Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid atty and bump MSRV to 1.63 #47

Merged
merged 2 commits into from
Aug 26, 2023
Merged

Avoid atty and bump MSRV to 1.63 #47

merged 2 commits into from
Aug 26, 2023

Conversation

rkday-pro
Copy link
Contributor

This is #45 with an extra commit bumping the MSRV. I think this is necessary to match is_terminal's MSRV - https://github.com/sunfishcode/is-terminal/blob/main/Cargo.toml#L16.

CI passes on my fork: https://github.com/rkd-msw/term/actions/runs/5714633882

Techcable and others added 2 commits November 27, 2022 23:31
@Techcable
security: Avoid using buggy atty crate
7f43921 
Switches to newer `is-terminal` crate instead.
This functionality is also availible on the nightly
Rust stdlib as a `std::io::IsTerminal` trait.

Avoids RUSTSEC-2021-0145 (softprops/atty#50)
Fixes slog-rs/slog#319

Based on the information in the vulnerability database,
I don't consider this a particularly serious bug.

> In practice however, the pointer won't be unaligned
   unless a custom global allocator is used.
@rkday-pro
Bump MSRV to 1.63
20871c9
@rkday-pro rkday-pro mentioned this pull request Jul 31, 2023
Merged
@rkday-pro rkday-pro changed the title Avoid atty and bump msrv Avoid atty and bump MSRV to 1.63 Jul 31, 2023
@Techcable Techcable merged commit 911a973 into slog-rs:master Aug 26, 2023
8 checks passed
@rkday-pro
Copy link
Contributor Author

@Techcable , any plans for a 2.10.0 with this fix in?

@mattledden
Copy link

@Techcable , any plans for a 2.10.0 with this fix in?

@Techcable any update on this?

@Keavon
Copy link

Keavon commented Jan 18, 2024

@dpc Hi, I see you're also listed together with @Techcable as owners. Might either of you please be able to release a new version with this PR integrated so the security warnings can go away for the crates which depend on this? Thank you! ❤️

Techcable added a commit to Techcable/slog-term that referenced this pull request Feb 18, 2024
@Techcable
Bump version to 2.9.1
a86edea 
Includes important fix slog-rs#47

Sorry for the long wait!
@Techcable
Copy link
Member

Hi @rkd-msw , @mattledden , @Keavon -- I've released a new version 2.9.1 with this fix included.

I was hoping to include PR #44 , but I realized this was important to get out first.

Please let me know if you need anything else :)

@Keavon
Copy link

Keavon commented Feb 18, 2024

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rkday-pro @mattledden @Keavon @Techcable