This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate tauri

Dependencies

(35 total, 1 outdated, 1 insecure)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date
 tokio^1.71.9.0up to date
 futures^0.30.3.16up to date
 uuid^0.80.8.2up to date
 url^2.22.2.2up to date
 thiserror^1.01.0.26up to date
 once_cell^1.81.8.0up to date
 rand^0.80.8.4up to date
 tempfile^33.2.0up to date
 semver^1.01.0.4up to date
 serde_repr^0.10.1.7up to date
 zip^0.50.5.13up to date
 ignore^0.40.4.18up to date
 either^1.61.6.1up to date
 tar^0.40.4.35insecure
 flate2^1.01.0.20up to date
 http^0.20.2.4up to date
 state^0.50.5.2up to date
 bincode^1.31.3.3up to date
 dirs-next^2.02.0.0up to date
 percent-encoding^2.12.1.0up to date
 base64^0.130.13.0up to date
 clap=3.0.0-beta.22.33.3up to date
 notify-rust^4.54.5.2up to date
 reqwest^0.110.11.4up to date
 bytes^11.0.1up to date
 attohttpc^0.170.17.0up to date
 open^1.72.0.0out of date
 shared_child^0.30.3.5up to date
 os_pipe^0.90.9.2up to date
 rfd^0.40.4.0up to date
 raw-window-handle^0.3.30.3.3up to date
 minisign-verify^0.10.1.8up to date
 os_info^3.0.63.0.6up to date

Dev dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 proptest^1.0.01.0.0up to date
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date
 quickcheck^1.0.31.0.3up to date
 quickcheck_macros^1.0.01.0.0up to date
 tokio-test^0.4.20.4.2up to date
 mockito^0.300.30.0up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cfg_aliases^0.1.10.1.1up to date

Crate tauri-runtime

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.127up to date
 serde_json^1.01.0.66up to date
 thiserror^1.01.0.26up to date
 uuid^0.8.20.8.2up to date

Crate tauri-runtime-wry

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 uuid^0.8.20.8.2up to date
 infer^0.40.5.0out of date

Crate tauri-macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^11.0.28up to date
 quote^11.0.9up to date
 syn^11.0.74up to date

Crate tauri-utils

Dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.127up to date
 serde_json^1.01.0.66up to date
 thiserror^1.0.261.0.26up to date
 phf^0.90.9.0up to date
 zstd^0.90.9.0+zstd.1.5.0up to date
 url^2.22.2.2up to date
 kuchiki^0.80.8.1up to date
 html5ever^0.250.25.1up to date
 proc-macro2^1.01.0.28up to date
 quote^1.01.0.9up to date

Crate tauri-build

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^11.0.42up to date
 proc-macro2^11.0.28up to date
 quote^11.0.9up to date

Crate tauri-codegen

Dependencies

(10 total, 1 outdated)

CrateRequiredLatestStatus
 blake3^0.31.0.0out of date
 proc-macro2^11.0.28up to date
 quote^11.0.9up to date
 serde^11.0.127up to date
 serde_json^11.0.66up to date
 thiserror^11.0.26up to date
 walkdir^22.3.2up to date
 zstd^0.90.9.0+zstd.1.5.0up to date
 kuchiki^0.80.8.1up to date
 regex^11.5.4up to date

Crate api

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate commands

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate helloworld

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate multiwindow

No external dependencies! 🙌

Crate navigation

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate splashscreen

No external dependencies! 🙌

Crate state

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate sidecar

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate resources

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Crate updater-example

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 serde_json^1.01.0.66up to date
 serde^1.01.0.127up to date

Security Vulnerabilities

tar: Links in archives can overwrite any existing file

RUSTSEC-2018-0002

When unpacking a tarball with the unpack_in-family of functions it's intended that only files within the specified directory are able to be written. Tarballs with hard links or symlinks, however, can be used to overwrite any file on the filesystem.

Tarballs can contain multiple entries for the same file. A tarball which first contains an entry for a hard link or symlink pointing to any file on the filesystem will have the link created, and then afterwards if the same file is listed in the tarball the hard link will be rewritten and any file can be rewritten on the filesystem.

This has been fixed in https://github.com/alexcrichton/tar-rs/pull/156 and is published as tar 0.4.16. Thanks to Max Justicz for discovering this and emailing about the issue!