Deps.rs

meilisearch / MeiliSearch

[![dependency status](https://deps.rs/repo/github/meilisearch/MeiliSearch/status.svg)](https://deps.rs/repo/github/meilisearch/MeiliSearch)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate meilisearch-http

Dependencies

(49 total, 4 outdated, 3 insecure)

CrateRequiredLatestStatus
 actix-http=3.0.0-beta.62.2.0insecure
 actix-service^2.0.02.0.0up to date
 actix-web=4.0.0-beta.63.3.2insecure
 anyhow^1.0.361.0.42up to date
 async-stream^0.3.00.3.2up to date
 async-trait^0.1.420.1.51up to date
 arc-swap^1.2.01.3.0up to date
 byte-unit^4.0.94.0.12up to date
 bytes^0.6.01.0.1out of date
 chrono^0.4.190.4.19up to date
 crossbeam-channel^0.5.00.5.1up to date
 either^1.6.11.6.1up to date
 env_logger^0.8.20.9.0out of date
 flate2^1.0.191.0.20up to date
 fst^0.4.50.4.7up to date
 futures^0.3.70.3.16up to date
 futures-util^0.3.80.3.16up to date
 http^0.2.10.2.4up to date
 indexmap^1.3.21.7.0up to date
 itertools^0.10.00.10.1up to date
 log^0.4.80.4.14up to date
 main_error^0.1.00.1.1up to date
 memmap^0.7.00.7.0insecure
 mime^0.3.160.3.16up to date
 num_cpus^1.13.01.13.0up to date
 once_cell^1.5.21.8.0up to date
 parking_lot^0.11.10.11.1up to date
 rand^0.7.30.8.4out of date
 rayon^1.5.01.5.1up to date
 regex^1.4.21.5.4up to date
 rustls^0.190.19.1up to date
 serde^1.01.0.127up to date
 serde_json^1.0.591.0.66up to date
 sha2^0.9.10.9.5up to date
 siphasher^0.3.20.3.6up to date
 slice-group-by^0.2.60.2.6up to date
 structopt^0.3.200.3.22up to date
 tar^0.4.290.4.35up to date
 tempfile^3.1.03.2.0up to date
 thiserror^1.0.241.0.26up to date
 tokio^11.9.0up to date
 uuid^0.8.20.8.2up to date
 walkdir^2.3.22.3.2up to date
 obkv^0.2.00.2.0up to date
 pin-project^1.0.71.0.8up to date
 whoami^1.1.21.1.2up to date
 reqwest^0.11.30.11.4up to date
 serdeval^0.1.00.1.0up to date
 sentry^0.22.00.23.0out of date

Dev dependencies

(6 total, 2 outdated, 1 insecure)

CrateRequiredLatestStatus
 actix-rt^2.1.02.2.0up to date
 mockall^0.9.10.10.2out of date
 paste^1.0.51.0.5up to date
 serde_url_params^0.2.10.2.1up to date
 tempdir^0.3.70.3.7insecure
 urlencoding^1.1.12.1.0out of date

Build dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow*1.0.42up to date
 cargo_toml^0.9.00.9.2up to date
 hex^0.4.30.4.3up to date
 reqwest^0.11.30.11.4up to date
 sha-1^0.9.40.9.7up to date
 tempfile^3.1.03.2.0up to date
 vergen^5.1.135.1.15up to date
 zip^0.5.120.5.13up to date

Crate meilisearch-error

Dependencies

(1 total, 1 insecure)

CrateRequiredLatestStatus
 actix-http=3.0.0-beta.62.2.0insecure

Security Vulnerabilities

tempdir: `tempdir` crate has been deprecated; use `tempfile` instead

RUSTSEC-2018-0017

The tempdir crate has been deprecated and the functionality is merged into tempfile.

actix-web: Multiple memory safety issues

RUSTSEC-2018-0019

Affected versions contain multiple memory safety issues, such as:

  • Unsoundly coercing immutable references to mutable references
  • Unsoundly extending lifetimes of strings
  • Adding the Send marker trait to objects that cannot be safely sent between threads

This may result in a variety of memory corruption scenarios, most likely use-after-free.

A signficant refactoring effort has been conducted to resolve these issues.

actix-http: Use-after-free in BodyStream due to lack of pinning

RUSTSEC-2020-0048

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free.

The flaw was corrected by making the trait MessageBody require Unpin and making poll_next() function accept Pin<&mut Self> instead of &mut self.

memmap: memmap is unmaintained

RUSTSEC-2020-0077

The author of the memmap crate is unresponsive.

Maintained alternatives: