This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate libp2p

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 atomic^0.5.00.5.0up to date
 bytes^11.1.0up to date
 futures^0.3.10.3.17up to date
 lazy_static^1.21.4.0up to date
 multiaddr^0.13.0-rc.10.13.0up to date
 parking_lot^0.11.00.11.2up to date
 pin-project^1.0.01.0.8up to date
 smallvec^1.6.11.7.0up to date
 wasm-timer^0.2.40.2.5up to date

Dev dependencies

(5 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 async-trait^0.10.1.51up to date
 env_logger^0.9.00.9.0up to date
 structopt^0.3.210.3.25up to date
 tokio ⚠️^1.0.11.12.0maybe insecure

Crate libp2p-core

Dependencies

(23 total, 3 outdated)

CrateRequiredLatestStatus
 asn1_der^0.7.40.7.5up to date
 bs58^0.4.00.4.0up to date
 ed25519-dalek^1.0.11.0.1up to date
 either^1.51.6.1up to date
 fnv^1.01.0.7up to date
 futures^0.3.10.3.17up to date
 futures-timer^33.0.2up to date
 lazy_static^1.21.4.0up to date
 libsecp256k1^0.6.00.7.0out of date
 log^0.40.4.14up to date
 multiaddr^0.13.00.13.0up to date
 multihash^0.140.15.0out of date
 parking_lot^0.11.00.11.2up to date
 pin-project^1.0.01.0.8up to date
 prost^0.90.9.0up to date
 rand^0.70.8.4out of date
 rw-stream-sink^0.2.00.2.1up to date
 sha2^0.9.10.9.8up to date
 smallvec^1.6.11.7.0up to date
 thiserror^1.01.0.30up to date
 unsigned-varint^0.70.7.0up to date
 void^11.0.2up to date
 zeroize^11.4.2up to date

Dev dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 base64^0.13.00.13.0up to date
 criterion^0.30.3.5up to date
 multihash^0.140.15.0out of date
 quickcheck^0.9.01.0.3out of date
 wasm-timer^0.20.2.5up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-floodsub

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 cuckoofilter^0.5.00.5.0up to date
 fnv^1.01.0.7up to date
 futures^0.3.10.3.17up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.7.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-gossipsub

Dependencies

(15 total, 1 outdated)

CrateRequiredLatestStatus
 bytes^1.01.1.0up to date
 byteorder^1.3.41.4.3up to date
 fnv^1.0.71.0.7up to date
 futures^0.3.50.3.17up to date
 rand^0.7.30.8.4out of date
 asynchronous-codec^0.60.6.0up to date
 wasm-timer^0.2.40.2.5up to date
 unsigned-varint^0.7.00.7.0up to date
 log^0.4.110.4.14up to date
 sha2^0.9.10.9.8up to date
 base64^0.13.00.13.0up to date
 smallvec^1.6.11.7.0up to date
 prost^0.90.9.0up to date
 hex_fmt^0.3.00.3.0up to date
 regex^1.4.01.5.4up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.31.10.0up to date
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.21.0.3out of date
 hex^0.4.20.4.3up to date
 derive_builder^0.10.00.10.2up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-identify

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 log^0.4.10.4.14up to date
 lru^0.60.7.0out of date
 prost^0.90.9.0up to date
 smallvec^1.6.11.7.0up to date
 wasm-timer^0.20.2.5up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.90.9.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-kad

Dependencies

(15 total, 2 outdated)

CrateRequiredLatestStatus
 arrayvec^0.5.10.7.1out of date
 bytes^11.1.0up to date
 either^1.51.6.1up to date
 fnv^1.01.0.7up to date
 asynchronous-codec^0.60.6.0up to date
 futures^0.3.10.3.17up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.7.20.8.4out of date
 sha2^0.9.10.9.8up to date
 smallvec^1.6.11.7.0up to date
 wasm-timer^0.20.2.5up to date
 uint^0.90.9.1up to date
 unsigned-varint^0.70.7.0up to date
 void^1.01.0.2up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 futures-timer^3.03.0.2up to date
 quickcheck^0.9.01.0.3out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-metrics

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 open-metrics-client^0.12.00.12.0up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.8.10.9.0out of date
 futures^0.3.10.3.17up to date
 tide^0.160.16.0up to date

Crate libp2p-mplex

Dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.3.10.3.17up to date
 asynchronous-codec^0.60.6.0up to date
 log^0.40.4.14up to date
 nohash-hasher^0.20.2.0up to date
 parking_lot^0.110.11.2up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.7.0up to date
 unsigned-varint^0.70.7.0up to date

Dev dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.7.01.10.0up to date
 criterion^0.30.3.5up to date
 env_logger^0.90.9.0up to date
 futures^0.30.3.17up to date
 quickcheck^0.91.0.3out of date
 rand^0.70.8.4out of date

Crate libp2p-noise

Dependencies

(11 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 curve25519-dalek^3.0.03.2.0up to date
 futures^0.3.10.3.17up to date
 lazy_static^1.21.4.0up to date
 log^0.40.4.14up to date
 prost^0.90.9.0up to date
 rand^0.8.30.8.4up to date
 sha2^0.9.10.9.8up to date
 static_assertions^11.1.0up to date
 x25519-dalek^1.1.01.2.0up to date
 zeroize^11.4.2up to date

Dev dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 async-io^1.2.01.6.0up to date
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.01.0.3out of date
 sodiumoxide^0.2.50.2.7up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-ping

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 log^0.4.10.4.14up to date
 rand^0.7.20.8.4out of date
 void^1.01.0.2up to date
 wasm-timer^0.20.2.5up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 quickcheck^0.9.01.0.3out of date

Crate libp2p-plaintext

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.3.10.3.17up to date
 asynchronous-codec^0.60.6.0up to date
 log^0.4.80.4.14up to date
 prost^0.90.9.0up to date
 unsigned-varint^0.70.7.0up to date
 void^1.0.21.0.2up to date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 quickcheck^0.9.01.0.3out of date
 rand^0.70.8.4out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-pnet

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 log^0.4.80.4.14up to date
 salsa20^0.90.9.0up to date
 sha3^0.90.9.1up to date
 rand^0.70.8.4out of date
 pin-project^1.0.21.0.8up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 quickcheck^0.9.01.0.3out of date

Crate libp2p-relay

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 asynchronous-codec^0.60.6.0up to date
 bytes^11.1.0up to date
 futures^0.3.10.3.17up to date
 futures-timer^33.0.2up to date
 log^0.40.4.14up to date
 pin-project^11.0.8up to date
 prost^0.90.9.0up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.7.0up to date
 unsigned-varint^0.70.7.0up to date
 void^11.0.2up to date
 wasm-timer^0.20.2.5up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 env_logger^0.9.00.9.0up to date
 structopt^0.3.210.3.25up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-rendezvous

Dependencies

(11 total, all up-to-date)

CrateRequiredLatestStatus
 asynchronous-codec^0.60.6.0up to date
 prost^0.90.9.0up to date
 void^11.0.2up to date
 log^0.40.4.14up to date
 futures^0.30.3.17up to date
 thiserror^11.0.30up to date
 unsigned-varint^0.70.7.0up to date
 bimap^0.6.10.6.1up to date
 sha2^0.90.9.8up to date
 rand^0.80.8.4up to date
 wasm-timer^0.20.2.5up to date

Dev dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.51up to date
 env_logger^0.80.9.0out of date
 rand^0.80.8.4up to date
 tokio ⚠️^11.12.0maybe insecure

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prost-build^0.90.9.0up to date

Crate libp2p-request-response

Dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 async-trait^0.10.1.51up to date
 bytes^11.1.0up to date
 futures^0.3.10.3.17up to date
 log^0.4.110.4.14up to date
 lru^0.70.7.0up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.7.0up to date
 unsigned-varint^0.70.7.0up to date
 wasm-timer^0.20.2.5up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.9.00.9.0up to date
 rand^0.70.8.4out of date

Crate libp2p-swarm

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 either^1.6.01.6.1up to date
 futures^0.3.10.3.17up to date
 log^0.40.4.14up to date
 rand^0.70.8.4out of date
 smallvec^1.6.11.7.0up to date
 wasm-timer^0.20.2.5up to date
 void^11.0.2up to date

Dev dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 quickcheck^0.9.01.0.3out of date
 rand^0.7.20.8.4out of date

Crate libp2p-swarm-derive

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 syn^1.0.81.0.80up to date
 quote^1.01.0.10up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date

Crate libp2p-uds

No external dependencies! 🙌

Crate libp2p-wasm-ext

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 js-sys^0.3.500.3.55up to date
 parity-send-wrapper^0.1.00.1.0up to date
 wasm-bindgen^0.2.420.2.78up to date
 wasm-bindgen-futures^0.4.40.4.28up to date

Crate libp2p-yamux

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 parking_lot^0.110.11.2up to date
 thiserror^1.01.0.30up to date
 yamux^0.9.00.9.0up to date

Crate multistream-select

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.1.0up to date
 futures^0.30.3.17up to date
 log^0.40.4.14up to date
 pin-project^1.0.01.0.8up to date
 smallvec^1.6.11.7.0up to date
 unsigned-varint^0.70.7.0up to date

Dev dependencies

(5 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 env_logger^0.90.9.0up to date
 quickcheck^0.9.01.0.3out of date
 rand^0.7.20.8.4out of date
 rw-stream-sink^0.2.10.2.1up to date

Crate peer-id-generator

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 num_cpus^1.81.13.0up to date

Crate libp2p-mdns

Dependencies

(11 total, all up-to-date)

CrateRequiredLatestStatus
 async-io^1.3.11.6.0up to date
 data-encoding^2.3.22.3.2up to date
 dns-parser^0.8.00.8.0up to date
 futures^0.3.130.3.17up to date
 if-watch^0.2.00.2.2up to date
 lazy_static^1.4.01.4.0up to date
 log^0.4.140.4.14up to date
 rand^0.8.30.8.4up to date
 smallvec^1.6.11.7.0up to date
 socket2^0.4.00.4.2up to date
 void^1.0.21.0.2up to date

Dev dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-std^1.9.01.10.0up to date
 tokio ⚠️^1.2.01.12.0maybe insecure

Crate libp2p-deflate

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.3.10.3.17up to date
 flate2^1.01.0.22up to date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 async-std^1.6.21.10.0up to date
 quickcheck^0.91.0.3out of date
 rand^0.70.8.4out of date

Crate libp2p-dns

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.4.10.4.14up to date
 futures^0.3.10.3.17up to date
 trust-dns-resolver^0.200.20.3up to date
 async-std-resolver^0.200.20.3up to date
 smallvec^1.6.11.7.0up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 env_logger^0.90.9.0up to date
 tokio ⚠️^1.01.12.0maybe insecure
 async-std^1.61.10.0up to date

Crate libp2p-tcp

Dependencies

(10 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-io^1.2.01.6.0up to date
 futures^0.3.80.3.17up to date
 futures-timer^3.03.0.2up to date
 if-watch^0.2.00.2.2up to date
 if-addrs^0.6.40.6.6up to date
 ipnet^2.0.02.3.1up to date
 libc^0.2.800.2.104up to date
 log^0.4.110.4.14up to date
 socket2^0.4.00.4.2up to date
 tokio ⚠️^1.0.11.12.0maybe insecure

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-std^1.6.51.10.0up to date
 tokio ⚠️^1.0.11.12.0maybe insecure
 env_logger^0.9.00.9.0up to date

Crate libp2p-websocket

Dependencies

(9 total, 2 outdated)

CrateRequiredLatestStatus
 futures-rustls^0.210.22.0out of date
 either^1.5.31.6.1up to date
 futures^0.3.10.3.17up to date
 log^0.4.80.4.14up to date
 quicksink^0.10.1.2up to date
 rw-stream-sink^0.2.00.2.1up to date
 soketto^0.7.00.7.0up to date
 url^2.12.2.2up to date
 webpki-roots^0.210.22.1out of date

Security Vulnerabilities

tokio: Task dropped in wrong thread when aborting `LocalSet` task

RUSTSEC-2021-0072

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.