Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: replace atty with is-terminal #122

Closed
wants to merge 4 commits into from
Closed

chore: replace atty with is-terminal #122

wants to merge 4 commits into from

Conversation

jcgruenhage
Copy link

atty is unmaintained and has a potential unaligned read. See https://github.com/rustsec/advisory-db/blob/main/crates/atty/RUSTSEC-2021-0145.md.

is-terminal is a replacement based on atty, with the soundness issue fixed and an (IMO) nicer to use API, mirroring what's available in the std lib on nightly with std::io::IsTerminal.

@brycx brycx mentioned this pull request Nov 23, 2022
Open
@faern
Copy link

faern commented Jan 31, 2023

Having this merged and released would be awesome. Is colored maintained?

@faern faern mentioned this pull request Feb 1, 2023
Closed
@Enet4 Enet4 mentioned this pull request Feb 4, 2023
Merged
@nstinus nstinus mentioned this pull request Feb 17, 2023
Closed
This was referenced Feb 27, 2023
Closed
Closed
@mgrachev mgrachev mentioned this pull request Mar 7, 2023
Closed
@hwittenborn hwittenborn force-pushed the master branch 3 times, most recently from 744b5dd to 1921f20 Compare July 3, 2023 11:42
@hwittenborn
Copy link
Member

Thanks for the PR @jcgruenhage! This is being discussed at #85 (comment) as well, and it's the solution I'm wanting.

An MSRV just needs to be figured out before anything is done, depending on what the fern people decide. If they're fine with making the MSRV for this crate 1.70 std::io::IsTerminal will end up being what's used, but if not the is-terminal crate will definitely be the next choice, at which point I'll go ahead and get this merged in.

@hwittenborn hwittenborn mentioned this pull request Jul 3, 2023
Closed
@ChrisCA
Copy link

ChrisCA commented Jul 3, 2023
edited
Loading

As a side note:
I wrote a PR for simple_logger which also is a highly used dependent of colored. The PR replaced atty by the std implementation, however only for Windows users.
So for that crate, at least for Windows users, the MSRV is already 1.70.
There is an issue open, targeting the atty security problem and I assume, crate users for simple_logger would welcome a fix for colored even so it bumps the MSRV for all users.

@hwittenborn
Copy link
Member

I'm definitely on the route for using the stdlib implementation too @ChrisCA, I just got to figure out what the fern people are fine with. If I can get this crate down to having zero external dependencies it would definitely be really nice, we just got to make sure all the big consumers for this crate are fine with the high MSRV so no one gets any unexpected breakage.

@hwittenborn
Copy link
Member

hwittenborn commented Jul 5, 2023
edited
Loading

I'm terribly sorry about this @jcgruenhage, but I was in a bit of a rush earlier getting atty out and I already had this change merged into the codebase.

Sadly that means there isn't really anything to merge in from this PR, but if you'd like to get another PR going I'd be more than glad to help! Let me know if there's anything I can do.

@hwittenborn hwittenborn closed this Jul 5, 2023
@jcgruenhage jcgruenhage deleted the replace-atty-with-is-terminal branch July 5, 2023 07:04
@jcgruenhage
Copy link
Author

Don't worry. My goal of getting atty out of popular crates due to being unmaintained was still fulfilled ;)

@mgrachev mgrachev mentioned this pull request Jul 5, 2023
Closed
1 task
taiki-e added a commit to openrr/openrr that referenced this pull request Sep 20, 2023
@taiki-e
Update .deny.toml
b6f9a23 
```
warning[advisory-not-detected]: advisory was not encountered
   ┌─ /Users/taiki/projects/sources/smilerobotics/openrr/.deny.toml:16:5
   │
16 │     "RUSTSEC-2021-0145", # atty 0.2, transitively dep of rosrust (via colored, colored-rs/colored#122)
   │     ^^^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
```
taiki-e added a commit to openrr/openrr that referenced this pull request Sep 20, 2023
@taiki-e
Remove RUSTSEC-2021-0145 from ignored advisories
3fcd8d0 
```
warning[advisory-not-detected]: advisory was not encountered
   ┌─ /Users/taiki/projects/sources/smilerobotics/openrr/.deny.toml:16:5
   │
16 │     "RUSTSEC-2021-0145", # atty 0.2, transitively dep of rosrust (via colored, colored-rs/colored#122)
   │     ^^^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
```
taiki-e added a commit to openrr/openrr that referenced this pull request Sep 21, 2023
@taiki-e
Remove RUSTSEC-2021-0145 from ignored advisories
0a9f243 
```
warning[advisory-not-detected]: advisory was not encountered
   ┌─ /Users/taiki/projects/sources/smilerobotics/openrr/.deny.toml:16:5
   │
16 │     "RUSTSEC-2021-0145", # atty 0.2, transitively dep of rosrust (via colored, colored-rs/colored#122)
   │     ^^^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
```
taiki-e added a commit to openrr/openrr that referenced this pull request Sep 21, 2023
@taiki-e
Remove RUSTSEC-2021-0145 from ignored advisories
0061d58 
```
warning[advisory-not-detected]: advisory was not encountered
   ┌─ /Users/taiki/projects/sources/smilerobotics/openrr/.deny.toml:16:5
   │
16 │     "RUSTSEC-2021-0145", # atty 0.2, transitively dep of rosrust (via colored, colored-rs/colored#122)
   │     ^^^^^^^^^^^^^^^^^^^ no crate matched advisory criteria
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jcgruenhage @faern @hwittenborn @ChrisCA