Open github-actions[bot] opened 1 year ago
@Acaccia https://github.com/stacks-network/clarity-wasm/blob/main/.github/workflows/audit-on-new-deps.yaml this is a great workflow to have enabled, but as you're seeing can be incredibly chatty, especially as the project/repo grows. the same goes with clippy workflows
@wileyj I see that :/ I will disable both I guess.
i wouldn't go that far just yet - but maybe have a plan for how to update these deps (combined with an ignore list)? i'm a fan of the idea here, and i'd like to do similar for the blockchain repo - but (same with clippy) i found it can be very chatty and you don't always want to update a dependency if you're not affected by a cve.
I don't have time for dealing with this right now, but yes, I will open an issue to see what we can do about it later. Thank you for the advice @wileyj :)
This dependency comes from clarity-repl. I'll rename the issue and leave it open for the discussion.
atty
0.2.14
On windows,
atty
dereferences a potentially unaligned pointer.In practice however, the pointer won't be unaligned unless a custom global allocator is used.
In particular, the
System
allocator on windows usesHeapAlloc
, which guarantees a large enough alignment.atty is Unmaintained
A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.
Last release of
atty
was almost 3 years ago.Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
See advisory page for additional details.