Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cargo: Eliminate security warning about unused atty dependency #1021

Merged
merged 2 commits into from
Sep 28, 2023

Conversation

micahsnyder
Copy link
Contributor

@micahsnyder micahsnyder commented Sep 7, 2023

atty is unmaintained but is still used by clap.
Disabling the default features for cbindgen removes the clap dependency and thus removes atty.

Resolves: https://github.com/Cisco-Talos/clamav/security/dependabot/2

Note: the security issue wouldn't affect us if we did use it, but clap (and therefore atty) aren't actually used by cbindgen in clamav. That is to say this is not actually a security concern for us. Just silencing the warning.

atty is unmaintained but is still used by clap.
Disabling the default features for cbindgen removes the clap
dependency and thus removes atty.

Resolves: https://github.com/Cisco-Talos/clamav/security/dependabot/2
The build is running a different link.exe than the MSVC linker,
possibly the one provided by bash.

Fix by deleting /usr/bin/link.exe

See: https://yncat.github.io/2022/02/18/github-actions%E3%81%A7-msvc-%E3%81%AE-link-%E3%81%8C%E4%BD%BF%E3%81%88%E3%81%AA%E3%81%8F%E3%81%AA%E3%82%8B%E8%A9%B1.html
@micahsnyder micahsnyder merged commit 0f9de9e into Cisco-Talos:main Sep 28, 2023
23 checks passed
@micahsnyder micahsnyder deleted the CLAM-2436-no-clap-no-atty branch September 28, 2023 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants