This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate diem-config
Dependencies (7 total, 3 outdated)
Crate generate-key
Dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Crate diem-global-constants
No external dependencies! 🙌
Crate diem-management
Dependencies (7 total, 3 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date serde ^1.0.124
1.0.219
up to date serde_yaml ^0.8.17
0.9.34+deprecated
out of date structopt ^0.3.21
0.3.26
up to date thiserror ^1.0.37
2.0.12
out of date toml ^0.5.8
0.8.23
out of date
Crate diem-genesis-tool
Dependencies (6 total, 3 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date rand ^0.8.3
0.9.1
out of date serde ^1.0.124
1.0.219
up to date structopt ^0.3.21
0.3.26
up to date thiserror ^1.0.37
2.0.12
out of date toml ^0.5.8
0.8.23
out of date
Crate diem-network-address-encryption
Dependencies (3 total, 2 outdated)
Crate Required Latest Status base64 ^0.13.0
0.22.1
out of date serde ^1.0.124
1.0.219
up to date thiserror ^1.0.37
2.0.12
out of date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Crate diem-operational-tool
Dependencies (14 total, 6 outdated, 1 possibly insecure)
Crate seed-peer-generator
Dependencies (6 total, 3 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date rand ^0.8.3
0.9.1
out of date serde_yaml ^0.8.17
0.9.34+deprecated
out of date structopt ^0.3.21
0.3.26
up to date thiserror ^1.0.37
2.0.12
out of date
Crate consensus
Dependencies (18 total, 6 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date tempfile ^3.2.0
3.20.0
up to date
Crate consensus-types
Dependencies (5 total, 1 outdated)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date serde_json ^1.0.64
1.0.140
up to date
Crate safety-rules
Dependencies (7 total, 3 outdated)
Dev dependencies (3 total, 1 outdated)
Crate bounded-executor
Dependencies (2 total, 1 possibly insecure)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Dev dependencies (1 total, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate channel
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date futures ^0.3.12
0.3.31
up to date
Dev dependencies (1 total, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate crash-handler
Dependencies (3 total, 1 outdated)
Crate Required Latest Status backtrace ^0.3.56
0.3.75
up to date toml ^0.5.8
0.8.23
out of date serde ^1.0.124
1.0.219
up to date
Crate debug-interface
Dependencies (5 total, 1 outdated, 2 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date bytes ^1.0.1
1.10.1
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure reqwest ^0.11.2
0.12.22
out of date warp ⚠️ ^0.3.0
0.3.7
maybe insecure
Crate diem
Dependencies (14 total, 4 outdated, 1 possibly insecure)
Crate diem-assets-proof
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date serde ^1.0.124
1.0.219
up to date serde_json ^1.0.64
1.0.140
up to date structopt ^0.3.21
0.3.26
up to date
Crate diem-bitvec
Dependencies (4 total, 1 outdated)
Dev dependencies (2 total, 1 outdated)
Crate diem-client
Dependencies (12 total, 3 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date tempfile ^3.2.0
3.20.0
up to date
Crate diem-crypto
Dependencies (22 total, 9 outdated)
Dev dependencies (9 total, 5 outdated)
Crate diem-crypto-derive
Dependencies (3 total, 1 outdated)
Crate Required Latest Status syn ^1.0.64
2.0.104
out of date quote ^1.0.9
1.0.40
up to date proc-macro2 ^1.0.24
1.0.95
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate diem-documentation-tool
Dependencies (5 total, 1 outdated)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.124
1.0.219
up to date tempfile ^3.2.0
3.20.0
up to date
Crate diem-faucet
Dependencies (8 total, 2 outdated, 2 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date rand ^0.8.3
0.9.1
out of date reqwest ^0.11.2
0.12.22
out of date serde ^1.0.124
1.0.219
up to date structopt ^0.3.21
0.3.26
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure warp ⚠️ ^0.3.0
0.3.7
maybe insecure
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.64
1.0.140
up to date tempfile ^3.2.0
3.20.0
up to date
Crate diem-infallible
No external dependencies! 🙌
Crate diem-json-rpc-client
Dependencies (2 total, 1 outdated)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date rand ^0.8.3
0.9.1
out of date
Crate diem-log-derive
Dependencies (3 total, 1 outdated)
Crate Required Latest Status syn ^1.0.64
2.0.104
out of date quote ^1.0.9
1.0.40
up to date proc-macro2 ^1.0.24
1.0.95
up to date
Crate diem-logger
Dependencies (10 total, 4 outdated, 1 possibly insecure)
Crate diem-metrics
Dependencies (7 total, 2 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate diem-metrics-core
Dependencies (1 total, 1 outdated)
Crate Required Latest Status prometheus ^0.12.0
0.14.0
out of date
Crate diem-proptest-helpers
Dependencies (3 total, 1 outdated)
Crate diem-rate-limiter
Dependencies (4 total, 1 possibly insecure)
Crate diem-retrier
Dependencies (1 total, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate diem-temppath
Dependencies (2 total, 1 outdated)
Crate Required Latest Status hex ^0.4.3
0.4.3
up to date rand ^0.8.3
0.9.1
out of date
Crate diem-time-service
Dependencies (5 total, 1 outdated, 1 possibly insecure)
Dev dependencies (4 total, 1 possibly insecure)
Crate diem-workspace-hack
Dependencies (52 total, 19 outdated)
Build dependencies (56 total, 22 outdated)
Crate fallible
Dependencies (1 total, 1 outdated)
Crate Required Latest Status thiserror ^1.0.37
2.0.12
out of date
Crate num-variants
Dependencies (3 total, 1 outdated)
Crate Required Latest Status syn ^1.0.64
2.0.104
out of date quote ^1.0.9
1.0.40
up to date proc-macro2 ^1.0.24
1.0.95
up to date
Crate proxy
Dependencies (1 total, all up-to-date)
Crate Required Latest Status ipnet ^2.3
2.11.0
up to date
Crate short-hex-str
Dependencies (4 total, 1 outdated)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status hex ^0.4.3
0.4.3
up to date proptest ^1.0.0
1.7.0
up to date
Crate subscription-service
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate swiss-knife
Dependencies (5 total, 1 outdated)
Crate Required Latest Status structopt ^0.3.21
0.3.26
up to date rand ^0.8.3
0.9.1
out of date hex ^0.4.3
0.4.3
up to date serde_json ^1.0.64
1.0.140
up to date serde ^1.0.124
1.0.219
up to date
Crate x
Dependencies (19 total, 8 outdated, 1 possibly insecure)
Crate x-core
Dependencies (11 total, 6 outdated)
Crate Required Latest Status camino ^1.0.3
1.1.10
up to date determinator ^0.5.1
0.12.0
out of date guppy ^0.10.1
0.17.19
out of date indoc ^1.0.3
2.0.6
out of date hakari ^0.4.1
0.17.8
out of date hex ^0.4.3
0.4.3
up to date log ^0.4.14
0.4.27
up to date toml ^0.5.8
0.8.23
out of date once_cell ^1.7.2
1.21.3
up to date ouroboros ^0.9.2
0.18.5
out of date serde ^1.0.124
1.0.219
up to date
Crate x-lint
Dependencies (6 total, 3 outdated)
Crate Required Latest Status camino ^1.0.3
1.1.10
up to date guppy ^0.10.1
0.17.19
out of date hakari ^0.4.1
0.17.8
out of date once_cell ^1.7.2
1.21.3
up to date toml ^0.5.8
0.8.23
out of date serde ^1.0.124
1.0.219
up to date
Crate diem-node
Dependencies (8 total, 3 outdated, 1 possibly insecure)
Crate db-bootstrapper
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date
Crate execution-correctness
Dependencies (4 total, 2 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date rand ^0.8.3
0.9.1
out of date serde ^1.0.124
1.0.219
up to date thiserror ^1.0.37
2.0.12
out of date
Crate executor
Dependencies (7 total, 2 outdated)
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date rand ^0.8.3
0.9.1
out of date
Crate executor-benchmark
Dependencies (5 total, 3 outdated)
Crate executor-test-helpers
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date rand ^0.8.3
0.9.1
out of date tempfile ^3.2.0
3.20.0
up to date
Crate executor-types
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date serde ^1.0.124
1.0.219
up to date thiserror ^1.0.37
2.0.12
out of date
Crate diem-json-rpc
Dependencies (18 total, 6 outdated, 2 possibly insecure)
Dev dependencies (3 total, 2 outdated)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date reqwest ^0.11.2
0.12.22
out of date rand ^0.8.3
0.9.1
out of date
Crate jsonrpc-integration-tests
Dependencies (4 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date reqwest ^0.11.2
0.12.22
out of date serde_json ^1.0.64
1.0.140
up to date
Crate diem-json-rpc-types
Dependencies (7 total, 2 outdated)
Crate jsonrpc-types-proto
Dependencies (3 total, 1 outdated)
Crate Required Latest Status prost ^0.8.0
0.14.1
out of date serde ^1.0.124
1.0.219
up to date serde_json ^1.0.64
1.0.140
up to date
Build dependencies (1 total, 1 outdated)
Crate Required Latest Status prost-build ^0.8.0
0.14.1
out of date
Crate language-benchmarks
Dependencies (5 total, 1 outdated)
Crate borrow-graph
Dependencies (1 total, all up-to-date)
Crate bytecode-verifier
Dependencies (3 total, 1 outdated)
Crate bytecode-verifier-tests
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status petgraph ^0.5.1
0.8.2
out of date proptest ^1.0.0
1.7.0
up to date
Crate invalid-mutations
Dependencies (1 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date
Crate bytecode-verifier-transactional-tests
Dev dependencies (1 total, 1 outdated)
Crate compiler
Dependencies (3 total, all up-to-date)
Crate bytecode-source-map
Dependencies (3 total, 1 outdated)
Crate ir-to-bytecode
Dependencies (5 total, 3 outdated)
Crate ir-to-bytecode-syntax
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date
Crate diem-framework
Dependencies (8 total, 2 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date clap ^2.33.3
4.5.40
out of date log ^0.4.14
0.4.27
up to date rayon ^1.5.0
1.10.0
up to date sha2 ^0.9.3
0.10.9
out of date walkdir ^2.3.1
2.5.0
up to date once_cell ^1.7.2
1.21.3
up to date smallvec ^1.6.1
1.15.1
up to date
Dev dependencies (3 total, 1 outdated)
Crate diem-framework-releases
Dependencies (3 total, 1 outdated)
Crate df-cli
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date
Dev dependencies (1 total, 1 outdated)
Crate diem-events-fetcher
Dependencies (6 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date reqwest ^0.11.2
0.12.22
out of date structopt ^0.3.21
0.3.26
up to date futures ^0.3.12
0.3.31
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate diem-keygen
Dependencies (3 total, 2 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date sha3 ^0.9.1
0.10.8
out of date hex ^0.4.3
0.4.3
up to date
Crate diem-read-write-set
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate diem-validator-interface
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate diem-e2e-tests-replay
Dependencies (3 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date walkdir ^2.3.1
2.5.0
up to date
Crate move-oncall-trainer
Dependencies (7 total, 4 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date tempfile ^3.2.0
3.20.0
up to date nix ⚠️ ^0.20.0
0.30.1
out of date rand ^0.8.3
0.9.1
out of date rustyline ^8.0.0
16.0.0
out of date gag ^0.1.10
1.0.0
out of date
Crate diem-transaction-replay
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date hex ^0.4.3
0.4.3
up to date difference ^2.0.0
2.0.0
up to date
Crate diem-writeset-generator
Dependencies (7 total, 1 outdated)
Crate diem-transaction-benchmarks
Dependencies (3 total, 1 outdated)
Crate diem-vm
Dependencies (8 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date
Crate mvhashmap
Dependencies (5 total, 1 outdated)
Crate diem-parallel-executor
Dependencies (9 total, 3 outdated)
Crate language-e2e-testsuite
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.64
1.0.140
up to date proptest ^1.0.0
1.7.0
up to date
Crate ir-testsuite
Dev dependencies (2 total, 1 outdated)
Crate move-binary-format
Dependencies (7 total, 1 outdated)
Dev dependencies (3 total, 1 outdated)
Crate serializer-tests
Dev dependencies (2 total, 1 outdated)
Crate move-command-line-common
Dependencies (3 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date difference ^2.0.0
2.0.0
up to date walkdir ^2.3.1
2.5.0
up to date
Crate move-core-types
Dependencies (10 total, 2 outdated)
Dev dependencies (4 total, 1 outdated)
Crate move-ir-types
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date serde ^1.0.124
1.0.219
up to date hex ^0.4.3
0.4.3
up to date once_cell ^1.7.2
1.21.3
up to date
Crate move-lang
Dependencies (10 total, 2 outdated)
Dev dependencies (1 total, 1 outdated)
Crate move-lang-functional-tests
Dev dependencies (4 total, 1 outdated)
Crate move-model
Dependencies (10 total, 4 outdated)
Dev dependencies (1 total, 1 outdated)
Crate move-prover
Dependencies (19 total, 8 outdated, 1 possibly insecure)
Dev dependencies (4 total, 1 outdated)
Crate abigen
Dependencies (4 total, 1 outdated)
Crate Required Latest Status log ^0.4.14
0.4.27
up to date anyhow ^1.0.38
1.0.98
up to date heck ^0.3.2
0.5.0
out of date serde ^1.0.124
1.0.219
up to date
Dev dependencies (3 total, 2 outdated)
Crate boogie-backend
Dependencies (16 total, 5 outdated, 1 possibly insecure)
Crate bytecode
Dependencies (11 total, 4 outdated)
Dev dependencies (2 total, 1 outdated)
Crate docgen
Dependencies (9 total, 3 outdated)
Dev dependencies (2 total, 1 outdated)
Crate errmapgen
Dependencies (3 total, all up-to-date)
Crate Required Latest Status log ^0.4.14
0.4.27
up to date anyhow ^1.0.38
1.0.98
up to date serde ^1.0.124
1.0.219
up to date
Dev dependencies (2 total, 2 outdated)
Crate bytecode-interpreter
Dependencies (6 total, 2 outdated)
Dev dependencies (1 total, 1 outdated)
Crate bytecode-interpreter-crypto
Dependencies (5 total, 2 outdated)
Crate bytecode-interpreter-testsuite
Dev dependencies (2 total, 1 outdated)
Crate prover-lab
Dependencies (13 total, 5 outdated, 1 possibly insecure)
Dev dependencies (1 total, 1 outdated)
Crate prover-mutation
Dependencies (14 total, 6 outdated, 1 possibly insecure)
Dev dependencies (1 total, 1 outdated)
Crate move-prover-test-utils
Dependencies (3 total, 1 outdated)
Crate Required Latest Status prettydiff ^0.4.0
0.8.1
out of date anyhow ^1.0.38
1.0.98
up to date regex ^1.5.5
1.11.1
up to date
Crate move-stdlib
Dependencies (5 total, 2 outdated)
Crate Required Latest Status log ^0.4.14
0.4.27
up to date walkdir ^2.3.1
2.5.0
up to date smallvec ^1.6.1
1.15.1
up to date sha2 ^0.9.3
0.10.9
out of date sha3 ^0.9.1
0.10.8
out of date
Dev dependencies (3 total, all up-to-date)
Crate move-symbol-pool
Dependencies (2 total, all up-to-date)
Crate Required Latest Status once_cell ^1.7.2
1.21.3
up to date serde ^1.0.124
1.0.219
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.64
1.0.140
up to date
Crate move-vm-integration-tests
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date tempfile ^3.2.0
3.20.0
up to date
Crate move-vm-runtime
Dependencies (6 total, 3 outdated)
Dev dependencies (3 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date proptest ^1.0.0
1.7.0
up to date
Crate move-vm-test-utils
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate move-vm-transactional-tests
Dev dependencies (1 total, 1 outdated)
Crate move-vm-types
Dependencies (6 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date
Crate diem-transactional-test-harness
Dependencies (4 total, all up-to-date)
Dev dependencies (1 total, 1 outdated)
Crate language-e2e-tests
Dependencies (8 total, 2 outdated)
Crate functional-tests
Dependencies (12 total, 4 outdated)
Crate module-generation
Dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Crate test-generation
Dependencies (11 total, 4 outdated)
Crate move-transactional-test-runner
Dependencies (7 total, 1 outdated, 1 possibly insecure)
Dev dependencies (2 total, 1 outdated)
Crate diem-resource-viewer
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate disassembler
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date colored ^2.0.0
3.0.0
out of date structopt ^0.3.21
0.3.26
up to date
Crate genesis-viewer
Dependencies (1 total, all up-to-date)
Crate Required Latest Status structopt ^0.3.21
0.3.26
up to date
Crate mirai-dataflow-analysis
Dependencies (6 total, 1 possibly insecure)
Crate move-bytecode-utils
Dependencies (2 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date petgraph ^0.5.1
0.8.2
out of date
Crate move-bytecode-viewer
Dependencies (5 total, 2 outdated)
Crate Required Latest Status structopt ^0.3.21
0.3.26
up to date anyhow ^1.0.38
1.0.98
up to date regex ^1.5.5
1.11.1
up to date termion ^1.5
4.0.5
out of date tui ^0.14.0
0.19.0
out of date
Crate move-cli
Dependencies (9 total, 2 outdated)
Dev dependencies (1 total, 1 outdated)
Crate move-coverage
Dependencies (7 total, 3 outdated)
Crate move-explain
Dependencies (1 total, all up-to-date)
Crate Required Latest Status structopt ^0.3.21
0.3.26
up to date
Crate move-package
Dependencies (10 total, 4 outdated)
Dev dependencies (1 total, 1 outdated)
Crate move-unit-test
Dependencies (5 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date colored ^2.0.0
3.0.0
out of date rayon ^1.5.0
1.10.0
up to date regex ^1.5.5
1.11.1
up to date
Dev dependencies (2 total, 1 outdated)
Crate read-write-set
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate read-write-set-types
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate resource-viewer
Dependencies (4 total, all up-to-date)
Crate Required Latest Status serde ^1.0.124
1.0.219
up to date anyhow ^1.0.38
1.0.98
up to date once_cell ^1.7.2
1.21.3
up to date hex ^0.4.3
0.4.3
up to date
Crate vm-genesis
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date once_cell ^1.7.2
1.21.3
up to date rand ^0.8.3
0.9.1
out of date
Dev dependencies (2 total, 1 outdated)
Crate transaction-builder-generator
Dependencies (6 total, 3 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date heck ^0.3.2
0.5.0
out of date regex ^1.5.5
1.11.1
up to date structopt ^0.3.21
0.3.26
up to date textwrap ^0.13.4
0.16.2
out of date serde_yaml ^0.8.17
0.9.34+deprecated
out of date
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status tempfile ^3.2.0
3.20.0
up to date which ^4.0.2
8.0.0
out of date
Crate diem-mempool
Dependencies (13 total, 3 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate network
Dependencies (20 total, 4 outdated, 1 possibly insecure)
Dev dependencies (6 total, 4 outdated)
Crate network-builder
Dependencies (4 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date rand ^0.8.3
0.9.1
out of date serde ^1.0.124
1.0.219
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate network-discovery
Dependencies (5 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date futures ^0.3.12
0.3.31
up to date once_cell ^1.7.2
1.21.3
up to date serde_yaml ^0.8.17
0.9.34+deprecated
out of date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Crate memsocket
Dependencies (3 total, all up-to-date)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date bytes ^1.0.1
1.10.1
up to date once_cell ^1.7.2
1.21.3
up to date
Crate netcore
Dependencies (7 total, 1 possibly insecure)
Crate Required Latest Status bytes ^1.0.1
1.10.1
up to date futures ^0.3.12
0.3.31
up to date pin-project ^1.0.5
1.1.10
up to date serde ^1.0.124
1.0.219
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure tokio-util ^0.7.2
0.7.15
up to date url ^2.2.1
2.5.4
up to date
Crate socket-bench-server
Dependencies (4 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure tokio-util ^0.7.2
0.7.15
up to date rand ^0.8.3
0.9.1
out of date
Crate diem-sdk
Dependencies (2 total, 1 outdated)
Crate Required Latest Status rand_core ^0.6.2
0.9.3
out of date serde ^1.0.124
1.0.219
up to date
Crate sdk-compatibility
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1
1.0.98
up to date rand ^0.8.3
0.9.1
out of date once_cell ^1.7.2
1.21.3
up to date
Crate offchain
Dependencies (11 total, 6 outdated)
Crate Required Latest Status base64 ^0.13
0.22.1
out of date bech32 ^0.8.0
0.11.0
out of date hex ^0.4.3
0.4.3
up to date rand ^0.8.3
0.9.1
out of date rand_core ^0.6
0.9.3
out of date serde ^1.0.123
1.0.219
up to date serde_json ^1.0.61
1.0.140
up to date serde_repr ^0.1
0.1.20
up to date thiserror ^1.0.37
2.0.12
out of date url ^2.2.2
2.5.4
up to date uuid ^0.8.2
1.17.0
out of date
Dev dependencies (2 total, 2 outdated)
Crate Required Latest Status rand_core ^0.6
0.9.3
out of date rstest ^0.10.0
0.25.0
out of date
Crate diem-transaction-builder
Dependencies (5 total, 1 outdated)
Dev dependencies (2 total, 1 outdated)
Crate diem-key-manager
Dependencies (4 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date once_cell ^1.7.2
1.21.3
up to date serde ^1.0.124
1.0.219
up to date thiserror ^1.0.37
2.0.12
out of date
Dev dependencies (3 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status futures ^0.3.12
0.3.31
up to date rand ^0.8.3
0.9.1
out of date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure
Crate diem-secure-net
Dependencies (3 total, 1 outdated)
Crate Required Latest Status once_cell ^1.7.2
1.21.3
up to date serde ^1.0.124
1.0.219
up to date thiserror ^1.0.37
2.0.12
out of date
Crate diem-secure-push-metrics
Dependencies (1 total, 1 outdated)
Crate Required Latest Status ureq ^1.5.4
3.0.12
out of date
Crate diem-secure-storage
Dependencies (7 total, 3 outdated, 1 possibly insecure)
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Crate diem-github-client
Dependencies (4 total, 2 outdated)
Crate Required Latest Status serde ^1.0.124
1.0.219
up to date serde_json ^1.0.64
1.0.140
up to date thiserror ^1.0.37
2.0.12
out of date ureq ^1.5.4
3.0.12
out of date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status base64 ^0.13.0
0.22.1
out of date
Crate diem-vault-client
Dependencies (9 total, 3 outdated, 1 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date
Crate shuffle-custom-node
Dependencies (5 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date log ^0.4.14
0.4.27
up to date rand ^0.8.3
0.9.1
out of date structopt ^0.3.21
0.3.26
up to date walkdir ^2.3.1
2.5.0
up to date
Crate shuffle-custom-move-code
No external dependencies! 🙌
Crate shuffle-sample-custom-app
Dependencies (5 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date log ^0.4.14
0.4.27
up to date rand ^0.8.3
0.9.1
out of date structopt ^0.3.21
0.3.26
up to date walkdir ^2.3.1
2.5.0
up to date
Crate shuffle-transaction-builder
Dependencies (7 total, 2 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date hex ^0.4.3
0.4.3
up to date once_cell ^1.7.2
1.21.3
up to date thiserror ^1.0
2.0.12
out of date log ^0.4.14
0.4.27
up to date tokio ⚠️ ^1.8.0
1.46.1
maybe insecure parking_lot ^0.11.1
0.12.4
out of date
Dev dependencies (2 total, 1 outdated)
Crate consensus-notifications
Dependencies (5 total, 1 outdated, 1 possibly insecure)
Crate event-notifications
Dependencies (6 total, 2 outdated, 1 possibly insecure)
Crate mempool-notifications
Dependencies (5 total, 1 outdated, 1 possibly insecure)
Crate state-sync-v1
Dependencies (10 total, 4 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status bytes ^1.0.1
1.10.1
up to date proptest ^1.0.0
1.7.0
up to date
Crate state-sync-v2
No external dependencies! 🙌
Crate accumulator
Dependencies (3 total, all up-to-date)
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date proptest ^1.0.0
1.7.0
up to date
Crate backup-cli
Dependencies (20 total, 4 outdated, 1 possibly insecure)
Dev dependencies (2 total, 1 possibly insecure)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date warp ⚠️ ^0.3.0
0.3.7
maybe insecure
Crate backup-service
Dependencies (8 total, 1 outdated, 2 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date bytes ^1.0.1
1.10.1
up to date futures ^0.3.12
0.3.31
up to date hyper ^0.14.20
1.6.0
out of date once_cell ^1.7.2
1.21.3
up to date serde ^1.0.124
1.0.219
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure warp ⚠️ ^0.3.0
0.3.7
maybe insecure
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status reqwest ^0.11.2
0.12.22
out of date
Crate diem-scratchpad
Dependencies (5 total, 2 outdated)
Dev dependencies (4 total, 3 outdated)
Crate Required Latest Status bitvec ^0.19.4
1.0.1
out of date criterion ^0.3.4
0.6.0
out of date rand ^0.8.3
0.9.1
out of date proptest ^1.0.0
1.7.0
up to date
Crate diem-scratchpad-benchmark
Dependencies (5 total, 2 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date itertools ^0.10.0
0.14.0
out of date rand ^0.8.3
0.9.1
out of date rayon ^1.5.0
1.10.0
up to date structopt ^0.3.21
0.3.26
up to date
Crate diemdb
Dependencies (11 total, 4 outdated)
Dev dependencies (3 total, 2 outdated)
Crate diemdb-benchmark
Dependencies (6 total, 3 outdated)
Crate diemsum
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date serde ^1.0.124
1.0.219
up to date serde_json ^1.0.64
1.0.140
up to date
Crate diem-storage-inspector
Dependencies (3 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date structopt ^0.3.21
0.3.26
up to date tempfile ^3.2.0
3.20.0
up to date
Crate diem-jellyfish-merkle
Dependencies (12 total, 5 outdated)
Dev dependencies (3 total, 2 outdated)
Crate schemadb
Dependencies (3 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date once_cell ^1.7.2
1.21.3
up to date rocksdb ^0.19.0
0.23.0
out of date
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status byteorder ^1.4.3
1.5.0
up to date proptest ^1.0.0
1.7.0
up to date
Crate diem-state-view
Dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date
Crate storage-client
Dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date serde ^1.0.124
1.0.219
up to date
Crate storage-interface
Dependencies (5 total, 3 outdated)
Crate storage-service
Dependencies (5 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date tokio ⚠️ ^1.18.2
1.46.1
maybe insecure futures ^0.3.12
0.3.31
up to date rand ^0.8.3
0.9.1
out of date proptest ^1.0.0
1.7.0
up to date
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status itertools ^0.10.0
0.14.0
out of date proptest ^1.0.0
1.7.0
up to date
Crate cli
Dependencies (13 total, 2 outdated, 2 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status proptest ^1.0.0
1.7.0
up to date
Crate diem-wallet
Dependencies (11 total, 5 outdated)
Crate cluster-test
Dependencies (25 total, 12 outdated, 2 possibly insecure)
Crate diem-fuzzer
Dependencies (12 total, 4 outdated)
Dev dependencies (3 total, 1 outdated)
Crate diem-fuzz
Dependencies (2 total, 1 outdated)
Crate diem-swarm
Dependencies (6 total, 3 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date ctrlc ^3.1.8
3.4.7
up to date reqwest ^0.11.2
0.12.22
out of date structopt ^0.3.21
0.3.26
up to date thiserror ^1.0.37
2.0.12
out of date rand ^0.8.3
0.9.1
out of date
Crate forge
Dependencies (25 total, 13 outdated, 3 possibly insecure)
Crate forge-cli
Dependencies (6 total, 2 outdated, 1 possibly insecure)
Crate generate-format
Dependencies (4 total, 2 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date serde ^1.0.124
1.0.219
up to date serde_yaml ^0.8.17
0.9.34+deprecated
out of date structopt ^0.3.21
0.3.26
up to date
Crate smoke-test
Dependencies (4 total, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date proptest ^1.0.0
1.7.0
up to date tokio ⚠️ ^1.8.1
1.46.1
maybe insecure walkdir ^2.3.1
2.5.0
up to date
Dev dependencies (7 total, 3 outdated, 1 possibly insecure)
Crate Required Latest Status base64 ^0.13.0
0.22.1
out of date hex ^0.4.3
0.4.3
up to date once_cell ^1.7.2
1.21.3
up to date rand ^0.8.3
0.9.1
out of date regex ⚠️ ^1.4.3
1.11.1
maybe insecure serde_yaml ^0.8.17
0.9.34+deprecated
out of date futures ^0.3.12
0.3.31
up to date
Crate testcases
Dependencies (3 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date rand ^0.8.3
0.9.1
out of date tokio ⚠️ ^1.8.1
1.46.1
maybe insecure
Crate diem-types
Dependencies (16 total, 5 outdated, 1 possibly insecure)
Dev dependencies (4 total, 1 outdated)
Crate vm-validator
Dependencies (2 total, 1 outdated)
Crate Required Latest Status anyhow ^1.0.38
1.0.98
up to date fail ^0.4.0
0.5.1
out of date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status rand ^0.8.3
0.9.1
out of date
Security Vulnerabilities chrono
: Potential segfault in `localtime_r` invocationsRUSTSEC-2020-0159
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
Workarounds
No workarounds are known.
References
hyper
: Lenient `hyper` header parsing of `Content-Length` could allow request smugglingRUSTSEC-2021-0078
hyper
's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length
headers.
Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error.
To be vulnerable, hyper
must be used as an HTTP/1 server and using an HTTP proxy upstream that ignores the header's contents
but still forwards it. Due to all the factors that must line up, an attack exploiting this vulnerability is unlikely.
hyper
: Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data lossRUSTSEC-2021-0079
When decoding chunk sizes that are too large, hyper
's code would encounter an integer overflow. Depending on the situation,
this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack.
To be vulnerable, you must be using hyper
for any HTTP/1 purpose, including as a client or server, and consumers must send
requests or responses that specify a chunk size greater than 18 exabytes. For a possible request smuggling attack to be possible,
any upstream proxies must accept a chunk size greater than 64 bits.
nix
: Out-of-bounds write in nix::unistd::getgrouplistRUSTSEC-2021-0119
On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist
function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.
The libc getgrouplist
function takes an in/out parameter ngroups
specifying the size of the group buffer. When the buffer is too small to
hold all of the requested user's group memberships, some libc
implementations, including glibc and Solaris libc, will modify ngroups
to indicate the actual number of groups for the user, in addition to
returning an error. The version of nix::unistd::getgrouplist
in nix
0.16.0 and up will resize the buffer to twice its size, but will not
read or modify the ngroups
variable. Thus, if the user has more than
twice as many groups as the initial buffer size of 8, the next call to
getgrouplist
will then write past the end of the buffer.
The issue would require editing /etc/groups to exploit, which is usually
only editable by the root user.
Patched
^0.20.2
^0.21.2
^0.22.2
>=0.23.0
regex
: Regexes with large repetitions on empty sub-expressions take a very long time to parseRUSTSEC-2022-0013
The Rust Security Response WG was notified that the regex
crate did not
properly limit the complexity of the regular expressions (regex) it parses. An
attacker could use this security issue to perform a denial of service, by
sending a specially crafted regex to a service accepting untrusted regexes. No
known vulnerability is present when parsing untrusted input with trusted
regexes.
This issue has been assigned CVE-2022-24713. The severity of this vulnerability
is "high" when the regex
crate is used to parse untrusted regexes. Other uses
of the regex
crate are not affected by this vulnerability.
Overview
The regex
crate features built-in mitigations to prevent denial of service
attacks caused by untrusted regexes, or untrusted input matched by trusted
regexes. Those (tunable) mitigations already provide sane defaults to prevent
attacks. This guarantee is documented and it's considered part of the crate's
API.
Unfortunately a bug was discovered in the mitigations designed to prevent
untrusted regexes to take an arbitrary amount of time during parsing, and it's
possible to craft regexes that bypass such mitigations. This makes it possible
to perform denial of service attacks by sending specially crafted regexes to
services accepting user-controlled, untrusted regexes.
Affected versions
All versions of the regex
crate before or equal to 1.5.4 are affected by this
issue. The fix is include starting from regex
1.5.5.
Mitigations
We recommend everyone accepting user-controlled regexes to upgrade immediately
to the latest version of the regex
crate.
Unfortunately there is no fixed set of problematic regexes, as there are
practically infinite regexes that could be crafted to exploit this
vulnerability. Because of this, we do not recommend denying known problematic
regexes.
Acknowledgements
We want to thank Addison Crump for responsibly disclosing this to us according
to the Rust security policy , and for helping review the fix.
We also want to thank Andrew Gallant for developing the fix, and Pietro Albini
for coordinating the disclosure and writing this advisory.
warp
: Improper validation of Windows paths could lead to directory traversal attackRUSTSEC-2022-0082
Path resolution in warp::filters::fs::dir
didn't correctly validate Windows paths
meaning paths like /foo/bar/c:/windows/web/screen/img101.png
would be allowed
and respond with the contents of c:/windows/web/screen/img101.png
. Thus users
could potentially read files anywhere on the filesystem.
This only impacts Windows. Linux and other unix likes are not impacted by this.
tokio
: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false
.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true
previously.
The default setting of reject_remote_clients is normally true
meaning the default is also overridden as false
.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1