mozilla / application-services

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `autofill`

Dependencies

(9 total, 2 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2.2`	`2.5.4`	up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
libsqlite3-sys	`^0.31.0`	`0.34.0`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `context_id`

Dependencies

(9 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
chrono ⚠️	`^0.4`	`0.4.41`	maybe insecure
lazy_static	`^1.4`	`1.5.0`	up to date
parking_lot	`^0.12`	`0.12.4`	up to date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2`	`2.5.4`	up to date
uuid	`^1.3`	`1.17.0`	up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
mockito	`^0.31`	`1.7.0`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `crashtest`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
log	`^0.4`	`0.4.27`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `example-component`

Dependencies

(7 total, 2 outdated)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date
parking_lot	`^0.12`	`0.12.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
url	`^2`	`2.5.4`	up to date
thiserror	`^1.0`	`2.0.12`	out of date

Crate `filter_adult`

Dependencies

(6 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
base64	`^0.22.1`	`0.22.1`	up to date
clap	`^4.5.36`	`4.5.40`	up to date
md-5	`^0.10`	`0.10.6`	up to date
regex ⚠️	`^1`	`1.11.1`	maybe insecure
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `fxa-client`

Dependencies

(12 total, 2 outdated)

Crate	Required	Latest	Status
base64	`^0.21`	`0.22.1`	out of date
hex	`^0.4`	`0.4.3`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
log	`^0.4`	`0.4.27`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
url	`^2.2`	`2.5.4`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
anyhow	`^1.0`	`1.0.98`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(2 total, 2 outdated)

Crate	Required	Latest	Status
mockall	`^0.11`	`0.13.1`	out of date
mockito	`^0.31`	`1.7.0`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `init_rust_components`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `logins`

Dependencies

(12 total, 2 outdated)

Crate	Required	Latest	Status
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
url	`^2.2`	`2.5.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
thiserror	`^1.0`	`2.0.12`	out of date
anyhow	`^1.0`	`1.0.98`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date
async-trait	`^0.1`	`0.1.88`	up to date
futures	`^0.3`	`0.3.31`	up to date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
more-asserts	`^0.2`	`0.3.1`	out of date
tempfile	`^3.2.0`	`3.20.0`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `merino`

Dependencies

(5 total, 1 outdated)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
url	`^2`	`2.5.4`	up to date
thiserror	`^1.0`	`2.0.12`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `nimbus-sdk`

Dependencies

(17 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.98`	up to date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1`	`2.0.12`	out of date
url	`^2.5`	`2.5.4`	up to date
rkv	`^0.19`	`0.19.0`	up to date
jexl-eval	`^0.3.0`	`0.3.0`	up to date
uuid	`^1.3`	`1.17.0`	up to date
sha2	`^0.10`	`0.10.9`	up to date
hex	`^0.4`	`0.4.3`	up to date
once_cell	`^1`	`1.21.3`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date
chrono ⚠️	`^0.4`	`0.4.41`	maybe insecure
unicode-segmentation	`^1.8.0`	`1.12.0`	up to date
cfg-if	`^1.0.0`	`1.0.1`	up to date
regex	`^1.9`	`1.11.1`	up to date

Dev dependencies

(3 total, 2 outdated)

Crate	Required	Latest	Status
clap	`^2.34`	`4.5.40`	out of date
tempfile	`^3`	`3.20.0`	up to date
ctor	`^0.2.2`	`0.4.2`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `places`

Dependencies

(16 total, 3 outdated)

Crate	Required	Latest	Status
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
parking_lot	`^0.12`	`0.12.4`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
url	`^2.1`	`2.5.4`	up to date
percent-encoding	`^2.1`	`2.3.1`	up to date
caseless	`^0.2`	`0.2.2`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
bitflags	`^1.2`	`2.9.1`	out of date
idna	`^1.0.3`	`1.0.3`	up to date
memchr	`^2.3`	`2.7.5`	up to date
dogear	`^0.5`	`0.5.0`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
anyhow	`^1.0`	`1.0.98`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
pretty_assertions	`^0.6`	`1.4.1`	out of date
tempfile	`^3.1`	`3.20.0`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `push`

Dependencies

(9 total, 4 outdated)

Crate	Required	Latest	Status
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
bincode	`^1.2`	`2.0.1`	out of date
lazy_static	`^1.4`	`1.5.0`	up to date
base64	`^0.21`	`0.22.1`	out of date
rusqlite	`^0.33.0`	`0.36.0`	out of date
url	`^2.2`	`2.5.4`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(4 total, 2 outdated)

Crate	Required	Latest	Status
mockito	`^0.31`	`1.7.0`	out of date
hex	`^0.4`	`0.4.3`	up to date
tempfile	`^3.1.0`	`3.20.0`	up to date
mockall	`^0.11`	`0.13.1`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `relay`

Dependencies

(6 total, 1 outdated)

Crate	Required	Latest	Status
log	`^0.4`	`0.4.27`	up to date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
url	`^2`	`2.5.4`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(4 total, 3 outdated)

Crate	Required	Latest	Status
env_logger	`^0.10`	`0.11.8`	out of date
expect-test	`^1.4`	`1.5.1`	up to date
mockall	`^0.11`	`0.13.1`	out of date
mockito	`^0.31`	`1.7.0`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `relevancy`

Dependencies

(13 total, 5 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
md-5	`^0.10`	`0.10.6`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
rand	`^0.8`	`0.9.1`	out of date
rand_distr	`^0.4`	`0.5.1`	out of date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
serde_path_to_error	`^0.1`	`0.1.17`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2.5`	`2.5.4`	up to date
base64	`^0.21.2`	`0.22.1`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `remote_settings`

Dependencies

(13 total, 2 outdated)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
parking_lot	`^0.12`	`0.12.4`	up to date
url	`^2`	`2.5.4`	up to date
camino	`^1.0`	`1.1.10`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
jexl-eval	`^0.3.0`	`0.3.0`	up to date
regex	`^1.9`	`1.11.1`	up to date
anyhow	`^1.0`	`1.0.98`	up to date
sha2	`^0.10`	`0.10.9`	up to date
canonical_json	`^0.5`	`0.5.0`	up to date

Dev dependencies

(4 total, 2 outdated)

Crate	Required	Latest	Status
expect-test	`^1.4`	`1.5.1`	up to date
mockall	`^0.11`	`0.13.1`	out of date
mockito	`^0.31`	`1.7.0`	out of date
serde_json	`^1`	`1.0.140`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `search`

Dependencies

(5 total, 1 outdated)

Crate	Required	Latest	Status
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(3 total, 2 outdated)

Crate	Required	Latest	Status
once_cell	`^1.18.0`	`1.21.3`	up to date
mockito	`^0.31`	`1.7.0`	out of date
pretty_assertions	`^0.6`	`1.4.1`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `suggest`

Dependencies

(15 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
rmp-serde	`^1.3`	`1.3.0`	up to date
chrono ⚠️	`^0.4`	`0.4.41`	maybe insecure
extend	`^1.1`	`1.2.0`	up to date
once_cell	`^1.5`	`1.21.3`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
tempfile	`^3.2.0`	`3.20.0`	up to date
thiserror	`^1`	`2.0.12`	out of date
unicase	`^2.6`	`2.8.1`	up to date
unicode-normalization	`^0.1`	`0.1.24`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2.1`	`2.5.4`	up to date

Dev dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
criterion	`^0.5`	`0.6.0`	out of date
expect-test	`^1.4`	`1.5.1`	up to date
hex	`^0.4`	`0.4.3`	up to date
itertools	`^0.14`	`0.14.0`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `error-support`

Dependencies

(7 total, 1 outdated)

Crate	Required	Latest	Status
backtrace	`^0.3`	`0.3.75`	up to date
env_logger	`^0.10`	`0.11.8`	out of date
lazy_static	`^1.4`	`1.5.0`	up to date
log	`^0.4`	`0.4.27`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
tracing	`^0.1`	`0.1.41`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `error-support-tests`

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
thiserror	`^1`	`2.0.12`	out of date
trybuild	`^1.0.49`	`1.0.105`	up to date

Crate `find-places-db`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
dirs	`^4`	`6.0.0`	out of date
anyhow	`^1.0`	`1.0.98`	up to date

Crate `firefox-versioning`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
serde_json	`^1.0`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date

Crate `sync-guid`

Dependencies

(4 total, 3 outdated)

Crate	Required	Latest	Status
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
rand	`^0.8`	`0.9.1`	out of date
base64	`^0.21`	`0.22.1`	out of date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
serde_test	`^1`	`1.0.177`	up to date

Crate `interrupt-support`

Dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
lazy_static	`^1.4`	`1.5.0`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `jwcrypto`

Dependencies

(5 total, 2 outdated)

Crate	Required	Latest	Status
base64	`^0.21`	`0.22.1`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date

Crate `nimbus-cli`

Dependencies

(23 total, 10 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
clap	`^4.2.2`	`4.5.40`	up to date
anyhow	`^1.0.44`	`1.0.98`	up to date
serde_json	`^1`	`1.0.140`	up to date
serde	`^1.0`	`1.0.219`	up to date
thiserror	`^1.0.29`	`2.0.12`	out of date
unicode-segmentation	`^1.8.0`	`1.12.0`	up to date
console	`^0.15.5`	`0.15.11`	up to date
glob	`^0.3.1`	`0.3.2`	up to date
heck	`^0.4.1`	`0.5.0`	out of date
whoami ⚠️	`^1.4.0`	`1.6.0`	maybe insecure
update-informer	`^1.0.0`	`1.2.0`	up to date
reqwest	`^0.11.18`	`0.12.20`	out of date
serde_yaml	`^0.9.21`	`0.9.34+deprecated`	up to date
percent-encoding	`^2.3.0`	`2.3.1`	up to date
copypasta	`^0.8.2`	`0.10.2`	out of date
chrono	`^0.4.26`	`0.4.41`	up to date
axum	`^0.6.18`	`0.8.4`	out of date
tokio	`^1.29.1`	`1.45.1`	up to date
tower	`^0.4.13`	`0.5.2`	out of date
tower-http	`^0.4.1`	`0.6.6`	out of date
tower-livereload	`^0.8.0`	`0.9.6`	out of date
hyper	`^0.14.27`	`1.6.0`	out of date
local-ip-address	`^0.5.4`	`0.6.5`	out of date

Crate `nimbus-fml`

Dependencies

(20 total, 7 outdated)

Crate	Required	Latest	Status
clap	`^2.34.0`	`4.5.40`	out of date
anyhow	`^1.0.44`	`1.0.98`	up to date
serde_json	`^1`	`1.0.140`	up to date
serde_yaml	`^0.8.21`	`0.9.34+deprecated`	out of date
serde	`^1.0`	`1.0.219`	up to date
thiserror	`^1.0.29`	`2.0.12`	out of date
askama	`^0.12`	`0.14.0`	out of date
textwrap	`^0.14.2`	`0.16.2`	out of date
heck	`^0.3.3`	`0.5.0`	out of date
unicode-segmentation	`^1.8.0`	`1.12.0`	up to date
url	`^2`	`2.5.4`	up to date
reqwest	`^0.11`	`0.12.20`	out of date
glob	`^0.3.0`	`0.3.2`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date
cfg-if	`^1.0.0`	`1.0.1`	up to date
console	`^0.15.5`	`0.15.11`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
email_address	`^0.2.4`	`0.2.9`	up to date
sha2	`^0.10`	`0.10.9`	up to date
itertools	`^0`	`0.14.0`	up to date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
tempfile	`^3`	`3.20.0`	up to date
jsonschema	`^0.17`	`0.30.0`	out of date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `payload-support`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date

Crate `rand_rccrypto`

Dependencies

(2 total, 2 outdated)

Crate	Required	Latest	Status
rand	`^0.8`	`0.9.1`	out of date
rand_core	`^0.6`	`0.9.3`	out of date

Crate `rate-limiter`

No external dependencies! 🙌

Crate `restmail-client`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
thiserror	`^1.0`	`2.0.12`	out of date
serde_json	`^1`	`1.0.140`	up to date
url	`^2.2`	`2.5.4`	up to date

Crate `rc_crypto`

Dependencies

(5 total, 2 outdated)

Crate	Required	Latest	Status
base64	`^0.21`	`0.22.1`	out of date
hex	`^0.4`	`0.4.3`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
hawk	`^5`	`5.0.1`	up to date
ece	`^2.3`	`2.3.1`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
ece	`^2.0`	`2.3.1`	up to date

Crate `nss`

Dependencies

(5 total, 2 outdated)

Crate	Required	Latest	Status
base64	`^0.21`	`0.22.1`	out of date
thiserror	`^1.0`	`2.0.12`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
once_cell	`^1.20.2`	`1.21.3`	up to date

Crate `nss_build_common`

No external dependencies! 🙌

Crate `nss_sys`

Dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
libsqlite3-sys	`^0.31.0`	`0.34.0`	out of date

Crate `systest`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.174`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
ctest2	`^0.4`	`0.4.10`	up to date

Crate `rust-log-forwarder`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date
tracing-subscriber	`^0.3`	`0.3.19`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
tracing	`^0.1`	`0.1.41`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `sql-support`

Dependencies

(5 total, 2 outdated)

Crate	Required	Latest	Status
lazy_static	`^1.4`	`1.5.0`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
tempfile	`^3.1.0`	`3.20.0`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date

Crate `tracing-support`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
parking_lot	`^0.12`	`0.12.4`	up to date
serde_json	`^1`	`1.0.140`	up to date
tracing	`^0.1`	`0.1.41`	up to date
tracing-subscriber	`^0.3`	`0.3.19`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
tracing-subscriber	`^0.3`	`0.3.19`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `types`

Dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date

Crate `viaduct-reqwest`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
reqwest	`^0.11`	`0.12.20`	out of date
once_cell	`^1.5`	`1.21.3`	up to date

Crate `sync_manager`

Dependencies

(9 total, 1 outdated)

Crate	Required	Latest	Status
thiserror	`^1.0`	`2.0.12`	out of date
anyhow	`^1.0`	`1.0.98`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
url	`^2.2`	`2.5.4`	up to date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `sync15`

Dependencies

(11 total, 2 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
base16	`^0.2`	`0.2.1`	up to date
base64	`^0.21`	`0.22.1`	out of date
lazy_static	`^1.4`	`1.5.0`	up to date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
serde_path_to_error	`^0.1`	`0.1.17`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2`	`2.5.4`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `tabs`

Dependencies

(9 total, 2 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2`	`2.5.4`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
tempfile	`^3.1`	`3.20.0`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `viaduct`

Dependencies

(8 total, 2 outdated)

Crate	Required	Latest	Status
url	`^2`	`2.5.4`	up to date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
once_cell	`^1.5`	`1.21.3`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
prost	`^0.12`	`0.14.1`	out of date
ffi-support	`^0.4`	`0.4.4`	up to date
thiserror	`^1.0`	`2.0.12`	out of date

Crate `webext-storage`

Dependencies

(11 total, 2 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
thiserror	`^1.0`	`2.0.12`	out of date
ffi-support	`^0.4`	`0.4.4`	up to date
lazy_static	`^1.4`	`1.5.0`	up to date
parking_lot	`>=0.11, <=0.12`	`0.12.4`	up to date
rusqlite	`^0.33.0`	`0.36.0`	out of date
serde	`^1`	`1.0.219`	up to date
serde_json	`^1`	`1.0.140`	up to date
serde_derive	`^1`	`1.0.219`	up to date
uniffi	`^0.29.0`	`0.29.3`	up to date
url	`^2.1`	`2.5.4`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
tempfile	`^3`	`3.20.0`	up to date
serde_json	`^1`	`1.0.140`	up to date

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `webext-storage-ffi`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
lazy_static	`^1.4.0`	`1.5.0`	up to date
ffi-support	`^0.4`	`0.4.4`	up to date
serde_json	`^1`	`1.0.140`	up to date

Crate `cirrus`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
lazy_static	`^1.4`	`1.5.0`	up to date

Crate `nimbus-experimenter`

No external dependencies! 🙌

Crate `megazord`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
lazy_static	`^1.4`	`1.5.0`	up to date

Crate `megazord_ios`

No external dependencies! 🙌

Crate `megazord_focus`

No external dependencies! 🙌

Crate `protobuf-gen`

Dependencies

(5 total, 3 outdated)

Crate	Required	Latest	Status
clap	`^2.34`	`4.5.40`	out of date
prost-build	`^0.12`	`0.14.1`	out of date
serde	`^1`	`1.0.219`	up to date
serde_derive	`^1`	`1.0.219`	up to date
toml	`^0.5`	`0.8.23`	out of date

Crate `embedded-uniffi-bindgen`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date

Crate `start-bindings`

Dependencies

(8 total, 4 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.98`	up to date
camino	`^1`	`1.1.10`	up to date
cargo_metadata	`^0.15`	`0.20.0`	out of date
clap	`^4.2`	`4.5.40`	up to date
rinja	`^0.3.3`	`0.4.0+deprecated`	out of date
serde_yaml ⚠️	`^0.8`	`0.9.34+deprecated`	out of date
toml	`^0.5`	`0.8.23`	out of date
toml_edit	`^0.22.21`	`0.22.27`	up to date

Crate `uniffi-bindgen-library-mode`

Dependencies

(6 total, 1 outdated)

Crate	Required	Latest	Status
uniffi	`^0.29.0`	`0.29.3`	up to date
uniffi_bindgen	`^0.29.0`	`0.29.3`	up to date
clap	`^4`	`4.5.40`	up to date
cargo_metadata	`^0.15`	`0.20.0`	out of date
camino	`^1`	`1.1.10`	up to date
anyhow	`^1`	`1.0.98`	up to date

Crate `swift_components_docs`

No external dependencies! 🙌

Crate `sync-test`

Dependencies

(11 total, 3 outdated)

Crate	Required	Latest	Status
url	`^2.2`	`2.5.4`	up to date
env_logger	`^0.10`	`0.11.8`	out of date
log	`^0.4`	`0.4.27`	up to date
anyhow	`^1.0`	`1.0.98`	up to date
rand	`^0.8`	`0.9.1`	out of date
lazy_static	`^1.4`	`1.5.0`	up to date
structopt	`^0.3`	`0.3.26`	up to date
serde	`^1.0`	`1.0.219`	up to date
serde_derive	`^1.0`	`1.0.219`	up to date
serde_json	`^1.0`	`1.0.140`	up to date
base64	`^0.21`	`0.22.1`	out of date

Crate `error-support-macros`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
syn	`^2.0`	`2.0.103`	up to date
quote	`^1.0`	`1.0.40`	up to date
proc-macro2	`^1.0`	`1.0.95`	up to date

Crate `cli-support`

Dependencies

(6 total, 2 outdated)

Crate	Required	Latest	Status
anyhow	`^1.0`	`1.0.98`	up to date
log	`^0.4`	`0.4.27`	up to date
url	`^2`	`2.5.4`	up to date
webbrowser	`^0.8`	`1.0.5`	out of date
rpassword	`^7.3.1`	`7.4.0`	up to date
env_logger	`^0.10`	`0.11.8`	out of date

Security Vulnerabilities

`serde_yaml`: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293

`regex`: Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0013

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes. No known vulnerability is present when parsing untrusted input with trusted regexes.

This issue has been assigned CVE-2022-24713. The severity of this vulnerability is "high" when the regex crate is used to parse untrusted regexes. Other uses of the regex crate are not affected by this vulnerability.

Overview

The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API.

Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes.

Affected versions

All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5.

Mitigations

We recommend everyone accepting user-controlled regexes to upgrade immediately to the latest version of the regex crate.

Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, we do not recommend denying known problematic regexes.

Acknowledgements

We want to thank Addison Crump for responsibly disclosing this to us according to the Rust security policy, and for helping review the fix.

We also want to thank Andrew Gallant for developing the fix, and Pietro Albini for coordinating the disclosure and writing this advisory.

`whoami`: Stack buffer overflow with whoami on several Unix platforms

RUSTSEC-2024-0020

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris:

whoami::username
whoami::realname
whoami::username_os
whoami::realname_os

With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms:

Bitrig
DragonFlyBSD
FreeBSD
NetBSD
OpenBSD

This occurs because of an incorrect definition of the passwd struct on those platforms.

As a result of this issue, denial of service and data corruption have both been observed in the wild. The issue is possibly exploitable as well.

This vulnerability also affects other Unix platforms that aren't Linux or macOS.

This issue has been addressed in whoami 1.5.0.

For more information, see this GitHub issue.

mozilla / application-services

Crate autofill

Dependencies

Dev dependencies

Build dependencies

Crate context_id

Dependencies

Dev dependencies

Build dependencies

Crate crashtest

Dependencies

Build dependencies

Crate example-component

Dependencies

Crate filter_adult

Dependencies

Crate fxa-client

Dependencies

Dev dependencies

Build dependencies

Crate init_rust_components

Dependencies

Crate logins

Dependencies

Dev dependencies

Build dependencies

Crate merino

Dependencies

Build dependencies

Crate nimbus-sdk

Dependencies

Dev dependencies

Build dependencies

Crate places

Dependencies

Dev dependencies

Build dependencies

Crate push

Dependencies

Dev dependencies

Build dependencies

Crate relay

Dependencies

Dev dependencies

Build dependencies

Crate relevancy

Dependencies

Build dependencies

Crate remote_settings

Dependencies

Dev dependencies

Build dependencies

Crate search

Dependencies

Dev dependencies

Build dependencies

Crate suggest

Dependencies

Dev dependencies

Build dependencies

Crate error-support

Dependencies

Build dependencies

Crate error-support-tests

Dev dependencies

Crate find-places-db

Dependencies

Crate firefox-versioning

Dependencies

Crate sync-guid

Dependencies

Dev dependencies

Crate interrupt-support

Dependencies

Build dependencies

Crate jwcrypto

Dependencies

Crate nimbus-cli

Dependencies

Crate nimbus-fml

Crate `autofill`

Crate `context_id`

Crate `crashtest`

Crate `example-component`

Crate `filter_adult`

Crate `fxa-client`

Crate `init_rust_components`

Crate `logins`

Crate `merino`

Crate `nimbus-sdk`

Crate `places`

Crate `push`

Crate `relay`

Crate `relevancy`

Crate `remote_settings`

Crate `search`

Crate `suggest`

Crate `error-support`

Crate `error-support-tests`

Crate `find-places-db`

Crate `firefox-versioning`

Crate `sync-guid`

Crate `interrupt-support`

Crate `jwcrypto`

Crate `nimbus-cli`

Crate `nimbus-fml`

Crate `payload-support`

Crate `rand_rccrypto`

Crate `rate-limiter`

Crate `restmail-client`

Crate `rc_crypto`

Crate `nss`

Crate `nss_build_common`

Crate `nss_sys`

Crate `systest`

Crate `rust-log-forwarder`

Crate `sql-support`

Crate `tracing-support`

Crate `types`

Crate `viaduct-reqwest`

Crate `sync_manager`

Crate `sync15`

Crate `tabs`

Crate `viaduct`

Crate `webext-storage`

Crate `webext-storage-ffi`

Crate `cirrus`

Crate `nimbus-experimenter`

Crate `megazord`

Crate `megazord_ios`

Crate `megazord_focus`

Crate `protobuf-gen`

Crate `embedded-uniffi-bindgen`

Crate `start-bindings`

Crate `uniffi-bindgen-library-mode`

Crate `swift_components_docs`