This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate yozuk

Dependencies

(14 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.81up to date
 bytes^1.1.01.5.0up to date
 const-sha1^0.2.00.3.0out of date
 crfs^0.2.00.2.0up to date
 mediatype^0.19.90.19.18up to date
 rayon^1.5.11.9.0up to date
 yozuk-core-skillset^0.22.110.22.11up to date
 yozuk-helper-english^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-model^0.22.110.22.11up to date
 rand^0.8.50.8.5up to date
 deunicode^1.3.11.4.3up to date
 fuzzy-matcher^0.3.70.3.7up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 once_cell^1.12.01.19.0up to date

Build dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.81up to date
 yozuk-core-skillset^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-model^0.22.110.22.11up to date

Crate yozuk-sdk

Dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.81up to date
 base64^0.13.00.22.0out of date
 bincode^1.3.31.3.3up to date
 bytes^1.1.01.5.0up to date
 mediatype^0.19.90.19.18up to date
 pest^2.1.32.7.8up to date
 pest_derive^2.1.02.7.8up to date
 serde^1.0.1361.0.197up to date
 serde_derive^1.0.1361.0.197up to date
 serde_json^1.0.791.0.114up to date
 url^2.2.22.5.0up to date

Crate yozuk-model

Dependencies

(13 total, 2 outdated)

CrateRequiredLatestStatus
 anyhow^1.0.571.0.81up to date
 bytes^1.1.01.5.0up to date
 crfsuite^0.3.10.3.1up to date
 itertools^0.10.30.12.1out of date
 nanoid^0.4.00.4.0up to date
 rayon^1.5.21.9.0up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-helper-english^0.22.110.22.11up to date
 punycode^0.4.10.4.1up to date
 entropy^0.4.10.4.2up to date
 crfs^0.2.00.2.0up to date
 base64^0.13.00.22.0out of date
 blake2^0.10.40.10.6up to date

Crate yozuk-wasm

Dependencies

(7 total, all up-to-date)

CrateRequiredLatestStatus
 mediatype^0.19.90.19.18up to date
 once_cell^1.12.01.19.0up to date
 serde^1.0.1371.0.197up to date
 serde_derive^1.0.1371.0.197up to date
 serde_json^1.0.811.0.114up to date
 yozuk^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date

Crate yozuk-core-skillset

Dependencies

(65 total, 19 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^1.0.561.0.81up to date
 base64^0.13.00.22.0out of date
 bech32^0.9.00.11.0out of date
 bigdecimal^0.3.00.4.3out of date
 blake2^0.10.40.10.6up to date
 blake3^1.3.11.5.1up to date
 blurhash ⚠️^0.1.10.2.1out of date
 clap^3.1.64.5.3out of date
 const-sha1^0.2.00.3.0out of date
 crc_all^0.2.00.2.2up to date
 css-color^0.2.40.2.8up to date
 digest^0.10.30.10.7up to date
 fraction^0.11.00.15.1out of date
 getrandom^0.2.50.2.12up to date
 hex^0.4.30.4.3up to date
 itertools^0.10.30.12.1out of date
 lipsum^0.8.00.9.1out of date
 md-5^0.10.10.10.6up to date
 mediatype^0.19.90.19.18up to date
 miller_rabin^1.1.11.1.1up to date
 nanoid^0.4.00.4.0up to date
 num-bigint^0.40.4.4up to date
 open-location-code^0.1.00.1.0up to date
 palette^0.6.00.7.5out of date
 pest^2.1.32.7.8up to date
 pest_derive^2.1.02.7.8up to date
 pix^0.13.10.13.3up to date
 png_pong^0.8.20.8.2up to date
 prime_tools^0.3.40.3.4up to date
 punycode^0.4.10.4.1up to date
 qrcode-generator^4.1.64.1.9up to date
 rand^0.8.50.8.5up to date
 serde^1.0.1361.0.197up to date
 serde_derive^1.0.1361.0.197up to date
 serde_json^1.0.791.0.114up to date
 sha1^0.10.10.10.6up to date
 sha2^0.10.20.10.8up to date
 sha3^0.10.10.10.8up to date
 strum^0.24.00.26.2out of date
 thiserror^1.0.301.0.58up to date
 time^0.3.90.3.34up to date
 time-tz^1.0.22.0.0out of date
 urlencoding^2.1.02.1.3up to date
 uuid^1.0.01.8.0up to date
 yozuk-helper-english^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-helper-filetype^0.22.110.22.11up to date
 yozuk-helper-encoding^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 once_cell^1.12.01.19.0up to date
 rmpv^1.0.01.0.1up to date
 phf^0.11.00.11.2up to date
 shell-words^1.1.01.1.0up to date
 thousands^0.2.00.2.0up to date
 unicode_reader^1.0.21.0.2up to date
 md4^0.10.10.10.2up to date
 bcrypt^0.13.00.15.1out of date
 scrypt^0.10.00.11.0out of date
 argon2^0.4.10.5.3out of date
 balloon-hash^0.3.00.4.0out of date
 crypto-bigint^0.4.80.5.5out of date
 strum_macros^0.24.30.26.2out of date
 flate2^1.0.241.0.28up to date
 snap^1.0.51.1.1up to date
 lz4_flex^0.9.40.11.2out of date

Crate zuk

Dependencies

(18 total, 4 outdated)

CrateRequiredLatestStatus
 atty^0.2.140.2.14up to date
 anyhow^1.0.561.0.81up to date
 base64^0.13.00.22.0out of date
 clap^3.1.64.5.3out of date
 css-color^0.2.40.2.8up to date
 hexyl^0.10.00.14.0out of date
 json-rpc2^0.11.10.11.1up to date
 mediatype^0.19.90.19.18up to date
 owo-colors^3.3.04.0.0out of date
 serde^1.0.1371.0.197up to date
 serde_derive^1.0.1371.0.197up to date
 serde_json^1.0.811.0.114up to date
 shell-words^1.1.01.1.0up to date
 yozuk^0.22.110.22.11up to date
 yozuk-sdk^0.22.110.22.11up to date
 yozuk-helper-platform^0.20.20.20.2up to date
 yozuk-helper-filetype^0.22.110.22.11up to date
 semver^1.0.121.0.22up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^3.3.03.10.1up to date

Security Vulnerabilities

blurhash: blurhash: panic on parsing crafted blurhash inputs

RUSTSEC-2023-0083

Impact

The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input.

In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include:

  • UTF-8 compliant strings containing multi-byte UTF-8 characters

Patches

The patches were released under version 0.2.0, which may require user intervention because of slight API churn.