Deps.rs

shotover / shotover-proxy

[![dependency status](https://deps.rs/repo/github/shotover/shotover-proxy/status.svg)](https://deps.rs/repo/github/shotover/shotover-proxy)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate shotover

Dependencies

(38 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 atomic_enum^0.3.00.3.0up to date
 axum^0.70.7.7up to date
 pretty-hex^0.4.00.4.1up to date
 tokio-stream^0.1.20.1.16up to date
 derivative^2.1.12.2.0up to date
 cached^0.530.54.0out of date
 governor^0.70.7.0up to date
 nonzero_ext^0.3.00.3.0up to date
 version-compare^0.20.2.0up to date
 lz4_flex^0.11.00.11.3up to date
 tokio^1.25.01.41.1up to date
 tokio-tungstenite^0.24.00.24.0up to date
 thiserror^1.02.0.3out of date
 backtrace^0.3.660.3.74up to date
 backtrace-ext^0.20.2.1up to date
 cql3-parser^0.4.00.4.2up to date
 num-bigint^0.4.00.4.6up to date
 bigdecimal^0.4.00.4.6up to date
 base64^0.22.00.22.1up to date
 httparse^1.8.01.9.5up to date
 http^1.0.01.1.0up to date
 metrics^0.24.00.24.0up to date
 metrics-exporter-prometheus^0.16.00.16.0up to date
 crc16^0.4.00.4.0up to date
 aws-config^1.0.01.5.10up to date
 aws-sdk-kms^1.1.01.50.0up to date
 chacha20poly1305^0.10.00.10.1up to date
 generic-array^0.141.1.0out of date
 kafka-protocol^0.13.00.13.0up to date
 rustls ⚠️^0.23.00.23.16maybe insecure
 tokio-rustls^0.260.26.0up to date
 rustls-pemfile^2.0.02.2.0up to date
 rustls-pki-types^1.0.11.10.0up to date
 xxhash-rust^0.8.60.8.12up to date
 dashmap^6.0.06.1.0up to date
 atoi^2.0.02.0.0up to date
 fnv^1.0.71.0.7up to date
 sasl^0.5.10.5.2up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 codspeed-criterion-compat^2.6.02.7.2up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cc^1.01.2.0up to date

Crate shotover-proxy

Dev dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 prometheus-parse^0.2.40.2.5up to date
 rstest^0.22.00.23.0out of date
 rstest_reuse^0.7.00.7.0up to date
 fred^9.0.39.4.0up to date
 rustls-pemfile^2.0.02.2.0up to date
 rustls-pki-types^1.1.01.10.0up to date
 windsock^0.2.00.2.0up to date
 regex^1.7.01.11.1up to date
 opensearch^2.1.02.3.0up to date
 serde_json^1.0.1031.0.132up to date
 time^0.3.250.3.36up to date

Crate test-helpers

Dependencies

(11 total, 1 possibly insecure)

CrateRequiredLatestStatus
 cassandra-cpp^3.0.03.0.2up to date
 tokio-io-timeout^1.1.11.2.0up to date
 rdkafka^0.360.36.2up to date
 docker-compose-runner^0.3.00.3.1up to date
 j4rs^0.21.00.21.0up to date
 futures-util^0.3.280.3.31up to date
 http^1.1.01.1.0up to date
 rustls ⚠️^0.23.20.23.16maybe insecure
 rustls-pki-types^1.0.11.10.0up to date
 rustls-pemfile^2.0.02.2.0up to date
 tokio-tungstenite^0.240.24.0up to date

Crate custom-transforms-example

No external dependencies! 🙌

Crate ec2-cargo

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 shellfish^0.10.00.10.1up to date
 cargo_metadata^0.18.00.18.1up to date

Crate windsock-cloud-docker

No external dependencies! 🙌

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.