Ignore RUSTSEC-2021-0145 #4164

dlon · 2022-11-23T11:49:32Z

This vulnerability in atty (https://rustsec.org/advisories/RUSTSEC-2021-0145) only affects custom global allocators on Windows, so we can ignore it for now.

atty is a dependency due to clap and env_logger. Stop ignoring the issue once they've moved away from using it:
clap-rs/clap#4249
rust-cli/env_logger#246

This change is

pinkisemils

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

The vulnerability affects custom global allocators on Windows, so we can safely ignore it

pinkforest · 2022-11-26T07:46:24Z

clap has had a release that fixed this by switching to is-terminal

also I see env_logger has had a release as well

dlon marked this pull request as ready for review November 23, 2022 11:49

dlon requested a review from pinkisemils November 23, 2022 13:14

pinkisemils approved these changes Nov 24, 2022

View reviewed changes

Ignore RUSTSEC-2021-0145

bcb4d1d

The vulnerability affects custom global allocators on Windows, so we can safely ignore it

dlon force-pushed the ignore-atty-vuln branch from 14bc2a7 to bcb4d1d Compare November 24, 2022 12:07

dlon merged commit dc1a1a9 into master Nov 24, 2022

dlon deleted the ignore-atty-vuln branch November 24, 2022 12:10

Provide feedback