This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
bat(29 total, 2 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| nu-ansi-term | ^0.49.0 | 0.49.0 | up to date |
| ansi_colours | ^1.2 | 1.2.2 | up to date |
| bincode | ^1.0 | 1.3.3 | up to date |
| console | ^0.15.5 | 0.15.7 | up to date |
| flate2 | ^1.0 | 1.0.27 | up to date |
| once_cell | ^1.17 | 1.18.0 | up to date |
| thiserror | ^1.0 | 1.0.49 | up to date |
| wild | ^2.1 | 2.2.0 | up to date |
| content_inspector | ^0.2.4 | 0.2.4 | up to date |
| shell-words | ^1.1.0 | 1.1.0 | up to date |
| unicode-width | ^0.1.10 | 0.1.11 | up to date |
| globset | ^0.4 | 0.4.13 | up to date |
| serde | ^1.0 | 1.0.188 | up to date |
| serde_yaml ⚠️ | ^0.8 | 0.9.25 | out of date |
| semver | ^1.0 | 1.0.19 | up to date |
| path_abs | ^0.5 | 0.5.1 | up to date |
| clircle | ^0.4 | 0.4.0 | up to date |
| bugreport | ^0.5.0 | 0.5.0 | up to date |
| etcetera | ^0.8.0 | 0.8.0 | up to date |
| grep-cli | ^0.1.9 | 0.1.9 | up to date |
| regex | ^1.8.3 | 1.9.5 | up to date |
| walkdir | ^2.3 | 2.4.0 | up to date |
| bytesize | ^1.2.0 | 1.3.0 | up to date |
| encoding_rs | ^0.8.32 | 0.8.33 | up to date |
| os_str_bytes | ~6.4 | 6.5.1 | out of date |
| run_script | ^0.10.0 | 0.10.1 | up to date |
| git2 | ^0.18 | 0.18.1 | up to date |
| syntect | ^5.0.0 | 5.1.0 | up to date |
| clap | ^4.4.2 | 4.4.5 | up to date |
(6 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| assert_cmd | ^2.0.10 | 2.0.12 | up to date |
| expect-test | ^1.4.1 | 1.4.1 | up to date |
| serial_test | ^2.0.0 | 2.0.0 | up to date |
| predicates | ^3.0.3 | 3.0.4 | up to date |
| wait-timeout | ^0.2.0 | 0.2.0 | up to date |
| tempfile | ^3.8.0 | 3.8.0 | up to date |
(1 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| clap | ^4.4.2 | 4.4.5 | up to date |
serde_yaml: Uncontrolled recursion leads to abort in deserializationAffected versions of this crate did not properly check for recursion while deserializing aliases.
This allows an attacker to make a YAML file with an alias referring to itself causing an abort.
The flaw was corrected by checking the recursion depth.