Deps.rs

shotover / shotover-proxy

[![dependency status](https://deps.rs/repo/github/shotover/shotover-proxy/status.svg)](https://deps.rs/repo/github/shotover/shotover-proxy)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate shotover

Dependencies

(38 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 atomic_enum^0.3.00.3.0up to date
 axum^0.70.7.5up to date
 pretty-hex^0.4.00.4.1up to date
 tokio-stream^0.1.20.1.15up to date
 derivative^2.1.12.2.0up to date
 cached^0.490.49.3up to date
 governor^0.60.6.3up to date
 nonzero_ext^0.3.00.3.0up to date
 version-compare^0.20.2.0up to date
 lz4_flex^0.11.00.11.3up to date
 tokio-tungstenite^0.21.00.21.0up to date
 thiserror^1.01.0.59up to date
 backtrace^0.3.660.3.71up to date
 backtrace-ext^0.20.2.1up to date
 cql3-parser^0.4.00.4.0up to date
 num^0.4.00.4.2up to date
 bigdecimal^0.4.00.4.3up to date
 base64^0.22.00.22.0up to date
 httparse^1.8.01.8.0up to date
 http^1.0.01.1.0up to date
 metrics^0.22.00.22.3up to date
 metrics-exporter-prometheus^0.14.00.14.0up to date
 halfbrown^0.2.10.2.5up to date
 crc16^0.4.00.4.0up to date
 aws-config^1.0.01.2.1up to date
 aws-sdk-kms^1.1.01.22.0up to date
 chacha20poly1305^0.10.00.10.1up to date
 generic-array^0.141.0.0out of date
 kafka-protocol^0.10.00.10.0up to date
 rustls ⚠️^0.23.00.23.5maybe insecure
 tokio-rustls^0.260.26.0up to date
 rustls-pemfile^2.0.02.1.2up to date
 rustls-pki-types^1.0.11.5.0up to date
 string^0.3.00.3.0up to date
 xxhash-rust^0.8.60.8.10up to date
 dashmap^5.4.05.5.3up to date
 atoi^2.0.02.0.0up to date
 fnv^1.0.71.0.7up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.00.5.1up to date

Crate shotover-proxy

Dev dependencies

(12 total, 2 outdated)

CrateRequiredLatestStatus
 prometheus-parse^0.2.40.2.5up to date
 rstest^0.18.00.19.0out of date
 rstest_reuse^0.6.00.6.0up to date
 cassandra-cpp^3.0.03.0.1up to date
 fred^8.0.09.0.1out of date
 rustls-pemfile^2.0.02.1.2up to date
 rustls-pki-types^1.1.01.5.0up to date
 windsock^0.1.00.1.1up to date
 regex^1.7.01.10.4up to date
 opensearch^2.1.02.2.0up to date
 serde_json^1.0.1031.0.116up to date
 time^0.3.250.3.36up to date

Crate test-helpers

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 cassandra-cpp^3.0.03.0.1up to date
 tokio-io-timeout^1.1.11.2.0up to date
 rdkafka^0.360.36.2up to date
 docker-compose-runner^0.3.00.3.1up to date
 j4rs^0.18.00.18.0up to date

Crate custom-transforms-example

No external dependencies! 🙌

Crate ec2-cargo

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 shellfish^0.9.00.9.0up to date
 cargo_metadata^0.18.00.18.1up to date

Crate windsock-cloud-docker

No external dependencies! 🙌

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.