RUSTSEC-2025-0165

Affected versions of i_tree exposed safe public Tree::node and Tree::mut_node methods in the public tree module. These methods accepted an arbitrary u32 index and passed it directly to Vec::get_unchecked / get_unchecked_mut on the internal node buffer, without validating that the index was in bounds.

Because these methods were safe and public, a caller could pass an out-of-bounds index without writing any unsafe code, producing an out-of-bounds shared or mutable reference and triggering undefined behavior.

Starting with 0.10.0 the crate was restructured and these accessors are no longer reachable from outside the crate.