integrate rustsec database

Cargo.lock

@@ -1,3 +1,8 @@
+[[package]]
+name = "antidote"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "arrayvec"
 version = "0.4.7"
@@ -35,6 +40,15 @@ dependencies = [
  "rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "base64"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "base64"
 version = "0.9.0"
@@ -192,6 +206,24 @@ name = "httparse"
 version = "1.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
+[[package]]
+name = "hyper"
+version = "0.10.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "time 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)",
+ "traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "hyper"
 version = "0.11.18"
@@ -216,6 +248,16 @@ dependencies = [
  "unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "hyper-native-tls"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)",
+ "native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "hyper-tls"
 version = "0.1.2"
@@ -230,6 +272,16 @@ dependencies = [
  "tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "idna"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "indexmap"
 version = "0.4.1"
@@ -320,6 +372,11 @@ dependencies = [
  "linked-hash-map 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "matches"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "maud"
 version = "0.17.2"
@@ -343,6 +400,14 @@ dependencies = [
  "maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "mime"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "mime"
 version = "0.3.5"
@@ -556,6 +621,20 @@ dependencies = [
  "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "reqwest"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "route-recognizer"
 version = "0.1.12"
@@ -566,6 +645,16 @@ name = "rustc-demangle"
 version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
+[[package]]
+name = "rustsec"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "rusttype"
 version = "0.4.1"
@@ -648,6 +737,11 @@ name = "semver-parser"
 version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
+[[package]]
+name = "serde"
+version = "0.9.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "serde"
 version = "1.0.27"
@@ -672,6 +766,17 @@ dependencies = [
  "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "serde_json"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "serde_json"
 version = "1.0.9"
@@ -683,6 +788,17 @@ dependencies = [
  "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "serde_urlencoded"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+ "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "shared-failure"
 version = "0.1.0"
@@ -706,6 +822,7 @@ dependencies = [
  "maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -870,6 +987,14 @@ dependencies = [
  "tokio-io 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "toml"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "toml"
 version = "0.4.5"
@@ -878,6 +1003,24 @@ dependencies = [
  "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "traitobject"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "typeable"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "unicase"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "unicase"
 version = "2.1.0"
@@ -886,6 +1029,19 @@ dependencies = [
  "version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "unicode-bidi"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "unicode-normalization"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "unicode-xid"
 version = "0.0.4"
@@ -899,6 +1055,16 @@ dependencies = [
  "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "url"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "vcpkg"
 version = "0.2.2"
@@ -953,9 +1119,11 @@ dependencies = [
 ]
 
 [metadata]
+"checksum antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "34fde25430d87a9388dadbe6e34d7f72a462c8b43ac8d309b42b0a8505d7e2a5"
 "checksum arrayvec 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e964f9e24d588183fcb43503abda40d288c8657dfc27311516ce2f05675aef"
 "checksum backtrace 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "ebbbf59b1c43eefa8c3ede390fcc36820b4999f7914104015be25025e0d62af2"
 "checksum backtrace-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "44585761d6161b0f57afc49482ab6bd067e4edef48c12a152c237eb0203f7661"
+"checksum base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "96434f987501f0ed4eb336a411e0631ecd1afa11574fe148587adc4ff96143c9"
 "checksum base64 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "229d032f1a99302697f10b27167ae6d03d49d032e6a8e2550e8d3fc13356d2b4"
 "checksum bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5"
 "checksum bitflags 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b3c30d3802dfb7281680d6285f2ccdaa8c2d8fee41f93805dba5c4cf50dc23cf"
@@ -979,8 +1147,11 @@ dependencies = [
 "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4"
 "checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb"
 "checksum httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2f407128745b78abc95c0ffbe4e5d37427fdc0d45470710cfef8c44522a2e37"
+"checksum hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)" = "368cb56b2740ebf4230520e2b90ebb0461e69034d85d1945febd9b3971426db2"
 "checksum hyper 0.11.18 (registry+https://github.com/rust-lang/crates.io-index)" = "c4f9b276c87e3fc1902a8bdfcce264c3f7c8a1c35e5e0c946062739f55026664"
+"checksum hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "72332e4a35d3059583623b50e98e491b78f8b96c5521fcb3f428167955aa56e8"
 "checksum hyper-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9c81fa95203e2a6087242c38691a0210f23e9f3f8f944350bd676522132e2985"
+"checksum idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d"
 "checksum indexmap 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7164c96d6e18ccc3ce43f3dedac996c21a220670a106c275b96ad92110401362"
 "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08"
 "checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c"
@@ -995,9 +1166,11 @@ dependencies = [
 "checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
 "checksum log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "89f010e843f2b1a31dbd316b3b8d443758bc634bed37aabade59c686d644e0a2"
 "checksum lru-cache 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4d06ff7ff06f729ce5f4e227876cb88d10bc59cd4ae1e09fbb2bde15c850dc21"
+"checksum matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376"
 "checksum maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c0023c814f4a545946ab612ad64a4edce8126d4fe4f0abc5f319b80877112048"
 "checksum maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d0fb85bccffc42302ad1e1ed8679f6a39d1317f775a37fbc3f79bdfbe054bfb7"
 "checksum maud_macros 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d8377d77c1995044b8ad67a59d15b434c8b7de470ac743de4916ee2bd9fce55"
+"checksum mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0"
 "checksum mime 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "e2e00e17be181010a91dbfefb01660b17311059dc8c7f48b9017677721e732bd"
 "checksum mio 0.6.13 (registry+https://github.com/rust-lang/crates.io-index)" = "7da01a5e23070d92d99b1ecd1cd0af36447c6fd44b0fe283c2db199fa136724f"
 "checksum miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919"
@@ -1022,8 +1195,10 @@ dependencies = [
 "checksum relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)" = "e614f96449605730b4f7ad2c019e88c1652d730634b4eba07b810801856635e3"
 "checksum relay 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1576e382688d7e9deecea24417e350d3062d97e32e45d70b1cde65994ff1489a"
 "checksum remove_dir_all 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b5d2f806b0fcdabd98acd380dc8daef485e22bcb7cddc811d1337967f2528cf5"
+"checksum reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3bef9ed8fdfcc30947d6b774938dc0c3f369a474efe440df2c7f278180b2d2e6"
 "checksum route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "cf3255338088df8146ba63d60a9b8e3556f1146ce2973bc05a75181a42ce2256"
 "checksum rustc-demangle 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "aee45432acc62f7b9a108cc054142dac51f979e69e71ddce7d6fc7adf29e817e"
+"checksum rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9fb074a338f1f966f5d86eaef9aa85b544207ed138986e60a33e08202c5c4492"
 "checksum rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "24f3d32ca1619041480bd0b4756963762369f1d3f2fcc212c4877042f867b4ca"
 "checksum safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e27a8b19b835f7aea908818e871f5cc3a5a186550c30773be987e155e8163d8f"
 "checksum sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "90f8cf6e645aa843ffffcbdc1e8752b1f221dfa314c81895aeb229a77aea7e05"
@@ -1034,10 +1209,13 @@ dependencies = [
 "checksum security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "5421621e836278a0b139268f36eee0dc7e389b784dc3f79d8f11aabadf41bead"
 "checksum semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
 "checksum semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
+"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af"
 "checksum serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "db99f3919e20faa51bb2996057f5031d8685019b5a06139b1ce761da671b8526"
 "checksum serde_derive 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "f4ba7591cfe93755e89eeecdbcc668885624829b020050e6aec99c2a03bd3fd0"
 "checksum serde_derive_internals 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6e03f1c9530c3fb0a0a5c9b826bdd9246a5921ae995d75f512ac917fc4dd55b5"
+"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1"
 "checksum serde_json 1.0.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c9db7266c7d63a4c4b7fe8719656ccdd51acf1bed6124b174f933b009fb10bcb"
+"checksum serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "68f06ece1408d3221d11a9da11953ad0c94daa48cfa42026471306f895b91bc8"
 "checksum slab 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "17b4fcaed89ab08ef143da37bc52adbcc04d4a69014f4c1208d6b51f0c47bc23"
 "checksum slab 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fdeff4cd9ecff59ec7e3744cbca73dfe5ac35c2aedb2cfba8a1c715a18912e9d"
 "checksum slog 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0a6b13b17f4225771f7f15cece704a4e68d3a5f31278ed26367f497133398a18"
@@ -1055,10 +1233,17 @@ dependencies = [
 "checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389"
 "checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162"
 "checksum tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "772f4b04e560117fe3b0a53e490c16ddc8ba6ec437015d91fa385564996ed913"
+"checksum toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bd86ad9ebee246fdedd610e0f6d0587b754a3d81438db930a244d0480ed7878f"
 "checksum toml 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "a7540f4ffc193e0d3c94121edb19b055670d369f77d5804db11ae053a45b6e7e"
+"checksum traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "efd1f82c56340fdf16f2a953d7bda4f8fdffba13d93b00844c25572110b26079"
+"checksum typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1410f6f91f21d1612654e7cc69193b0334f909dcf2c790c4826254fbb86f8887"
+"checksum unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33"
 "checksum unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "284b6d3db520d67fbe88fd778c21510d1b0ba4a551e5d0fbb023d33405f6de8a"
+"checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5"
+"checksum unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "51ccda9ef9efa3f7ef5d91e8f9b83bbe6955f9bf86aec89d5cce2c874625920f"
 "checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc"
 "checksum unreachable 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1f2ae5ddb18e1c92664717616dd9549dde73f539f01bd7b77c2edb2446bdff91"
+"checksum url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fa35e768d4daf1d85733418a49fb42e10d7f633e394fccab4ab7aba897053fe2"
 "checksum vcpkg 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9e0a7d8bed3178a8fb112199d466eeca9ed09a14ba8ad67718179b4fd5487d0b"
 "checksum version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6b772017e347561807c1aa192438c5fd74242a670a6cffacc40f2defd1dc069d"
 "checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"

Cargo.toml

@@ -15,6 +15,7 @@ lru-cache = "0.1.1"
 maud = "0.17.2"
 relative-path = { version = "0.3.7", features = ["serde"] }
 route-recognizer = "0.1.12"
+rustsec = "0.6.0"
 semver = { version = "0.9.0", features = ["serde"] }
 serde = "1.0.27"
 serde_derive = "1.0.27"

src/engine/futures/analyze.rs

@@ -12,27 +12,29 @@ pub struct AnalyzeDependenciesFuture {
 }
 
 impl AnalyzeDependenciesFuture {
-    pub fn new(engine: &Engine, deps: CrateDeps) -> Self {
+    pub fn new(engine: Engine, deps: CrateDeps) -> Self {
-        let analyzer = DependencyAnalyzer::new(&deps);
+        let future = engine.fetch_advisory_db().and_then(move |advisory_db| {
+            let analyzer = DependencyAnalyzer::new(&deps, advisory_db);
 
-        let main_deps = deps.main.into_iter().filter_map(|(name, dep)| {
+            let main_deps = deps.main.into_iter().filter_map(|(name, dep)| {
-            if dep.is_external() { Some(name) } else { None }
+                if dep.is_external() { Some(name) } else { None }
-        });
+            });
-        let dev_deps = deps.dev.into_iter().filter_map(|(name, dep)| {
+            let dev_deps = deps.dev.into_iter().filter_map(|(name, dep)| {
-            if dep.is_external() { Some(name) } else { None }
+                if dep.is_external() { Some(name) } else { None }
-        });
+            });
-        let build_deps = deps.build.into_iter().filter_map(|(name, dep)| {
+            let build_deps = deps.build.into_iter().filter_map(|(name, dep)| {
-            if dep.is_external() { Some(name) } else { None }
+                if dep.is_external() { Some(name) } else { None }
-        });
+            });
 
-        let release_futures = engine.fetch_releases(main_deps.chain(dev_deps).chain(build_deps));
+            let release_futures = engine.fetch_releases(main_deps.chain(dev_deps).chain(build_deps));
 
-        let analyzed_deps_future = futures_unordered(release_futures)
+            futures_unordered(release_futures)
-            .fold(analyzer, |mut analyzer, releases| { analyzer.process(releases); Ok(analyzer) as Result<_, Error> })
+                .fold(analyzer, |mut analyzer, releases| { analyzer.process(releases); Ok(analyzer) as Result<_, Error> })
-            .map(|analyzer| analyzer.finalize());
+                .map(|analyzer| analyzer.finalize())
+        });
 
         AnalyzeDependenciesFuture {
-            inner: Box::new(analyzed_deps_future)
+            inner: Box::new(future)
         }
     }
 }

src/engine/machines/analyzer.rs

@@ -1,19 +1,24 @@
+use std::sync::Arc;
+
+use rustsec::db::AdvisoryDatabase;
 use semver::Version;
 
-use ::models::crates::{CrateDeps, CrateRelease, AnalyzedDependency, AnalyzedDependencies};
+use ::models::crates::{CrateDeps, CrateRelease, CrateName, AnalyzedDependency, AnalyzedDependencies};
 
 pub struct DependencyAnalyzer {
-    deps: AnalyzedDependencies
+    deps: AnalyzedDependencies,
+    advisory_db: Arc<AdvisoryDatabase>
 }
 
 impl DependencyAnalyzer {
-    pub fn new(deps: &CrateDeps) -> DependencyAnalyzer {
+    pub fn new(deps: &CrateDeps, advisory_db: Arc<AdvisoryDatabase>) -> DependencyAnalyzer {
         DependencyAnalyzer {
-            deps: AnalyzedDependencies::new(deps)
+            deps: AnalyzedDependencies::new(deps),
+            advisory_db
         }
     }
 
-    fn process_single(dep: &mut AnalyzedDependency, ver: &Version) {
+    fn process_single(name: &CrateName, dep: &mut AnalyzedDependency, ver: &Version, advisory_db: &AdvisoryDatabase) {
         if dep.required.matches(&ver) {
             if let Some(ref mut current_latest_that_matches) = dep.latest_that_matches {
                 if *current_latest_that_matches < *ver {
@@ -22,6 +27,10 @@ impl DependencyAnalyzer {
             } else {
                 dep.latest_that_matches = Some(ver.clone());
             }
+
+            if !advisory_db.find_vulns_for_crate(name.as_ref(), ver).is_empty() {
+                dep.insecure = true;
+            }
         }
         if !ver.is_prerelease() {
             if let Some(ref mut current_latest) = dep.latest {
@@ -37,13 +46,13 @@ impl DependencyAnalyzer {
     pub fn process<I: IntoIterator<Item=CrateRelease>>(&mut self, releases: I) {
         for release in releases.into_iter().filter(|r| !r.yanked) {
             if let Some(main_dep) = self.deps.main.get_mut(&release.name) {
-                DependencyAnalyzer::process_single(main_dep, &release.version)
+                DependencyAnalyzer::process_single(&release.name, main_dep, &release.version, &self.advisory_db)
             }
             if let Some(dev_dep) = self.deps.dev.get_mut(&release.name) {
-                DependencyAnalyzer::process_single(dev_dep, &release.version)
+                DependencyAnalyzer::process_single(&release.name, dev_dep, &release.version, &self.advisory_db)
             }
             if let Some(build_dep) = self.deps.build.get_mut(&release.name) {
-                DependencyAnalyzer::process_single(build_dep, &release.version)
+                DependencyAnalyzer::process_single(&release.name, build_dep, &release.version, &self.advisory_db)
             }
         }
     }

src/engine/mod.rs

@@ -11,6 +11,7 @@ use hyper::Client;
 use hyper::client::HttpConnector;
 use hyper_tls::HttpsConnector;
 use relative_path::{RelativePath, RelativePathBuf};
+use rustsec::db::AdvisoryDatabase;
 use semver::VersionReq;
 use slog::Logger;
 use tokio_service::Service;
@@ -25,7 +26,8 @@ use ::models::crates::{CrateName, CratePath, CrateRelease, AnalyzedDependencies}
 
 use ::interactors::crates::{QueryCrate, GetPopularCrates};
 use ::interactors::RetrieveFileAtPath;
-use ::interactors::github::{GetPopularRepos};
+use ::interactors::github::GetPopularRepos;
+use ::interactors::rustsec::FetchAdvisoryDatabase;
 
 use self::futures::AnalyzeDependenciesFuture;
 use self::futures::CrawlManifestFuture;
@@ -41,7 +43,8 @@ pub struct Engine {
     query_crate: Arc<Cache<QueryCrate<HttpClient>>>,
     get_popular_crates: Arc<Cache<GetPopularCrates<HttpClient>>>,
     get_popular_repos: Arc<Cache<GetPopularRepos<HttpClient>>>,
-    retrieve_file_at_path: Arc<RetrieveFileAtPath<HttpClient>>
+    retrieve_file_at_path: Arc<RetrieveFileAtPath<HttpClient>>,
+    fetch_advisory_db: Arc<Cache<FetchAdvisoryDatabase<HttpClient>>>
 }
 
 impl Engine {
@@ -51,6 +54,7 @@ impl Engine {
         let query_crate = Cache::new(QueryCrate(client.clone()), Duration::from_secs(300), 500);
         let get_popular_crates = Cache::new(GetPopularCrates(client.clone()), Duration::from_secs(10), 1);
         let get_popular_repos = Cache::new(GetPopularRepos(client.clone()), Duration::from_secs(10), 1);
+        let fetch_advisory_db =  Cache::new(FetchAdvisoryDatabase(client.clone()), Duration::from_secs(300), 1);
 
         Engine {
             client: client.clone(), logger, metrics,
@@ -58,7 +62,8 @@ impl Engine {
             query_crate: Arc::new(query_crate),
             get_popular_crates: Arc::new(get_popular_crates),
             get_popular_repos: Arc::new(get_popular_repos),
-            retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client))
+            retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client)),
+            fetch_advisory_db: Arc::new(fetch_advisory_db)
         }
     }
 
@@ -77,6 +82,10 @@ impl AnalyzeDependenciesOutcome {
         self.crates.iter().any(|&(_, ref deps)| deps.any_outdated())
     }
 
+    pub fn any_insecure(&self) -> bool {
+        self.crates.iter().any(|&(_, ref deps)| deps.count_insecure() > 0)
+    }
+
     pub fn outdated_ratio(&self) -> (usize, usize) {
         self.crates.iter().fold((0, 0), |(outdated, total), &(_, ref deps)| {
             (outdated + deps.count_outdated(), total + deps.count_total())
@@ -115,7 +124,7 @@ impl Engine {
         manifest_future.and_then(move |manifest_output| {
             let engine_for_analyze = engine.clone();
             let futures = manifest_output.crates.into_iter().map(move |(crate_name, deps)| {
-                let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine_for_analyze, deps);
+                let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine_for_analyze.clone(), deps);
 
                 analyzed_deps_future.map(move |analyzed_deps| (crate_name, analyzed_deps))
             });
@@ -147,7 +156,7 @@ impl Engine {
             match query_response.releases.iter().find(|release| release.version == crate_path.version) {
                 None => future::Either::A(future::err(format_err!("could not find crate release with version {}", crate_path.version))),
                 Some(release) => {
-                    let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine, release.deps.clone());
+                    let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine.clone(), release.deps.clone());
 
                     future::Either::B(analyzed_deps_future.map(move |analyzed_deps| {
                         let crates = vec![(crate_path.name, analyzed_deps)].into_iter().collect();
@@ -190,6 +199,12 @@ impl Engine {
         let manifest_path = path.join(RelativePath::new("Cargo.toml"));
         self.retrieve_file_at_path.call((repo_path.clone(), manifest_path))
     }
+
+    fn fetch_advisory_db(&self) ->
+        impl Future<Item=Arc<AdvisoryDatabase>, Error=Error>
+    {
+        self.fetch_advisory_db.call(()).from_err().map(|db| db.clone())
+    }
 }
 
 lazy_static! {

src/interactors/mod.rs

@@ -10,7 +10,7 @@ pub mod bitbucket;
 pub mod crates;
 pub mod github;
 pub mod gitlab;
-
+pub mod rustsec;
 
 #[derive(Debug, Clone)]
 pub struct RetrieveFileAtPath<S>(pub S);

src/interactors/rustsec.rs

@@ -0,0 +1,44 @@
+use std::str;
+use std::sync::Arc;
+
+use failure::Error;
+use futures::{Future, IntoFuture, Stream, future};
+use hyper::{Error as HyperError, Method, Request, Response};
+use rustsec::ADVISORY_DB_URL;
+use rustsec::db::AdvisoryDatabase;
+use tokio_service::Service;
+
+#[derive(Debug, Clone)]
+pub struct FetchAdvisoryDatabase<S>(pub S);
+
+impl<S> Service for FetchAdvisoryDatabase<S>
+    where S: Service<Request=Request, Response=Response, Error=HyperError> + Clone + 'static,
+          S::Future: 'static
+{
+    type Request = ();
+    type Response = Arc<AdvisoryDatabase>;
+    type Error = Error;
+    type Future = Box<Future<Item=Self::Response, Error=Self::Error>>;
+
+    fn call(&self, _req: ()) -> Self::Future {
+        let service = self.0.clone();
+
+        let uri_future = ADVISORY_DB_URL.parse().into_future().from_err();
+
+        Box::new(uri_future.and_then(move |uri| {
+            let request = Request::new(Method::Get, uri);
+
+            service.call(request).from_err().and_then(|response| {
+                let status = response.status();
+                if !status.is_success() {
+                    future::Either::A(future::err(format_err!("Status code {} when fetching advisory db", status)))
+                } else {
+                    let body_future = response.body().concat2().from_err();
+                    let decode_future = body_future
+                        .and_then(|body| Ok(Arc::new(AdvisoryDatabase::from_toml(str::from_utf8(&body)?)?)));
+                    future::Either::B(decode_future)
+                }
+            })
+        }))
+    }
+}

src/main.rs

@@ -15,6 +15,7 @@ extern crate lru_cache;
 extern crate maud;
 extern crate relative_path;
 extern crate route_recognizer;
+extern crate rustsec;
 extern crate semver;
 #[macro_use] extern crate serde_derive;
 extern crate serde;

src/models/crates.rs

@@ -93,7 +93,8 @@ pub struct CrateDeps {
 pub struct AnalyzedDependency {
     pub required: VersionReq,
     pub latest_that_matches: Option<Version>,
-    pub latest: Option<Version>
+    pub latest: Option<Version>,
+    pub insecure: bool
 }
 
 impl AnalyzedDependency {
@@ -101,7 +102,8 @@ impl AnalyzedDependency {
         AnalyzedDependency {
             required,
             latest_that_matches: None,
-            latest: None
+            latest: None,
+            insecure: false
         }
     }
 
@@ -160,6 +162,19 @@ impl AnalyzedDependencies {
         main_outdated + dev_outdated + build_outdated
     }
 
+     pub fn count_insecure(&self) -> usize {
+        let main_insecure = self.main.iter()
+            .filter(|&(_, dep)| dep.insecure)
+            .count();
+        let dev_insecure = self.dev.iter()
+            .filter(|&(_, dep)| dep.insecure)
+            .count();
+        let build_insecure = self.build.iter()
+            .filter(|&(_, dep)| dep.insecure)
+            .count();
+        main_insecure + dev_insecure + build_insecure
+    } 
+
     pub fn any_outdated(&self) -> bool {
         let main_any_outdated = self.main.iter()
             .any(|(_, dep)| dep.is_outdated());

src/server/views/badge.rs

@@ -7,25 +7,33 @@ use ::engine::AnalyzeDependenciesOutcome;
 pub fn badge(analysis_outcome: Option<&AnalyzeDependenciesOutcome>) -> Badge {
     let opts = match analysis_outcome {
         Some(outcome) => {
-            let (outdated, total) = outcome.outdated_ratio();
+            if outcome.any_insecure() {
-
-            if outdated > 0 {
                 BadgeOptions {
                     subject: "dependencies".into(),
-                    status: format!("{} of {} outdated", outdated, total),
+                    status: "insecure".into(),
-                    color: "#dfb317".into()
+                    color: "#e05d44".into()
-                }
-            } else if total > 0 {
-                BadgeOptions {
-                    subject: "dependencies".into(),
-                    status: "up to date".into(),
-                    color: "#4c1".into()
                 }
             } else {
-                BadgeOptions {
+                let (outdated, total) = outcome.outdated_ratio();
-                    subject: "dependencies".into(),
+
-                    status: "none".into(),
+                if outdated > 0 {
-                    color: "#4c1".into()
+                    BadgeOptions {
+                        subject: "dependencies".into(),
+                        status: format!("{} of {} outdated", outdated, total),
+                        color: "#dfb317".into()
+                    }
+                } else if total > 0 {
+                    BadgeOptions {
+                        subject: "dependencies".into(),
+                        status: "up to date".into(),
+                        color: "#4c1".into()
+                    }
+                } else {
+                    BadgeOptions {
+                        subject: "dependencies".into(),
+                        status: "none".into(),
+                        color: "#4c1".into()
+                    }
                 }
             }
         },

src/server/views/html/status.rs

@@ -36,12 +36,15 @@ fn dependency_tables(crate_name: CrateName, deps: AnalyzedDependencies) -> Marku
 
 fn dependency_table(title: &str, deps: IndexMap<CrateName, AnalyzedDependency>) -> Markup {
     let count_total = deps.len();
+    let count_insecure = deps.iter().filter(|&(_, dep)| dep.insecure).count();
     let count_outdated = deps.iter().filter(|&(_, dep)| dep.is_outdated()).count();
 
     html! {
         h3 class="title is-4" (title)
         p class="subtitle is-5" {
-            @if count_outdated > 0 {
+            @if count_insecure > 0 {
+                (format!(" ({} total, {} insecure)", count_total, count_insecure))
+            } @else if count_outdated > 0 {
                 (format!(" ({} total, {} up-to-date, {} outdated)", count_total, count_total - count_outdated, count_outdated))
             } @else {
                 (format!(" ({} total, all up-to-date)", count_total))
@@ -72,7 +75,9 @@ fn dependency_table(title: &str, deps: IndexMap<CrateName, AnalyzedDependency>)
                             }
                         }
                         td class="has-text-right" {
-                            @if dep.is_outdated() {
+                            @if dep.insecure {
+                                span class="tag is-danger" "insecure"
+                            } @else if dep.is_outdated() {
                                 span class="tag is-warning" "out of date"
                             } @else {
                                 span class="tag is-success" "up to date"
@@ -150,7 +155,9 @@ fn render_success(analysis_outcome: AnalyzeDependenciesOutcome, subject_path: Su
 
     let status_data_uri = badge::badge(Some(&analysis_outcome)).to_svg_data_uri();
 
-    let hero_class = if analysis_outcome.any_outdated() {
+    let hero_class = if analysis_outcome.any_insecure()  {
+        "is-danger"
+    } else if analysis_outcome.any_outdated() {
         "is-warning"
     } else {
         "is-success"