Skip to content

ci: Use "v2.0.0" branch for security check #799

ci: Use "v2.0.0" branch for security check

ci: Use "v2.0.0" branch for security check #799

GitHub Actions / Security audit succeeded Oct 19, 2024 in 1s

Security advisories found

1 unmaintained, 1 unsound

Details

Warnings

RUSTSEC-2024-0375

atty is unmaintained

Details
Status unmaintained
Package atty
Version 0.2.14
URL softprops/atty#57
Date 2024-09-25

The maintainer of atty has published an official notice that the crate is no longer
under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait.

Alternative(s)

  • std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement per the atty maintainer.
  • is-terminal - Standalone crate supporting Rust older than 1.70.0

RUSTSEC-2021-0145

Potential unaligned read

Details
Status unsound
Package atty
Version 0.2.14
URL softprops/atty#50
Date 2021-07-04

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.

atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;