Hey all,
I discovered this crate is vulnerable to GHSA-g98v-hv3f-hcfr via a dependency on atty:
atty v0.2.14
└── clap v2.34.0
└── structopt v0.3.26
└── prettydiff v0.6.5 (/private/tmp/prettydiff)
atty seems to be unmaintained. clap has swapped out its dependency in clap-rs/clap#4249 but this crate depends on an old version via structopt, which itself is deprecated in-lieu of newer versions of clap.
I recognize this is probably pretty low priority, but has there been any thought to migrate to clap to get rid of the dependency on structopt?
Thank you!
Hey all,
I discovered this crate is vulnerable to GHSA-g98v-hv3f-hcfr via a dependency on
atty:attyseems to be unmaintained.claphas swapped out its dependency in clap-rs/clap#4249 but this crate depends on an old version viastructopt, which itself is deprecated in-lieu of newer versions ofclap.I recognize this is probably pretty low priority, but has there been any thought to migrate to
clapto get rid of the dependency onstructopt?Thank you!