This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate meilisearch-http

Dependencies

(45 total, 3 outdated, 1 insecure, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-web^4.0.0-beta.93.3.2up to date
 anyhow^1.0.431.0.49up to date
 async-stream^0.3.20.3.2up to date
 async-trait^0.1.510.1.51up to date
 arc-swap^1.3.21.5.0up to date
 byte-unit^4.0.124.0.13up to date
 bytes^1.1.01.1.0up to date
 chrono ⚠️^0.4.190.4.19insecure
 crossbeam-channel^0.5.10.5.1up to date
 either^1.6.11.6.1up to date
 env_logger^0.9.00.9.0up to date
 flate2^1.0.211.0.22up to date
 fst^0.4.70.4.7up to date
 futures^0.3.170.3.18up to date
 futures-util^0.3.170.3.18up to date
 http^0.2.40.2.5up to date
 indexmap^1.7.01.7.0up to date
 itertools^0.10.10.10.1up to date
 log^0.4.140.4.14up to date
 mime^0.3.160.3.16up to date
 num_cpus^1.13.01.13.0up to date
 once_cell^1.8.01.8.0up to date
 parking_lot^0.11.20.11.2up to date
 platform-dirs^0.3.00.3.0up to date
 rand^0.8.40.8.4up to date
 rayon^1.5.11.5.1up to date
 regex^1.5.41.5.4up to date
 rustls^0.19.10.20.2out of date
 segment^0.1.20.1.2up to date
 serde^1.0.1301.0.130up to date
 serde_json^1.0.671.0.72up to date
 sha2^0.9.60.9.8up to date
 siphasher^0.3.70.3.7up to date
 slice-group-by^0.2.60.3.0out of date
 structopt^0.3.230.3.25up to date
 tar^0.4.370.4.37up to date
 tempfile^3.2.03.2.0up to date
 thiserror^1.0.281.0.30up to date
 tokio ⚠️^1.11.01.14.0maybe insecure
 uuid^0.8.20.8.2up to date
 walkdir^2.3.22.3.2up to date
 obkv^0.2.00.2.0up to date
 pin-project^1.0.81.0.8up to date
 sysinfo^0.20.20.21.1out of date
 tokio-stream^0.1.70.1.8up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^2.2.02.5.0up to date
 paste^1.0.51.0.6up to date
 serde_url_params^0.2.10.2.1up to date
 urlencoding^2.1.02.1.0up to date

Build dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.431.0.49up to date
 cargo_toml^0.90.10.1out of date
 hex^0.4.30.4.3up to date
 reqwest^0.11.40.11.6up to date
 sha-1^0.9.80.9.8up to date
 tempfile^3.2.03.2.0up to date
 vergen^5.1.155.1.18up to date
 zip^0.5.130.5.13up to date

Crate meilisearch-error

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 actix-http=3.0.0-beta.102.2.1up to date
 serde^1.0.1301.0.130up to date

Crate meilisearch-lib

Dependencies

(45 total, 3 outdated, 1 insecure, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-web^4.0.0-beta.93.3.2up to date
 anyhow^1.0.431.0.49up to date
 async-stream^0.3.20.3.2up to date
 async-trait^0.1.510.1.51up to date
 arc-swap^1.3.21.5.0up to date
 byte-unit^4.0.124.0.13up to date
 bytes^1.1.01.1.0up to date
 chrono ⚠️^0.4.190.4.19insecure
 csv^1.1.61.1.6up to date
 crossbeam-channel^0.5.10.5.1up to date
 either^1.6.11.6.1up to date
 flate2^1.0.211.0.22up to date
 fst^0.4.70.4.7up to date
 futures^0.3.170.3.18up to date
 futures-util^0.3.170.3.18up to date
 http^0.2.40.2.5up to date
 indexmap^1.7.01.7.0up to date
 itertools^0.10.10.10.1up to date
 lazy_static^1.4.01.4.0up to date
 log^0.4.140.4.14up to date
 mime^0.3.160.3.16up to date
 num_cpus^1.13.01.13.0up to date
 once_cell^1.8.01.8.0up to date
 parking_lot^0.11.20.11.2up to date
 rand^0.8.40.8.4up to date
 rayon^1.5.11.5.1up to date
 regex^1.5.41.5.4up to date
 rustls^0.19.10.20.2out of date
 serde^1.0.1301.0.130up to date
 serde_json^1.0.671.0.72up to date
 siphasher^0.3.70.3.7up to date
 slice-group-by^0.2.60.3.0out of date
 structopt^0.3.230.3.25up to date
 tar^0.4.370.4.37up to date
 tempfile^3.2.03.2.0up to date
 thiserror^1.0.281.0.30up to date
 tokio ⚠️^1.11.01.14.0maybe insecure
 uuid^0.8.20.8.2up to date
 walkdir^2.3.22.3.2up to date
 obkv^0.2.00.2.0up to date
 pin-project^1.0.81.0.8up to date
 whoami^1.1.31.2.1up to date
 reqwest^0.11.40.11.6up to date
 sysinfo^0.20.20.21.1out of date
 derivative^2.2.02.2.0up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 actix-rt^2.2.02.5.0up to date
 mockall^0.10.20.10.2up to date
 paste^1.0.51.0.6up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

tokio: Data race when sending and receiving after closing a `oneshot` channel

RUSTSEC-2021-0124

If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.

When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.

Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.

See tokio#4225 for more details.