Unsound and unmaintained dependency: atty

[VorpalBlade]

Using cargo-deny or cargo-audit will find this:

warning[unsound]: Potential unaligned read
11 │ atty 0.2.14 registry+https://github.com/rust-lang/crates.io-index
   │ ----------------------------------------------------------------- unsound advisory detected
   │
   = ID: RUSTSEC-2021-0145
   = Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0145
   = On windows, `atty` dereferences a potentially unaligned pointer.

     In practice however, the pointer won't be unaligned unless a custom global allocator is used.

     In particular, the `System` allocator on windows uses `HeapAlloc`, which guarantees a large enough alignment.

     # atty is Unmaintained

     A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

     Last release of `atty` was almost 3 years ago.

     ## Possible Alternative(s)

     The below list has not been vetted in any way and may or may not contain alternatives;

      - [std::io::IsTerminal](https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - Stable since Rust 1.70.0
      - [is-terminal](https://crates.io/crates/is-terminal) - Standalone crate supporting Rust older than 1.70.0
   = Announcement: https://github.com/softprops/atty/issues/50
   = Solution: No safe upgrade is available!
   = atty v0.2.14
     └── rune v0.13.2

[VorpalBlade]

For me, using the std option would be preferable, but depending on your MSRV that might not be an option.

[udoprog]

Thanks for the report!

[udoprog]

I'll look into incorporating cargo-audit into the build for the future. Thanks again!

[VorpalBlade]

I'll look into incorporating cargo-audit into the build for the future. Thanks again!

That would be good, the full audit report for the rune git repo contains a few more reported issues.