This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate meilisearch

Dependencies

(62 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-cors^0.7.00.7.0up to date
 actix-http^3.8.03.9.0up to date
 actix-utils^3.0.13.0.1up to date
 actix-web^4.8.04.9.0up to date
 anyhow^1.0.861.0.95up to date
 async-trait^0.1.810.1.83up to date
 bstr^1.9.11.11.1up to date
 byte-unit^5.1.45.1.6up to date
 bytes^1.6.01.9.0up to date
 clap^4.5.94.5.23up to date
 crossbeam-channel^0.5.130.5.14up to date
 deserr^0.6.20.6.3up to date
 either^1.13.01.13.0up to date
 flate2^1.0.301.0.35up to date
 fst^0.4.70.4.7up to date
 futures^0.3.300.3.31up to date
 futures-util^0.3.300.3.31up to date
 indexmap^2.2.62.7.0up to date
 is-terminal^0.4.120.4.13up to date
 itertools^0.13.00.13.0up to date
 jsonwebtoken^9.3.09.3.0up to date
 lazy_static^1.5.01.5.0up to date
 mimalloc^0.1.430.1.43up to date
 mime^0.3.170.3.17up to date
 num_cpus^1.16.01.16.0up to date
 obkv^0.3.00.3.0up to date
 once_cell^1.19.01.20.2up to date
 ordered-float^4.2.14.6.0up to date
 parking_lot^0.12.30.12.3up to date
 pin-project-lite^0.2.140.2.15up to date
 platform-dirs^0.3.00.3.0up to date
 prometheus^0.13.40.13.4up to date
 rand^0.8.50.8.5up to date
 rayon^1.10.01.10.0up to date
 regex^1.10.51.11.1up to date
 reqwest^0.12.50.12.9up to date
 rustls ⚠️^0.23.110.23.20maybe insecure
 rustls-pki-types^1.7.01.10.1up to date
 rustls-pemfile^2.1.22.2.0up to date
 segment^0.2.40.2.4up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 sha2^0.10.80.10.8up to date
 siphasher^1.0.11.0.1up to date
 slice-group-by^0.3.10.3.1up to date
 static-files^0.2.40.2.4up to date
 sysinfo^0.30.130.33.0out of date
 tar^0.4.410.4.43up to date
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 tokio^1.38.01.42.0up to date
 toml^0.8.140.8.19up to date
 uuid^1.10.01.11.0up to date
 serde_urlencoded^0.7.10.7.1up to date
 termcolor^1.4.11.4.1up to date
 url^2.5.22.5.4up to date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.19up to date
 tracing-actix-web^0.7.110.7.15up to date
 roaring^0.10.70.10.9up to date
 mopa-maintained^0.2.30.2.3up to date

Dev dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 actix-rt^2.10.02.10.0up to date
 brotli^6.0.07.0.0out of date
 insta^1.39.01.41.1up to date
 manifest-dir-macros^0.1.180.1.18up to date
 maplit^1.0.21.0.2up to date
 temp-env^0.3.60.3.6up to date
 urlencoding^2.1.32.1.3up to date
 wiremock^0.6.00.6.2up to date
 yaup^0.3.10.3.1up to date

Build dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 cargo_toml^0.20.30.21.0out of date
 hex^0.4.30.4.3up to date
 reqwest^0.12.50.12.9up to date
 sha-1^0.10.10.10.1up to date
 static-files^0.2.40.2.4up to date
 tempfile^3.10.13.14.0up to date
 zip^2.1.32.2.2up to date

Crate meilitool

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 clap^4.5.94.5.23up to date
 indexmap^2.7.02.7.0up to date
 serde^1.0.2091.0.216up to date
 serde_json^1.0.1331.0.134up to date
 tempfile^3.14.03.14.0up to date
 time^0.3.360.3.37up to date
 uuid^1.10.01.11.0up to date

Crate meilisearch-types

Dependencies

(23 total, 1 outdated)

CrateRequiredLatestStatus
 actix-web^4.8.04.9.0up to date
 anyhow^1.0.861.0.95up to date
 bumpalo^3.16.03.16.0up to date
 convert_case^0.6.00.6.0up to date
 csv^1.3.01.3.1up to date
 deserr^0.6.20.6.3up to date
 either^1.13.01.13.0up to date
 enum-iterator^2.1.02.1.0up to date
 flate2^1.0.301.0.35up to date
 fst^0.4.70.4.7up to date
 memmap2^0.9.40.9.5up to date
 bumparaw-collections^0.1.20.1.4up to date
 roaring^0.10.70.10.9up to date
 rustc-hash^2.1.02.1.0up to date
 serde^1.0.2041.0.216up to date
 serde-cs^0.2.40.2.4up to date
 serde_json^1.0.1201.0.134up to date
 tar^0.4.410.4.43up to date
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 tokio^1.381.42.0up to date
 uuid^1.10.01.11.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 insta^1.39.01.41.1up to date

Crate meilisearch-auth

Dependencies

(12 total, 1 outdated)

CrateRequiredLatestStatus
 base64^0.22.10.22.1up to date
 enum-iterator^2.1.02.1.0up to date
 hmac^0.12.10.12.1up to date
 maplit^1.0.21.0.2up to date
 rand^0.8.50.8.5up to date
 roaring^0.10.70.10.9up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 sha2^0.10.80.10.8up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 uuid^1.10.01.11.0up to date

Crate meili-snap

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 insta=1.39.01.41.1out of date
 md5^0.7.00.7.0up to date
 once_cell^1.191.20.2up to date

Crate index-scheduler

Dependencies

(22 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 bincode^1.3.31.3.3up to date
 bumpalo^3.16.03.16.0up to date
 bumparaw-collections^0.1.20.1.4up to date
 convert_case^0.6.00.6.0up to date
 csv^1.3.01.3.1up to date
 derive_builder^0.20.00.20.2up to date
 enum-iterator^2.1.02.1.0up to date
 flate2^1.0.301.0.35up to date
 memmap2^0.9.40.9.5up to date
 page_size^0.6.00.6.0up to date
 rayon^1.10.01.10.0up to date
 roaring^0.10.70.10.9up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 synchronoise^1.0.11.0.1up to date
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 tracing^0.1.400.1.41up to date
 ureq^2.10.02.12.1up to date
 uuid^1.10.01.11.0up to date

Dev dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 arroy^0.5.00.5.0up to date
 big_s^1.0.21.0.2up to date
 crossbeam-channel^0.5.130.5.14up to date
 insta^1.39.01.41.1up to date
 maplit^1.0.21.0.2up to date

Crate dump

Dependencies

(14 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 flate2^1.0.301.0.35up to date
 http^1.1.01.2.0up to date
 once_cell^1.19.01.20.2up to date
 regex^1.10.51.11.1up to date
 roaring^0.10.70.10.9up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 tar^0.4.410.4.43up to date
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 tracing^0.1.400.1.41up to date
 uuid^1.10.01.11.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 big_s^1.0.21.0.2up to date
 maplit^1.0.21.0.2up to date

Crate file-store

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 tracing^0.1.400.1.41up to date
 uuid^1.10.01.11.0up to date

Crate permissive-json-pointer

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.134up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 big_s^1.01.0.2up to date

Crate milli

Dependencies

(58 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 big_s^1.0.21.0.2up to date
 bimap^0.6.30.6.3up to date
 bincode^1.3.31.3.3up to date
 bstr^1.9.11.11.1up to date
 bytemuck^1.18.01.21.0up to date
 byteorder^1.5.01.5.0up to date
 charabia^0.9.20.9.2up to date
 concat-arrays^0.1.20.1.2up to date
 crossbeam-channel^0.5.130.5.14up to date
 deserr^0.6.20.6.3up to date
 either^1.13.01.13.0up to date
 fst^0.4.70.4.7up to date
 fxhash^0.2.10.2.1up to date
 geoutils^0.5.10.5.1up to date
 grenad^0.5.00.5.0up to date
 heed^0.20.30.21.0out of date
 indexmap^2.2.62.7.0up to date
 levenshtein_automata^0.2.10.2.1up to date
 memchr^2.5.02.7.4up to date
 memmap2^0.9.40.9.5up to date
 obkv^0.3.00.3.0up to date
 once_cell^1.19.01.20.2up to date
 ordered-float^4.2.14.6.0up to date
 rayon^1.10.01.10.0up to date
 roaring^0.10.70.10.9up to date
 rstar^0.12.00.12.2up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 slice-group-by^0.3.10.3.1up to date
 smallstr^0.3.00.3.0up to date
 smallvec^1.13.21.13.2up to date
 smartstring^1.0.11.0.1up to date
 tempfile^3.10.13.14.0up to date
 thiserror^1.0.612.0.9out of date
 time^0.3.360.3.37up to date
 uuid^1.10.01.11.0up to date
 itertools^0.13.00.13.0up to date
 csv^1.3.01.3.1up to date
 candle-core^0.6.00.8.1out of date
 candle-transformers^0.6.00.8.1out of date
 candle-nn^0.6.00.8.1out of date
 tiktoken-rs^0.5.90.6.0out of date
 liquid^0.26.60.26.9up to date
 arroy^0.5.00.5.0up to date
 rand^0.8.50.8.5up to date
 tracing^0.1.400.1.41up to date
 ureq^2.10.02.12.1up to date
 url^2.5.22.5.4up to date
 rayon-par-bridge^0.1.00.1.0up to date
 hashbrown ⚠️^0.15.00.15.2maybe insecure
 bumpalo^3.16.03.16.0up to date
 bumparaw-collections^0.1.20.1.4up to date
 thread_local^1.1.81.1.8up to date
 allocator-api2^0.2.180.2.21up to date
 rustc-hash^2.0.02.1.0up to date
 uell^0.1.00.1.0up to date
 enum-iterator^2.1.02.1.0up to date
 flume^0.11.10.11.1up to date

Dev dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 mimalloc^0.1.430.1.43up to date
 insta^1.39.01.41.1up to date
 maplit^1.0.21.0.2up to date
 md5^0.7.00.7.0up to date
 rand^0.8.50.8.5up to date

Crate filter-parser

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 nom^7.1.37.1.3up to date
 nom_locate^4.2.04.2.0up to date
 unescaper^0.1.50.1.5up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 insta^1.39.01.41.1up to date

Crate flatten-serde-json

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.134up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date

Crate json-depth-checker

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.134up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date

Crate benchmarks

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 bumpalo^3.16.03.16.0up to date
 csv^1.3.01.3.1up to date
 memmap2^0.9.50.9.5up to date
 mimalloc^0.1.430.1.43up to date
 serde_json^1.0.1201.0.134up to date
 tempfile^3.14.03.14.0up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date
 rand^0.8.50.8.5up to date
 rand_chacha^0.3.10.3.1up to date
 roaring^0.10.70.10.9up to date

Build dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 bytes^1.6.01.9.0up to date
 convert_case^0.6.00.6.0up to date
 flate2^1.0.301.0.35up to date
 reqwest^0.12.50.12.9up to date

Crate fuzzers

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 arbitrary^1.3.21.4.1up to date
 bumpalo^3.16.03.16.0up to date
 clap^4.5.94.5.23up to date
 either^1.13.01.13.0up to date
 fastrand^2.1.02.3.0up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 tempfile^3.10.13.14.0up to date

Crate tracing-trace

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 color-spantrace^0.2.10.2.1up to date
 fxprof-processed-profile^0.7.00.7.0up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 tracing^0.1.400.1.41up to date
 tracing-error^0.2.00.2.1up to date
 tracing-subscriber^0.3.180.3.19up to date
 byte-unit^5.1.45.1.6up to date
 tokio^1.38.01.42.0up to date

Crate xtask

Dependencies

(15 total, 2 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 cargo_metadata^0.18.10.19.1out of date
 clap^4.5.94.5.23up to date
 futures-core^0.3.300.3.31up to date
 futures-util^0.3.300.3.31up to date
 reqwest^0.12.50.12.9up to date
 serde^1.0.2041.0.216up to date
 serde_json^1.0.1201.0.134up to date
 sha2^0.10.80.10.8up to date
 sysinfo^0.30.130.33.0out of date
 time^0.3.360.3.37up to date
 tokio^1.38.01.42.0up to date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.19up to date
 uuid^1.10.01.11.0up to date

Crate build-info

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 time^0.3.360.3.37up to date

Build dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.861.0.95up to date
 vergen-git2^1.0.01.0.2up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.

hashbrown: Borsh serialization of HashMap is non-canonical

RUSTSEC-2024-0402

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be considered distinct.

This was patched in 0.15.1.