This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate vello

No external dependencies! 🙌

Crate vello_encoding

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 guillotiere^0.6.20.6.2up to date

Crate vello_shaders

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 naga^26.0.026.0.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 naga^26.0.026.0.0up to date

Crate vello_tests

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 nv-flip^0.1.20.1.2up to date

Crate xtask

No external dependencies! 🙌

Crate headless

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 env_logger^0.11.80.11.8up to date

Crate run_wasm

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cargo-run-wasm^0.4.00.4.0up to date

Crate scenes

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 roxmltree^0.20.00.20.0up to date
 getrandom^0.3.30.3.3up to date

Crate simple

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.981.0.99up to date
 pollster^0.4.00.4.0up to date
 winit^0.30.100.30.12up to date

Crate with_winit

Dependencies

(14 total, 2 outdated)

CrateRequiredLatestStatus
 tracing^0.1.410.1.41up to date
 env_logger^0.11.80.11.8up to date
 notify-debouncer-full^0.5.00.6.0out of date
 android_logger^0.15.00.15.1up to date
 tracing_android_trace^0.1.10.1.1up to date
 tracing-subscriber^0.3.190.3.20up to date
 profiling^1.0.161.0.17up to date
 jni^0.21.10.21.1up to date
 console_error_panic_hook^0.1.70.1.7up to date
 console_log^1.0.01.0.0up to date
 wasm-bindgen-futures^0.4.500.4.53up to date
 web-sys^0.3.770.3.80up to date
 wasm-bindgen=0.2.1000.2.103out of date
 getrandom^0.3.30.3.3up to date

Crate vello_api

No external dependencies! 🙌

Crate vello_bench

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 parley^0.5.00.5.0up to date

Crate vello_common

Dependencies

(3 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 hashbrown ⚠️^0.150.16.0out of date
 roxmltree^0.20.00.20.0up to date
 libm^0.2.150.2.15up to date

Crate vello_cpu

No external dependencies! 🙌

Crate wasm_cpu

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 console_error_panic_hook^0.1.70.1.7up to date
 console_log^1.01.0.0up to date
 js-sys^0.3.770.3.80up to date
 wasm-bindgen^0.2.1000.2.103up to date
 wasm-bindgen-futures^0.4.500.4.53up to date
 web-sys^0.3.770.3.80up to date
 parley^0.5.00.5.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.3.500.3.53up to date

Crate vello_hybrid

Dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 guillotiere^0.6.20.6.2up to date
 hashbrown ⚠️^0.150.16.0out of date
 js-sys^0.3.770.3.80up to date
 web-sys^0.3.770.3.80up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 roxmltree^0.20.00.20.0up to date

Crate vello_sparse_shaders

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 naga^26.0.026.0.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 naga^26.0.026.0.0up to date

Crate native_webgl

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 console_error_panic_hook^0.1.70.1.7up to date
 console_log^1.01.0.0up to date
 js-sys^0.3.770.3.80up to date
 wasm-bindgen^0.2.1000.2.103up to date
 wasm-bindgen-futures^0.4.500.4.53up to date
 web-sys^0.3.770.3.80up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.3.500.3.53up to date

Crate vello_hybrid_scenes

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 parley^0.5.00.5.0up to date

Crate wgpu_webgl

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 console_error_panic_hook^0.1.70.1.7up to date
 console_log^1.01.0.0up to date
 js-sys^0.3.770.3.80up to date
 wasm-bindgen^0.2.1000.2.103up to date
 wasm-bindgen-futures^0.4.500.4.53up to date
 web-sys^0.3.770.3.80up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.3.500.3.53up to date

Crate vello_hybrid_winit

No external dependencies! 🙌

Crate vello_toy

No external dependencies! 🙌

Crate vello_dev_macros

No external dependencies! 🙌

Crate vello_sparse_tests

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.3.500.3.53up to date
 web-sys^0.3.770.3.80up to date
 wasm-bindgen^0.2.1000.2.103up to date
 wasm-bindgen-futures^0.4.500.4.53up to date
 wasmparser^0.235.00.239.0out of date

Crate vello_filters_cpu

No external dependencies! 🙌

Security Vulnerabilities

hashbrown: Borsh serialization of HashMap is non-canonical

RUSTSEC-2024-0402

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be considered distinct.

This was patched in 0.15.1.