This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate async-utils

Dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 tokio ⚠️^11.44.1maybe insecure

Crate common-macros

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^11.0.40up to date
 syn^22.0.100up to date

Crate container-runtime

Dependencies

(10 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 cfg-if^11.0.0up to date
 dill^0.110.11.0up to date
 libc^0.20.2.171up to date
 regex ⚠️^11.11.1maybe insecure
 serde^11.0.219up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Dev dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tempfile^33.19.0up to date
 tokio ⚠️^11.44.1maybe insecure

Crate database-common

Dependencies

(18 total, 3 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 aws-config^11.6.0up to date
 aws-credential-types^11.2.2up to date
 aws-sdk-secretsmanager^11.66.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 hex^0.40.4.3up to date
 hmac^0.120.12.1up to date
 secrecy^0.100.10.3up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 sha2^0.100.10.8up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 mockall^0.130.13.1up to date
 pretty_assertions^11.4.1up to date
 tokio ⚠️^11.44.1maybe insecure

Crate database-common-macros

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^11.0.40up to date
 syn^22.0.100up to date

Crate kamu-datafusion-cli

Dependencies

(14 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrow^5454.2.1up to date
 async-trait^0.10.1.87up to date
 aws-config^11.6.0up to date
 aws-credential-types^11.2.2up to date
 clap^44.5.32up to date
 datafusion^4546.0.0out of date
 dirs^66.0.0up to date
 futures^0.30.3.31up to date
 object_store^0.110.12.0out of date
 parking_lot^0.120.12.3up to date
 parquet^5454.2.1up to date
 rustyline^15.015.0.0up to date
 tokio ⚠️^11.44.1maybe insecure
 url^22.5.4up to date

Crate email-utils

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.219up to date
 thiserror^22.0.12up to date
 validator^0.200.20.0up to date

Crate enum-variants

No external dependencies! 🙌

Crate event-sourcing

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 thiserror^22.0.12up to date
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date

Dev dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 futures^0.30.3.31up to date
 tokio ⚠️^11.44.1maybe insecure

Crate event-sourcing-macros

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^11.0.40up to date
 syn^22.0.100up to date

Crate file-utils

No external dependencies! 🙌

Crate http-common

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 axum^0.80.8.1up to date
 http^11.3.1up to date
 serde^11.0.219up to date
 thiserror^22.0.12up to date
 tracing^0.10.1.41up to date
 utoipa^55.3.1up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 strum^0.260.27.1out of date
 serde_json^11.0.140up to date

Crate init-on-startup

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 petgraph^0.70.7.1up to date
 thiserror^22.0.12up to date
 tracing^0.10.1.41up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 paste^11.0.15up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate internal-error

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 thiserror^22.0.12up to date

Crate kamu-cli-puppet

Dependencies

(13 total, 1 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 assert_cmd^22.0.16up to date
 bon^33.4.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 regex ⚠️^11.11.1maybe insecure
 tempfile^33.19.0up to date
 tokio ⚠️^11.44.1maybe insecure
 async-trait^0.10.1.87up to date
 datafusion^4546.0.0out of date
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 url^22.5.4up to date

Crate messaging-outbox

Dependencies

(13 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 itertools^0.140.14.0up to date
 mockall^0.130.13.1up to date
 prometheus^0.130.13.4up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date

Dev dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 paste^11.0.15up to date
 serde^11.0.219up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate multiformats

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 bs58^0.50.5.1up to date
 digest^0.100.10.7up to date
 ed25519-dalek^22.1.1up to date
 hex^0.40.4.3up to date
 rand^0.80.9.0out of date
 sha3^0.100.10.8up to date
 serde^11.0.219up to date
 thiserror^22.0.12up to date
 unsigned-varint^0.80.8.0up to date
 utoipa^55.3.1up to date
 serde_json^11.0.140up to date

Crate observability

Dependencies

(17 total, 5 outdated)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 axum^0.80.8.1up to date
 dill^0.110.11.0up to date
 http^11.3.1up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date
 tracing^0.10.1.41up to date
 tracing-appender^0.20.2.3up to date
 tracing-subscriber^0.30.3.19up to date
 tower-http^0.60.6.2up to date
 opentelemetry^0.260.28.0out of date
 opentelemetry_sdk^0.260.28.0out of date
 opentelemetry-otlp^0.260.28.0out of date
 opentelemetry-semantic-conventions^0.260.28.0out of date
 tracing-opentelemetry^0.270.29.0out of date
 prometheus^0.130.13.4up to date

Crate random-names

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 rand^0.80.9.0out of date

Crate kamu-repo-tools

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 clap^44.5.32up to date
 pretty_assertions^11.4.1up to date
 regex ⚠️^11.11.1maybe insecure
 reqwest^0.120.12.14up to date
 semver^11.0.26up to date
 serde^11.0.219up to date
 toml^0.80.8.20up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 glob^0.30.3.2up to date
 grep-regex^0.10.1.13up to date
 grep-searcher^0.10.1.14up to date
 indoc^22.0.6up to date

Crate s3-utils

Dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 aws-config^11.6.0up to date
 aws-sdk-s3^11.79.0up to date
 aws-smithy-types^11.3.0up to date
 bon^33.4.0up to date
 dill^0.110.11.0up to date
 prometheus^0.130.13.4up to date
 reqwest^0.120.12.14up to date
 tokio-util^0.70.7.14up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Crate test-utils

Dependencies

(7 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 axum^0.80.8.1up to date
 rand^0.80.9.0out of date
 tempfile^33.19.0up to date
 tokio ⚠️^11.44.1maybe insecure
 tower^0.50.5.2up to date
 tower-http^0.60.6.2up to date
 url^22.5.4up to date

Crate time-source

Dependencies

(4 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 tokio ⚠️^11.44.1maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.30.3.31up to date

Crate tracing-perfetto

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 conv^0.30.3.3up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tracing^0.10.1.41up to date
 tracing-subscriber^0.30.3.19up to date

Dev dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^11.44.1maybe insecure
 tracing-subscriber^0.30.3.19up to date

Crate opendatafabric

No external dependencies! 🙌

Crate opendatafabric-metadata

Dependencies

(21 total, 3 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 digest^0.100.10.7up to date
 thiserror^22.0.12up to date
 bitflags^22.9.0up to date
 datafusion^4546.0.0out of date
 rand^0.80.9.0out of date
 like^0.30.3.1up to date
 sha3^0.100.10.8up to date
 url^22.5.4up to date
 ed25519-dalek^22.1.1up to date
 base64^0.220.22.1up to date
 flatbuffers^2425.2.10out of date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 prost^0.130.13.5up to date
 tonic ⚠️^0.120.12.3maybe insecure
 arrow^5454.2.1up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 utoipa^55.3.1up to date
 serde_json^11.0.140up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 indoc^22.0.6up to date

Crate opendatafabric-data-utils

Dependencies

(14 total, 1 outdated)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 arrow^5454.2.1up to date
 arrow-json^5454.2.1up to date
 arrow-digest^5454.1.0up to date
 datafusion^4546.0.0out of date
 digest^0.100.10.7up to date
 hex^0.40.4.3up to date
 sha3^0.100.10.8up to date
 tracing^0.10.1.41up to date
 thiserror^22.0.12up to date
 url^22.5.4up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 pretty_assertions^11.4.1up to date

Dev dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate opendatafabric-dataset

Dependencies

(14 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 mockall^0.130.13.1up to date
 pin-project^11.1.10up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 strum^0.260.27.1out of date
 thiserror^22.0.12up to date
 tokio-stream^0.10.1.17up to date
 url^22.5.4up to date

Crate opendatafabric-dataset-impl

Dependencies

(16 total, 3 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 http^11.3.1up to date
 hickory-resolver^0.240.24.4up to date
 mockall^0.130.13.1up to date
 regex ⚠️^11.11.1maybe insecure
 reqwest^0.120.12.14up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 url^22.5.4up to date

Dev dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.30.3.31up to date
 mockall^0.130.13.1up to date
 tempfile^33.19.0up to date
 thiserror^22.0.12up to date
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate opendatafabric-storage

Dependencies

(8 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dashmap^66.1.0up to date
 http^11.3.1up to date
 thiserror^22.0.12up to date
 url^22.5.4up to date
 pretty_assertions^11.4.1up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 mockall^0.130.13.1up to date
 tempfile^33.19.0up to date
 tokio ⚠️^11.44.1maybe insecure

Crate opendatafabric-storage-http

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 futures^0.30.3.31up to date
 http^11.3.1up to date
 reqwest^0.120.12.14up to date
 tokio-util^0.70.7.14up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^11.44.1maybe insecure
 tempfile^33.19.0up to date
 test-log^0.20.2.17up to date

Crate opendatafabric-storage-inmem

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 sha3^0.100.10.8up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Dev dependencies

(1 total, 1 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^11.44.1maybe insecure

Crate opendatafabric-storage-lfs

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 digest^0.100.10.7up to date
 sha3^0.100.10.8up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^33.19.0up to date

Crate opendatafabric-storage-s3

Dependencies

(10 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 aws-sdk-s3^11.79.0up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 digest^0.100.10.7up to date
 http^11.3.1up to date
 sha3^0.100.10.8up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 url^22.5.4up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 rand^0.80.9.0out of date
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-accounts

Dependencies

(16 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 base32^0.50.5.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 crc32fast^1.4.21.4.2up to date
 futures^0.30.3.31up to date
 jsonwebtoken^99.3.1up to date
 lazy_static^11.5.0up to date
 merge^0.10.1.0up to date
 mockall^0.130.13.1up to date
 rand^0.80.9.0out of date
 reusable^0.10.1.0up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 thiserror^22.0.12up to date
 uuid^11.15.1up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Crate kamu-auth-rebac

Dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 strum^0.260.27.1out of date
 thiserror^22.0.12up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Crate kamu-core

Dependencies

(21 total, 3 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 itertools^0.140.14.0up to date
 pathdiff^0.20.2.3up to date
 strum^0.260.27.1out of date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date
 datafusion^4546.0.0out of date
 object_store^0.110.12.0out of date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 mockall^0.130.13.1up to date
 oso^0.270.27.3up to date
 utoipa^55.3.1up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 mockall^0.130.13.1up to date

Crate kamu-datasets

Dependencies

(14 total, 2 possibly insecure)

CrateRequiredLatestStatus
 aes-gcm^0.10.30.10.3up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 futures^0.30.3.31up to date
 itertools^0.140.14.0up to date
 merge^0.10.1.0up to date
 secrecy^0.100.10.3up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 thiserror^22.0.12up to date
 tokio-stream^0.10.1.17up to date
 uuid^11.15.1up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 mockall^0.130.13.1up to date

Crate kamu-flow-system

Dependencies

(11 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 cron^0.150.15.0up to date
 dill^0.110.11.0up to date
 lazy_static^11.5.0up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 strum^0.260.27.1out of date
 thiserror^22.0.12up to date
 tokio-stream^0.10.1.17up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date

Crate kamu-search

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date

Crate kamu-task-system

Dependencies

(6 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 serde^11.0.219up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 thiserror^22.0.12up to date
 tokio-stream^0.10.1.17up to date

Crate kamu-accounts-services

Dependencies

(12 total, 2 possibly insecure)

CrateRequiredLatestStatus
 argon2^0.50.5.3up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 jsonwebtoken^99.3.1up to date
 password-hash^0.50.5.0up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 mockall^0.130.13.1up to date
 test-log^0.20.2.17up to date

Crate kamu-auth-rebac-services

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 tracing^0.10.1.41up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 serde_json^11.0.140up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-datasets-services

Dependencies

(13 total, 2 possibly insecure)

CrateRequiredLatestStatus
 mockall^0.130.13.1up to date
 serde_json^11.0.140up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 petgraph^0.70.7.1up to date
 secrecy^0.100.10.3up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 mockall^0.130.13.1up to date
 oop^0.0.20.0.2up to date
 serde_json^11.0.140up to date
 pretty_assertions^11.4.1up to date
 tempfile^33.19.0up to date
 test-log^0.20.2.17up to date

Crate kamu-flow-system-services

Dependencies

(7 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 cron^0.150.15.0up to date
 indoc^22.0.6up to date
 mockall^0.130.13.1up to date
 pretty_assertions^11.4.1up to date
 tempfile^33.19.0up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-search-services

Dependencies

(10 total, 1 possibly insecure)

CrateRequiredLatestStatus
 dill^0.110.11.0up to date
 async-trait^0.10.1.87up to date
 futures^0.30.3.31up to date
 itertools^0.140.14.0up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date
 tracing^0.10.1.41up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-task-system-services

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 mockall^0.130.13.1up to date
 tempfile^33.19.0up to date
 test-log^0.20.2.17up to date

Crate kamu

Dependencies

(44 total, 7 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 flatbuffers^2425.2.10out of date
 hex^0.40.4.3up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 serde_with^33.12.0up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 flate2^11.1.0up to date
 reqwest^0.120.12.14up to date
 ringbuf^0.30.4.7out of date
 zip^22.2.3up to date
 datafusion^4546.0.0out of date
 object_store^0.110.12.0out of date
 sha3^0.100.10.8up to date
 aws-credential-types^11.2.2up to date
 http^11.3.1up to date
 async-recursion^11.1.1up to date
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 bytes^11.10.1up to date
 cfg-if^11.0.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dashmap^66.1.0up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 glob^0.30.3.2up to date
 itertools^0.140.14.0up to date
 rand^0.80.9.0out of date
 regex ⚠️^11.11.1maybe insecure
 tempfile^33.19.0up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date
 alloy^0.90.12.5out of date
 bon^33.4.0up to date
 curl^0.40.4.47up to date
 curl-sys^0.40.4.80+curl-8.12.1up to date
 datafusion-ethers^4545.0.0up to date
 datafusion-functions-json^0.450.46.0out of date
 rumqttc^0.240.24.0up to date
 mockall^0.130.13.1up to date
 oop^0.0.20.0.2up to date
 lazy_static^11.5.0up to date

Dev dependencies

(13 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bon^33.4.0up to date
 criterion^0.50.5.1up to date
 datafusion^4546.0.0out of date
 filetime^0.20.2.25up to date
 fs_extra^1.31.3.0up to date
 indoc^22.0.6up to date
 mockall^0.130.13.1up to date
 nanoid^0.4.00.4.0up to date
 pretty_assertions^11.4.1up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 testing_logger^0.10.1.1up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-ingest-datafusion

Dependencies

(15 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 datafusion^4546.0.0out of date
 geo-types^0.70.7.15up to date
 geojson^0.240.24.2up to date
 glob^0.30.3.2up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 shapefile^0.60.6.0up to date
 walkdir^22.5.0up to date
 zip^22.2.3up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 futures^0.30.3.31up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(8 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 rand^0.80.9.0out of date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tempfile^33.19.0up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-flow-system-repo-tests

Dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date

Crate kamu-flow-system-inmem

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tracing^0.10.1.41up to date
 async-stream^0.3.60.3.6up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-flow-system-postgres

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-flow-system-sqlite

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-accounts-repo-tests

Dependencies

(6 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 argon2^0.50.5.3up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 password-hash^0.50.5.0up to date
 uuid^11.15.1up to date
 rand^0.80.9.0out of date

Crate kamu-accounts-inmem

Dependencies

(5 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 uuid^11.15.1up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-accounts-mysql

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-accounts-postgres

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-accounts-sqlite

Dependencies

(8 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-datasets-inmem

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 uuid^11.15.1up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-datasets-postgres

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-datasets-sqlite

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 uuid^11.15.1up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-search-openai

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-openai^0.280.28.0up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 tracing^0.10.1.41up to date
 secrecy^0.100.10.3up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-search-qdrant

Dependencies

(8 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 qdrant-client^1.13.01.13.0up to date
 rand^0.80.9.0out of date
 serde_json^11.0.140up to date
 tokio ⚠️^11.44.1maybe insecure
 tonic ⚠️^0.120.12.3maybe insecure

Crate kamu-task-system-repo-tests

Dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date

Crate kamu-task-system-inmem

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-task-system-postgres

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-task-system-sqlite

Dependencies

(7 total, 2 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 serde_json^11.0.140up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-log^0.20.2.17up to date
 test-group^11.0.1up to date

Crate kamu-auth-rebac-inmem

Dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 tokio ⚠️^11.44.1maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-auth-rebac-repo-tests

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 dill^0.110.11.0up to date
 pretty_assertions^11.4.1up to date

Crate kamu-auth-rebac-postgres

Dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-auth-rebac-sqlite

Dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-messaging-outbox-repo-tests

Dependencies

(6 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.40maybe insecure
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 rand^0.80.9.0out of date
 serde^11.0.219up to date
 serde_json^11.0.140up to date

Crate kamu-messaging-outbox-inmem

Dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-messaging-outbox-postgres

Dependencies

(5 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-messaging-outbox-sqlite

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stream^0.30.3.6up to date
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 indoc^22.0.6up to date
 sqlx ⚠️^0.80.8.3maybe insecure

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Crate kamu-adapter-auth-oso-rebac

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 oso^0.270.27.3up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 test-log^0.20.2.17up to date

Crate kamu-adapter-flight-sql

Dependencies

(18 total, 2 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 arrow-flight^5454.2.1up to date
 async-trait^0.10.1.87up to date
 base32^0.50.5.1up to date
 base64^0.220.22.1up to date
 bytes^11.10.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 datafusion^4546.0.0out of date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 http^11.3.1up to date
 like^0.30.3.1up to date
 prost^0.130.13.5up to date
 rand^0.80.9.0out of date
 tokio ⚠️^11.44.1maybe insecure
 tonic ⚠️^0.120.12.3maybe insecure
 tower^0.50.5.2up to date
 tracing^0.10.1.41up to date
 uuid^11.15.1up to date

Dev dependencies

(5 total, 1 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 mockall^0.130.13.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date

Crate kamu-adapter-graphql

Dependencies

(13 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 async-graphql^77.0.15up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 datafusion^4546.0.0out of date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 secrecy^0.100.10.3up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tokio ⚠️^11.44.1maybe insecure
 tracing^0.10.1.41up to date
 url^22.5.4up to date
 uuid^11.15.1up to date

Dev dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 tempfile^33.19.0up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-adapter-http

Dependencies

(34 total, 2 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 aws-sdk-s3^11.79.0up to date
 axum^0.80.8.1up to date
 axum-extra^0.100.10.0up to date
 async-trait^0.10.1.87up to date
 base64^0.220.22.1up to date
 bytes^11.10.1up to date
 canonical_json^0.5.00.5.0up to date
 chrono ⚠️^0.40.4.40maybe insecure
 datafusion^4546.0.0out of date
 dill^0.110.11.0up to date
 ed25519-dalek^22.1.1up to date
 flate2^11.1.0up to date
 futures^0.30.3.31up to date
 headers^0.40.4.0up to date
 http^11.3.1up to date
 indoc^22.0.6up to date
 reqwest^0.120.12.14up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 serde_with^33.12.0up to date
 strum^0.260.27.1out of date
 tar ⚠️^0.40.4.44maybe insecure
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tokio-util^0.70.7.14up to date
 tokio-tungstenite^0.260.26.2up to date
 tower^0.50.5.2up to date
 tracing^0.10.1.41up to date
 url^22.5.4up to date
 utoipa^55.3.1up to date
 utoipa-axum^0.20.2.0up to date
 uuid^11.15.1up to date
 http-body-util^0.10.1.3up to date

Dev dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 fs_extra^1.31.3.0up to date
 paste^11.0.15up to date
 pretty_assertions^11.4.1up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tempfile^33.19.0up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tower-http^0.60.6.2up to date
 rand^0.80.9.0out of date
 mockall^0.130.13.1up to date

Crate kamu-adapter-oauth

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 dill^0.110.11.0up to date
 http^11.3.1up to date
 reqwest^0.120.12.14up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 thiserror^22.0.12up to date

Crate kamu-adapter-odata

Dependencies

(11 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.87up to date
 axum^0.80.8.1up to date
 chrono ⚠️^0.40.4.40maybe insecure
 datafusion^4546.0.0out of date
 datafusion-odata^4545.0.0up to date
 dill^0.110.11.0up to date
 futures^0.30.3.31up to date
 http^11.3.1up to date
 tracing^0.10.1.41up to date
 utoipa^55.3.1up to date
 utoipa-axum^0.20.2.0up to date

Dev dependencies

(9 total, 1 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 pretty_assertions^11.4.1up to date
 reqwest^0.120.12.14up to date
 tempfile^33.19.0up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure
 tower-http^0.60.6.2up to date
 url^22.5.4up to date

Crate kamu-cli

Dependencies

(64 total, 2 outdated, 5 possibly insecure)

CrateRequiredLatestStatus
 chrono-humanize^0.20.2.3up to date
 clap^44.5.32up to date
 clap_complete^44.5.46up to date
 console^0.150.15.11up to date
 ctrlc^33.4.5up to date
 humansize^22.1.3up to date
 indicatif^0.170.17.11up to date
 minus^55.6.1up to date
 num-format^0.40.4.4up to date
 prettytable-rs^0.100.10.0up to date
 read_input^0.80.8.6up to date
 webbrowser^11.0.4up to date
 arrow-flight^5454.2.1up to date
 async-graphql^77.0.15up to date
 async-graphql-axum^77.0.15up to date
 axum^0.80.8.1up to date
 http^11.3.1up to date
 reqwest^0.120.12.14up to date
 serde_json^11.0.140up to date
 tonic ⚠️^0.120.12.3maybe insecure
 tower^0.50.5.2up to date
 tower-http^0.60.6.2up to date
 utoipa^55.3.1up to date
 utoipa-axum^0.20.2.0up to date
 rust-embed^88.6.0up to date
 mime^0.30.3.17up to date
 mime_guess^22.0.5up to date
 duration-string^0.50.5.2up to date
 merge^0.10.1.0up to date
 serde^11.0.219up to date
 serde_with^33.12.0up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 prometheus^0.130.13.4up to date
 tracing^0.10.1.41up to date
 tracing-appender^0.20.2.3up to date
 tracing-subscriber^0.30.3.19up to date
 tracing-log^0.20.2.0up to date
 tracing-bunyan-formatter^0.30.3.10up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 cfg-if^11.0.0up to date
 datafusion^4546.0.0out of date
 dill^0.110.11.0up to date
 dirs^66.0.0up to date
 fs_extra^1.31.3.0up to date
 futures^0.30.3.31up to date
 glob^0.30.3.2up to date
 hex^0.40.4.3up to date
 indoc^22.0.6up to date
 itertools^0.140.14.0up to date
 libc^0.20.2.171up to date
 regex ⚠️^11.11.1maybe insecure
 secrecy^0.100.10.3up to date
 shlex ⚠️^11.3.0maybe insecure
 tempfile^33.19.0up to date
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-stream^0.10.1.17up to date
 tokio-util^0.70.7.14up to date
 url^22.5.4up to date
 urlencoding^22.1.3up to date
 whoami^1.51.5.2up to date
 lazy_static^11.5.0up to date
 strum^0.260.27.1out of date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 pretty_assertions^11.4.1up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 vergen^89.0.4out of date

Crate kamu-cli-e2e-common

Dependencies

(17 total, 1 outdated, 4 possibly insecure)

CrateRequiredLatestStatus
 async-graphql^77.0.15up to date
 async-trait^0.10.1.87up to date
 chrono ⚠️^0.40.4.40maybe insecure
 convert_case^0.70.8.0out of date
 indoc^22.0.6up to date
 lazy_static^11.5.0up to date
 pretty_assertions^11.4.1up to date
 regex ⚠️^11.11.1maybe insecure
 reqwest^0.120.12.14up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 serde_urlencoded^0.70.7.1up to date
 serde_yaml^0.90.9.34+deprecatedup to date
 sqlx ⚠️^0.80.8.3maybe insecure
 thiserror^22.0.12up to date
 tokio ⚠️^11.44.1maybe insecure
 tokio-retry^0.30.3.0up to date

Crate kamu-cli-e2e-common-macros

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 quote^11.0.40up to date
 syn^22.0.100up to date

Crate kamu-cli-e2e-repo-tests

Dependencies

(10 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 regex ⚠️^11.11.1maybe insecure
 chrono ⚠️^0.40.4.40maybe insecure
 indoc^22.0.6up to date
 paste^11.0.15up to date
 pretty_assertions^11.4.1up to date
 reqwest^0.120.12.14up to date
 serde_json^11.0.140up to date
 tempfile^33.19.0up to date
 url^22.5.4up to date
 datafusion^4546.0.0out of date

Crate kamu-cli-e2e-inmem

Dev dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-cli-e2e-postgres

Dev dependencies

(5 total, 2 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-cli-e2e-mysql

Dev dependencies

(5 total, 2 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Crate kamu-cli-e2e-sqlite

Dev dependencies

(5 total, 2 possibly insecure)

CrateRequiredLatestStatus
 indoc^22.0.6up to date
 sqlx ⚠️^0.80.8.3maybe insecure
 test-group^11.0.1up to date
 test-log^0.20.2.17up to date
 tokio ⚠️^11.44.1maybe insecure

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

tar: Links in archive can create arbitrary directories

RUSTSEC-2021-0080

When unpacking a tarball that contains a symlink the tar crate may create directories outside of the directory it's supposed to unpack into.

The function errors when it's trying to create a file, but the folders are already created at this point.

use std::{io, io::Result};
use tar::{Archive, Builder, EntryType, Header};

fn main() -> Result<()> {
    let mut buf = Vec::new();

    {
        let mut builder = Builder::new(&mut buf);

        // symlink: parent -> ..
        let mut header = Header::new_gnu();
        header.set_path("symlink")?;
        header.set_link_name("..")?;
        header.set_entry_type(EntryType::Symlink);
        header.set_size(0);
        header.set_cksum();
        builder.append(&header, io::empty())?;

        // file: symlink/exploit/foo/bar
        let mut header = Header::new_gnu();
        header.set_path("symlink/exploit/foo/bar")?;
        header.set_size(0);
        header.set_cksum();
        builder.append(&header, io::empty())?;

        builder.finish()?;
    };

    Archive::new(&*buf).unpack("demo")
}

This has been fixed in https://github.com/alexcrichton/tar-rs/pull/259 and is published as tar 0.4.36. Thanks to Martin Michaelis (@mgjm) for discovering and reporting this, and Nikhil Benesch (@benesch) for the fix!

regex: Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0013

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

Overview

The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.

Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.

Affected versions

All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5.

Mitigations

We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the regex crate.

Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.

Acknowledgements

We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.

We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

shlex: Multiple issues involving quote API

RUSTSEC-2024-0006

Issue 1: Failure to quote characters

Affected versions of this crate allowed the bytes { and \xa0 to appear unquoted and unescaped in command arguments.

If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments.

This does not directly allow arbitrary command execution (you can't inject a command substitution or similar). But depending on the command you're running, being able to inject multiple arguments where only one is expected could lead to undesired consequences, potentially including arbitrary command execution.

The flaw was corrected in version 1.2.1 by escaping additional characters. Updating to 1.3.0 is recommended, but 1.2.1 offers a more minimal fix if desired.

Workaround: Check for the bytes { and \xa0 in quote/join input or output.

(Note: { is problematic because it is used for glob expansion. \xa0 is problematic because it's treated as a word separator in specific environments.)

Issue 2: Dangerous API w.r.t. nul bytes

Version 1.3.0 deprecates the quote and join APIs in favor of try_quote and try_join, which behave the same except that they have Result return type, returning Err if the input contains nul bytes.

Strings containing nul bytes generally cannot be used in Unix command arguments or environment variables, and most shells cannot handle nul bytes even internally. If you try to pass one anyway, then the results might be security-sensitive in uncommon scenarios. More details here.

Due to the low severity, the behavior of the original quote and join APIs has not changed; they continue to allow nuls.

Workaround: Manually check for nul bytes in quote/join input or output.

Issue 3: Lack of documentation for interactive shell risks

The quote family of functions does not and cannot escape control characters. With non-interactive shells this is perfectly safe, as control characters have no special effect. But if you writing directly to the standard input of an interactive shell (or through a pty), then control characters can cause misbehavior including arbitrary command injection.

This is essentially unfixable, and has not been patched. But as of version 1.3.0, documentation has been added.

Future versions of shlex may add API variants that avoid the issue at the cost of reduced portability.

sqlx: Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

RUSTSEC-2024-0363

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:

SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
(Archive link for posterity.)

Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data.

It appears SQLx does perform truncating casts in a way that could be problematic, for example: https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163

This code has existed essentially since the beginning, so it is reasonable to assume that all published versions <= 0.8.0 are affected.

Mitigation

As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.

Encode::size_hint() can be used for sanity checks, but do not assume that the size returned is accurate. For example, the Json<T> and Text<T> adapters have no reasonable way to predict or estimate the final encoded size, so they just return size_of::<T>() instead.

For web application backends, consider adding some middleware that limits the size of request bodies by default.

Resolution

sqlx 0.8.1 has been released with the fix: https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md#081---2024-08-23

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: https://github.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.

tonic: Remotely exploitable Denial of Service in Tonic

RUSTSEC-2024-0376

Impact

When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit.

More information can be found here

Patches

Upgrading to tonic 0.12.3 and above contains the fix.

Workarounds

A custom accept loop is a possible workaround.