Deps.rs

yozuk / yozuk

[![dependency status](https://deps.rs/repo/github/yozuk/yozuk/status.svg)](https://deps.rs/repo/github/yozuk/yozuk)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate yozuk

Dependencies

(14 total, 3 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.100up to date
 bytes^1.1.01.10.1up to date
 const-sha1^0.2.00.3.0out of date
 crfs^0.2.00.2.0up to date
 mediatype^0.19.90.20.0out of date
 rayon^1.5.11.11.0up to date
 yozuk-core-skillset^0.22.110.22.11up to date
 yozuk-helper-english^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-model^0.22.110.22.11up to date
 rand^0.8.50.9.2out of date
 deunicode^1.3.11.6.2up to date
 fuzzy-matcher^0.3.70.3.7up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 once_cell^1.12.01.21.3up to date

Build dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.100up to date
 yozuk-core-skillset^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-model^0.22.110.22.11up to date

Crate yozuk-sdk

Dependencies

(11 total, 3 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.100up to date
 base64^0.13.00.22.1out of date
 bincode^1.3.32.0.1out of date
 bytes^1.1.01.10.1up to date
 mediatype^0.19.90.20.0out of date
 pest^2.1.32.8.3up to date
 pest_derive^2.1.02.8.3up to date
 serde^1.0.1361.0.228up to date
 serde_derive^1.0.1361.0.228up to date
 serde_json^1.0.791.0.145up to date
 url^2.2.22.5.7up to date

Crate yozuk-model

Dependencies

(13 total, 2 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.571.0.100up to date
 bytes^1.1.01.10.1up to date
 crfsuite^0.3.10.3.1up to date
 itertools^0.10.30.14.0out of date
 nanoid^0.4.00.4.0up to date
 rayon^1.5.21.11.0up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-helper-english^0.22.110.22.11up to date
 punycode^0.4.10.4.1up to date
 entropy^0.4.10.4.2up to date
 crfs^0.2.00.2.0up to date
 base64^0.13.00.22.1out of date
 blake2^0.10.40.10.6up to date

Crate yozuk-wasm

Dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 mediatype^0.19.90.20.0out of date
 once_cell^1.12.01.21.3up to date
 serde^1.0.1371.0.228up to date
 serde_derive^1.0.1371.0.228up to date
 serde_json^1.0.811.0.145up to date
 yozuk^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 wasm-bindgen^0.2.800.2.104up to date

Crate yozuk-core-skillset

Dependencies

(65 total, 27 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.100up to date
 base64^0.13.00.22.1out of date
 bech32^0.9.00.11.0out of date
 bigdecimal^0.3.00.4.8out of date
 blake2^0.10.40.10.6up to date
 blake3^1.3.11.8.2up to date
 blurhash ⚠️^0.1.10.2.3out of date
 clap^3.1.64.5.49out of date
 const-sha1^0.2.00.3.0out of date
 crc_all^0.2.00.2.2up to date
 css-color^0.2.40.2.8up to date
 digest^0.10.30.10.7up to date
 fraction^0.11.00.15.3out of date
 getrandom^0.2.50.3.4out of date
 hex^0.4.30.4.3up to date
 itertools^0.10.30.14.0out of date
 lipsum^0.8.00.9.1out of date
 md-5^0.10.10.10.6up to date
 mediatype^0.19.90.20.0out of date
 miller_rabin^1.1.11.1.1up to date
 nanoid^0.4.00.4.0up to date
 num-bigint^0.40.4.6up to date
 open-location-code^0.1.00.1.0up to date
 palette^0.6.00.7.6out of date
 pest^2.1.32.8.3up to date
 pest_derive^2.1.02.8.3up to date
 pix^0.13.10.14.0out of date
 png_pong^0.8.20.9.3out of date
 prime_tools^0.3.40.3.4up to date
 punycode^0.4.10.4.1up to date
 qrcode-generator^4.1.65.0.0out of date
 rand^0.8.50.9.2out of date
 serde^1.0.1361.0.228up to date
 serde_derive^1.0.1361.0.228up to date
 serde_json^1.0.791.0.145up to date
 sha1^0.10.10.10.6up to date
 sha2^0.10.20.10.9up to date
 sha3^0.10.10.10.8up to date
 strum^0.24.00.27.2out of date
 thiserror^1.0.302.0.17out of date
 time^0.3.90.3.44up to date
 time-tz^1.0.22.0.0out of date
 urlencoding^2.1.02.1.3up to date
 uuid^1.0.01.18.1up to date
 yozuk-helper-english^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-helper-filetype^0.22.110.22.11up to date
 yozuk-helper-encoding^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 once_cell^1.12.01.21.3up to date
 rmpv^1.0.01.3.0up to date
 phf^0.11.00.13.1out of date
 shell-words^1.1.01.1.0up to date
 thousands^0.2.00.2.0up to date
 unicode_reader^1.0.21.0.2up to date
 md4^0.10.10.10.2up to date
 bcrypt^0.13.00.17.1out of date
 scrypt^0.10.00.11.0out of date
 argon2^0.4.10.5.3out of date
 balloon-hash^0.3.00.4.0out of date
 crypto-bigint^0.4.80.6.1out of date
 strum_macros^0.24.30.27.2out of date
 flate2^1.0.241.1.4up to date
 snap^1.0.51.1.1up to date
 lz4_flex^0.9.40.11.5out of date

Crate zuk

Dependencies

(28 total, 13 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 atty^0.2.140.2.14up to date
 anyhow^1.0.561.0.100up to date
 base64^0.13.00.22.1out of date
 clap^3.1.64.5.49out of date
 css-color^0.2.40.2.8up to date
 hexyl^0.10.00.16.0out of date
 json-rpc2^0.11.10.11.1up to date
 mediatype^0.19.90.20.0out of date
 owo-colors^3.3.04.2.3out of date
 serde^1.0.1371.0.228up to date
 serde_derive^1.0.1371.0.228up to date
 serde_json^1.0.811.0.145up to date
 shell-words^1.1.01.1.0up to date
 yozuk^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-helper-filetype^0.22.110.22.11up to date
 semver^1.0.121.0.27up to date
 extrasafe^0.1.20.5.1out of date
 syscalls^0.5.00.7.0out of date
 crossterm^0.23.10.29.0out of date
 hanbun^0.4.10.4.1up to date
 image^0.24.20.25.8out of date
 time-tz^1.0.22.0.0out of date
 rustyline^9.1.217.0.2out of date
 rustyline-derive^0.6.00.11.1out of date
 wasi^0.11.00.14.7+wasi-0.2.4out of date
 whoami ⚠️^1.2.11.6.1maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^3.3.03.23.0up to date

Security Vulnerabilities

blurhash: blurhash: panic on parsing crafted blurhash inputs

RUSTSEC-2023-0083

Impact

The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input.

In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include:

  • UTF-8 compliant strings containing multi-byte UTF-8 characters

Patches

The patches were released under version 0.2.0, which may require user intervention because of slight API churn.

whoami: Stack buffer overflow with whoami on several Unix platforms

RUSTSEC-2024-0020

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris:

  • whoami::username
  • whoami::realname
  • whoami::username_os
  • whoami::realname_os

With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms:

  • Bitrig
  • DragonFlyBSD
  • FreeBSD
  • NetBSD
  • OpenBSD

This occurs because of an incorrect definition of the passwd struct on those platforms.

As a result of this issue, denial of service and data corruption have both been observed in the wild. The issue is possibly exploitable as well.

This vulnerability also affects other Unix platforms that aren't Linux or macOS.

This issue has been addressed in whoami 1.5.0.

For more information, see this GitHub issue.