search

johnstonskj / rust-atelier

Rust native core model for the AWS Smithy IDL
MIT License
77 stars 11 forks source link

[BUG] cargo_atelier has upstream vulnerability RUSTSEC-2021-0139 #49

Open stevelr opened 2 years ago

stevelr commented 2 years ago

Describe the bug cargo-audit reports an upstream vulnerability

Crate:     ansi_term
Version:   0.12.1
Warning:   unmaintained
Title:     ansi_term is Unmaintained
Date:      2021-08-18
ID:        RUSTSEC-2021-0139
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0139
Dependency tree:
ansi_term 0.12.1
└── clap 2.34.0
    └── structopt 0.3.26
        └── cargo_atelier 0.2.7

To Reproduce install cargo-auditable and cargo-audit and run as described here https://github.com/rust-secure-code/cargo-auditable

Expected behavior no warnings

Screenshots/Logs see above

Environment (please complete the following information):

Additional context

Updating to latest structopt (0.3.26) does not fix this. structopt is in maintenance mode and has been integrated into clap. Fixing this requires replacing the structopt dependency in cargo-atelier/src/command_line.rs to clap v4.