fix: Move off atty to resolve soundness issue #11420
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
r? @ehuss (rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
the
S-waiting-on-review
weihanglo
approved these changes
Nov 25, 2022
Cargo.toml
Outdated
| @@ -16,7 +16,7 @@ name = "cargo" | |||
| path = "src/cargo/lib.rs" | |||
|
|
|||
| [dependencies] | |||
| atty = "0.2" | |||
| is-terminal = "0.4.0" | |||
There was a problem hiding this comment.
I'm a little concerned about switching to rustix, and I echo the concerns at #10309 (comment). Do we know how well this will handle the myriad of platforms cargo is used on? I suppose one option is to push it out and see if anyone complains, but I think we should be prepared to revert this if needed.
There was a problem hiding this comment.
Alternatively, we can continue using atty for Unix. Only on Windows do we use rustix, which effectively uses libc. Does this sound reasonable?
There was a problem hiding this comment.
I don't have a particular opinion about what to use. Just pointing out to beware of the risks of this change. Maybe @joshtriplett may have some thoughts, or maybe a better sense of when IsTerminal could be stabilized, in which case we could just wait or switch to that soon.
There is a soundness issue with atty when building on Windows with a custom allocator. This PR switches direct dependencies on atty to is-terminal. New semver compatible versions of clap and snapbox remove atty. rust-lang#11417 upgrades env_logger to remove it from there. Fixes rust-lang#11415
|
@bors r+ |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
weihanglo
added a commit
to weihanglo/rust
that referenced
this pull request
Nov 25, 2022
5 commits in ba607b23db8398723d659249d9abf5536bc322e5..e027c4b5d25af2119b1956fac42863b9b3242744 2022-11-22 20:52:39 +0000 to 2022-11-25 19:44:46 +0000 - fix: Move off atty to resolve soundness issue (rust-lang/cargo#11420) - add newline char to `cargo install .` error message for easier reading. (rust-lang/cargo#11401) - chore: Upgrade to env_logger (rust-lang/cargo#11417) - Change rustdoc-scrape-examples to be a target-level configuration (rust-lang/cargo#10343) - temporarily disable test `lto::test_profile` (rust-lang/cargo#11419)
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Nov 26, 2022
Update cargo 5 commits in ba607b23db8398723d659249d9abf5536bc322e5..e027c4b5d25af2119b1956fac42863b9b3242744 2022-11-22 20:52:39 +0000 to 2022-11-25 19:44:46 +0000 - fix: Move off atty to resolve soundness issue (rust-lang/cargo#11420) - add newline char to `cargo install .` error message for easier reading. (rust-lang/cargo#11401) - chore: Upgrade to env_logger (rust-lang/cargo#11417) - Change rustdoc-scrape-examples to be a target-level configuration (rust-lang/cargo#10343) - temporarily disable test `lto::test_profile` (rust-lang/cargo#11419) r+ `@ghost`
weihanglo
added a commit
to weihanglo/rust
that referenced
this pull request
Nov 27, 2022
5 commits in ba607b23db8398723d659249d9abf5536bc322e5..e027c4b5d25af2119b1956fac42863b9b3242744 2022-11-22 20:52:39 +0000 to 2022-11-25 19:44:46 +0000 - fix: Move off atty to resolve soundness issue (rust-lang/cargo#11420) - add newline char to `cargo install .` error message for easier reading. (rust-lang/cargo#11401) - chore: Upgrade to env_logger (rust-lang/cargo#11417) - Change rustdoc-scrape-examples to be a target-level configuration (rust-lang/cargo#10343) - temporarily disable test `lto::test_profile` (rust-lang/cargo#11419)
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Nov 28, 2022
Update cargo 5 commits in ba607b23db8398723d659249d9abf5536bc322e5..e027c4b5d25af2119b1956fac42863b9b3242744 2022-11-22 20:52:39 +0000 to 2022-11-25 19:44:46 +0000 - fix: Move off atty to resolve soundness issue (rust-lang/cargo#11420) - add newline char to `cargo install .` error message for easier reading. (rust-lang/cargo#11401) - chore: Upgrade to env_logger (rust-lang/cargo#11417) - Change rustdoc-scrape-examples to be a target-level configuration (rust-lang/cargo#10343) - temporarily disable test `lto::test_profile` (rust-lang/cargo#11419) r+ `@ghost`
RalfJung
pushed a commit
to RalfJung/miri
that referenced
this pull request
Dec 3, 2022
Update cargo 5 commits in ba607b23db8398723d659249d9abf5536bc322e5..e027c4b5d25af2119b1956fac42863b9b3242744 2022-11-22 20:52:39 +0000 to 2022-11-25 19:44:46 +0000 - fix: Move off atty to resolve soundness issue (rust-lang/cargo#11420) - add newline char to `cargo install .` error message for easier reading. (rust-lang/cargo#11401) - chore: Upgrade to env_logger (rust-lang/cargo#11417) - Change rustdoc-scrape-examples to be a target-level configuration (rust-lang/cargo#10343) - temporarily disable test `lto::test_profile` (rust-lang/cargo#11419) r+ `@ghost`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a soundness issue with atty when building on Windows with a custom allocator.
This PR switches direct dependencies on atty to is-terminal. New semver compatible versions of clap and snapbox remove atty. #11417 upgrades env_logger to remove it from there.
Fixes #11416