This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate xtask
Dependencies (10 total, all up-to-date)
Crate swc_core
Dependencies (1 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.81
1.0.82
up to date
Build dependencies (1 total, all up-to-date)
Crate Required Latest Status vergen ^8.0.0
8.3.1
up to date
Crate swc_cli_impl
Dependencies (15 total, 2 outdated)
Dev dependencies (2 total, all up-to-date)
Crate dbg-swc
Dependencies (12 total, 2 outdated)
Crate jsdoc
Dependencies (2 total, all up-to-date)
Crate Required Latest Status nom ^7.1.3
7.1.3
up to date serde ^1
1.0.198
up to date
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.82
up to date dashmap ^5.5.3
5.5.3
up to date
Crate binding_macros
Dependencies (8 total, 1 outdated)
Crate swc_css
No external dependencies! 🙌
Crate swc_css_lints
Dependencies (5 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.115
1.0.116
up to date
Crate swc_css_prefixer
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Crate swc_ecmascript
No external dependencies! 🙌
Crate swc_ecma_lints
Dependencies (6 total, 1 possibly insecure)
Crate swc_ecma_quote
No external dependencies! 🙌
Crate swc_estree_compat
Dependencies (6 total, all up-to-date)
Crate Required Latest Status ahash ^0.8.8
0.8.11
up to date anyhow ^1
1.0.82
up to date copyless ^0.1.5
0.1.5
up to date rayon ^1.7.0
1.10.0
up to date serde ^1
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Dev dependencies (3 total, all up-to-date)
Crate swc_html
No external dependencies! 🙌
Crate swc_plugin
Dependencies (1 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date
Crate swc_plugin_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_plugin_runner
Dependencies (12 total, 1 outdated, 1 possibly insecure)
Dev dependencies (2 total, 1 possibly insecure)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date tokio ⚠️ ^1
1.37.0
maybe insecure
Crate swc_plugin_testing
No external dependencies! 🙌
Crate swc_plugin_proxy
Dependencies (2 total, all up-to-date)
Crate Required Latest Status rkyv =0.7.44
0.7.44
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_timer
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_xml
No external dependencies! 🙌
Crate swc
Dependencies (20 total, 3 outdated, 2 possibly insecure)
Dev dependencies (4 total, all up-to-date)
Crate swc_atoms
Dependencies (6 total, 1 outdated)
Crate swc_bundler
Dependencies (12 total, 1 outdated)
Dev dependencies (7 total, 3 outdated)
Crate Required Latest Status hex ^0.4
0.4.3
up to date ntest ^0.7.2
0.9.2
out of date path-clean =0.1.0
1.0.1
out of date reqwest ^0.11.14
0.12.3
out of date sha-1 ^0.10
0.10.1
up to date tempfile ^3.6.0
3.10.1
up to date url ^2.4.0
2.5.0
up to date
Crate swc_cached
Dependencies (6 total, 1 possibly insecure)
Crate Required Latest Status ahash ^0.8.8
0.8.11
up to date anyhow ^1.0.81
1.0.82
up to date dashmap ^5.5.3
5.5.3
up to date once_cell ^1.19.0
1.19.0
up to date regex ⚠️ ^1.5.4
1.10.4
maybe insecure serde ^1.0.197
1.0.198
up to date
Crate swc_common
Dependencies (20 total, 2 outdated)
Dev dependencies (3 total, all up-to-date)
Crate swc_css_ast
Dependencies (3 total, all up-to-date)
Crate Required Latest Status is-macro ^0.3.5
0.3.5
up to date rkyv =0.7.44
0.7.44
up to date serde ^1.0.197
1.0.198
up to date
Crate swc_css_codegen
Dependencies (4 total, all up-to-date)
Crate swc_css_compat
Dependencies (4 total, all up-to-date)
Crate swc_css_minifier
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date
Crate swc_css_modules
Dependencies (2 total, all up-to-date)
Crate Required Latest Status rustc-hash ^1.1.0
1.1.0
up to date serde ^1
1.0.198
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.116
up to date
Crate swc_css_parser
Dependencies (2 total, all up-to-date)
Crate Required Latest Status lexical ^6.1.0
6.1.1
up to date serde ^1.0.197
1.0.198
up to date
Dev dependencies (2 total, all up-to-date)
Crate swc_css_utils
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Crate swc_css_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.198
up to date
Crate swc_ecma_ast
Dependencies (10 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.116
up to date
Crate swc_ecma_codegen
Dependencies (7 total, all up-to-date)
Dev dependencies (3 total, 1 outdated)
Crate swc_ecma_loader
Dependencies (10 total, 2 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status lazy_static ^1.4.0
1.4.0
up to date
Crate swc_ecma_minifier
Dependencies (16 total, 1 possibly insecure)
Dev dependencies (5 total, all up-to-date)
Crate swc_ecma_parser
Dependencies (10 total, all up-to-date)
Dev dependencies (4 total, all up-to-date)
Crate swc_ecma_preset_env
Dependencies (9 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate swc_ecma_quote_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.82
up to date proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_ecma_transforms_base
Dependencies (9 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date rayon ^1
1.10.0
up to date
Crate swc_ecma_transforms_compat
Dependencies (8 total, all up-to-date)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.115
1.0.116
up to date
Crate swc_ecma_transforms_module
Dependencies (10 total, 1 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate swc_ecma_transforms_optimization
Dependencies (8 total, all up-to-date)
Crate swc_ecma_transforms_proposal
Dependencies (4 total, all up-to-date)
Crate Required Latest Status either ^1.10.0
1.11.0
up to date rustc-hash ^1
1.1.0
up to date serde ^1.0.197
1.0.198
up to date smallvec ^1.8.0
1.13.2
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.115
1.0.116
up to date
Crate swc_ecma_transforms_react
Dependencies (7 total, 2 outdated)
Crate Required Latest Status base64 ^0.21.0
0.22.0
out of date dashmap ^5.5.3
5.5.3
up to date indexmap ^2.0.0
2.2.6
up to date once_cell ^1.19.0
1.19.0
up to date rayon ^1.7.0
1.10.0
up to date serde ^1.0.197
1.0.198
up to date sha-1 =0.10.0
0.10.1
out of date
Crate swc_ecma_transforms_testing
Dependencies (9 total, 1 outdated)
Crate swc_ecma_transforms_typescript
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date ryu-js ^1.0.0
1.0.1
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date
Crate swc_ecma_usage_analyzer
Dependencies (3 total, all up-to-date)
Crate swc_ecma_utils
Dependencies (7 total, all up-to-date)
Crate swc_ecma_visit
Dependencies (3 total, all up-to-date)
Crate Required Latest Status num-bigint ^0.4
0.4.4
up to date serde ^1
1.0.198
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_malloc
No external dependencies! 🙌
Crate swc_node_bundler
Dependencies (8 total, 1 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate swc_nodejs_common
Dependencies (6 total, all up-to-date)
Crate swc_trace_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate testing
Dependencies (10 total, 1 outdated, 1 possibly insecure)
Crate swc_error_reporters
Dependencies (4 total, 1 outdated)
Crate swc_ecma_transforms
Dev dependencies (3 total, all up-to-date)
Crate preset_env_base
Dependencies (9 total, all up-to-date)
Crate swc_config
Dependencies (5 total, all up-to-date)
Crate swc_estree_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.198
up to date serde_json ^1
1.0.116
up to date
Crate swc_node_comments
Dependencies (1 total, all up-to-date)
Crate Required Latest Status dashmap ^5.5.3
5.5.3
up to date
Crate swc_html_ast
Dependencies (3 total, all up-to-date)
Crate Required Latest Status is-macro ^0.3.5
0.3.5
up to date rkyv =0.7.44
0.7.44
up to date serde ^1.0.197
1.0.198
up to date
Crate swc_html_codegen
Dependencies (3 total, all up-to-date)
Crate swc_html_minifier
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date
Crate swc_html_parser
Dev dependencies (3 total, all up-to-date)
Crate Required Latest Status criterion ^0.5
0.5.1
up to date serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Crate swc_html_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.198
up to date
Crate better_scoped_tls
Dependencies (1 total, all up-to-date)
Crate Required Latest Status scoped-tls ^1.0.1
1.0.1
up to date
Crate swc_xml_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status is-macro ^0.3.5
0.3.5
up to date serde ^1.0.197
1.0.198
up to date
Crate swc_xml_codegen
Dependencies (3 total, all up-to-date)
Crate swc_xml_parser
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Crate swc_xml_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.198
up to date
Crate swc_compiler_base
Dependencies (8 total, 1 outdated)
Crate swc_ecma_ext_transforms
Dependencies (1 total, all up-to-date)
Crate Required Latest Status phf ^0.11
0.11.2
up to date
Crate swc_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status either ^1.10.0
1.11.0
up to date
Crate swc_ecma_testing
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.82
up to date hex ^0.4
0.4.3
up to date sha2 ^0.10
0.10.8
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_fast_graph
Dependencies (3 total, all up-to-date)
Crate swc_graph_analyzer
Dependencies (3 total, all up-to-date)
Crate ast_node
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate from_variant
Dependencies (2 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date syn ^2
2.0.60
up to date
Crate swc_eq_ignore_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1.0.24
1.0.81
up to date quote ^1.0.7
1.0.36
up to date syn ^2
2.0.60
up to date
Crate string_enum
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.198
up to date
Crate swc_css_codegen_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_ecma_codegen_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date syn ^2
2.0.60
up to date quote ^1
1.0.36
up to date
Crate swc_macros_common
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_ecma_transforms_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_ecma_compat_bugfixes
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_common
No external dependencies! 🙌
Crate swc_ecma_compat_es2015
Dependencies (7 total, all up-to-date)
Crate swc_ecma_compat_es2016
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2017
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2018
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2019
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2020
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.197
1.0.198
up to date tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2021
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es2022
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_compat_es3
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.40
0.1.40
up to date
Crate swc_ecma_transforms_classes
No external dependencies! 🙌
Crate testing_macros
Dependencies (8 total, 1 possibly insecure)
Crate swc_config_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_html_codegen_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_html_utils
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.19.0
1.19.0
up to date serde ^1.0.197
1.0.198
up to date serde_json ^1.0.115
1.0.116
up to date
Crate swc_xml_codegen_macros
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.81
up to date quote ^1
1.0.36
up to date syn ^2
2.0.60
up to date
Crate swc_visit_macros
Dependencies (4 total, all up-to-date)
Security Vulnerabilities regex
: Regexes with large repetitions on empty sub-expressions take a very long time to parseRUSTSEC-2022-0013
The Rust Security Response WG was notified that the regex
crate did not
properly limit the complexity of the regular expressions (regex) it parses. An
attacker could use this security issue to perform a denial of service, by
sending a specially crafted regex to a service accepting untrusted regexes. No
known vulnerability is present when parsing untrusted input with trusted
regexes.
This issue has been assigned CVE-2022-24713. The severity of this vulnerability
is "high" when the regex
crate is used to parse untrusted regexes. Other uses
of the regex
crate are not affected by this vulnerability.
Overview
The regex
crate features built-in mitigations to prevent denial of service
attacks caused by untrusted regexes, or untrusted input matched by trusted
regexes. Those (tunable) mitigations already provide sane defaults to prevent
attacks. This guarantee is documented and it's considered part of the crate's
API.
Unfortunately a bug was discovered in the mitigations designed to prevent
untrusted regexes to take an arbitrary amount of time during parsing, and it's
possible to craft regexes that bypass such mitigations. This makes it possible
to perform denial of service attacks by sending specially crafted regexes to
services accepting user-controlled, untrusted regexes.
Affected versions
All versions of the regex
crate before or equal to 1.5.4 are affected by this
issue. The fix is include starting from regex
1.5.5.
Mitigations
We recommend everyone accepting user-controlled regexes to upgrade immediately
to the latest version of the regex
crate.
Unfortunately there is no fixed set of problematic regexes, as there are
practically infinite regexes that could be crafted to exploit this
vulnerability. Because of this, we do not recommend denying known problematic
regexes.
Acknowledgements
We want to thank Addison Crump for responsibly disclosing this to us according
to the Rust security policy , and for helping review the fix.
We also want to thank Andrew Gallant for developing the fix, and Pietro Albini
for coordinating the disclosure and writing this advisory.
tokio
: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false
.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true
previously.
The default setting of reject_remote_clients is normally true
meaning the default is also overridden as false
.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1