This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate smoldot

Dependencies

(48 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arrayvec^0.7.60.7.6up to date
 async-lock^3.0.03.4.0up to date
 atomic-take^1.1.01.1.0up to date
 base64^0.22.00.22.1up to date
 bip39^2.0.02.1.0up to date
 blake2-rfc^0.2.180.2.18up to date
 bs58^0.5.10.5.1up to date
 chacha20^0.9.10.9.1up to date
 crossbeam-queue^0.3.110.3.12up to date
 derive_more^2.02.0.1up to date
 ed25519-zebra^4.0.14.0.3up to date
 either^1.9.01.15.0up to date
 event-listener^5.3.05.4.0up to date
 fnv^1.0.71.0.7up to date
 futures-lite^2.3.02.6.0up to date
 hashbrown ⚠️^0.15.00.15.2maybe insecure
 hex^0.4.30.4.3up to date
 hmac^0.12.10.12.1up to date
 itertools^0.14.00.14.0up to date
 libm^0.2.80.2.11up to date
 libsecp256k1^0.7.10.7.1up to date
 merlin^3.03.0.0up to date
 nom^8.0.08.0.0up to date
 num-bigint^0.4.30.4.6up to date
 num-rational^0.4.10.4.2up to date
 num-traits^0.2.190.2.19up to date
 pbkdf2^0.12.10.12.2up to date
 poly1305^0.8.00.8.0up to date
 rand^0.8.50.9.0out of date
 rand_chacha^0.3.10.9.0out of date
 ruzstd^0.8.00.8.0up to date
 schnorrkel^0.11.20.11.4up to date
 serde^1.0.1831.0.219up to date
 serde_json^1.0.1041.0.140up to date
 sha2^0.10.70.10.8up to date
 sha3^0.10.80.10.8up to date
 siphasher^1.0.11.0.1up to date
 slab^0.4.80.4.9up to date
 smallvec^1.13.21.14.0up to date
 twox-hash^2.0.02.1.0up to date
 wasmi^0.40.00.42.0out of date
 x25519-dalek^2.0.0-rc.32.0.1up to date
 zeroize^1.7.01.8.1up to date
 rusqlite^0.32.10.34.0out of date
 futures-util^0.3.270.3.31up to date
 parking_lot^0.12.10.12.3up to date
 pin-project^1.1.51.1.10up to date
 soketto^0.8.00.8.1up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date
 futures-executor^0.3.280.3.31up to date
 rand^0.8.50.9.0out of date
 tempfile^3.10.03.19.0up to date
 wat^1.216.01.227.1up to date

Crate smoldot-full-node

Dependencies

(25 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-channel^2.3.02.3.1up to date
 blake2-rfc^0.2.180.2.18up to date
 clap^4.5.204.5.32up to date
 ctrlc^3.4.03.4.5up to date
 derive_more^2.02.0.1up to date
 directories^5.0.16.0.0out of date
 either^1.9.01.15.0up to date
 event-listener^5.3.05.4.0up to date
 fnv^1.0.71.0.7up to date
 futures-channel^0.3.310.3.31up to date
 futures-lite^2.3.02.6.0up to date
 futures-util^0.3.270.3.31up to date
 hashbrown ⚠️^0.15.00.15.2maybe insecure
 hex^0.4.30.4.3up to date
 humantime^2.1.02.2.0up to date
 lru^0.12.00.13.0out of date
 mick-jaeger^0.1.80.1.8up to date
 rand^0.8.50.9.0out of date
 serde^1.0.1831.0.219up to date
 serde_json^1.0.1041.0.140up to date
 siphasher^1.0.11.0.1up to date
 soketto^0.8.00.8.1up to date
 smol^2.0.02.0.2up to date
 terminal_size^0.4.00.4.2up to date
 zeroize^1.7.01.8.1up to date

Crate smoldot-light

Dependencies

(27 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-channel^2.3.02.3.1up to date
 async-lock^3.0.03.4.0up to date
 base64^0.22.00.22.1up to date
 blake2-rfc^0.2.180.2.18up to date
 bs58^0.5.10.5.1up to date
 derive_more^2.02.0.1up to date
 either^1.9.01.15.0up to date
 event-listener^5.3.05.4.0up to date
 fnv^1.0.71.0.7up to date
 futures-channel^0.3.310.3.31up to date
 futures-lite^2.3.02.6.0up to date
 futures-util^0.3.270.3.31up to date
 hashbrown ⚠️^0.15.00.15.2maybe insecure
 hex^0.4.30.4.3up to date
 itertools^0.14.00.14.0up to date
 lru^0.12.00.13.0out of date
 pin-project^1.1.51.1.10up to date
 rand^0.8.50.9.0out of date
 rand_chacha^0.3.10.9.0out of date
 serde^1.0.1831.0.219up to date
 serde_json^1.0.1041.0.140up to date
 siphasher^1.0.11.0.1up to date
 slab^0.4.80.4.9up to date
 zeroize^1.7.01.8.1up to date
 parking_lot^0.12.10.12.3up to date
 log^0.4.180.4.26up to date
 smol^2.0.02.0.2up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 env_logger^0.11.40.11.7up to date

Crate smoldot-light-wasm

Dependencies

(13 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-lock^3.0.03.4.0up to date
 async-task^4.4.04.7.1up to date
 crossbeam-queue^0.3.110.3.12up to date
 derive_more^2.02.0.1up to date
 dlmalloc^0.2.50.2.8up to date
 event-listener^5.3.05.4.0up to date
 fnv^1.0.71.0.7up to date
 futures-lite^2.3.02.6.0up to date
 futures-util^0.3.270.3.31up to date
 hashbrown ⚠️^0.15.00.15.2maybe insecure
 nom^8.0.08.0.0up to date
 pin-project^1.1.51.1.10up to date
 slab^0.4.80.4.9up to date

Security Vulnerabilities

hashbrown: Borsh serialization of HashMap is non-canonical

RUSTSEC-2024-0402

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be considered distinct.

This was patched in 0.15.1.