This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate dbg-swc
Dependencies (8 total, all up-to-date)
Crate jsdoc
Dependencies (2 total, all up-to-date)
Crate Required Latest Status nom ^7.1.0
7.1.1
up to date serde ^1
1.0.137
up to date
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.57
up to date dashmap ^5.1.0
5.3.3
up to date
Crate binding_core_node
Dependencies (13 total, 1 outdated)
Build dependencies (1 total, 1 outdated)
Crate Required Latest Status napi-build ^1
2.0.0
out of date
Crate binding_core_wasm
Dependencies (12 total, all up-to-date)
Crate binding_css_node
Dependencies (7 total, all up-to-date)
Build dependencies (1 total, 1 outdated)
Crate Required Latest Status napi-build ^1
2.0.0
out of date
Crate swc_cli
Dependencies (16 total, 1 outdated)
Crate swc_css
No external dependencies! 🙌
Crate swc_css_lints
Dependencies (5 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.79
1.0.81
up to date
Crate swc_css_prefixer
No external dependencies! 🙌
Crate swc_ecmascript
No external dependencies! 🙌
Crate swc_ecma_lints
Dependencies (7 total, 1 possibly insecure)
Crate swc_ecma_quote
No external dependencies! 🙌
Crate swc_estree_compat
Dependencies (6 total, all up-to-date)
Dev dependencies (3 total, all up-to-date)
Crate swc_html
No external dependencies! 🙌
Crate swc_plugin
No external dependencies! 🙌
Crate swc_plugin_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_plugin_runner
Dependencies (8 total, all up-to-date)
Dev dependencies (3 total, all up-to-date)
Crate swc_plugin_testing
No external dependencies! 🙌
Crate swc_plugin_proxy
Dependencies (1 total, all up-to-date)
Crate Required Latest Status rkyv ^0.7.37
0.7.38
up to date
Crate swc_timer
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.32
0.1.34
up to date
Crate swc_webpack_ast
Dependencies (5 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.48
1.0.57
up to date rayon ^1.5.1
1.5.2
up to date serde ^1
1.0.137
up to date serde_json ^1.0.72
1.0.81
up to date tracing ^0.1.32
0.1.34
up to date
Crate swc_atoms
Dependencies (1 total, all up-to-date)
Build dependencies (1 total, all up-to-date)
Crate swc_common
Dependencies (20 total, all up-to-date)
Dev dependencies (3 total, all up-to-date)
Crate swc_ecma_ast
Dependencies (6 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.81
up to date
Crate swc_ecma_codegen
Dependencies (7 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.3
0.3.5
up to date
Crate swc_ecma_minifier
Dependencies (15 total, 1 possibly insecure)
Dev dependencies (5 total, all up-to-date)
Crate swc_ecma_parser
Dependencies (8 total, all up-to-date)
Dev dependencies (4 total, all up-to-date)
Crate swc_ecma_transforms_base
Dependencies (7 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.3
0.3.5
up to date
Crate swc_ecma_visit
Dependencies (2 total, all up-to-date)
Crate Required Latest Status num-bigint ^0.4
0.4.3
up to date tracing ^0.1.32
0.1.34
up to date
Crate swc_error_reporters
Dependencies (4 total, all up-to-date)
Crate testing
Dependencies (8 total, 1 possibly insecure)
Crate binding_commons
Dependencies (6 total, all up-to-date)
Crate node_macro_deps
Dependencies (2 total, all up-to-date)
Crate swc
Dependencies (19 total, 1 possibly insecure)
Dev dependencies (4 total, all up-to-date)
Crate swc_bundler
Dependencies (14 total, 1 outdated)
Dev dependencies (7 total, all up-to-date)
Crate Required Latest Status hex ^0.4
0.4.3
up to date ntest ^0.7.2
0.7.5
up to date path-clean =0.1.0
0.1.0
up to date reqwest ^0.11.4
0.11.10
up to date sha-1 ^0.10
0.10.0
up to date tempfile ^3.1.0
3.3.0
up to date url ^2.1.1
2.2.2
up to date
Crate swc_ecma_loader
Dependencies (11 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status lazy_static ^1.4.0
1.4.0
up to date
Crate swc_node_bundler
Dependencies (8 total, 1 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate swc_css_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status is-macro ^0.2.0
0.2.0
up to date serde ^1.0.127
1.0.137
up to date
Crate swc_css_codegen
Dependencies (2 total, all up-to-date)
Crate Required Latest Status auto_impl ^0.5.0
0.5.0
up to date bitflags ^1.3.2
1.3.2
up to date
Crate swc_css_minifier
No external dependencies! 🙌
Crate swc_css_parser
Dependencies (2 total, all up-to-date)
Crate Required Latest Status bitflags ^1.2.1
1.3.2
up to date lexical ^6.1.0
6.1.0
up to date
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.127
1.0.137
up to date serde_json ^1.0.66
1.0.81
up to date
Crate swc_trace_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_css_utils
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.10.0
1.10.0
up to date serde ^1.0.118
1.0.137
up to date serde_json ^1.0.61
1.0.81
up to date
Crate swc_css_visit
No external dependencies! 🙌
Crate swc_cached
Dependencies (6 total, 1 possibly insecure)
Crate Required Latest Status ahash ^0.7.6
0.7.6
up to date anyhow ^1.0.55
1.0.57
up to date dashmap ^5.1.0
5.3.3
up to date once_cell ^1.10.0
1.10.0
up to date regex ⚠️ ^1.5.4
1.5.5
maybe insecure serde ^1.0.136
1.0.137
up to date
Crate swc_ecma_dep_graph
Dev dependencies (1 total, all up-to-date)
Crate swc_ecma_preset_env
Dependencies (9 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate swc_ecma_transforms
Dev dependencies (3 total, all up-to-date)
Crate swc_ecma_utils
Dependencies (4 total, all up-to-date)
Crate swc_config
Dependencies (4 total, all up-to-date)
Crate swc_ecma_quote_macros
Dependencies (5 total, all up-to-date)
Crate swc_estree_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.137
up to date serde_json ^1
1.0.81
up to date
Crate swc_node_comments
Dependencies (2 total, all up-to-date)
Crate Required Latest Status ahash ^0.7.6
0.7.6
up to date dashmap ^5.1.0
5.3.3
up to date
Crate swc_html_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status is-macro ^0.2.0
0.2.0
up to date serde ^1.0.127
1.0.137
up to date
Crate swc_html_codegen
Dependencies (2 total, all up-to-date)
Crate Required Latest Status auto_impl ^0.5.0
0.5.0
up to date bitflags ^1.3.2
1.3.2
up to date
Crate swc_html_minifier
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.61
1.0.81
up to date
Crate swc_html_parser
Dependencies (5 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.127
1.0.137
up to date serde_json ^1.0.66
1.0.81
up to date
Crate swc_html_visit
No external dependencies! 🙌
Crate swc_node_base
No external dependencies! 🙌
Crate better_scoped_tls
Dependencies (1 total, all up-to-date)
Crate Required Latest Status scoped-tls ^1.0.0
1.0.0
up to date
Crate swc_ecma_transforms_testing
Dependencies (7 total, all up-to-date)
Crate ast_node
Dependencies (5 total, 1 outdated)
Crate from_variant
Dependencies (3 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date syn ^1
1.0.93
up to date
Crate swc_eq_ignore_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1.0.24
1.0.38
up to date quote ^1.0.7
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status either ^1.5.3
1.6.1
up to date
Crate string_enum
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.137
up to date
Crate swc_ecma_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date syn ^1
1.0.93
up to date quote ^1
1.0.18
up to date
Crate swc_ecma_transforms_optimization
Dependencies (8 total, all up-to-date)
Crate enum_kind
Dependencies (3 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date syn ^1
1.0.93
up to date
Crate swc_ecma_transforms_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate testing_macros
Dependencies (8 total, 1 possibly insecure)
Crate swc_ecma_ext_transforms
Dependencies (1 total, all up-to-date)
Crate Required Latest Status phf ^0.10
0.10.1
up to date
Crate swc_ecma_transforms_compat
Dependencies (10 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.66
1.0.81
up to date
Crate swc_fast_graph
Dependencies (3 total, all up-to-date)
Crate Required Latest Status ahash ^0.7.6
0.7.6
up to date indexmap ^1.7.0
1.8.1
up to date petgraph ^0.6
0.6.0
up to date
Crate swc_graph_analyzer
Dependencies (4 total, all up-to-date)
Crate swc_ecma_transforms_proposal
Dependencies (3 total, all up-to-date)
Crate Required Latest Status either ^1.6.1
1.6.1
up to date serde ^1.0.118
1.0.137
up to date smallvec ^1.8.0
1.8.0
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.66
1.0.81
up to date
Crate swc_ecma_transforms_react
Dependencies (8 total, 1 possibly insecure)
Crate Required Latest Status ahash ^0.7.4
0.7.6
up to date base64 ^0.13.0
0.13.0
up to date dashmap ^5.1.0
5.3.3
up to date indexmap ^1.6.1
1.8.1
up to date once_cell ^1.10.0
1.10.0
up to date regex ⚠️ ^1.4.2
1.5.5
maybe insecure serde ^1.0.118
1.0.137
up to date sha-1 ^0.10.0
0.10.0
up to date
Crate swc_ecma_transforms_typescript
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1.0.118
1.0.137
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.3
0.3.5
up to date
Crate swc_css_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate preset_env_base
Dependencies (8 total, all up-to-date)
Crate swc_ecma_transforms_module
Dependencies (7 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate swc_config_macro
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_macros_common
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_html_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.38
up to date quote ^1
1.0.18
up to date syn ^1
1.0.93
up to date
Crate swc_visit_macros
Dependencies (5 total, all up-to-date)
Crate swc_ecma_transforms_classes
No external dependencies! 🙌
Security Vulnerabilities regex
: Regexes with large repetitions on empty sub-expressions take a very long time to parseRUSTSEC-2022-0013
The Rust Security Response WG was notified that the regex
crate did not
properly limit the complexity of the regular expressions (regex) it parses. An
attacker could use this security issue to perform a denial of service, by
sending a specially crafted regex to a service accepting untrusted regexes. No
known vulnerability is present when parsing untrusted input with trusted
regexes.
This issue has been assigned CVE-2022-24713. The severity of this vulnerability
is "high" when the regex
crate is used to parse untrusted regexes. Other uses
of the regex
crate are not affected by this vulnerability.
Overview
The regex
crate features built-in mitigations to prevent denial of service
attacks caused by untrusted regexes, or untrusted input matched by trusted
regexes. Those (tunable) mitigations already provide sane defaults to prevent
attacks. This guarantee is documented and it's considered part of the crate's
API.
Unfortunately a bug was discovered in the mitigations designed to prevent
untrusted regexes to take an arbitrary amount of time during parsing, and it's
possible to craft regexes that bypass such mitigations. This makes it possible
to perform denial of service attacks by sending specially crafted regexes to
services accepting user-controlled, untrusted regexes.
Affected versions
All versions of the regex
crate before or equal to 1.5.4 are affected by this
issue. The fix is include starting from regex
1.5.5.
Mitigations
We recommend everyone accepting user-controlled regexes to upgrade immediately
to the latest version of the regex
crate.
Unfortunately there is no fixed set of problematic regexes, as there are
practically infinite regexes that could be crafted to exploit this
vulnerability. Because of this, we do not recommend denying known problematic
regexes.
Acknowledgements
We want to thank Addison Crump for responsibly disclosing this to us according
to the Rust security policy , and for helping review the fix.
We also want to thank Andrew Gallant for developing the fix, and Pietro Albini
for coordinating the disclosure and writing this advisory.