servo / pathfinder

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `pathfinder_c`

Dependencies

(8 total, 6 outdated)

Crate	Required	Latest	Status
font-kit	`^0.6`	`0.14.3`	out of date
foreign-types	`^0.3`	`0.5.0`	out of date
gl	`^0.14`	`0.14.0`	up to date
libc	`^0.2`	`0.2.177`	up to date
usvg	`^0.9`	`0.45.1`	out of date
core-foundation	`^0.6`	`0.10.1`	out of date
io-surface	`^0.12`	`0.16.1`	out of date
metal	`^0.18`	`0.32.0`	out of date

Crate `pathfinder_canvas`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
font-kit	`^0.6`	`0.14.3`	out of date
skribo	`^0.1`	`0.1.0`	up to date

Crate `pathfinder_color`

No external dependencies! 🙌

Crate `pathfinder_content`

Dependencies

(5 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
arrayvec	`^0.5`	`0.7.6`	out of date
bitflags	`^1.0`	`2.10.0`	out of date
log	`^0.4`	`0.4.28`	up to date
smallvec ⚠️	`^1.2`	`1.15.1`	maybe insecure
image	`^0.25`	`0.25.8`	up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
quickcheck	`^0.9`	`1.0.3`	out of date

Crate `pathfinder_android_demo`

Dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
egl	`^0.2`	`0.2.7`	up to date
gl	`^0.14`	`0.14.0`	up to date
jni	`^0.15`	`0.21.1`	out of date
lazy_static	`^1.3`	`1.5.0`	up to date

Crate `pathfinder_demo`

Dependencies

(8 total, 4 outdated)

Crate	Required	Latest	Status
clap	`^2.32`	`4.5.51`	out of date
gl	`^0.14`	`0.14.0`	up to date
rayon	`^1.0`	`1.11.0`	up to date
usvg	`^0.9`	`0.45.1`	out of date
image	`^0.25`	`0.25.8`	up to date
log	`^0.4`	`0.4.28`	up to date
metal	`^0.18`	`0.32.0`	out of date
io-surface	`^0.12`	`0.16.1`	out of date

Crate `demo`

Dependencies

(12 total, 8 outdated)

Crate	Required	Latest	Status
color-backtrace	`^0.3`	`0.7.2`	out of date
gl	`^0.14`	`0.14.0`	up to date
lazy_static	`^1`	`1.5.0`	up to date
nfd	`^0.0.4`	`0.0.4`	up to date
pretty_env_logger	`^0.4`	`0.5.0`	out of date
euclid	`^0.20`	`0.22.11`	out of date
winit	`<0.19.4`	`0.30.12`	out of date
foreign-types	`^0.3`	`0.5.0`	out of date
io-surface	`^0.12`	`0.16.1`	out of date
metal	`^0.18`	`0.32.0`	out of date
objc	`^0.2`	`0.2.7`	up to date
jemallocator	`^0.3`	`0.5.4`	out of date

Crate `canvas_glutin_minimal`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
gl	`^0.14`	`0.14.0`	up to date
glutin	`^0.25`	`0.32.3`	out of date

Crate `canvas_metal_minimal`

Dependencies

(6 total, 4 outdated)

Crate	Required	Latest	Status
foreign-types	`^0.3`	`0.5.0`	out of date
gl	`^0.14`	`0.14.0`	up to date
sdl2	`^0.33`	`0.38.0`	out of date
sdl2-sys	`^0.33`	`0.38.0`	out of date
metal	`^0.18`	`0.32.0`	out of date
objc	`^0.2`	`0.2.7`	up to date

Crate `canvas_minimal`

Dependencies

(3 total, 2 outdated)

Crate	Required	Latest	Status
gl	`^0.14`	`0.14.0`	up to date
euclid	`^0.20`	`0.22.11`	out of date
winit	`<0.19.4`	`0.30.12`	out of date

Crate `canvas_moire`

Dependencies

(3 total, 2 outdated)

Crate	Required	Latest	Status
gl	`^0.14`	`0.14.0`	up to date
euclid	`^0.20`	`0.22.11`	out of date
winit	`<0.19.4`	`0.30.12`	out of date

Crate `canvas_nanovg`

Dependencies

(9 total, 6 outdated)

Crate	Required	Latest	Status
arrayvec	`^0.5`	`0.7.6`	out of date
font-kit	`^0.6`	`0.14.3`	out of date
gl	`^0.14`	`0.14.0`	up to date
euclid	`^0.20`	`0.22.11`	out of date
image	`^0.25`	`0.25.8`	up to date
log	`^0.4`	`0.4.28`	up to date
surfman	`^0.4`	`0.10.0`	out of date
winit	`^0.24`	`0.30.12`	out of date
jemallocator	`^0.3`	`0.5.4`	out of date

Crate `canvas_text`

Dependencies

(4 total, 3 outdated)

Crate	Required	Latest	Status
font-kit	`^0.6`	`0.14.3`	out of date
gl	`^0.14`	`0.14.0`	up to date
sdl2	`^0.33`	`0.38.0`	out of date
sdl2-sys	`^0.33`	`0.38.0`	out of date

Crate `canvas_webgl_minimal`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
wasm-bindgen	`^0.2`	`0.2.105`	up to date
web-sys	`^0.3`	`0.3.82`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
wasm-bindgen-test	`^0.3`	`0.3.55`	up to date

Crate `lottie_basic`

No external dependencies! 🙌

Crate `swf_basic`

Dependencies

(5 total, 4 outdated)

Crate	Required	Latest	Status
gl	`^0.14`	`0.14.0`	up to date
sdl2	`^0.33`	`0.38.0`	out of date
sdl2-sys	`^0.33`	`0.38.0`	out of date
swf-parser	`^0.10`	`0.14.0`	out of date
swf-types	`^0.10`	`0.14.0`	out of date

Crate `pathfinder_geometry`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
log	`^0.4`	`0.4.28`	up to date

Crate `pathfinder_gl`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
gl	`^0.14`	`0.14.0`	up to date
half	`^1.5`	`2.7.1`	out of date
log	`^0.4`	`0.4.28`	up to date

Crate `pathfinder_gpu`

Dependencies

(6 total, 2 outdated)

Crate	Required	Latest	Status
bitflags	`^1.0`	`2.10.0`	out of date
fxhash	`^0.2`	`0.2.1`	up to date
half	`^1.5`	`2.7.1`	out of date
log	`^0.4`	`0.4.28`	up to date
image	`^0.25`	`0.25.8`	up to date
instant	`^0.1`	`0.1.13`	up to date

Crate `pathfinder_lottie`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
serde_json	`^1.0`	`1.0.145`	up to date
serde	`^1.0`	`1.0.228`	up to date

Crate `pathfinder_export`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
deflate	`*`	`1.0.0`	up to date

Crate `pathfinder_metal`

Dependencies

(12 total, 7 outdated)

Crate	Required	Latest	Status
bitflags	`^1.0`	`2.10.0`	out of date
byteorder	`^1.3`	`1.5.0`	up to date
block	`^0.1`	`0.1.6`	up to date
cocoa	`^0.19`	`0.26.1`	out of date
core-foundation	`^0.6`	`0.10.1`	out of date
dispatch	`^0.2`	`0.2.0`	up to date
foreign-types	`^0.3`	`0.5.0`	out of date
half	`^1.5`	`2.7.1`	out of date
io-surface	`^0.12`	`0.16.1`	out of date
libc	`^0.2`	`0.2.177`	up to date
metal	`^0.18`	`0.32.0`	out of date
objc	`^0.2`	`0.2.7`	up to date

Crate `pathfinder_renderer`

Dependencies

(14 total, 5 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
bitflags	`^1.0`	`2.10.0`	out of date
byte-slice-cast	`^0.3`	`1.2.3`	out of date
byteorder	`^1.2`	`1.5.0`	up to date
crossbeam-channel	`^0.4`	`0.5.15`	out of date
fxhash	`^0.2`	`0.2.1`	up to date
half	`^1.5`	`2.7.1`	out of date
hashbrown	`^0.7`	`0.16.0`	out of date
log	`^0.4`	`0.4.28`	up to date
rayon	`^1.0`	`1.11.0`	up to date
serde	`^1.0`	`1.0.228`	up to date
serde_json	`^1.0`	`1.0.145`	up to date
smallvec ⚠️	`^1.2`	`1.15.1`	maybe insecure
vec_map	`^0.8`	`0.8.2`	up to date
instant	`^0.1`	`0.1.13`	up to date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
quickcheck	`^0.9`	`1.0.3`	out of date

Crate `pathfinder_resources`

No external dependencies! 🙌

Crate `pathfinder_simd`

Build dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
rustc_version	`^0.4`	`0.4.1`	up to date

Crate `pathfinder_svg`

Dependencies

(3 total, 3 outdated)

Crate	Required	Latest	Status
bitflags	`^1.0`	`2.10.0`	out of date
hashbrown	`^0.7`	`0.16.0`	out of date
usvg	`^0.9`	`0.45.1`	out of date

Crate `pathfinder_swf`

Dependencies

(2 total, 2 outdated)

Crate	Required	Latest	Status
swf-parser	`^0.10`	`0.14.0`	out of date
swf-types	`^0.10`	`0.14.0`	out of date

Crate `pathfinder_text`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
font-kit	`^0.6`	`0.14.3`	out of date
skribo	`^0.1`	`0.1.0`	up to date

Crate `pathfinder_ui`

Dependencies

(4 total, 1 outdated)

Crate	Required	Latest	Status
serde	`^1.0`	`1.0.228`	up to date
serde_derive	`^1.0`	`1.0.228`	up to date
serde_json	`^1.0`	`1.0.145`	up to date
hashbrown	`^0.7`	`0.16.0`	out of date

Crate `area-lut`

Dependencies

(3 total, 2 outdated)

Crate	Required	Latest	Status
clap	`^2.30`	`4.5.51`	out of date
euclid	`^0.20`	`0.22.11`	out of date
image	`^0.25`	`0.25.8`	up to date

Crate `generate-gamma-lut`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
clap	`^2.27`	`4.5.51`	out of date
log	`^0.4`	`0.4.28`	up to date
image	`^0.25`	`0.25.8`	up to date

Crate `svg-to-skia`

Dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
usvg	`^0.9`	`0.45.1`	out of date

Crate `convert`

Dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
usvg	`^0.9`	`0.45.1`	out of date

Crate `pathfinder_web_canvas`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
css-color-parser	`^0.1`	`0.1.2`	up to date
wasm-bindgen	`^0.2`	`0.2.105`	up to date
web-sys	`^0.3`	`0.3.82`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
wasm-bindgen-test	`^0.3`	`0.3.55`	up to date

Crate `pathfinder_webgl`

Dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
wasm-bindgen	`*`	`0.2.105`	up to date
log	`^0.4.8`	`0.4.28`	up to date
image	`^0.25`	`0.25.8`	up to date
web-sys	`^0.3.4`	`0.3.82`	up to date
js-sys	`^0.3.37`	`0.3.82`	up to date

Security Vulnerabilities

`smallvec`: Buffer overflow in SmallVec::insert_many

RUSTSEC-2021-0003

A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.

This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.

The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.

Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.

servo / pathfinder

Crate pathfinder_c

Dependencies

Crate pathfinder_canvas

Dependencies

Crate pathfinder_color

Crate pathfinder_content

Dependencies

Dev dependencies

Crate pathfinder_android_demo

Dependencies

Crate pathfinder_demo

Dependencies

Crate demo

Dependencies

Crate canvas_glutin_minimal

Dependencies

Crate canvas_metal_minimal

Dependencies

Crate canvas_minimal

Dependencies

Crate canvas_moire

Dependencies

Crate canvas_nanovg

Dependencies

Crate canvas_text

Dependencies

Crate canvas_webgl_minimal

Dependencies

Dev dependencies

Crate lottie_basic

Crate swf_basic

Dependencies

Crate pathfinder_geometry

Dependencies

Crate pathfinder_gl

Dependencies

Crate pathfinder_gpu

Dependencies

Crate pathfinder_lottie

Dependencies

Crate pathfinder_export

Dependencies

Crate pathfinder_metal

Dependencies

Crate pathfinder_renderer

Dependencies

Dev dependencies

Crate pathfinder_resources

Crate pathfinder_simd

Build dependencies

Crate pathfinder_svg

Dependencies

Crate pathfinder_swf

Dependencies

Crate pathfinder_text

Dependencies

Crate pathfinder_ui

Dependencies

Crate area-lut

Dependencies

Crate generate-gamma-lut

Dependencies

Crate svg-to-skia

Dependencies

Crate convert

Dependencies

Crate pathfinder_web_canvas

Dependencies

Dev dependencies

Crate pathfinder_webgl

Dependencies

Security Vulnerabilities

smallvec: Buffer overflow in SmallVec::insert_many

Crate `pathfinder_c`

Crate `pathfinder_canvas`

Crate `pathfinder_color`

Crate `pathfinder_content`

Crate `pathfinder_android_demo`

Crate `pathfinder_demo`

Crate `demo`

Crate `canvas_glutin_minimal`

Crate `canvas_metal_minimal`

Crate `canvas_minimal`

Crate `canvas_moire`

Crate `canvas_nanovg`

Crate `canvas_text`

Crate `canvas_webgl_minimal`

Crate `lottie_basic`

Crate `swf_basic`

Crate `pathfinder_geometry`

Crate `pathfinder_gl`

Crate `pathfinder_gpu`

Crate `pathfinder_lottie`

Crate `pathfinder_export`

Crate `pathfinder_metal`

Crate `pathfinder_renderer`

Crate `pathfinder_resources`

Crate `pathfinder_simd`

Crate `pathfinder_svg`

Crate `pathfinder_swf`

Crate `pathfinder_text`

Crate `pathfinder_ui`

Crate `area-lut`

Crate `generate-gamma-lut`

Crate `svg-to-skia`

Crate `convert`

Crate `pathfinder_web_canvas`

Crate `pathfinder_webgl`

`smallvec`: Buffer overflow in SmallVec::insert_many