Deps.rs

ubiquitous-factory / quadit

[![dependency status](https://deps.rs/repo/github/ubiquitous-factory/quadit/status.svg)](https://deps.rs/repo/github/ubiquitous-factory/quadit)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate quadit

Dependencies

(15 total, 1 insecure)

CrateRequiredLatestStatus
 anyhow^1.0.981.0.98up to date
 quaditsync^1.0.21.0.2up to date
 serde^1.0.2191.0.219up to date
 serde_yaml^0.9.340.9.34+deprecatedup to date
 tokio-cron-scheduler^0.14.00.14.0up to date
 uuid^1.17.01.17.0up to date
 tokio^1.45.11.45.1up to date
 dotenvy^0.15.70.15.7up to date
 chrono^0.4.410.4.41up to date
 tracing^0.1.410.1.41up to date
 tracing-subscriber^0.3.190.3.19up to date
 url^2.5.42.5.4up to date
 users ⚠️^0.110.11.0insecure
 reqwest^0.12.190.12.20up to date
 dirs^6.0.06.0.0up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 claims^0.8.00.8.0up to date
 time^0.3.410.3.41up to date
 timer^0.2.00.2.0up to date

Security Vulnerabilities

users: `root` appended to group listings

RUSTSEC-2025-0040

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.

This affects both:

  • The supplementary groups of a user
  • The group access list of the current process

If the caller uses this information for access control, this may lead to privilege escalation.

This crate is not currently maintained, so a patched version is not available.

Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.

Recommended alternatives

  • uzers (an actively maintained fork of the users crate)
  • sysinfo