This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate fuzz

No external dependencies! 🙌

Crate neqo-bin

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 clap^4.44.5.20up to date
 clap-verbosity-flag^2.22.2.2up to date
 futures^0.30.3.31up to date
 hex^0.40.4.3up to date
 regex^1.91.11.1up to date
 tokio ⚠️^11.41.0maybe insecure
 url^2.52.5.2up to date

Dev dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date
 tokio ⚠️^11.41.0maybe insecure

Crate neqo-common

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 enum-map^2.72.7.3up to date
 env_logger^0.100.11.5out of date
 hex^0.40.4.3up to date

Crate neqo-crypto

Build dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 bindgen^0.690.70.1out of date
 mozbuild^0.10.1.0up to date
 semver^1.01.0.23up to date
 serde^1.01.0.214up to date
 serde_derive^1.01.0.214up to date
 toml^0.50.8.19out of date

Crate neqo-http3

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 enumset^1.11.1.5up to date
 sfv^0.90.9.4up to date
 url^2.52.5.2up to date

Crate neqo-qpack

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 static_assertions^1.11.1.0up to date

Crate neqo-transport

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 enum-map^2.72.7.3up to date
 indexmap^2.22.6.0up to date
 smallvec^1.111.13.2up to date
 static_assertions^1.11.1.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date

Crate neqo-udp

No external dependencies! 🙌

Crate test-fixture

No external dependencies! 🙌

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);