Open lgarron opened 2 months ago
cbindgen
clap 3.2.25
clap
atty
Although we use clap 4 ourselves, we can't force an upgrade for the transitive dependency.
cbindgen attempted to resolve this in September, but it was reverted:
The dependency is now bumped again as of February 26: https://github.com/mozilla/cbindgen/pull/912
However, we're still waiting on a release of cbindgen to address the vulnerability alert on this repo.
cbindgen
(0.26.0).clap 3.2.25
.clap
3 depends onatty
, which has a vulnerability and is unmaintained.Although we use
clap
4 ourselves, we can't force an upgrade for the transitive dependency.cbindgen
attempted to resolve this in September, but it was reverted:The dependency is now bumped again as of February 26: https://github.com/mozilla/cbindgen/pull/912
However, we're still waiting on a release of
cbindgen
to address the vulnerability alert on this repo.