Deps.rs

zed-industries / zed

[![dependency status](https://deps.rs/repo/github/zed-industries/zed/status.svg)](https://deps.rs/repo/github/zed-industries/zed)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate acp_tools

No external dependencies! 🙌

Crate acp_thread

No external dependencies! 🙌

Crate action_log

No external dependencies! 🙌

Crate activity_indicator

No external dependencies! 🙌

Crate agent

No external dependencies! 🙌

Crate agent_servers

No external dependencies! 🙌

Crate agent_settings

No external dependencies! 🙌

Crate agent_ui

No external dependencies! 🙌

Crate ai_onboarding

No external dependencies! 🙌

Crate anthropic

No external dependencies! 🙌

Crate askpass

No external dependencies! 🙌

Crate assets

No external dependencies! 🙌

Crate assistant_text_thread

No external dependencies! 🙌

Crate assistant_slash_command

No external dependencies! 🙌

Crate assistant_slash_commands

No external dependencies! 🙌

Crate audio

No external dependencies! 🙌

Crate auto_update

No external dependencies! 🙌

Crate auto_update_helper

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 winresource^0.10.1.23up to date

Crate auto_update_ui

No external dependencies! 🙌

Crate aws_http_client

No external dependencies! 🙌

Crate bedrock

No external dependencies! 🙌

Crate breadcrumbs

No external dependencies! 🙌

Crate buffer_diff

No external dependencies! 🙌

Crate call

No external dependencies! 🙌

Crate channel

No external dependencies! 🙌

Crate cli

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 ipc-channel^0.190.20.2out of date
 core-services^0.21.0.0out of date
 plist^1.31.8.0up to date

Crate client

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 httparse^1.101.10.1up to date
 tokio-socks^0.5.20.5.2up to date
 tokio-native-tls^0.30.3.1up to date
 rustls-pki-types^1.121.13.0up to date
 tokio-rustls^0.260.26.4up to date

Crate clock

No external dependencies! 🙌

Crate cloud_api_client

No external dependencies! 🙌

Crate cloud_api_types

No external dependencies! 🙌

Crate cloud_llm_client

No external dependencies! 🙌

Crate cloud_zeta2_prompt

No external dependencies! 🙌

Crate collab

Dependencies

(15 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aws-config^1.1.51.8.8up to date
 aws-sdk-kinesis^1.51.01.92.0up to date
 aws-sdk-s3^1.15.01.108.0up to date
 axum^0.60.8.6out of date
 axum-extra^0.40.10.3out of date
 envy^0.4.20.4.2up to date
 prometheus^0.140.14.0up to date
 reqwest^0.110.12.24out of date
 scrypt^0.110.11.0up to date
 sea-orm=1.1.101.1.17out of date
 sea-orm-macros=1.1.101.1.17out of date
 sqlx ⚠️^0.80.8.6maybe insecure
 tower^0.40.5.2out of date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.20up to date

Dev dependencies

(2 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 sea-orm=1.1.101.1.17out of date
 sqlx ⚠️^0.80.8.6maybe insecure

Crate collab_ui

No external dependencies! 🙌

Crate collections

No external dependencies! 🙌

Crate command_palette

No external dependencies! 🙌

Crate command_palette_hooks

No external dependencies! 🙌

Crate component

No external dependencies! 🙌

Crate context_server

No external dependencies! 🙌

Crate copilot

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.12.01.13.2up to date

Crate crashes

No external dependencies! 🙌

Crate credentials_provider

No external dependencies! 🙌

Crate dap

No external dependencies! 🙌

Crate dap_adapters

No external dependencies! 🙌

Crate db

No external dependencies! 🙌

Crate debug_adapter_extension

No external dependencies! 🙌

Crate debugger_tools

No external dependencies! 🙌

Crate debugger_ui

No external dependencies! 🙌

Crate deepseek

No external dependencies! 🙌

Crate denoise

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 rustfft^6.2.06.4.1up to date
 realfft^3.4.03.5.0up to date

Crate diagnostics

No external dependencies! 🙌

Crate docs_preprocessor

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 mdbook=0.4.400.4.52out of date

Crate edit_prediction

No external dependencies! 🙌

Crate edit_prediction_button

No external dependencies! 🙌

Crate edit_prediction_context

No external dependencies! 🙌

Crate zeta2_tools

No external dependencies! 🙌

Crate editor

No external dependencies! 🙌

Crate eval

No external dependencies! 🙌

Crate explorer_command_injector

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 windows-registry^0.50.6.1out of date

Crate extension

No external dependencies! 🙌

Crate zed_extension_api

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 serde^1.01.0.228up to date
 serde_json^1.01.0.145up to date
 wit-bindgen^0.410.47.0out of date

Crate extension_cli

No external dependencies! 🙌

Crate extension_host

No external dependencies! 🙌

Crate extensions_ui

No external dependencies! 🙌

Crate feature_flags

No external dependencies! 🙌

Crate feedback

No external dependencies! 🙌

Crate file_finder

No external dependencies! 🙌

Crate file_icons

No external dependencies! 🙌

Crate fs

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 cocoa^0.260.26.1up to date
 notify^8.0.08.2.0up to date

Crate fs_benchmarks

No external dependencies! 🙌

Crate fsevent

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 fsevent-sys^3.0.25.1.0out of date

Crate fuzzy

No external dependencies! 🙌

Crate git

No external dependencies! 🙌

Crate git_hosting_providers

No external dependencies! 🙌

Crate git_ui

No external dependencies! 🙌

Crate go_to_line

No external dependencies! 🙌

Crate google_ai

No external dependencies! 🙌

Crate gpui

Dependencies

(38 total, 9 outdated)

CrateRequiredLatestStatus
 async-task^4.74.7.1up to date
 bytemuck^11.24.0up to date
 etagere^0.20.2.15up to date
 num_cpus^1.131.17.0up to date
 parking^2.0.02.2.1up to date
 raw-window-handle^0.60.6.2up to date
 resvg^0.45.00.45.1up to date
 usvg^0.45.00.45.1up to date
 seahash^4.14.1.0up to date
 taffy=0.9.00.9.1out of date
 waker-fn^1.2.01.2.0up to date
 lyon^1.01.0.16up to date
 pin-project^1.1.101.1.10up to date
 block^0.10.1.6up to date
 core-graphics^0.240.25.0out of date
 core-text^2121.0.0up to date
 foreign-types^0.50.5.0up to date
 objc2^0.60.6.3up to date
 objc2-metal^0.30.3.2up to date
 pathfinder_geometry^0.50.5.1up to date
 flume^0.110.11.1up to date
 oo7^0.5.00.5.0up to date
 cosmic-text^0.14.00.14.2up to date
 calloop^0.13.00.14.3out of date
 filedescriptor^0.8.20.8.3up to date
 open^5.2.05.3.2up to date
 calloop-wayland-source^0.3.00.4.1out of date
 wayland-backend^0.3.30.3.11up to date
 wayland-client^0.31.20.31.11up to date
 wayland-cursor^0.31.10.31.11up to date
 wayland-protocols^0.31.20.32.9out of date
 wayland-protocols-plasma^0.2.00.3.9out of date
 as-raw-xcb-connection^11.0.1up to date
 x11rb^0.13.10.13.2up to date
 xkbcommon^0.8.00.9.0out of date
 x11-clipboard^0.9.30.9.3up to date
 windows-numerics^0.20.3.1out of date
 windows-registry^0.50.6.1out of date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 lyon^1.01.0.16up to date

Build dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 bindgen^0.710.72.1out of date
 cbindgen^0.28.00.29.2out of date
 embed-resource^3.03.0.6up to date

Crate gpui_macros

No external dependencies! 🙌

Crate gpui_tokio

No external dependencies! 🙌

Crate html_to_markdown

No external dependencies! 🙌

Crate http_client

No external dependencies! 🙌

Crate http_client_tls

No external dependencies! 🙌

Crate icons

No external dependencies! 🙌

Crate image_viewer

No external dependencies! 🙌

Crate inspector_ui

No external dependencies! 🙌

Crate install_cli

No external dependencies! 🙌

Crate journal

No external dependencies! 🙌

Crate json_schema_store

No external dependencies! 🙌

Crate keymap_editor

No external dependencies! 🙌

Crate language

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 unicase^2.62.8.1up to date
 diffy^0.4.20.4.2up to date

Crate language_extension

No external dependencies! 🙌

Crate language_model

No external dependencies! 🙌

Crate language_models

No external dependencies! 🙌

Crate language_onboarding

No external dependencies! 🙌

Crate language_selector

No external dependencies! 🙌

Crate language_tools

No external dependencies! 🙌

Crate languages

No external dependencies! 🙌

Crate line_ending_selector

No external dependencies! 🙌

Crate livekit_api

No external dependencies! 🙌

Crate livekit_client

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 coreaudio-rs^0.12.10.13.0out of date

Crate lmstudio

No external dependencies! 🙌

Crate lsp

No external dependencies! 🙌

Crate markdown

No external dependencies! 🙌

Crate markdown_preview

No external dependencies! 🙌

Crate media

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 foreign-types^0.50.5.0up to date

Build dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 bindgen^0.710.72.1out of date

Crate menu

No external dependencies! 🙌

Crate migrator

No external dependencies! 🙌

Crate mistral

No external dependencies! 🙌

Crate multi_buffer

No external dependencies! 🙌

Crate nc

No external dependencies! 🙌

Crate net

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 async-io^2.42.6.0up to date

Crate node_runtime

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 async-std^1.12.01.13.2up to date

Crate notifications

No external dependencies! 🙌

Crate ollama

No external dependencies! 🙌

Crate onboarding

No external dependencies! 🙌

Crate open_ai

No external dependencies! 🙌

Crate open_router

No external dependencies! 🙌

Crate outline

No external dependencies! 🙌

Crate outline_panel

No external dependencies! 🙌

Crate panel

No external dependencies! 🙌

Crate paths

No external dependencies! 🙌

Crate picker

No external dependencies! 🙌

Crate prettier

No external dependencies! 🙌

Crate project

No external dependencies! 🙌

Crate project_panel

No external dependencies! 🙌

Crate project_symbols

No external dependencies! 🙌

Crate prompt_store

No external dependencies! 🙌

Crate proto

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 typed-path^0.110.12.0out of date

Crate recent_projects

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 windows-registry^0.6.00.6.1up to date

Crate refineable

No external dependencies! 🙌

Crate derive_refineable

No external dependencies! 🙌

Crate release_channel

No external dependencies! 🙌

Crate scheduler

No external dependencies! 🙌

Crate remote

No external dependencies! 🙌

Crate remote_server

No external dependencies! 🙌

Crate repl

No external dependencies! 🙌

Crate reqwest_client

No external dependencies! 🙌

Crate rich_text

No external dependencies! 🙌

Crate rope

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 arrayvec^0.7.10.7.6up to date

Crate rpc

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tracing^0.1.340.1.41up to date

Crate rules_library

No external dependencies! 🙌

Crate schema_generator

No external dependencies! 🙌

Crate search

No external dependencies! 🙌

Crate semantic_version

No external dependencies! 🙌

Crate session

No external dependencies! 🙌

Crate settings

No external dependencies! 🙌

Crate settings_json

No external dependencies! 🙌

Crate settings_macros

No external dependencies! 🙌

Crate settings_profile_selector

No external dependencies! 🙌

Crate settings_ui

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 bm25^2.3.22.3.2up to date

Crate snippet

No external dependencies! 🙌

Crate snippet_provider

No external dependencies! 🙌

Crate snippets_ui

No external dependencies! 🙌

Crate sqlez

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 thread_local^1.1.41.1.9up to date

Crate sqlez_macros

No external dependencies! 🙌

Crate story

No external dependencies! 🙌

Crate storybook

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 ctrlc^3.43.5.0up to date
 dialoguer^0.11.00.12.0out of date

Crate streaming_diff

No external dependencies! 🙌

Crate sum_tree

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 arrayvec^0.7.10.7.6up to date

Crate supermaven

No external dependencies! 🙌

Crate supermaven_api

No external dependencies! 🙌

Crate codestral

No external dependencies! 🙌

Crate svg_preview

No external dependencies! 🙌

Crate system_specs

No external dependencies! 🙌

Crate tab_switcher

No external dependencies! 🙌

Crate task

No external dependencies! 🙌

Crate tasks_ui

No external dependencies! 🙌

Crate telemetry

No external dependencies! 🙌

Crate telemetry_events

No external dependencies! 🙌

Crate terminal

No external dependencies! 🙌

Crate terminal_view

No external dependencies! 🙌

Crate text

No external dependencies! 🙌

Crate theme

No external dependencies! 🙌

Crate theme_extension

No external dependencies! 🙌

Crate theme_importer

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 vscode_theme^0.2.00.2.0up to date

Crate theme_selector

No external dependencies! 🙌

Crate time_format

No external dependencies! 🙌

Crate title_bar

No external dependencies! 🙌

Crate toolchain_selector

No external dependencies! 🙌

Crate ui

No external dependencies! 🙌

Crate ui_input

No external dependencies! 🙌

Crate ui_macros

No external dependencies! 🙌

Crate ui_prompt

No external dependencies! 🙌

Crate util

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 dunce^1.01.0.5up to date
 command-fds^0.3.10.3.2up to date
 tendril^0.4.30.4.3up to date

Crate util_macros

No external dependencies! 🙌

Crate vercel

No external dependencies! 🙌

Crate vim

Dependencies

(1 total, 1 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^1.151.48.0maybe insecure

Crate vim_mode_setting

No external dependencies! 🙌

Crate watch

No external dependencies! 🙌

Crate web_search

No external dependencies! 🙌

Crate web_search_providers

No external dependencies! 🙌

Crate workspace

No external dependencies! 🙌

Crate worktree

No external dependencies! 🙌

Crate x_ai

No external dependencies! 🙌

Crate zed

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 backtrace^0.30.3.76up to date
 mimalloc^0.10.1.48up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 winresource^0.10.1.23up to date

Crate zed_actions

No external dependencies! 🙌

Crate zed_env_vars

No external dependencies! 🙌

Crate zeta

No external dependencies! 🙌

Crate zeta2

No external dependencies! 🙌

Crate zeta_cli

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 polars^0.510.51.0up to date
 soa-rs^0.8.10.8.1up to date

Crate zlog

No external dependencies! 🙌

Crate zlog_settings

No external dependencies! 🙌

Crate zed_glsl

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 zed_extension_api^0.1.00.7.0out of date

Crate zed_html

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 zed_extension_api^0.7.00.7.0up to date

Crate zed_proto

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 zed_extension_api^0.1.00.7.0out of date

Crate slash_commands_example

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 zed_extension_api^0.1.00.7.0out of date

Crate zed_test_extension

No external dependencies! 🙌

Crate perf

No external dependencies! 🙌

Crate xtask

No external dependencies! 🙌

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

sqlx: Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

RUSTSEC-2024-0363

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:

SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
(Archive link for posterity.)

Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data.

It appears SQLx does perform truncating casts in a way that could be problematic, for example: https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163

This code has existed essentially since the beginning, so it is reasonable to assume that all published versions <= 0.8.0 are affected.

Mitigation

As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.

Encode::size_hint() can be used for sanity checks, but do not assume that the size returned is accurate. For example, the Json<T> and Text<T> adapters have no reasonable way to predict or estimate the final encoded size, so they just return size_of::<T>() instead.

For web application backends, consider adding some middleware that limits the size of request bodies by default.

Resolution

sqlx 0.8.1 has been released with the fix: https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md#081---2024-08-23

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: https://github.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.