-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
atty dependency has security issue #11416
Comments
This removes one path to `atty`. Others: - clap: fixed in 4.0.27 - pretty-env-logger: seanmonstar/pretty-env-logger#52 needs to be resolved first - snapbox: this will be fixed soonish but is also only a test dependency - direct dependency This is part of rust-lang#11416
chore: Upgrade to env_logger This removes one path to `atty`. Others: - clap: fixed in 4.0.27 - pretty-env-logger: seanmonstar/pretty-env-logger#52 needs to be resolved first - snapbox: this will be fixed soonish but is also only a test dependency - direct dependency This is part of #11416
As noted in the advisory, official releases of Cargo aren't affected by this particular soundness issue because they don't use an allocator that aligns to less than 8 bytes. However the maintenance issue is still a concern. |
While cargo-the-bin isn't affected, cargo-the-lib would be and there are people who link against cargod |
This removes one path to `atty`. Others: - clap: fixed in 4.0.27 - pretty-env-logger: seanmonstar/pretty-env-logger#52 needs to be resolved first - snapbox: this will be fixed soonish but is also only a test dependency - direct dependency This is part of rust-lang#11416
chore: Upgrade to env_logger This removes one path to `atty`. Others: - clap: fixed in 4.0.27 - pretty-env-logger: seanmonstar/pretty-env-logger#52 needs to be resolved first - snapbox: this will be fixed soonish but is also only a test dependency - direct dependency This is part of #11416
Great is this coming to next rust version or earlier? |
This will be in The cutoff for |
Problem
The dependency to atty has a security issue, also atty seems to be unmaintained.
https://rustsec.org/advisories/RUSTSEC-2021-0145
Steps
No response
Possible Solution(s)
Use https://crates.io/crates/is-terminal instead
Notes
No response
Version
The text was updated successfully, but these errors were encountered: