This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate libp2p

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 atomic^0.5.00.5.1up to date
 bytes^11.1.0up to date
 futures^0.3.10.3.19up to date
 futures-timer^3.0.23.0.2up to date
 getrandom^0.2.30.2.4up to date
 instant^0.1.110.1.12up to date
 lazy_static^1.21.4.0up to date
 multiaddr^0.13.00.13.0up to date
 parking_lot^0.11.00.11.2up to date
 pin-project^1.0.01.0.10up to date
 rand^0.7.30.8.4out of date
 smallvec^1.6.11.8.0up to date

Dev dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 async-trait^0.10.1.52up to date
 env_logger^0.9.00.9.0up to date
 structopt^0.3.210.3.26up to date
 tokio^1.151.15.0up to date

Crate libp2p-autonat

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 async-trait^0.10.1.52up to date
 futures^0.30.3.19up to date
 futures-timer^3.03.0.2up to date
 instant^0.10.1.12up to date
 log^0.40.4.14up to date
 rand^0.80.8.4up to date
 prost^0.90.9.0up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.101.10.0up to date
 env_logger^0.90.9.0up to date
 structopt^0.30.3.26up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-core

Dependencies

(26 total, 1 outdated)

CrateRequiredLatestStatus
 asn1_der^0.7.40.7.5up to date
 bs58^0.4.00.4.0up to date
 ed25519-dalek^1.0.11.0.1up to date
 either^1.51.6.1up to date
 fnv^1.01.0.7up to date
 futures^0.3.10.3.19up to date
 futures-timer^33.0.2up to date
 instant^0.1.110.1.12up to date
 lazy_static^1.21.4.0up to date
 libsecp256k1^0.7.00.7.0up to date
 log^0.40.4.14up to date
 multiaddr^0.13.00.13.0up to date
 multihash^0.140.15.0out of date
 p256^0.10.00.10.1up to date
 parking_lot^0.11.00.11.2up to date
 pin-project^1.0.01.0.10up to date
 prost^0.90.9.0up to date
 rand^0.80.8.4up to date
 rw-stream-sink^0.2.00.2.1up to date
 sha2^0.10.00.10.1up to date
 smallvec^1.6.11.8.0up to date
 thiserror^1.01.0.30up to date
 unsigned-varint^0.70.7.1up to date
 void^11.0.2up to date
 zeroize^11.5.0up to date
 serde^11.0.136up to date

Dev dependencies

(8 total, 3 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 base64^0.13.00.13.0up to date
 criterion^0.30.3.5up to date
 serde_json^1.01.0.78up to date
 rmp-serde^1.01.0.0up to date
 multihash^0.140.15.0out of date
 quickcheck^0.9.01.0.3out of date
 rand^0.70.8.4out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-floodsub

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 cuckoofilter^0.5.00.5.0up to date
 fnv^1.01.0.7up to date
 futures^0.3.10.3.19up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.8.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-gossipsub

Dependencies

(19 total, 1 outdated)

CrateRequiredLatestStatus
 bytes^1.01.1.0up to date
 byteorder^1.3.41.4.3up to date
 fnv^1.0.71.0.7up to date
 futures^0.3.50.3.19up to date
 rand^0.7.30.8.4out of date
 asynchronous-codec^0.60.6.0up to date
 unsigned-varint^0.7.00.7.1up to date
 log^0.4.110.4.14up to date
 sha2^0.10.00.10.1up to date
 base64^0.13.00.13.0up to date
 smallvec^1.6.11.8.0up to date
 prost^0.90.9.0up to date
 hex_fmt^0.3.00.3.0up to date
 regex^1.4.01.5.4up to date
 futures-timer^3.0.23.0.2up to date
 pin-project^1.0.81.0.10up to date
 instant^0.1.110.1.12up to date
 serde^11.0.136up to date
 open-metrics-client^0.14.00.14.0up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.31.10.0up to date
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.21.0.3out of date
 hex^0.4.20.4.3up to date
 derive_builder^0.10.00.10.2up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-identify

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 futures-timer^3.0.23.0.2up to date
 log^0.4.10.4.14up to date
 lru^0.7.20.7.2up to date
 prost^0.90.9.0up to date
 smallvec^1.6.11.8.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.90.9.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-kad

Dependencies

(18 total, 2 outdated)

CrateRequiredLatestStatus
 arrayvec^0.5.10.7.2out of date
 bytes^11.1.0up to date
 either^1.51.6.1up to date
 fnv^1.01.0.7up to date
 asynchronous-codec^0.60.6.0up to date
 futures^0.3.10.3.19up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.7.20.8.4out of date
 sha2^0.10.00.10.1up to date
 smallvec^1.6.11.8.0up to date
 uint^0.90.9.1up to date
 unsigned-varint^0.70.7.1up to date
 void^1.01.0.2up to date
 futures-timer^3.0.23.0.2up to date
 instant^0.1.110.1.12up to date
 serde^1.01.0.136up to date
 thiserror^11.0.30up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 futures-timer^3.03.0.2up to date
 quickcheck^0.9.01.0.3out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-metrics

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 open-metrics-client^0.14.00.14.0up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.8.10.9.0out of date
 futures^0.3.10.3.19up to date
 tide^0.160.16.0up to date

Crate libp2p-mplex

Dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.3.10.3.19up to date
 asynchronous-codec^0.60.6.0up to date
 log^0.40.4.14up to date
 nohash-hasher^0.20.2.0up to date
 parking_lot^0.110.11.2up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.8.0up to date
 unsigned-varint^0.70.7.1up to date

Dev dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.7.01.10.0up to date
 criterion^0.30.3.5up to date
 env_logger^0.90.9.0up to date
 futures^0.30.3.19up to date
 quickcheck^0.91.0.3out of date
 rand^0.70.8.4out of date

Crate libp2p-noise

Dependencies

(11 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 curve25519-dalek^3.0.03.2.0up to date
 futures^0.3.10.3.19up to date
 lazy_static^1.21.4.0up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.8.30.8.4up to date
 sha2^0.10.00.10.1up to date
 static_assertions^11.1.0up to date
 x25519-dalek^1.1.01.2.0up to date
 zeroize^11.5.0up to date

Dev dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 async-io^1.2.01.6.0up to date
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.01.0.3out of date
 sodiumoxide^0.2.50.2.7up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-ping

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 futures-timer^3.0.23.0.2up to date
 instant^0.1.110.1.12up to date
 log^0.4.10.4.14up to date
 rand^0.7.20.8.4out of date
 void^1.01.0.2up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 quickcheck^0.9.01.0.3out of date

Crate libp2p-plaintext

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.3.10.3.19up to date
 asynchronous-codec^0.60.6.0up to date
 log^0.4.80.4.14up to date
 prost^0.90.9.0up to date
 unsigned-varint^0.70.7.1up to date
 void^1.0.21.0.2up to date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.01.0.3out of date
 rand^0.70.8.4out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-pnet

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 log^0.4.80.4.14up to date
 salsa20^0.90.9.0up to date
 sha3^0.100.10.0up to date
 rand^0.70.8.4out of date
 pin-project^1.0.21.0.10up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 quickcheck^0.9.01.0.3out of date

Crate libp2p-relay

Dependencies

(15 total, all up-to-date)

CrateRequiredLatestStatus
 asynchronous-codec^0.60.6.0up to date
 bytes^11.1.0up to date
 either^1.6.01.6.1up to date
 futures^0.3.10.3.19up to date
 futures-timer^33.0.2up to date
 instant^0.1.110.1.12up to date
 log^0.40.4.14up to date
 pin-project^11.0.10up to date
 prost^0.90.9.0up to date
 rand^0.8.40.8.4up to date
 smallvec^1.6.11.8.0up to date
 static_assertions^11.1.0up to date
 thiserror^1.01.0.30up to date
 unsigned-varint^0.70.7.1up to date
 void^11.0.2up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 quickcheck^11.0.3up to date
 structopt^0.3.210.3.26up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-rendezvous

Dependencies

(12 total, all up-to-date)

CrateRequiredLatestStatus
 asynchronous-codec^0.60.6.0up to date
 prost^0.90.9.0up to date
 void^11.0.2up to date
 log^0.40.4.14up to date
 futures^0.30.3.19up to date
 thiserror^11.0.30up to date
 unsigned-varint^0.70.7.1up to date
 bimap^0.6.10.6.2up to date
 sha2^0.100.10.1up to date
 rand^0.80.8.4up to date
 futures-timer^3.0.23.0.2up to date
 instant^0.1.110.1.12up to date

Dev dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 async-trait^0.10.1.52up to date
 env_logger^0.80.9.0out of date
 rand^0.80.8.4up to date
 tokio^1.151.15.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-request-response

Dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 async-trait^0.10.1.52up to date
 bytes^11.1.0up to date
 futures^0.3.10.3.19up to date
 instant^0.1.110.1.12up to date
 log^0.4.110.4.14up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.8.0up to date
 unsigned-varint^0.70.7.1up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.9.00.9.0up to date
 rand^0.70.8.4out of date

Crate libp2p-swarm

Dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 either^1.6.01.6.1up to date
 futures^0.3.10.3.19up to date
 log^0.40.4.14up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.8.0up to date
 void^11.0.2up to date
 futures-timer^3.0.23.0.2up to date
 instant^0.1.110.1.12up to date

Dev dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 quickcheck^0.9.01.0.3out of date
 rand^0.7.20.8.4out of date

Crate libp2p-swarm-derive

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 syn^1.0.81.0.86up to date
 quote^1.01.0.15up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 either^1.6.01.6.1up to date
 futures^0.3.10.3.19up to date

Crate libp2p-uds

No external dependencies! 🙌

Crate libp2p-wasm-ext

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 js-sys^0.3.500.3.56up to date
 parity-send-wrapper^0.1.00.1.0up to date
 wasm-bindgen^0.2.420.2.79up to date
 wasm-bindgen-futures^0.4.40.4.29up to date

Crate libp2p-yamux

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 parking_lot^0.110.11.2up to date
 thiserror^1.01.0.30up to date
 yamux^0.10.00.10.0up to date

Crate multistream-select

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.30.3.19up to date
 log^0.40.4.14up to date
 pin-project^1.0.01.0.10up to date
 smallvec^1.6.11.8.0up to date
 unsigned-varint^0.70.7.1up to date

Dev dependencies

(5 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.90.9.0up to date
 quickcheck^0.9.01.0.3out of date
 rand^0.7.20.8.4out of date
 rw-stream-sink^0.2.10.2.1up to date

Crate peer-id-generator

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 num_cpus^1.81.13.1up to date

Crate libp2p-mdns

Dependencies

(11 total, all up-to-date)

CrateRequiredLatestStatus
 async-io^1.3.11.6.0up to date
 data-encoding^2.3.22.3.2up to date
 dns-parser^0.8.00.8.0up to date
 futures^0.3.130.3.19up to date
 if-watch^1.0.01.0.0up to date
 lazy_static^1.4.01.4.0up to date
 log^0.4.140.4.14up to date
 rand^0.8.30.8.4up to date
 smallvec^1.6.11.8.0up to date
 socket2^0.4.00.4.3up to date
 void^1.0.21.0.2up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.9.01.10.0up to date
 env_logger^0.9.00.9.0up to date
 tokio^1.151.15.0up to date

Crate libp2p-deflate

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.19up to date
 flate2^1.01.0.22up to date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 quickcheck^0.91.0.3out of date
 rand^0.70.8.4out of date

Crate libp2p-dns

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.4.10.4.14up to date
 futures^0.3.10.3.19up to date
 trust-dns-resolver^0.200.20.3up to date
 async-std-resolver^0.200.20.3up to date
 smallvec^1.6.11.8.0up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 env_logger^0.90.9.0up to date
 tokio ⚠️^1.01.15.0maybe insecure
 async-std^1.61.10.0up to date

Crate libp2p-tcp

Dependencies

(10 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-io^1.2.01.6.0up to date
 futures^0.3.80.3.19up to date
 futures-timer^3.03.0.2up to date
 if-watch^1.0.01.0.0up to date
 if-addrs^0.7.00.7.0up to date
 ipnet^2.0.02.3.1up to date
 libc^0.2.800.2.114up to date
 log^0.4.110.4.14up to date
 socket2^0.4.00.4.3up to date
 tokio ⚠️^1.0.11.15.0maybe insecure

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-std^1.6.51.10.0up to date
 tokio ⚠️^1.0.11.15.0maybe insecure
 env_logger^0.9.00.9.0up to date

Crate libp2p-websocket

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 futures-rustls^0.220.22.0up to date
 either^1.5.31.6.1up to date
 futures^0.3.10.3.19up to date
 log^0.4.80.4.14up to date
 quicksink^0.10.1.2up to date
 rw-stream-sink^0.2.00.2.1up to date
 soketto^0.7.00.7.1up to date
 url^2.12.2.2up to date
 webpki-roots^0.220.22.2up to date

Security Vulnerabilities

tokio: Data race when sending and receiving after closing a `oneshot` channel

RUSTSEC-2021-0124

If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.

When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.

Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.

See tokio#4225 for more details.