-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable to GHSA-g98v-hv3f-hcfr #18
Comments
jszwedko
added a commit
to vectordotdev/vrl
that referenced
this issue
Dec 1, 2023
We don't seem to be using it and it causes a vulnerability to be flagged due to a dependency on an old version of clap that depends on the unmaintained atty. oli-obk/prettydiff#18 Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
github-merge-queue bot
pushed a commit
to vectordotdev/vrl
that referenced
this issue
Dec 4, 2023
* chore(deps): Remove prettydiff cli feature We don't seem to be using it and it causes a vulnerability to be flagged due to a dependency on an old version of clap that depends on the unmaintained atty. oli-obk/prettydiff#18 Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com> * regenerate licenses Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com> --------- Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey all,
I discovered this crate is vulnerable to GHSA-g98v-hv3f-hcfr via a dependency on
atty
:atty
seems to be unmaintained.clap
has swapped out its dependency in clap-rs/clap#4249 but this crate depends on an old version viastructopt
, which itself is deprecated in-lieu of newer versions ofclap
.I recognize this is probably pretty low priority, but has there been any thought to migrate to
clap
to get rid of the dependency onstructopt
?Thank you!
The text was updated successfully, but these errors were encountered: