Deps.rs

weso / shapes-rs

[![dependency status](https://deps.rs/repo/github/weso/shapes-rs/status.svg)](https://deps.rs/repo/github/weso/shapes-rs)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate dctap

Dependencies

(10 total, 2 outdated)

CrateRequiredLatestStatus
 csv^1.3.01.3.1up to date
 calamine^0.26.10.26.1up to date
 indexmap^22.7.1up to date
 itertools^0.130.14.0out of date
 serde^1.01.0.217up to date
 serde_json^1.01.0.138up to date
 serde_yml^0.0.120.0.12up to date
 serde_derive^1.01.0.217up to date
 serde_with^3.8.13.12.0up to date
 thiserror^12.0.11out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-test^0.2.50.2.5up to date

Crate rbe

Dependencies

(7 total, 2 outdated)

CrateRequiredLatestStatus
 thiserror^12.0.11out of date
 hashbag^0.1.110.1.12up to date
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 itertools^0.130.14.0out of date
 indexmap^22.7.1up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 indoc^22.0.5up to date

Crate rbe_testsuite

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 anyhow^1.0.271.0.95up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 indoc^22.0.5up to date

Crate iri_s

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 lazy_static^11.5.0up to date
 oxrdf^0.2.0-alpha.50.2.4up to date
 oxiri^0.2.3-alpha.10.2.11up to date
 reqwest^0.120.12.12up to date
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 thiserror^1.0.02.0.11out of date

Crate prefixmap

Dependencies

(7 total, 2 outdated)

CrateRequiredLatestStatus
 indexmap^22.7.1up to date
 thiserror^12.0.11out of date
 colored^23.0.0out of date
 serde^11.0.217up to date
 serde_derive^11.0.217up to date
 serde_json^11.0.138up to date
 maplit^11.0.2up to date

Crate srdf

Dependencies

(17 total, 1 outdated)

CrateRequiredLatestStatus
 async-trait^0.1.680.1.86up to date
 hashbag^0.1.110.1.12up to date
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 thiserror^12.0.11out of date
 rust_decimal^1.321.36.0up to date
 rust_decimal_macros^1.321.36.0up to date
 const_format^0.20.2.34up to date
 lazy_static^11.5.0up to date
 oxttl^0.1.0-alpha.60.1.6up to date
 oxrdfio^0.1.0-alpha.50.1.6up to date
 oxrdfxml^0.1.0-rc.10.1.5up to date
 oxiri^0.2.3-alpha.10.2.11up to date
 oxsdatatypes^0.2.0-alpha.20.2.2up to date
 sparesults^0.2.0-rc.20.2.4up to date
 reqwest^0.120.12.12up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tokio^1.381.43.0up to date

Crate shex_ast

Dependencies

(9 total, 1 outdated)

CrateRequiredLatestStatus
 serde^11.0.217up to date
 serde_derive^11.0.217up to date
 void^11.0.2up to date
 thiserror^1.02.0.11out of date
 lazy_static^11.5.0up to date
 rust_decimal^1.321.36.0up to date
 rust_decimal_macros^1.321.36.0up to date
 regex^1.101.11.1up to date
 const_format^0.20.2.34up to date

Crate shex_compact

Dependencies

(10 total, 4 outdated)

CrateRequiredLatestStatus
 nom^78.0.0out of date
 nom-regex^0.20.2.0up to date
 nom_locate^45.0.0out of date
 regex^1.10.31.11.1up to date
 thiserror^12.0.11out of date
 colored^23.0.0out of date
 rust_decimal^1.321.36.0up to date
 rust_decimal_macros^1.321.36.0up to date
 pretty^0.12.30.12.3up to date
 lazy-regex^3.13.4.1up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date
 tracing-subscriber^0.30.3.19up to date
 pprof^0.13.00.14.0out of date

Crate rudof_lib

Dependencies

(6 total, 2 outdated)

CrateRequiredLatestStatus
 serde^11.0.217up to date
 serde_derive^11.0.217up to date
 void^11.0.2up to date
 thiserror^1.02.0.11out of date
 serde_yml^0.0.120.0.12up to date
 itertools^0.130.14.0out of date

Crate rudof_cli

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 void^11.0.2up to date
 clientele^0.20.2.5up to date
 oxiri^0.2.3-alpha.10.2.11up to date
 regex^1.101.11.1up to date
 either^1.131.13.0up to date
 reqwest^0.120.12.12up to date

Crate shex_testsuite

Dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 anyhow^1.01.0.95up to date
 thiserror^1.02.0.11out of date
 void^11.0.2up to date
 oxrdf^0.2.0-alpha.20.2.4up to date
 oxiri^0.2.3-alpha.10.2.11up to date

Crate shex_validation

Dependencies

(10 total, 2 outdated)

CrateRequiredLatestStatus
 async-recursion^1.0.41.1.1up to date
 thiserror^1.02.0.11out of date
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 tokio^1.351.43.0up to date
 indexmap^22.7.1up to date
 colored^23.0.0out of date
 either^11.13.0up to date
 serde_yml^0.0.120.0.12up to date
 url^2.2.22.5.4up to date

Crate shapemap

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tracing-subscriber^0.30.3.19up to date

Crate shacl_ast

Dependencies

(10 total, 2 outdated)

CrateRequiredLatestStatus
 serde^11.0.217up to date
 serde_derive^11.0.217up to date
 void^11.0.2up to date
 thiserror^1.02.0.11out of date
 lazy_static^11.5.0up to date
 rust_decimal^1.321.36.0up to date
 rust_decimal_macros^1.321.36.0up to date
 regex^1.101.11.1up to date
 const_format^0.20.2.34up to date
 itertools^0.130.14.0out of date

Crate shacl_validation

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 lazy_static^11.5.0up to date
 const_format^0.20.2.34up to date
 indoc^22.0.5up to date
 serde^1.01.0.217up to date

Crate shacl_testsuite

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 thiserror^1.0.632.0.11out of date
 const_format^0.20.2.34up to date
 oxiri^0.2.3-alpha.10.2.11up to date

Crate shapes_converter

Dependencies

(11 total, 2 outdated)

CrateRequiredLatestStatus
 colored^23.0.0out of date
 either^11.13.0up to date
 indexmap^22.7.1up to date
 serde^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 serde_derive^1.01.0.217up to date
 chrono^0.4.380.4.39up to date
 spargebra^0.3.0-alpha.50.3.4up to date
 thiserror^1.02.0.11out of date
 minijinja^2.0.32.7.0up to date
 tempfile^3.10.13.17.0up to date

Crate sparql_service

Dependencies

(17 total, 3 outdated)

CrateRequiredLatestStatus
 const_format^0.20.2.34up to date
 thiserror^12.0.11out of date
 hashbag^0.1.110.1.12up to date
 lazy_static^11.5.0up to date
 serde^1.01.0.217up to date
 serde_derive^1.01.0.217up to date
 serde_yml^0.0.120.0.12up to date
 itertools^0.130.14.0out of date
 indexmap^22.7.1up to date
 oxiri^0.2.3-alpha.10.2.11up to date
 oxsdatatypes^0.2.0-alpha.20.2.2up to date
 oxigraph^0.4.0-rc.20.4.8up to date
 oxrdfio^0.1.0-alpha.50.1.6up to date
 colored^23.0.0out of date
 sparesults^0.2.0-alpha.50.2.4up to date
 rust_decimal^1.321.36.0up to date
 rust_decimal_macros^1.321.36.0up to date

Crate pyrudof

Dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 openssl ⚠️^0.100.10.71maybe insecure
 pyo3^0.22.00.23.4out of date

Security Vulnerabilities

openssl: ssl::select_next_proto use after free

RUSTSEC-2025-0004

In openssl versions before 0.10.70, ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client.

openssl 0.10.70 fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers.

In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback. For example:

Not vulnerable - the server buffer has a 'static lifetime:

builder.set_alpn_select_callback(|_, client_protos| {
    ssl::select_next_proto(b"\x02h2", client_protos).ok_or_else(AlpnError::NOACK)
});

Not vulnerable - the server buffer outlives the handshake:

let server_protos = b"\x02h2".to_vec();
builder.set_alpn_select_callback(|_, client_protos| {
    ssl::select_next_proto(&server_protos, client_protos).ok_or_else(AlpnError::NOACK)
});

Vulnerable - the server buffer is freed when the callback returns:

builder.set_alpn_select_callback(|_, client_protos| {
    let server_protos = b"\x02h2".to_vec();
    ssl::select_next_proto(&server_protos, client_protos).ok_or_else(AlpnError::NOACK)
});