Deps.rs

tauri-apps / tauri

[![dependency status](https://deps.rs/repo/github/tauri-apps/tauri/status.svg)](https://deps.rs/repo/github/tauri-apps/tauri)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate tauri

Dependencies

(31 total, 1 insecure)

CrateRequiredLatestStatus
 serde_json^1.01.0.64up to date
 serde^1.01.0.125up to date
 base64^0.13.00.13.0up to date
 tokio^1.51.5.0up to date
 futures^0.30.3.14up to date
 uuid^0.8.20.8.2up to date
 thiserror^1.0.241.0.24up to date
 once_cell^1.7.21.7.2up to date
 wry^0.80.8.0up to date
 rand^0.80.8.3up to date
 reqwest^0.110.11.3up to date
 tempfile^33.2.0up to date
 semver^0.110.11.0up to date
 serde_repr^0.10.1.6up to date
 dirs-next^2.0.02.0.0up to date
 zip^0.5.120.5.12up to date
 ignore^0.4.170.4.17up to date
 either^1.6.11.6.1up to date
 tar^0.40.4.33insecure
 flate2^1.01.0.20up to date
 rfd^0.3.00.3.0up to date
 tinyfiledialogs^3.33.3.10up to date
 bytes^11.0.1up to date
 http^0.20.2.4up to date
 clap=3.0.0-beta.22.33.3up to date
 notify-rust^4.3.04.3.0up to date
 tauri-hotkey^0.1.10.1.1up to date
 open^1.7.01.7.0up to date
 shared_child^0.30.3.5up to date
 os_pipe^0.90.9.2up to date
 minisign-verify^0.1.80.1.8up to date

Dev dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 proptest^1.0.01.0.0up to date
 serde_json^1.01.0.64up to date
 serde^1.01.0.125up to date
 quickcheck^1.0.31.0.3up to date
 quickcheck_macros^1.0.01.0.0up to date
 tokio-test^0.4.10.4.1up to date
 mockito^0.300.30.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cfg_aliases^0.1.10.1.1up to date

Crate tauri-macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^11.0.26up to date
 quote^11.0.9up to date
 syn^11.0.70up to date

Crate tauri-utils

Dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.125up to date
 serde_json^1.01.0.64up to date
 sysinfo^0.100.17.2out of date
 thiserror^1.0.191.0.24up to date
 phf^0.80.8.0up to date
 zstd^0.70.7.0+zstd.1.4.9up to date
 url^2.22.2.1up to date
 proc-macro2^1.01.0.26up to date
 quote^1.01.0.9up to date

Crate tauri-build

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^11.0.40up to date
 proc-macro2^11.0.26up to date
 quote^11.0.9up to date

Crate tauri-codegen

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 blake3^0.30.3.7up to date
 proc-macro2^11.0.26up to date
 quote^11.0.9up to date
 serde^11.0.125up to date
 serde_json^11.0.64up to date
 thiserror^11.0.24up to date
 walkdir^22.3.2up to date
 zstd^0.70.7.0+zstd.1.4.9up to date

Crate api

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.64up to date
 serde^1.01.0.125up to date

Crate helloworld

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.64up to date
 serde^1.01.0.125up to date

Crate multiwindow

No external dependencies! 🙌

Crate updater-example

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.64up to date
 serde^1.01.0.125up to date

Security Vulnerabilities

tar: Links in archives can overwrite any existing file

RUSTSEC-2018-0002

When unpacking a tarball with the unpack_in-family of functions it's intended that only files within the specified directory are able to be written. Tarballs with hard links or symlinks, however, can be used to overwrite any file on the filesystem.

Tarballs can contain multiple entries for the same file. A tarball which first contains an entry for a hard link or symlink pointing to any file on the filesystem will have the link created, and then afterwards if the same file is listed in the tarball the hard link will be rewritten and any file can be rewritten on the filesystem.

This has been fixed in https://github.com/alexcrichton/tar-rs/pull/156 and is published as tar 0.4.16. Thanks to Max Justicz for discovering this and emailing about the issue!