slog icon indicating copy to clipboard operation
slog copied to clipboard

Published 20 hours ago verified publisher icon slog-rs

[slog-term] RUSTSEC-2018-0015: term is looking for a new maintainer

Open tyranron opened this issue 3 years ago • 5 comments

term is looking for a new maintainer

Details
Status unmaintained
Package term
Version 0.6.1
URL https://github.com/Stebalien/term/issues/93
Date 2018-11-19

The author of the term crate does not have time to maintain it and is looking for a new maintainer.

Some maintained alternatives you can potentially switch to instead, depending on your needs:

See advisory page for additional details.

tyranron avatar Jul 11 '20 08:07 tyranron

Wasn't there like a community for abandoned crates running them in low-effort maintenance mode by bunch of people doing voting or something?

dpc avatar Jul 12 '20 02:07 dpc

Cargo and other rustc tools moved to termcolor as a replacement that also works with MSYS2. At this point it's probably better to migrate to the crate that has active maintainership and a bigger buy-in.

0xpr03 avatar Aug 13 '21 12:08 0xpr03

Accepting PRs. Maybe I'll get to it myself eventually.

dpc avatar Sep 07 '21 17:09 dpc

I've looked in from switching to term to termcolor. There are one our two annoyances with this.

  1. The big problem is you can't ask "Does the terminal support bold?" You can only ask if the terminal supports "Colors".
  2. When using color=always it will forcibly outputting ANSI codes even on windows consoles that definitely do not support it. This risks shoving garbage to terminal on plain Windows 7 consoles (term does not do this)

It looks like crossterm has a lot of features and control and termcolor is easy to use (and more lightweight). Both look well supported.

Lookin into Big problem with crossterm is that it has a high Minimum Supported Rust Version (MSRV), which @dpc doesn't like.

Based on my basic tests of a couple versions:

Crossterm Version Minimum Supported Rust Version
0.23 1.56
0.22 1.46
0.20 1.46
0.17 1.46

Looks like it requires 1.46 for a very long way back....

@dpc I guess you'll have to pick your poison 😉

  1. crossterm - lots of features and control, but seems slightly more bloated and recent versions require recent stable
  2. termcolor - much less control, easier to use, has above issues, maintained by BurntSuhi (the ripgrep/regex guy)
  3. term - old library in maintenance mode
  4. yansi - looks extremely unix focused. Windows appears to be an afterthought.

Techcable avatar Feb 10 '22 03:02 Techcable

I don't really see a reason to do anything about it immediately. If it works, it will keep working. Lack of maintenance is not a big deal on it's own.

We probably use most basic functions and any of the alternatives would work OK, so whoever implements it, is free to choose. I could imagine even having support for all of them in form of cargo features if anyone is interested in supporting the alternative, and would like to put the effort.

dpc avatar Feb 10 '22 04:02 dpc