search

DataDog / glommio

Glommio is a thread-per-core crate that makes writing highly parallel asynchronous applications in a thread-per-core architecture easier for rustaceans.
Other
2.93k stars 161 forks source link

Fix third-party vulnerability caused by atty v0.2.14 #644

Closed vmingchen closed 3 months ago

vmingchen commented 3 months ago

Github detects third-party vulnerabilities seems to originate from the storage example.

What does this PR do?

atty has security vulnerability and is used by pretty-bytes and an old clap version.

Fix the vulnerability by updating dependency:

  1. Update Clap to the latest version and adjust API accordingly
  2. Replace pretty-bytes (no longer maintained) with byte-unit

So that we no longer depend on atty.

Motivation

Fix the vulnerability to make CI happy.

Additional Notes

Example output after the change:

Buffered I/O: Wrote 61.66 GiB in 111.219587957s, 567.68 MiB/s
Buffered I/O: Closed in 10.132848655s, Amortized total 520.28 MiB/s

See detailed info about the vulnerability here: https://github.com/DataDog/glommio/actions/runs/8078793715/job/22071839053