cloudflare
RUSTSEC-2024-0375: `atty` is unmaintained
attyis unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | atty |
| Version | 0.2.14 |
| URL | https://github.com/softprops/atty/issues/57 |
| Date | 2024-09-25 |
The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.
Alternative(s)
- std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the
attymaintainer. - is-terminal - Standalone crate supporting Rust older than 1.70.0
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Right. clap should really be bumped to v4. But then MSRV would need to be 1.74.
Clap 4.0.0 shipped 3 years ago with an MSRV of 1.60, is it possible to use an older version of clap v4?
https://github.com/clap-rs/clap/blob/3a74d8237634979275d364c48228371e50bf8407/Cargo.toml#L26
(We have this same security alert in some internal software which depends on pingora due to the indirect dependency on atty via clap v3.)
