10.8`	up to date
shapefile	`^0.5`	`0.6.0`	out of date
walkdir	`^2`	`2.5.0`	up to date
zip	`^0.6`	`2.2.0`	out of date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
futures	`^0.3`	`0.3.30`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date

Dev dependencies

(9 total, 1 possibly insecure)

Crate	Required	Latest	Status
criterion	`^0.5`	`0.5.1`	up to date
indoc	`^2`	`2.0.5`	up to date
pretty_assertions	`^1`	`1.4.0`	up to date
rand	`^0.8`	`0.8.5`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tempfile	`^3`	`3.12.0`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-flow-system-repo-tests`

Dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date

Crate `kamu-flow-system-inmem`

Dependencies

(12 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date

Dev dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
cron	`^0.12`	`0.12.1`	up to date
tempfile	`^3`	`3.12.0`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-flow-system-postgres`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_json	`^1`	`1.0.127`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
test-group	`^1`	`1.0.1`	up to date
serde	`^1.0.198`	`1.0.209`	up to date

Crate `kamu-flow-system-sqlite`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_json	`^1`	`1.0.127`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date

Dev dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
test-group	`^1`	`1.0.1`	up to date
serde	`^1.0.198`	`1.0.209`	up to date

Crate `kamu-accounts-repo-tests`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
argon2	`^0.5`	`0.5.3`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
password-hash	`^0.5`	`0.5.0`	up to date
uuid	`^1`	`1.10.0`	up to date
rand	`^0.8`	`0.8.5`	up to date

Crate `kamu-accounts-inmem`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-accounts-mysql`

Dependencies

(7 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-accounts-postgres`

Dependencies

(7 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-accounts-sqlite`

Dependencies

(7 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-datasets-inmem`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-datasets-postgres`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-datasets-sqlite`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-task-system-repo-tests`

Dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date

Crate `kamu-task-system-inmem`

Dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-task-system-postgres`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_json	`^1`	`1.0.127`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-task-system-sqlite`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
serde_json	`^1`	`1.0.127`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
test-group	`^1`	`1.0.1`	up to date

Crate `kamu-auth-rebac-inmem`

Dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
dill	`^0.9`	`0.9.1`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date

Crate `kamu-auth-rebac-repo-tests`

Dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
dill	`^0.9`	`0.9.1`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-auth-rebac-sqlite`

Dependencies

(4 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
dill	`^0.9`	`0.9.1`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date

Crate `kamu-messaging-outbox-repo-tests`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
rand	`^0.8`	`0.8.5`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date

Crate `kamu-messaging-outbox-inmem`

Dependencies

(7 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-messaging-outbox-postgres`

Dependencies

(9 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-messaging-outbox-sqlite`

Dependencies

(8 total, 2 possibly insecure)

Crate	Required	Latest	Status
async-stream	`^0.3`	`0.3.5`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(3 total, 1 possibly insecure)

Crate	Required	Latest	Status
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-adapter-auth-oso`

Dependencies

(4 total, all up-to-date)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
dill	`^0.9`	`0.9.1`	up to date
oso	`^0.27`	`0.27.3`	up to date
oso-derive	`^0.27`	`0.27.3`	up to date

Dev dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
tempfile	`^3`	`3.12.0`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-adapter-flight-sql`

Dependencies

(11 total, 2 outdated)

Crate	Required	Latest	Status
arrow-flight	`^52`	`52.2.0`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
base64	`^0.22`	`0.22.1`	up to date
dashmap	`^6`	`6.0.1`	up to date
datafusion	`^41`	`41.0.0`	up to date
futures	`^0.3`	`0.3.30`	up to date
like	`^0.3`	`0.3.1`	up to date
prost	`^0.12`	`0.13.2`	out of date
tonic	`^0.11`	`0.12.2`	out of date
tracing	`^0.1`	`0.1.40`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-adapter-graphql`

Dependencies

(16 total, 1 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
async-graphql	`^6`	`7.0.9`	out of date
async-trait	`^0.1`	`0.1.82`	up to date
cron	`^0.12`	`0.12.1`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
datafusion	`^41`	`41.0.0`	up to date
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
secrecy	`^0.8`	`0.8.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tracing	`^0.1`	`0.1.40`	up to date
thiserror	`^1`	`1.0.63`	up to date
url	`^2`	`2.5.2`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(7 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
mockall	`^0.11`	`0.13.0`	out of date
tempfile	`^3`	`3.12.0`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate `kamu-adapter-http`

Dependencies

(27 total, 8 outdated, 4 possibly insecure)

Crate	Required	Latest	Status
aws-sdk-s3	`^0.35`	`1.47.0`	out of date
axum	`^0.6`	`0.7.5`	out of date
axum-extra	`^0.8`	`0.9.3`	out of date
async-trait	`^0.1`	`0.1.82`	up to date
base64	`^0.22`	`0.22.1`	up to date
bytes	`^1`	`1.7.1`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
datafusion	`^41`	`41.0.0`	up to date
dill	`^0.9`	`0.9.1`	up to date
flate2	`^1`	`1.0.33`	up to date
futures	`^0.3`	`0.3.30`	up to date
http	`^0.2`	`1.1.0`	out of date
hyper ⚠️	`^0.14`	`1.4.1`	out of date
reqwest	`^0.11`	`0.12.7`	out of date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
serde_with	`^3`	`3.9.0`	up to date
tar ⚠️	`^0.4`	`0.4.41`	maybe insecure
thiserror	`^1`	`1.0.63`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tokio-util	`^0.7`	`0.7.11`	up to date
tokio-tungstenite	`^0.20`	`0.23.1`	out of date
tower	`^0.4`	`0.5.0`	out of date
tracing	`^0.1`	`0.1.40`	up to date
url	`^2`	`2.5.2`	up to date
uuid	`^1`	`1.10.0`	up to date

Dev dependencies

(13 total, 2 outdated)

Crate	Required	Latest	Status
fs_extra	`^1.3`	`1.3.0`	up to date
indoc	`^2`	`2.0.5`	up to date
paste	`^1`	`1.0.15`	up to date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
tempfile	`^3`	`3.12.0`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date
tower-http	`^0.4`	`0.5.2`	out of date
rand	`^0.8`	`0.8.5`	up to date
sha3	`^0.10`	`0.10.8`	up to date
mockall	`^0.11`	`0.13.0`	out of date

Crate `kamu-adapter-oauth`

Dependencies

(8 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
dill	`^0.9`	`0.9.1`	up to date
http	`^0.2`	`1.1.0`	out of date
reqwest	`^0.11`	`0.12.7`	out of date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
thiserror	`^1`	`1.0.63`	up to date

Dev dependencies

(2 total, 1 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tracing	`^0.1`	`0.1.40`	up to date

Crate `kamu-adapter-odata`

Dependencies

(10 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
axum	`^0.6`	`0.7.5`	out of date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
datafusion	`^41`	`41.0.0`	up to date
datafusion-odata	`^41`	`41.0.0`	up to date
dill	`^0.9`	`0.9.1`	up to date
futures	`^0.3`	`0.3.30`	up to date
http	`^0.2`	`1.1.0`	out of date
quick-xml	`^0.36`	`0.36.1`	up to date
serde	`^1`	`1.0.209`	up to date
tracing	`^0.1`	`0.1.40`	up to date

Dev dependencies

(9 total, 3 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
hyper ⚠️	`^0.14`	`1.4.1`	out of date
indoc	`^2`	`2.0.5`	up to date
reqwest	`^0.11`	`0.12.7`	out of date
tempfile	`^3`	`3.12.0`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tower-http	`^0.4`	`0.5.2`	out of date
url	`^2`	`2.5.2`	up to date

Crate `kamu-cli`

Dependencies

(62 total, 12 outdated, 5 possibly insecure)

Crate	Required	Latest	Status
chrono-humanize	`^0.2`	`0.2.3`	up to date
clap	`^4`	`4.5.16`	up to date
clap_complete	`^4`	`4.5.24`	up to date
console	`^0.15`	`0.15.8`	up to date
ctrlc	`^3`	`3.4.5`	up to date
humansize	`^2`	`2.1.3`	up to date
indicatif	`^0.17`	`0.17.8`	up to date
minus	`^5`	`5.6.1`	up to date
num-format	`^0.4`	`0.4.4`	up to date
prettytable-rs	`^0.10`	`0.10.0`	up to date
read_input	`^0.8`	`0.8.6`	up to date
webbrowser	`^0.8`	`1.0.1`	out of date
arrow-flight	`^52`	`52.2.0`	up to date
async-graphql	`^6`	`7.0.9`	out of date
async-graphql-axum	`^6`	`7.0.9`	out of date
axum	`^0.6`	`0.7.5`	out of date
axum-extra	`^0.8`	`0.9.3`	out of date
http	`^0.2`	`1.1.0`	out of date
hyper ⚠️	`^0.14`	`1.4.1`	out of date
reqwest	`^0.11`	`0.12.7`	out of date
serde_json	`^1`	`1.0.127`	up to date
tonic	`^0.11`	`0.12.2`	out of date
tower	`^0.4`	`0.5.0`	out of date
tower-http	`^0.4`	`0.5.2`	out of date
rust-embed	`^8`	`8.5.0`	up to date
mime	`^0.3`	`0.3.17`	up to date
mime_guess	`^2`	`2.0.5`	up to date
duration-string	`^0.3`	`0.4.0`	out of date
merge	`^0.1`	`0.1.0`	up to date
serde	`^1`	`1.0.209`	up to date
serde_with	`^3`	`3.9.0`	up to date
serde_yaml	`^0.9`	`0.9.34+deprecated`	up to date
tracing	`^0.1`	`0.1.40`	up to date
tracing-appender	`^0.2`	`0.2.3`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date
tracing-log	`^0.2`	`0.2.0`	up to date
tracing-bunyan-formatter	`^0.3`	`0.3.9`	up to date
async-trait	`^0.1`	`0.1.82`	up to date
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
cfg-if	`^1`	`1.0.0`	up to date
datafusion	`^41`	`41.0.0`	up to date
dill	`^0.9`	`0.9.1`	up to date
dirs	`^5`	`5.0.1`	up to date
fs_extra	`^1.3`	`1.3.0`	up to date
futures	`^0.3`	`0.3.30`	up to date
glob	`^0.3`	`0.3.1`	up to date
hex	`^0.4`	`0.4.3`	up to date
indoc	`^2`	`2.0.5`	up to date
itertools	`^0.13`	`0.13.0`	up to date
libc	`^0.2`	`0.2.158`	up to date
regex ⚠️	`^1`	`1.10.6`	maybe insecure
secrecy	`^0.8`	`0.8.0`	up to date
shlex ⚠️	`^1`	`1.3.0`	maybe insecure
signal-hook	`^0.3`	`0.3.17`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-stream	`^0.1`	`0.1.15`	up to date
tokio-util	`^0.7`	`0.7.11`	up to date
tempfile	`^3`	`3.12.0`	up to date
thiserror	`^1`	`1.0.63`	up to date
url	`^2`	`2.5.2`	up to date
urlencoding	`^2`	`2.1.3`	up to date
whoami	`^1.5`	`1.5.1`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
pretty_assertions	`^1`	`1.4.0`	up to date
test-log	`^0.2`	`0.2.16`	up to date

Build dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
vergen	`^8`	`9.0.0`	out of date

Crate `kamu-cli-e2e-common`

Dependencies

(10 total, 1 outdated, 4 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
indoc	`^2`	`2.0.5`	up to date
pretty_assertions	`^1`	`1.4.0`	up to date
regex ⚠️	`^1`	`1.10.6`	maybe insecure
reqwest	`^0.11`	`0.12.7`	out of date
serde	`^1`	`1.0.209`	up to date
serde_json	`^1`	`1.0.127`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
tokio ⚠️	`^1`	`1.40.0`	maybe insecure
tokio-retry	`^0.3`	`0.3.0`	up to date

Crate `kamu-cli-e2e-common-macros`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
quote	`^1`	`1.0.37`	up to date
syn	`^2`	`2.0.77`	up to date

Crate `kamu-cli-e2e-repo-tests`

Dependencies

(4 total, 1 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.38`	maybe insecure
indoc	`^2`	`2.0.5`	up to date
reqwest	`^0.11`	`0.12.7`	out of date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-cli-e2e-inmem`

Dev dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
paste	`^1`	`1.0.15`	up to date
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-cli-e2e-postgres`

Dev dependencies

(6 total, 2 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
paste	`^1`	`1.0.15`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-cli-e2e-mysql`

Dev dependencies

(6 total, 2 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
paste	`^1`	`1.0.15`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Crate `kamu-cli-e2e-sqlite`

Dev dependencies

(6 total, 2 possibly insecure)

Crate	Required	Latest	Status
indoc	`^2`	`2.0.5`	up to date
paste	`^1`	`1.0.15`	up to date
sqlx ⚠️	`^0.8`	`0.8.1`	maybe insecure
test-group	`^1`	`1.0.1`	up to date
test-log	`^0.2`	`0.2.16`	up to date
tokio ⚠️	`^1`	`1.40.0`	maybe insecure

Security Vulnerabilities

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293

`hyper`: Lenient `hyper` header parsing of `Content-Length` could allow request smuggling

RUSTSEC-2021-0078

hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers. Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error.

To be vulnerable, hyper must be used as an HTTP/1 server and using an HTTP proxy upstream that ignores the header's contents but still forwards it. Due to all the factors that must line up, an attack exploiting this vulnerability is unlikely.

`hyper`: Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss

RUSTSEC-2021-0079

When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack.

To be vulnerable, you must be using hyper for any HTTP/1 purpose, including as a client or server, and consumers must send requests or responses that specify a chunk size greater than 18 exabytes. For a possible request smuggling attack to be possible, any upstream proxies must accept a chunk size greater than 64 bits.

`tar`: Links in archive can create arbitrary directories

RUSTSEC-2021-0080

When unpacking a tarball that contains a symlink the tar crate may create directories outside of the directory it's supposed to unpack into.

The function errors when it's trying to create a file, but the folders are already created at this point.

use std::{io, io::Result};
use tar::{Archive, Builder, EntryType, Header};

fn main() -> Result<()> {
    let mut buf = Vec::new();

    {
        let mut builder = Builder::new(&mut buf);

        // symlink: parent -> ..
        let mut header = Header::new_gnu();
        header.set_path("symlink")?;
        header.set_link_name("..")?;
        header.set_entry_type(EntryType::Symlink);
        header.set_size(0);
        header.set_cksum();
        builder.append(&header, io::empty())?;

        // file: symlink/exploit/foo/bar
        let mut header = Header::new_gnu();
        header.set_path("symlink/exploit/foo/bar")?;
        header.set_size(0);
        header.set_cksum();
        builder.append(&header, io::empty())?;

        builder.finish()?;
    };

    Archive::new(&*buf).unpack("demo")
}

This has been fixed in https://github.com/alexcrichton/tar-rs/pull/259 and is published as tar 0.4.36. Thanks to Martin Michaelis (@mgjm) for discovering and reporting this, and Nikhil Benesch (@benesch) for the fix!

`regex`: Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0013

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

Overview

The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.

Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.

Affected versions

All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5.

Mitigations

We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the regex crate.

Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.

Acknowledgements

We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.

We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`shlex`: Multiple issues involving quote API

RUSTSEC-2024-0006

Issue 1: Failure to quote characters

Affected versions of this crate allowed the bytes { and \xa0 to appear unquoted and unescaped in command arguments.

If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments.

This does not directly allow arbitrary command execution (you can't inject a command substitution or similar). But depending on the command you're running, being able to inject multiple arguments where only one is expected could lead to undesired consequences, potentially including arbitrary command execution.

The flaw was corrected in version 1.2.1 by escaping additional characters. Updating to 1.3.0 is recommended, but 1.2.1 offers a more minimal fix if desired.

Workaround: Check for the bytes { and \xa0 in quote/join input or output.

(Note: { is problematic because it is used for glob expansion. \xa0 is problematic because it's treated as a word separator in specific environments.)

Issue 2: Dangerous API w.r.t. nul bytes

Version 1.3.0 deprecates the quote and join APIs in favor of try_quote and try_join, which behave the same except that they have Result return type, returning Err if the input contains nul bytes.

Strings containing nul bytes generally cannot be used in Unix command arguments or environment variables, and most shells cannot handle nul bytes even internally. If you try to pass one anyway, then the results might be security-sensitive in uncommon scenarios. More details here.

Due to the low severity, the behavior of the original quote and join APIs has not changed; they continue to allow nuls.

Workaround: Manually check for nul bytes in quote/join input or output.

Issue 3: Lack of documentation for interactive shell risks

The quote family of functions does not and cannot escape control characters. With non-interactive shells this is perfectly safe, as control characters have no special effect. But if you writing directly to the standard input of an interactive shell (or through a pty), then control characters can cause misbehavior including arbitrary command injection.

This is essentially unfixable, and has not been patched. But as of version 1.3.0, documentation has been added.

Future versions of shlex may add API variants that avoid the issue at the cost of reduced portability.

`object_store`: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

RUSTSEC-2024-0358

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.

On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer.

Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue.

Details

When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs.

Thanks to Paul Hatcherian for reporting this vulnerability

`sqlx`: Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

RUSTSEC-2024-0363

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:

SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
(Archive link for posterity.)

Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data.

It appears SQLx does perform truncating casts in a way that could be problematic, for example: https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163

This code has existed essentially since the beginning, so it is reasonable to assume that all published versions <= 0.8.0 are affected.

Mitigation

As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.

Encode::size_hint() can be used for sanity checks, but do not assume that the size returned is accurate. For example, the Json<T> and Text<T> adapters have no reasonable way to predict or estimate the final encoded size, so they just return size_of::<T>() instead.

For web application backends, consider adding some middleware that limits the size of request bodies by default.

Resolution

sqlx 0.8.1 has been released with the fix: https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md#081---2024-08-23

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: https://github.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.

kamu-data / kamu-cli

Crate container-runtime

Dependencies

Dev dependencies

Crate kamu-data-utils

Dependencies

Dev dependencies

Crate database-common

Dependencies

Crate database-common-macros

Dependencies

Crate kamu-datafusion-cli

Dependencies

Crate enum-variants

Crate event-sourcing

Dependencies

Dev dependencies

Crate event-sourcing-macros

Dependencies

Crate http-common

Dependencies

Crate internal-error

Dependencies

Crate kamu-cli-puppet

Dependencies

Crate messaging-outbox

Dependencies

Dev dependencies

Crate multiformats

Dependencies

Crate random-names

Dependencies

Crate kamu-repo-tools

Dependencies

Dev dependencies

Crate time-source

Dependencies

Dev dependencies

Crate tracing-perfetto

Dependencies

Dev dependencies

Crate kamu-accounts

Dependencies

Crate kamu-auth-rebac

Dependencies

Crate kamu-core

Dependencies

Crate kamu-datasets

Dependencies

Crate kamu-flow-system

Dependencies

Dev dependencies

Crate opendatafabric

Dependencies

Dev dependencies

Crate kamu-task-system

Dependencies

Crate kamu-accounts-services

Dependencies

Dev dependencies

Crate kamu-auth-rebac-services

Dependencies

Dev dependencies

Crate kamu-datasets-services

Dependencies

Crate kamu-flow-system-services

Dependencies

Dev dependencies

Crate kamu-task-system-services

Dependencies

Dev dependencies

Crate kamu

Dependencies

Dev dependencies

Crate kamu-ingest-datafusion

Dependencies

Dev dependencies

Crate kamu-flow-system-repo-tests

Dependencies

Crate kamu-flow-system-inmem

Crate `container-runtime`

Crate `kamu-data-utils`

Crate `database-common`

Crate `database-common-macros`

Crate `kamu-datafusion-cli`

Crate `enum-variants`

Crate `event-sourcing`

Crate `event-sourcing-macros`

Crate `http-common`

Crate `internal-error`

Crate `kamu-cli-puppet`

Crate `messaging-outbox`

Crate `multiformats`

Crate `random-names`

Crate `kamu-repo-tools`

Crate `time-source`

Crate `tracing-perfetto`

Crate `kamu-accounts`

Crate `kamu-auth-rebac`

Crate `kamu-core`

Crate `kamu-datasets`

Crate `kamu-flow-system`

Crate `opendatafabric`

Crate `kamu-task-system`

Crate `kamu-accounts-services`

Crate `kamu-auth-rebac-services`

Crate `kamu-datasets-services`

Crate `kamu-flow-system-services`

Crate `kamu-task-system-services`

Crate `kamu`

Crate `kamu-ingest-datafusion`

Crate `kamu-flow-system-repo-tests`

Crate `kamu-flow-system-inmem`

Crate `kamu-flow-system-postgres`

Crate `kamu-flow-system-sqlite`

Crate `kamu-accounts-repo-tests`

Crate `kamu-accounts-inmem`

Crate `kamu-accounts-mysql`

Crate `kamu-accounts-postgres`

Crate `kamu-accounts-sqlite`

Crate `kamu-datasets-inmem`

Crate `kamu-datasets-postgres`

Crate `kamu-datasets-sqlite`

Crate `kamu-task-system-repo-tests`

Crate `kamu-task-system-inmem`

Crate `kamu-task-system-postgres`

Crate `kamu-task-system-sqlite`

Crate `kamu-auth-rebac-inmem`

Crate `kamu-auth-rebac-repo-tests`

Crate `kamu-auth-rebac-sqlite`

Crate `kamu-messaging-outbox-repo-tests`

Crate `kamu-messaging-outbox-inmem`

Crate `kamu-messaging-outbox-postgres`

Crate `kamu-messaging-outbox-sqlite`

Crate `kamu-adapter-auth-oso`

Crate `kamu-adapter-flight-sql`

Crate `kamu-adapter-graphql`