Deps.rs

swc_common 0.33.26

[![dependency status](https://deps.rs/crate/swc_common/0.33.26/status.svg)](https://deps.rs/crate/swc_common/0.33.26)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate swc_common

Dependencies

(26 total, 12 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 ahash^0.8.80.8.12up to date
 anyhow^1.0.811.0.101up to date
 arbitrary^11.4.2up to date
 ast_node^0.9.85.0.0out of date
 atty^0.2.140.2.14up to date
 better_scoped_tls^0.1.11.0.1out of date
 bytecheck^0.6.100.8.2out of date
 cfg-if^1.0.01.0.4up to date
 either^1.10.01.15.0up to date
 from_variant^0.1.83.0.0out of date
 new_debug_unreachable^1.0.41.0.6up to date
 num-bigint^0.4.30.4.6up to date
 once_cell^1.19.01.21.3up to date
 parking_lot^0.12.10.12.5up to date
 rkyv ⚠️=0.7.440.8.14out of date
 rustc-hash^1.1.02.1.1out of date
 serde^1.0.1971.0.228up to date
 siphasher^0.3.91.0.2out of date
 sourcemap^8.0.09.3.2out of date
 swc_atoms^0.6.59.0.0out of date
 swc_eq_ignore_macros^0.1.31.0.1out of date
 swc_visit^0.5.142.0.1out of date
 termcolor^1.01.4.1up to date
 tracing^0.1.400.1.44up to date
 unicode-width^0.1.40.2.2out of date
 url^2.4.02.5.8up to date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.5.10.8.2out of date
 rayon^1.7.01.11.0up to date
 serde_json^1.0.1151.0.149up to date

Security Vulnerabilities

rkyv: Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

RUSTSEC-2026-0001

The SharedPointer::alloc implementation for sync::Arc<T> and rc::Rc<T> in rkyv/src/impls/alloc/rc/atomic.rs (and rc.rs) does not check if the allocator returns a null pointer on OOM (Out of Memory).

This null pointer can flow through to SharedPointer::from_value, which calls Box::from_raw(ptr) with the null pointer. This triggers undefined behavior when utilizing safe deserialization APIs (such as rkyv::from_bytes or rkyv::deserialize_using) if an OOM condition occurs during the allocation of the shared pointer.

The issue is reachable through safe code and violates Rust's safety guarantees.