Vulnerability in cbindgen due to dependency on an old clap release #899
Description
Simply running the following produces:
$ cargo audit
Crate: atty
Version: 0.2.14
Warning: unsound
Title: Potential unaligned read
Date: 2021-07-04
ID: RUSTSEC-2021-0145
URL: https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
└── clap 3.2.25
└── cbindgen 0.26.0
└── mylib 0.0.0-git
└── myguiapp 0.0.0-git
warning: 1 allowed warning found
It seems newer clap won't rely on atty. And also the advisory URL states:
atty is Unmaintained
A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.
Last release of atty was almost 3 years ago.
Please bump to a version without dependency on atty.