Deps.rs

servo / pathfinder

[![dependency status](https://deps.rs/repo/github/servo/pathfinder/status.svg)](https://deps.rs/repo/github/servo/pathfinder)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate pathfinder_c

Dependencies

(5 total, 3 outdated)

CrateRequiredLatestStatus
 font-kit^0.60.14.2out of date
 foreign-types^0.30.5.0out of date
 gl^0.140.14.0up to date
 libc^0.20.2.169up to date
 usvg^0.90.44.0out of date

Crate pathfinder_canvas

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 font-kit^0.60.14.2out of date
 skribo^0.10.1.0up to date

Crate pathfinder_color

No external dependencies! 🙌

Crate pathfinder_content

Dependencies

(5 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrayvec^0.50.7.6out of date
 bitflags^1.02.7.0out of date
 log^0.40.4.22up to date
 smallvec ⚠️^1.21.13.2maybe insecure
 image^0.230.25.5out of date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 quickcheck^0.91.0.3out of date

Crate pathfinder_android_demo

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 egl^0.20.2.7up to date
 gl^0.140.14.0up to date
 jni^0.150.21.1out of date
 lazy_static^1.31.5.0up to date

Crate pathfinder_demo

Dependencies

(6 total, 3 outdated)

CrateRequiredLatestStatus
 clap^2.324.5.26out of date
 gl^0.140.14.0up to date
 rayon^1.01.10.0up to date
 usvg^0.90.44.0out of date
 image^0.230.25.5out of date
 log^0.40.4.22up to date

Crate pathfinder_magicleap_demo

Dependencies

(8 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 rayon^1.01.10.0up to date
 usvg^0.90.44.0out of date
 egl^0.20.2.7up to date
 log^0.40.4.22up to date
 smallvec ⚠️^1.21.13.2maybe insecure
 glutin^0.230.32.2out of date
 crossbeam-channel^0.40.5.14out of date

Crate demo

Dependencies

(7 total, 4 outdated)

CrateRequiredLatestStatus
 color-backtrace^0.30.6.1out of date
 gl^0.140.14.0up to date
 lazy_static^11.5.0up to date
 nfd^0.0.40.0.4up to date
 pretty_env_logger^0.40.5.0out of date
 euclid^0.200.22.11out of date
 winit<0.19.40.30.8out of date

Crate canvas_glutin_minimal

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 glutin^0.230.32.2out of date

Crate canvas_metal_minimal

Dependencies

(6 total, 4 outdated)

CrateRequiredLatestStatus
 foreign-types^0.30.5.0out of date
 gl^0.140.14.0up to date
 metal^0.180.30.0out of date
 objc^0.20.2.7up to date
 sdl2^0.330.37.0out of date
 sdl2-sys^0.330.37.0out of date

Crate canvas_minimal

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 euclid^0.200.22.11out of date
 winit<0.19.40.30.8out of date

Crate canvas_moire

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 euclid^0.200.22.11out of date
 winit<0.19.40.30.8out of date

Crate canvas_nanovg

Dependencies

(8 total, 6 outdated)

CrateRequiredLatestStatus
 arrayvec^0.50.7.6out of date
 font-kit^0.60.14.2out of date
 gl^0.140.14.0up to date
 euclid^0.200.22.11out of date
 image^0.230.25.5out of date
 log^0.40.4.22up to date
 surfman^0.40.9.8out of date
 winit^0.240.30.8out of date

Crate canvas_text

Dependencies

(4 total, 3 outdated)

CrateRequiredLatestStatus
 font-kit^0.60.14.2out of date
 gl^0.140.14.0up to date
 sdl2^0.330.37.0out of date
 sdl2-sys^0.330.37.0out of date

Crate canvas_webgl_minimal

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen^0.20.2.100up to date
 web-sys^0.30.3.77up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.30.3.50up to date

Crate lottie_basic

No external dependencies! 🙌

Crate swf_basic

Dependencies

(5 total, 4 outdated)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 sdl2^0.330.37.0out of date
 sdl2-sys^0.330.37.0out of date
 swf-parser^0.100.14.0out of date
 swf-types^0.100.14.0out of date

Crate pathfinder_geometry

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.40.4.22up to date

Crate pathfinder_gl

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 gl^0.140.14.0up to date
 half^1.52.4.1out of date
 log^0.40.4.22up to date

Crate pathfinder_gpu

Dependencies

(6 total, 3 outdated)

CrateRequiredLatestStatus
 bitflags^1.02.7.0out of date
 fxhash^0.20.2.1up to date
 half^1.52.4.1out of date
 log^0.40.4.22up to date
 image^0.230.25.5out of date
 instant^0.10.1.13up to date

Crate pathfinder_lottie

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.135up to date
 serde^1.01.0.217up to date

Crate pathfinder_export

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 deflate*1.0.0up to date

Crate pathfinder_metal

Dependencies

(12 total, 7 outdated)

CrateRequiredLatestStatus
 bitflags^1.02.7.0out of date
 byteorder^1.31.5.0up to date
 block^0.10.1.6up to date
 cocoa^0.190.26.0out of date
 core-foundation^0.60.10.0out of date
 dispatch^0.20.2.0up to date
 foreign-types^0.30.5.0out of date
 half^1.52.4.1out of date
 io-surface^0.120.16.0out of date
 libc^0.20.2.169up to date
 metal^0.180.30.0out of date
 objc^0.20.2.7up to date

Crate pathfinder_renderer

Dependencies

(14 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bitflags^1.02.7.0out of date
 byte-slice-cast^0.31.2.2out of date
 byteorder^1.21.5.0up to date
 crossbeam-channel^0.40.5.14out of date
 fxhash^0.20.2.1up to date
 half^1.52.4.1out of date
 hashbrown^0.70.15.2out of date
 log^0.40.4.22up to date
 rayon^1.01.10.0up to date
 serde^1.01.0.217up to date
 serde_json^1.01.0.135up to date
 smallvec ⚠️^1.21.13.2maybe insecure
 vec_map^0.80.8.2up to date
 instant^0.10.1.13up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 quickcheck^0.91.0.3out of date

Crate pathfinder_resources

No external dependencies! 🙌

Crate pathfinder_simd

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 rustc_version^0.40.4.1up to date

Crate pathfinder_svg

Dependencies

(3 total, 3 outdated)

CrateRequiredLatestStatus
 bitflags^1.02.7.0out of date
 hashbrown^0.70.15.2out of date
 usvg^0.90.44.0out of date

Crate pathfinder_swf

Dependencies

(2 total, 2 outdated)

CrateRequiredLatestStatus
 swf-parser^0.100.14.0out of date
 swf-types^0.100.14.0out of date

Crate pathfinder_text

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 font-kit^0.60.14.2out of date
 skribo^0.10.1.0up to date

Crate pathfinder_ui

Dependencies

(4 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 serde_json^1.01.0.135up to date
 hashbrown^0.70.15.2out of date

Crate area-lut

Dependencies

(3 total, 3 outdated)

CrateRequiredLatestStatus
 clap^2.304.5.26out of date
 euclid^0.200.22.11out of date
 image^0.230.25.5out of date

Crate generate-gamma-lut

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 clap^2.274.5.26out of date
 log^0.40.4.22up to date
 image^0.230.25.5out of date

Crate svg-to-skia

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 usvg^0.90.44.0out of date

Crate convert

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 usvg^0.90.44.0out of date

Crate pathfinder_web_canvas

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 css-color-parser^0.10.1.2up to date
 wasm-bindgen^0.20.2.100up to date
 web-sys^0.30.3.77up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 wasm-bindgen-test^0.30.3.50up to date

Crate pathfinder_webgl

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 wasm-bindgen*0.2.100up to date
 log^0.4.80.4.22up to date
 image^0.230.25.5out of date
 web-sys^0.3.40.3.77up to date
 js-sys^0.3.370.3.77up to date

Security Vulnerabilities

smallvec: Buffer overflow in SmallVec::insert_many

RUSTSEC-2021-0003

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.

This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.