GHSA-rc23-xxgq-x27g: wee_alloc is Unmaintained

September 16, 2022

Two of the maintainers have indicated that the crate may not be maintained.

The crate has open issues including memory leaks and may not be suitable for production use.

It may be best to switch to the default Rust standard allocator on wasm32 targets.

Last release seems to have been three years ago.

References

github.com/advisories/GHSA-rc23-xxgq-x27g
github.com/rustwasm/wee_alloc
github.com/rustwasm/wee_alloc/issues/107
rustsec.org/advisories/RUSTSEC-2022-0054.html

Detect and mitigate GHSA-rc23-xxgq-x27g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →