This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate servoshell

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 vergen^8.3.18.3.1up to date

Crate simpleservo_jniapi

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 android_logger^0.130.13.3up to date
 jni^0.18.00.21.1out of date
 libloading^0.80.8.3up to date

Build dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 cc^1.01.0.90up to date
 gl_generator^0.140.14.0up to date
 vergen^8.0.08.3.1up to date

Crate crown

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 compiletest_rs^0.100.10.2up to date
 once_cell^11.19.0up to date

Crate servo_allocator

No external dependencies! 🙌

Crate libservo

No external dependencies! 🙌

Crate background_hang_monitor

No external dependencies! 🙌

Crate bluetooth

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 blurmock^0.1.20.1.3up to date

Crate canvas

Dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 font-kit^0.110.13.0out of date
 half^22.4.0up to date
 lyon_geom^1.0.41.0.5up to date
 pathfinder_geometry^0.50.5.1up to date
 raqote^0.8.20.8.3up to date

Crate compositing

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 toml^0.50.8.12out of date

Crate constellation

No external dependencies! 🙌

Crate devtools

Dependencies

(1 total, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.37maybe insecure

Crate gfx

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 harfbuzz-sys^0.50.5.0up to date
 ucd^0.1.10.1.1up to date

Crate layout_thread_2013

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 histogram^0.6.80.9.1out of date

Crate layout_thread_2020

No external dependencies! 🙌

Crate media

No external dependencies! 🙌

Crate net

Dependencies

(10 total, 4 outdated)

CrateRequiredLatestStatus
 async-recursion^0.3.21.1.0out of date
 brotli^33.5.0up to date
 bytes^11.6.0up to date
 cookie^0.120.18.1out of date
 flate2^11.0.28up to date
 futures^0.30.3.30up to date
 generic-array^0.141.0.0out of date
 libflate^0.12.0.0out of date
 sha2^0.100.10.8up to date
 tokio-stream^0.10.1.15up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 futures^0.30.3.30up to date
 tokio-test^0.40.4.4up to date
 tokio-stream^0.10.1.15up to date

Crate profile

No external dependencies! 🙌

Crate script

Dependencies

(8 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 chrono ⚠️^0.40.4.37maybe insecure
 enum-iterator^0.32.0.0out of date
 phf^0.100.11.2out of date
 ref_filter_map^1.0.11.0.1up to date
 swapper^0.10.1.0up to date
 tempfile^33.10.1up to date
 tendril^0.4.10.4.3up to date
 utf-8^0.70.7.6up to date

Build dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 phf_codegen^0.110.11.2up to date
 phf_shared^0.110.11.2up to date

Crate servo_config

No external dependencies! 🙌

Crate servo_geometry

No external dependencies! 🙌

Crate servo_url

No external dependencies! 🙌

Crate webdriver_server

No external dependencies! 🙌

Crate webgpu

No external dependencies! 🙌

Crate servo_rand

No external dependencies! 🙌

Crate pixels

No external dependencies! 🙌

Crate metrics

No external dependencies! 🙌

Crate range

No external dependencies! 🙌

Crate layout_2013

No external dependencies! 🙌

Crate layout_2020

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 quickcheck^11.0.3up to date

Crate deny_public_fields

No external dependencies! 🙌

Crate dom_struct

No external dependencies! 🙌

Crate domobject_derive

No external dependencies! 🙌

Crate jstraceable_derive

No external dependencies! 🙌

Crate servo_config_plugins

No external dependencies! 🙌

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References