Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUSTSEC-2024-0375: atty is unmaintained #450

Open
github-actions bot opened this issue Nov 1, 2024 · 2 comments
Open

RUSTSEC-2024-0375: atty is unmaintained #450

github-actions bot opened this issue Nov 1, 2024 · 2 comments
Labels
dependencies Pull requests that update a dependency file Priority: Low

Comments

@github-actions
Copy link

github-actions bot commented Nov 1, 2024

atty is unmaintained

Details
Status unmaintained
Package atty
Version 0.2.14
URL softprops/atty#57
Date 2024-09-25

The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.

Alternative(s)

  • std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the atty maintainer.
  • is-terminal - Standalone crate supporting Rust older than 1.70.0

See advisory page for additional details.

@Congyuwang
Copy link
Contributor

Congyuwang commented Nov 1, 2024

Right. clap should really be bumped to v4. But then MSRV would need to be 1.74.

@eaufavor eaufavor added the dependencies Pull requests that update a dependency file label Nov 1, 2024
@davidhewitt
Copy link

Clap 4.0.0 shipped 3 years ago with an MSRV of 1.60, is it possible to use an older version of clap v4?

https://github.com/clap-rs/clap/blob/3a74d8237634979275d364c48228371e50bf8407/Cargo.toml#L26

(We have this same security alert in some internal software which depends on pingora due to the indirect dependency on atty via clap v3.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file Priority: Low
Projects
None yet
Development

No branches or pull requests

4 participants