find alternative to 'names' crate

[marcocondrache]

The 'names' crate presently relies on an outdated version of the clap crate internally, which, in turn, still utilizes atty—an unmaintained component with a known vulnerability.

Crate:     atty
Version:   0.2.14
Warning:   unsound
Title:     Potential unaligned read
Date:      2021-07-04
ID:        RUSTSEC-2021-0145
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
└── clap 3.2.25
    └── names 0.14.0
        └── surrealdb-migrations 1.2.2
            ├── net 0.1.0
            │   └── cli 0.1.0
            │       └── sync 0.1.0
            └── dbm 0.1.0
                ├── vnd 0.1.0
                │   ├── sync 0.1.0
                │   └── cli 0.1.0
                ├── sync 0.1.0
                ├── rpc 0.1.0
                │   └── net 0.1.0
                ├── cls 0.1.0
                │   ├── vnd 0.1.0
                │   ├── sync 0.1.0
                │   └── rpc 0.1.0
                └── cli 0.1.0

[Odonno]

I just checked the repository and it seems like setting default-features = false would get rid of the clap dependency. I will try that.

Like this:

[dependencies]
names = { version = "0.14.0", default-features = false }

[marcocondrache]

I just checked the repository and it seems like setting default-features = false would get rid of the clap dependency. I will try that.

Like this:

[dependencies]
names = { version = "0.14.0", default-features = false }

I can confirm this by checking the Cargo.toml of the crate. There is also a comment in the toml about this thing.

https://github.com/fnichol/names/blob/main/Cargo.toml

I will make a PR to fix this.