Open kgraefe opened 1 year ago
I think that this is solved now and can be closed. Colored has removed the dependency on atty.
Correct, running cargo update -p colored
to update the dep fixes the advisory.
However, I feel like this crate's dep on colored
should be bumped to minimum of 2.0.4
to enforce this update on upstreams.
See https://rustsec.org/advisories/RUSTSEC-2021-0145.html for the advisory. It has not been patched even though an already-reviewed PR is available for a long time.
several projects e.g. clap and env_logger switched to
is_terminal