Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore RUSTSEC-2021-0145 #4164

Merged
merged 1 commit into from
Nov 24, 2022
Merged

Ignore RUSTSEC-2021-0145 #4164

merged 1 commit into from
Nov 24, 2022

Conversation

dlon
Copy link
Member

@dlon dlon commented Nov 23, 2022

This vulnerability in atty (https://rustsec.org/advisories/RUSTSEC-2021-0145) only affects custom global allocators on Windows, so we can ignore it for now.

atty is a dependency due to clap and env_logger. Stop ignoring the issue once they've moved away from using it:
clap-rs/clap#4249
rust-cli/env_logger#246


This change is Reviewable

@dlon dlon marked this pull request as ready for review November 23, 2022 11:49
Copy link
Collaborator

@pinkisemils pinkisemils left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

The vulnerability affects custom global allocators on Windows, so we can safely ignore it
@dlon dlon merged commit dc1a1a9 into master Nov 24, 2022
@dlon dlon deleted the ignore-atty-vuln branch November 24, 2022 12:10
@pinkforest
Copy link

pinkforest commented Nov 26, 2022

clap has had a release that fixed this by switching to is-terminal

also I see env_logger has had a release as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants