Deps.rs

swc_atoms 0.4.10

[![dependency status](https://deps.rs/crate/swc_atoms/0.4.10/status.svg)](https://deps.rs/crate/swc_atoms/0.4.10)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate swc_atoms

Dependencies

(7 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bytecheck^0.6.90.8.2out of date
 once_cell^11.21.4up to date
 rkyv-test=0.7.38-test.1N/Aup to date
 rkyv ⚠️=0.7.370.8.15out of date
 rustc-hash^1.1.02.1.1out of date
 serde^11.0.228up to date
 string_cache^0.8.40.9.0out of date

Security Vulnerabilities

rkyv: Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

RUSTSEC-2026-0001

The SharedPointer::alloc implementation for sync::Arc<T> and rc::Rc<T> in rkyv/src/impls/alloc/rc/atomic.rs (and rc.rs) does not check if the allocator returns a null pointer on OOM (Out of Memory).

This null pointer can flow through to SharedPointer::from_value, which calls Box::from_raw(ptr) with the null pointer. This triggers undefined behavior when utilizing safe deserialization APIs (such as rkyv::from_bytes or rkyv::deserialize_using) if an OOM condition occurs during the allocation of the shared pointer.

The issue is reachable through safe code and violates Rust's safety guarantees.