Deps.rs

orinium-browser / orinium

[![dependency status](https://deps.rs/repo/github/orinium-browser/orinium/status.svg)](https://deps.rs/repo/github/orinium-browser/orinium)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate orinium_browser

Dependencies

(24 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^1.01.0.102up to date
 tokio ⚠️^11.51.0maybe insecure
 pollster^0.40.4.0up to date
 env_logger^0.11.90.11.10up to date
 log^0.4.290.4.29up to date
 once_cell^1.21.31.21.4up to date
 entities^1.0.11.0.1up to date
 winit^0.30.120.30.13up to date
 wgpu^28.0.029.0.1out of date
 wgpu-types^28.0.029.0.1out of date
 fontdue^0.9.30.9.3up to date
 ab_glyph^0.20.2.32up to date
 bytemuck^1.251.25.0up to date
 url^2.52.5.8up to date
 rustls^0.23.360.23.37up to date
 rustls-native-certs^0.8.30.8.3up to date
 tokio-rustls^0.26.40.26.4up to date
 hyper^11.9.0up to date
 http-body-util^0.10.1.3up to date
 hyper-util^0.10.1.20up to date
 image^0.25.90.25.10up to date
 ui_layout^0.9.60.9.8up to date
 cpal^0.17.30.17.3up to date
 symphonia^0.5.50.5.5up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 colored^3.1.13.1.1up to date
 strsim^0.11.10.11.1up to date

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);