Bump consensus runtime spec version to 17 #49
Security advisories found
8 unmaintained, 1 unsound, 1 other
Details
Warnings
RUSTSEC-2025-0012
backoffis unmainted.
| Details | |
|---|---|
| Status | unmaintained |
| Package | backoff |
| Version | 0.4.0 |
| URL | ihrwein/backoff#66 |
| Date | 2025-03-04 |
The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate.
RUSTSEC-2024-0388
derivativeis unmaintained; consider using an alternative
| Details | |
|---|---|
| Status | unmaintained |
| Package | derivative |
| Version | 2.2.0 |
| URL | mcarton/rust-derivative#117 |
| Date | 2024-06-26 |
The derivative crate is no longer maintained.
Consider using any alternative, for instance:
RUSTSEC-2024-0384
instantis unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | instant |
| Version | 0.1.13 |
| Date | 2024-09-01 |
This crate is no longer maintained, and the author recommends using the maintained web-time crate instead.
RUSTSEC-2020-0168
mach is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | mach |
| Version | 0.3.2 |
| URL | fitzgen/mach#63 |
| Date | 2020-07-14 |
Last release was almost 4 years ago.
Maintainer(s) seem to be completely unreachable.
Possible Alternative(s)
These may or may not be suitable alternatives and have not been vetted in any way;
- mach2 - direct fork
RUSTSEC-2022-0061
Crate
parity-wasmdeprecated by the author
| Details | |
|---|---|
| Status | unmaintained |
| Package | parity-wasm |
| Version | 0.45.0 |
| URL | paritytech/parity-wasm#334 |
| Date | 2022-10-01 |
This PR explicitly deprecates parity-wasm.
The author recommends switching to wasm-tools.
RUSTSEC-2024-0436
paste - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | paste |
| Version | 1.0.15 |
| URL | https://github.com/dtolnay/paste |
| Date | 2024-10-07 |
The creator of the crate paste has stated in the README.md
that this project is not longer maintained as well as archived the repository
RUSTSEC-2024-0370
proc-macro-error is unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | proc-macro-error |
| Version | 1.0.4 |
| URL | https://gitlab.com/CreepySkeleton/proc-macro-error/-/issues/20 |
| Date | 2024-09-01 |
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.
proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees.
Possible Alternative(s)
RUSTSEC-2025-0010
Versions of ring prior to 0.17 are unmaintained.
| Details | |
|---|---|
| Status | unmaintained |
| Package | ring |
| Version | 0.16.20 |
| URL | briansmith/ring#2450 |
| Date | 2025-03-05 |
ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc.
Additionally, the project's general policy is to only patch the latest release,
which is 0.17.12 now. It will be difficult for anybody to backport future fixes
to versions earlier than 0.17.10 due to license changes.
RUSTSEC-2024-0442
Dump Undefined Memory by
JitDumpFile
| Details | |
|---|---|
| Status | unsound |
| Package | wasmtime-jit-debug |
| Version | 8.0.1 |
| URL | bytecodealliance/wasmtime#8905 |
| Date | 2024-07-06 |
The unsound function dump_code_load_record uses from_raw_parts to directly convert
the pointer addr and len into a slice without any validation and that memory block
would be dumped.
Thus, the 'safe' function dump_code_load_record is actually 'unsafe' since it requires
the caller to guarantee that the addr is valid and len must not overflow.
Otherwise, the function could dump the memory into file illegally, causing memory leak.
> Note: this is an internal-only crate in the Wasmtime project not intended for
external use and is more strongly signaled nowadays as of
bytecodealliance/wasmtime#10963.
Please open an issue in Wasmtime if you're using this crate directly.
Crate critical-section is yanked
No extra details provided.