epage
commented
7 months ago I'm not seeing why we should bump our version requirement. This vulnerability doesn't impact us and users of our library can control this through there lockfile.
Closed jamesadevine closed 7 months ago
epage
commented
7 months ago I'm not seeing why we should bump our version requirement. This vulnerability doesn't impact us and users of our library can control this through there lockfile.
jamesadevine
commented
7 months ago Indeed, turning off the feature upstream is the remediation I have performed. Feel free to close if it does not apply to the codebase and you are not going to accept the version bump :smile:
is-terminal v0.4.0 introduces potential security hole via rustix. This PR bumps is-terminal to v0.4.9. Read about the security vulnerability here: https://github.com/bytecodealliance/rustix/security/advisories/GHSA-c827-hfw6-qwvm