Deps.rs

penguin359 / keepass-db

[![dependency status](https://deps.rs/repo/github/penguin359/keepass-db/status.svg)](https://deps.rs/repo/github/penguin359/keepass-db)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate keepass-db

Dependencies

(26 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 byteorder^1.4.31.5.0up to date
 uuid^1.4.11.11.0up to date
 ring^0.16.200.17.8out of date
 rpassword^7.2.07.3.1up to date
 openssl ⚠️^0.10.570.10.68maybe insecure
 flate2^1.0.271.0.35up to date
 sxd-document^0.3.20.3.2up to date
 sxd-xpath^0.4.20.4.2up to date
 base64^0.21.40.22.1out of date
 chrono^0.4.300.4.39up to date
 hex^0.4.30.4.3up to date
 rust-argon2^2.0.02.1.0up to date
 argon2-kdf^1.3.01.5.3up to date
 argon2^0.5.20.5.3up to date
 chacha20^0.9.10.9.1up to date
 log^0.4.200.4.22up to date
 env_logger^0.10.00.11.5out of date
 rand^0.8.50.8.5up to date
 clap^4.4.24.5.23up to date
 xml-rs^0.8.180.8.24up to date
 num-derive^0.4.00.4.2up to date
 num-traits^0.2.160.2.19up to date
 salsa20^0.10.20.10.2up to date
 hex-literal^0.4.10.4.1up to date
 derive-getters^0.3.00.5.0out of date
 generic-array^0.14.71.1.1out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^3.8.03.14.0up to date

Crate keepass-db-derive

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 change-case^0.2.00.2.0up to date
 proc-macro2^1.0.661.0.92up to date
 quote^1.0.331.0.37up to date
 syn^2.0.312.0.90up to date
 xml-rs^0.8.180.8.24up to date

Security Vulnerabilities

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.