RUSTSEC-2021-0139: ansi_term is Unmaintained #914
Assignees
Comments
This was referenced Jun 10, 2024
github-merge-queue bot
pushed a commit
that referenced
this issue
Jun 10, 2024
## Summary Ignore RustSec warning. ## Background We get a non-critical warning when running `cargo audit`: [RUSTSEC-2021-0139](https://rustsec.org/advisories/RUSTSEC-2021-0139). When running `cargo tree -i -p=ansi_term` we can see that `ansi_term` is a dependency of `dylint` and `tracing-subscriber` v0.2. While `tracing-subscriber` v0.3 doesn't depend upon `ansi_term`, we can't easily upgrade to that version as several of our dependencies do not support v0.3. Also, `dylint`'s latest version still depends upon `ansi_term`. Given that the RustSec report doesn't suggest any concrete problems with `ansi_term` and how difficult it will be to move away from this dependency, I have just ignored this warning in CI. We also have a further audit warning about v0.1.29 of `jobserver` being yanked, so I have updated that dependency. ## Changes - Ignore RustSec warning in newly-added `.cargo/audit.toml` file. ## Testing CI and ran `cargo audit` locally. ## Related Issues Closes #914.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ansi_term0.12.1The maintainer has advised that this crate is deprecated and will not receive any maintenance.
The crate does not seem to have much dependencies and may or may not be ok to use as-is.
Last release seems to have been three years ago.
Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
Dependency Specific Migration(s)
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: