This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate bat

Dependencies

(29 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 nu-ansi-term^0.49.00.49.0up to date
 ansi_colours^1.21.2.2up to date
 bincode^1.01.3.3up to date
 console^0.15.50.15.7up to date
 flate2^1.01.0.27up to date
 once_cell^1.171.18.0up to date
 thiserror^1.01.0.49up to date
 wild^2.12.2.0up to date
 content_inspector^0.2.40.2.4up to date
 shell-words^1.1.01.1.0up to date
 unicode-width^0.1.100.1.11up to date
 globset^0.40.4.13up to date
 serde^1.01.0.188up to date
 serde_yaml ⚠️^0.80.9.25out of date
 semver^1.01.0.19up to date
 path_abs^0.50.5.1up to date
 clircle^0.40.4.0up to date
 bugreport^0.5.00.5.0up to date
 etcetera^0.8.00.8.0up to date
 grep-cli^0.1.90.1.9up to date
 regex^1.8.31.9.5up to date
 walkdir^2.32.4.0up to date
 bytesize^1.2.01.3.0up to date
 encoding_rs^0.8.320.8.33up to date
 os_str_bytes~6.46.5.1out of date
 run_script^0.10.00.10.1up to date
 git2^0.180.18.1up to date
 syntect^5.0.05.1.0up to date
 clap^4.4.24.4.5up to date

Dev dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 assert_cmd^2.0.102.0.12up to date
 expect-test^1.4.11.4.1up to date
 serial_test^2.0.02.0.0up to date
 predicates^3.0.33.0.4up to date
 wait-timeout^0.2.00.2.0up to date
 tempfile^3.8.03.8.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 clap^4.4.24.4.5up to date

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization

RUSTSEC-2018-0005

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.