tikv / grpc-rs

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `grpcio`

Dependencies

(8 total, 1 possibly insecure)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.171`	up to date
futures-executor	`^0.3`	`0.3.31`	up to date
futures-util	`^0.3`	`0.3.31`	up to date
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure
prost	`^0.13`	`0.13.5`	up to date
bytes	`^1.0`	`1.10.1`	up to date
log	`^0.4`	`0.4.27`	up to date
parking_lot	`^0.12`	`0.12.3`	up to date

Crate `grpcio-sys`

Dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.171`	up to date
openssl-sys	`^0.9`	`0.9.106`	up to date
libz-sys	`^1.1.3`	`1.1.22`	up to date

Build dependencies

(6 total, 1 outdated)

Crate	Required	Latest	Status
cc	`^1.0`	`1.2.17`	up to date
cmake	`^0.1`	`0.1.54`	up to date
pkg-config	`^0.3`	`0.3.32`	up to date
walkdir	`^2.2.9`	`2.5.0`	up to date
bindgen	`^0.69.0`	`0.71.1`	out of date
boringssl-src	`^0.6.0`	`0.6.0+e46383f`	up to date

Crate `grpcio-proto`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
bytes	`^1.0`	`1.10.1`	up to date
prost	`^0.13`	`0.13.5`	up to date
prost-derive	`^0.13`	`0.13.5`	up to date
prost-types	`^0.13`	`0.13.5`	up to date
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure
lazy_static	`^1.3`	`1.5.0`	up to date

Build dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
prost-build	`^0.13`	`0.13.5`	up to date
walkdir	`^2.2`	`2.5.0`	up to date

Crate `benchmark`

Dependencies

(16 total, 3 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
futures-channel	`^0.3`	`0.3.31`	up to date
futures-executor	`^0.3`	`0.3.31`	up to date
futures-util	`^0.3`	`0.3.31`	up to date
libc	`^0.2`	`0.2.171`	up to date
rand	`^0.8`	`0.9.0`	out of date
rand_distr	`^0.4`	`0.5.1`	out of date
rand_xorshift	`^0.3`	`0.4.0`	out of date
futures-timer	`^3.0`	`3.0.3`	up to date
clap	`^4.5`	`4.5.34`	up to date
log	`^0.4`	`0.4.27`	up to date
slog	`^2.0`	`2.7.0`	up to date
slog-async	`^2.1`	`2.8.0`	up to date
slog-stdlog	`^4.0`	`4.1.1`	up to date
slog-scope	`^4.0`	`4.4.0`	up to date
slog-term	`^2.2`	`2.9.1`	up to date
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure

Crate `grpcio-compiler`

Dependencies

(6 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
protobuf ⚠️	`^2`	`3.7.2`	out of date
prost	`^0.13`	`0.13.5`	up to date
prost-build	`^0.13`	`0.13.5`	up to date
prost-types	`^0.13`	`0.13.5`	up to date
derive-new	`^0.6`	`0.7.0`	out of date
tempfile	`^3.0`	`3.19.1`	up to date

Crate `grpcio-health`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
futures-executor	`^0.3`	`0.3.31`	up to date
futures-util	`^0.3`	`0.3.31`	up to date
prost	`^0.13`	`0.13.5`	up to date
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure
log	`^0.4`	`0.4.27`	up to date

Crate `interop`

Dependencies

(6 total, 1 possibly insecure)

Crate	Required	Latest	Status
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure
futures-executor	`^0.3`	`0.3.31`	up to date
futures-util	`^0.3`	`0.3.31`	up to date
log	`^0.4`	`0.4.27`	up to date
clap	`^4.5`	`4.5.34`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date

Crate `tests-and-examples`

Dependencies

(9 total, 1 possibly insecure)

Crate	Required	Latest	Status
libc	`^0.2`	`0.2.171`	up to date
futures-channel	`^0.3`	`0.3.31`	up to date
futures-executor	`^0.3`	`0.3.31`	up to date
futures-util	`^0.3`	`0.3.31`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date
protobuf ⚠️	`^3.2`	`3.7.2`	maybe insecure
prost	`^0.13`	`0.13.5`	up to date
bytes	`^1.0`	`1.10.1`	up to date
log	`^0.4`	`0.4.27`	up to date

Dev dependencies

(9 total, 1 outdated)

Crate	Required	Latest	Status
serde_json	`^1.0`	`1.0.140`	up to date
serde	`^1.0`	`1.0.219`	up to date
serde_derive	`^1.0`	`1.0.219`	up to date
rand	`^0.8`	`0.9.0`	out of date
slog	`^2.0`	`2.7.0`	up to date
slog-async	`^2.1`	`2.8.0`	up to date
slog-stdlog	`^4.0`	`4.1.1`	up to date
slog-scope	`^4.0`	`4.4.0`	up to date
slog-term	`^2.2`	`2.9.1`	up to date

Security Vulnerabilities

`protobuf`: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

tikv / grpc-rs

Crate grpcio

Dependencies

Crate grpcio-sys

Dependencies

Build dependencies

Crate grpcio-proto

Dependencies

Build dependencies

Crate benchmark

Dependencies

Crate grpcio-compiler

Dependencies

Crate grpcio-health

Dependencies

Crate interop

Dependencies

Crate tests-and-examples

Dependencies

Dev dependencies

Security Vulnerabilities

protobuf: Crash due to uncontrolled recursion in protobuf crate

Crate `grpcio`

Crate `grpcio-sys`

Crate `grpcio-proto`

Crate `benchmark`

Crate `grpcio-compiler`

Crate `grpcio-health`

Crate `interop`

Crate `tests-and-examples`

`protobuf`: Crash due to uncontrolled recursion in protobuf crate