This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate swc_core
Dependencies (3 total, 2 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status anyhow ^1.0.66
1.0.68
up to date
Build dependencies (1 total, all up-to-date)
Crate Required Latest Status vergen ^7.3.2
7.5.0
up to date
Crate dbg-swc
Dependencies (12 total, 1 outdated)
Crate jsdoc
Dependencies (2 total, all up-to-date)
Crate Required Latest Status nom ^7.1.0
7.1.3
up to date serde ^1
1.0.152
up to date
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.68
up to date dashmap ^5.1.0
5.4.0
up to date
Crate binding_macros
Dependencies (8 total, all up-to-date)
Crate swc_css
No external dependencies! 🙌
Crate swc_css_lints
Dependencies (5 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.79
1.0.91
up to date
Crate swc_css_prefixer
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.10.0
1.17.0
up to date serde ^1.0.118
1.0.152
up to date serde_json ^1.0.61
1.0.91
up to date
Crate swc_ecmascript
No external dependencies! 🙌
Crate swc_ecma_lints
Dependencies (7 total, 2 outdated, 1 possibly insecure)
Crate swc_ecma_quote
No external dependencies! 🙌
Crate swc_estree_compat
Dependencies (6 total, 1 outdated)
Dev dependencies (3 total, 1 outdated)
Crate swc_html
No external dependencies! 🙌
Crate swc_plugin
Dependencies (1 total, all up-to-date)
Crate Required Latest Status once_cell ^1.13.0
1.17.0
up to date
Crate swc_plugin_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_plugin_runner
Dependencies (9 total, 2 outdated)
Dev dependencies (3 total, 3 outdated)
Crate swc_plugin_testing
No external dependencies! 🙌
Crate swc_plugin_proxy
Dependencies (3 total, 1 outdated)
Crate Required Latest Status rkyv =0.7.37
0.7.39
out of date rkyv-test =0.7.38-test.2
N/A up to date tracing ^0.1.32
0.1.37
up to date
Crate swc_timer
Dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.1.32
0.1.37
up to date
Crate swc_xml
No external dependencies! 🙌
Crate swc
Dependencies (20 total, 3 outdated, 1 possibly insecure)
Dev dependencies (4 total, 1 outdated)
Crate swc_atoms
Dependencies (8 total, 1 outdated)
Build dependencies (1 total, all up-to-date)
Crate swc_bundler
Dependencies (14 total, 2 outdated)
Dev dependencies (7 total, 1 outdated)
Crate Required Latest Status hex ^0.4
0.4.3
up to date ntest ^0.7.2
0.9.0
out of date path-clean =0.1.0
0.1.0
up to date reqwest ^0.11.13
0.11.14
up to date sha-1 ^0.10
0.10.1
up to date tempfile ^3.1.0
3.3.0
up to date url ^2.1.1
2.3.1
up to date
Crate swc_cached
Dependencies (6 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status ahash ^0.7.6
0.8.3
out of date anyhow ^1.0.55
1.0.68
up to date dashmap ^5.1.0
5.4.0
up to date once_cell ^1.10.0
1.17.0
up to date regex ⚠️ ^1.5.4
1.7.1
maybe insecure serde ^1.0.136
1.0.152
up to date
Crate swc_common
Dependencies (22 total, 2 outdated)
Dev dependencies (3 total, 1 outdated)
Crate swc_css_ast
Dependencies (4 total, 1 outdated)
Crate Required Latest Status bytecheck ^0.6.9
0.6.9
up to date is-macro ^0.2.0
0.2.1
up to date rkyv =0.7.37
0.7.39
out of date serde ^1.0.127
1.0.152
up to date
Crate swc_css_codegen
Dependencies (4 total, 1 outdated)
Crate swc_css_minifier
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1.0.118
1.0.152
up to date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status criterion ^0.3
0.4.0
out of date
Crate swc_css_modules
Dependencies (2 total, all up-to-date)
Crate Required Latest Status rustc-hash ^1.1.0
1.1.0
up to date serde ^1
1.0.152
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.91
up to date
Crate swc_css_parser
Dependencies (3 total, all up-to-date)
Crate Required Latest Status bitflags ^1.2.1
1.3.2
up to date lexical ^6.1.0
6.1.1
up to date serde ^1.0.127
1.0.152
up to date
Dev dependencies (2 total, 1 outdated)
Crate swc_css_utils
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.10.0
1.17.0
up to date serde ^1.0.118
1.0.152
up to date serde_json ^1.0.61
1.0.91
up to date
Crate swc_css_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.152
up to date
Crate swc_ecma_ast
Dependencies (10 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1
1.0.91
up to date
Crate swc_ecma_codegen
Dependencies (7 total, all up-to-date)
Dev dependencies (3 total, 2 outdated)
Crate swc_ecma_loader
Dependencies (11 total, 2 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status lazy_static ^1.4.0
1.4.0
up to date
Crate swc_ecma_minifier
Dependencies (17 total, 1 outdated, 1 possibly insecure)
Dev dependencies (5 total, 1 outdated)
Crate swc_ecma_parser
Dependencies (7 total, all up-to-date)
Dev dependencies (4 total, 1 outdated)
Crate swc_ecma_preset_env
Dependencies (9 total, 1 outdated)
Dev dependencies (2 total, 1 outdated)
Crate swc_ecma_quote_macros
Dependencies (5 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.68
up to date pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_ecma_transforms_base
Dependencies (8 total, 1 outdated)
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status criterion ^0.3
0.4.0
out of date rayon ^1
1.6.1
up to date
Crate swc_ecma_transforms_compat
Dependencies (9 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.66
1.0.91
up to date
Crate swc_ecma_transforms_module
Dependencies (11 total, 1 outdated, 1 possibly insecure)
Dev dependencies (2 total, all up-to-date)
Crate swc_ecma_transforms_optimization
Dependencies (9 total, 1 outdated)
Crate swc_ecma_transforms_proposal
Dependencies (3 total, all up-to-date)
Crate Required Latest Status either ^1.6.1
1.8.1
up to date serde ^1.0.118
1.0.152
up to date smallvec ^1.8.0
1.10.0
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.0.66
1.0.91
up to date
Crate swc_ecma_transforms_react
Dependencies (9 total, 3 outdated, 1 possibly insecure)
Crate Required Latest Status ahash ^0.7.4
0.8.3
out of date base64 ^0.13.0
0.21.0
out of date dashmap ^5.1.0
5.4.0
up to date indexmap ^1.6.1
1.9.2
up to date once_cell ^1.10.0
1.17.0
up to date rayon ^1.5.1
1.6.1
up to date regex ⚠️ ^1.4.2
1.7.1
maybe insecure serde ^1.0.118
1.0.152
up to date sha-1 =0.10.0
0.10.1
out of date
Crate swc_ecma_transforms_testing
Dependencies (9 total, 1 outdated)
Crate swc_ecma_transforms_typescript
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1.0.118
1.0.152
up to date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status criterion ^0.3
0.4.0
out of date
Crate swc_ecma_usage_analyzer
Dependencies (4 total, 1 outdated)
Crate swc_ecma_utils
Dependencies (7 total, all up-to-date)
Crate swc_ecma_visit
Dependencies (3 total, all up-to-date)
Crate Required Latest Status num-bigint ^0.4
0.4.3
up to date serde ^1
1.0.152
up to date tracing ^0.1.32
0.1.37
up to date
Crate swc_node_base
No external dependencies! 🙌
Crate swc_node_bundler
Dependencies (8 total, 1 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate swc_nodejs_common
Dependencies (6 total, all up-to-date)
Crate swc_trace_macro
Dependencies (3 total, all up-to-date)
Crate Required Latest Status proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate testing
Dependencies (8 total, 1 possibly insecure)
Crate swc_css_compat
Dependencies (4 total, all up-to-date)
Crate swc_error_reporters
Dependencies (4 total, 1 outdated)
Crate swc_ecma_transforms
Dev dependencies (3 total, all up-to-date)
Crate preset_env_base
Dependencies (9 total, 1 outdated)
Crate swc_ecma_dep_graph
Dev dependencies (1 total, all up-to-date)
Crate swc_config
Dependencies (3 total, all up-to-date)
Crate swc_estree_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.152
up to date serde_json ^1
1.0.91
up to date
Crate swc_node_comments
Dependencies (2 total, 1 outdated)
Crate Required Latest Status ahash ^0.7.6
0.8.3
out of date dashmap ^5.1.0
5.4.0
up to date
Crate swc_html_ast
Dependencies (4 total, 1 outdated)
Crate Required Latest Status bytecheck ^0.6.9
0.6.9
up to date is-macro ^0.2.0
0.2.1
up to date rkyv =0.7.37
0.7.39
out of date serde ^1.0.127
1.0.152
up to date
Crate swc_html_codegen
Dependencies (3 total, 1 outdated)
Crate swc_html_minifier
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.10.0
1.17.0
up to date serde ^1.0.118
1.0.152
up to date serde_json ^1.0.61
1.0.91
up to date
Dev dependencies (1 total, 1 outdated)
Crate Required Latest Status criterion ^0.3
0.4.0
out of date
Crate swc_html_parser
Dev dependencies (3 total, 1 outdated)
Crate Required Latest Status criterion ^0.3
0.4.0
out of date serde ^1.0.127
1.0.152
up to date serde_json ^1.0.66
1.0.91
up to date
Crate swc_html_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.152
up to date
Crate better_scoped_tls
Dependencies (1 total, all up-to-date)
Crate Required Latest Status scoped-tls ^1.0.0
1.0.1
up to date
Crate swc_xml_ast
Dependencies (2 total, all up-to-date)
Crate Required Latest Status is-macro ^0.2.0
0.2.1
up to date serde ^1.0.127
1.0.152
up to date
Crate swc_xml_codegen
Dependencies (3 total, 1 outdated)
Crate swc_xml_parser
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status serde ^1.0.127
1.0.152
up to date serde_json ^1.0.66
1.0.91
up to date
Crate swc_xml_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.152
up to date
Crate swc_ecma_ext_transforms
Dependencies (1 total, 1 outdated)
Crate Required Latest Status phf ^0.10
0.11.1
out of date
Crate swc_visit
Dependencies (1 total, all up-to-date)
Crate Required Latest Status either ^1.5.3
1.8.1
up to date
Crate swc_ecma_testing
Dependencies (4 total, all up-to-date)
Crate Required Latest Status anyhow ^1
1.0.68
up to date hex ^0.4
0.4.3
up to date sha-1 ^0.10
0.10.1
up to date tracing ^0.1.32
0.1.37
up to date
Crate swc_fast_graph
Dependencies (3 total, 1 outdated)
Crate Required Latest Status ahash ^0.7.6
0.8.3
out of date indexmap ^1.6.1
1.9.2
up to date petgraph ^0.6
0.6.2
up to date
Crate swc_graph_analyzer
Dependencies (4 total, 2 outdated)
Crate Required Latest Status ahash ^0.7.6
0.8.3
out of date auto_impl ^0.5.0
1.0.1
out of date petgraph ^0.6.0
0.6.2
up to date tracing ^0.1.32
0.1.37
up to date
Crate ast_node
Dependencies (5 total, 1 outdated)
Crate Required Latest Status darling ^0.13
0.14.2
out of date pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate from_variant
Dependencies (3 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date syn ^1
1.0.107
up to date
Crate swc_eq_ignore_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1.0.24
1.0.50
up to date quote ^1.0.7
1.0.23
up to date syn ^1
1.0.107
up to date
Crate string_enum
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde ^1
1.0.152
up to date
Crate swc_css_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_ecma_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date syn ^1
1.0.107
up to date quote ^1
1.0.23
up to date
Crate enum_kind
Dependencies (3 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date syn ^1
1.0.107
up to date
Crate swc_macros_common
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_ecma_transforms_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_ecma_transforms_classes
No external dependencies! 🙌
Crate testing_macros
Dependencies (9 total, 1 possibly insecure)
Crate swc_config_macro
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.3
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_html_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_html_utils
Dependencies (3 total, all up-to-date)
Crate Required Latest Status once_cell ^1.10.0
1.17.0
up to date serde ^1.0.118
1.0.152
up to date serde_json ^1.0.61
1.0.91
up to date
Crate swc_xml_codegen_macros
Dependencies (4 total, all up-to-date)
Crate Required Latest Status pmutil ^0.5.1
0.5.3
up to date proc-macro2 ^1
1.0.50
up to date quote ^1
1.0.23
up to date syn ^1
1.0.107
up to date
Crate swc_visit_macros
Dependencies (5 total, all up-to-date)
Security Vulnerabilities regex
: Regexes with large repetitions on empty sub-expressions take a very long time to parseRUSTSEC-2022-0013
The Rust Security Response WG was notified that the regex
crate did not
properly limit the complexity of the regular expressions (regex) it parses. An
attacker could use this security issue to perform a denial of service, by
sending a specially crafted regex to a service accepting untrusted regexes. No
known vulnerability is present when parsing untrusted input with trusted
regexes.
This issue has been assigned CVE-2022-24713. The severity of this vulnerability
is "high" when the regex
crate is used to parse untrusted regexes. Other uses
of the regex
crate are not affected by this vulnerability.
Overview
The regex
crate features built-in mitigations to prevent denial of service
attacks caused by untrusted regexes, or untrusted input matched by trusted
regexes. Those (tunable) mitigations already provide sane defaults to prevent
attacks. This guarantee is documented and it's considered part of the crate's
API.
Unfortunately a bug was discovered in the mitigations designed to prevent
untrusted regexes to take an arbitrary amount of time during parsing, and it's
possible to craft regexes that bypass such mitigations. This makes it possible
to perform denial of service attacks by sending specially crafted regexes to
services accepting user-controlled, untrusted regexes.
Affected versions
All versions of the regex
crate before or equal to 1.5.4 are affected by this
issue. The fix is include starting from regex
1.5.5.
Mitigations
We recommend everyone accepting user-controlled regexes to upgrade immediately
to the latest version of the regex
crate.
Unfortunately there is no fixed set of problematic regexes, as there are
practically infinite regexes that could be crafted to exploit this
vulnerability. Because of this, we do not recommend denying known problematic
regexes.
Acknowledgements
We want to thank Addison Crump for responsibly disclosing this to us according
to the Rust security policy , and for helping review the fix.
We also want to thank Andrew Gallant for developing the fix, and Pietro Albini
for coordinating the disclosure and writing this advisory.