This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate loom


(7 total, 4 outdated, 1 possibly insecure)

 cfg-if^ of date
 futures^ of date
 generator ⚠️^ of date
 scoped-tls^ of date
 serde^1.0.801.0.203up to date
 serde_derive^1.0.801.0.203up to date
 serde_json^1.0.331.0.117up to date

Security Vulnerabilities

generator: Generators can cause data races if non-Send types are used in their generator functions


The Generator type is an iterable which uses a generator function that yields values. In affected versions of the crate, the provided function yielding values had no Send bounds despite the Generator itself implementing Send.

The generator function lacking a Send bound means that types that are dangerous to send across threads such as Rc could be sent as part of a generator, potentially leading to data races.

This flaw was fixed in commit f7d120a3b by enforcing that the generator function be bound by Send.