This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate dioxionary

Dependencies

(23 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 reqwest^0.12.140.12.24up to date
 hyper^1.6.01.7.0up to date
 scraper^0.23.10.24.0out of date
 dirs^6.0.06.0.0up to date
 rusqlite^0.30.00.37.0out of date
 chrono^0.4.400.4.42up to date
 itertools^0.14.00.14.0up to date
 clap^4.4.84.5.50up to date
 prettytable^0.10.00.10.0up to date
 eio^0.1.20.1.2up to date
 flate2^1.0.281.1.4up to date
 rustyline^15.0.017.0.2out of date
 dialoguer^0.11.00.12.0out of date
 tokio^1.34.01.48.0up to date
 rodio^0.20.10.21.1out of date
 clap_complete^4.4.44.5.59up to date
 anyhow^1.0.751.0.100up to date
 serde^1.0.2191.0.228up to date
 serde_json^1.0.1401.0.145up to date
 rand^0.9.00.9.2up to date
 toml^0.8.200.9.8out of date
 derive_more^2.0.12.0.1up to date
 openssl ⚠️^0.100.10.74maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 rusty-hook^0.11.20.11.2up to date

Build dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 vergen^9.0.49.0.6up to date
 vergen-git2^1.0.51.0.7up to date
 anyhow^1.01.0.100up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.