advisory-database
advisory-database copied to clipboard
"ansi_term is Unmaintained" is not a security advisory
I don't think GHSA-74w3-p89x-ffgh is a security advisory, and as such probably shouldn't be in Advisory Database. This crate does what it's supposed to, and there are no known security vulnerabilities in it.
On RUSTSEC (https://rustsec.org/advisories/RUSTSEC-2021-0139.html), it's indicated as "Unmaintained" advisory, not a security one.
This was a response to a comment that appears to have been deleted.
It's security advisory as others but it should be represented in canonical way as RustSec intended.
Readme for https://github.com/rustsec/advisory-db/ makes it clear that it's not:
The database also contains non-security advisories (known as informational advisories), such as advisories about unmaintained crates, which are optionally surfaced as warnings in
cargo audit
.
These github advisories are assigned the Critical severity while they are marked as Info in the RUSTSEC database. The severity should be lowered if these advisories are kept.
Closing this issue out as the advisory has been withdrawn. Apologies for the error 🙇