-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: replace atty with is-terminal #4249
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jcgruenhage
force-pushed
the
replace-atty
branch
from
September 22, 2022 22:10
8b03c49
to
1704140
Compare
epage
reviewed
Sep 23, 2022
2 tasks
jcgruenhage
force-pushed
the
replace-atty
branch
from
November 24, 2022 14:33
1704140
to
aaac3c4
Compare
Updated this again to use |
2 tasks
jpgrayson
added a commit
to stacked-git/stgit
that referenced
this pull request
Nov 28, 2022
This follows suit with clap, which also changed to is-terminal, to eliminate a redundant dependency and perhaps have a better maintained library. Refs: clap-rs/clap#4249
etehtsea
added a commit
to etehtsea/spin
that referenced
this pull request
Dec 11, 2022
Refs: - softprops/atty#57 - clap-rs/clap#4249 - rustsec/advisory-db#1457 - rust-lang/rust#98070 Signed-off-by: Konstantin Shabanov <mail@etehtsea.me>
primeos-work
added a commit
to primeos-work/butido
that referenced
this pull request
Jul 31, 2023
The "atty" crate is unmaintained [0] and also causes a low severity GitHub advisory (GHSA-g98v-hv3f-hcfr; only affects windows though) [1]: > A Pull Request with a fix has been provided over a year ago but the > maintainer seems to be unreachable. > Last release of atty was almost 3 years ago. The "clap" crate already switched to "is-terminal" [2] so we can simply use the latter without having to pull in additional dependencies. The "is-terminal" crate can also be considered a successor [3]: > This crate is derived from the atty crate with PR 51 bug fix and PR 54 > port to windows-sys applied. [0]: softprops/atty#57 [1]: https://github.com/science-computing/butido/security/dependabot/9 [2]: clap-rs/clap#4249 [3]: https://crates.io/crates/is-terminal
primeos-work
added a commit
to primeos-work/butido
that referenced
this pull request
Jul 31, 2023
The "atty" crate is unmaintained [0] and also causes a low severity GitHub advisory (GHSA-g98v-hv3f-hcfr; only affects windows though) [1]: > A Pull Request with a fix has been provided over a year ago but the > maintainer seems to be unreachable. > Last release of atty was almost 3 years ago. The "clap" crate already switched to "is-terminal" [2] so we can simply use the latter without having to pull in additional dependencies. The "is-terminal" crate can also be considered a successor [3]: > This crate is derived from the atty crate with PR 51 bug fix and PR 54 > port to windows-sys applied. [0]: softprops/atty#57 [1]: https://github.com/science-computing/butido/security/dependabot/9 [2]: clap-rs/clap#4249 [3]: https://crates.io/crates/is-terminal Signed-off-by: Michael Weiss <michael.weiss@atos.net>
jszwedko
added a commit
to vectordotdev/vector
that referenced
this pull request
Oct 27, 2023
`atty` seems to be unmaintained and vulnerable to GHSA-g98v-hv3f-hcfr. I followed `clap`'s lead and replaced with `is-termianl` (clap-rs/clap#4249). Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
github-merge-queue bot
pushed a commit
to vectordotdev/vector
that referenced
this pull request
Oct 27, 2023
`atty` seems to be unmaintained and vulnerable to GHSA-g98v-hv3f-hcfr. I followed `clap`'s lead and replaced with `is-termianl` (clap-rs/clap#4249). Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Not sure whether this would be something you'd want to have, but I'm a bit
unhappy with how widespread the atty crate is being used, because it both has a
soundness issue on Windows and
even though a well reviewed fix for that issue is available it hasn't been
merged, making it look like atty is unmaintained.
Luckily, someone has created a new crate which is re-using a lot of the code
from atty, but with the soundness issue fixed, which has a nice API as you can
tell here. My suggestion would be to switch to this instead.