Open lgarron opened 2 months ago
cbindgen
clap 3.2.25
clap
atty
Although we use clap 4 ourselves, we can't force an upgrade for the transitive dependency.
cbindgen attempted to resolve this in September, but it was reverted:
The dependency is now bumped again as of February 26: https://github.com/mozilla/cbindgen/pull/912
However, we're still waiting on a release of cbindgen to address the vulnerability alert on this repo.
cbindgen(0.26.0).clap 3.2.25.clap3 depends onatty, which has a vulnerability and is unmaintained.Although we use
clap4 ourselves, we can't force an upgrade for the transitive dependency.cbindgenattempted to resolve this in September, but it was reverted:The dependency is now bumped again as of February 26: https://github.com/mozilla/cbindgen/pull/912
However, we're still waiting on a release of
cbindgento address the vulnerability alert on this repo.