Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Rust crate prettytable-rs to ^0.10.0 [SECURITY] #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Rust crate prettytable-rs to ^0.10.0 [SECURITY] #12

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 19, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
prettytable-rs dependencies minor ^0.8 -> ^0.10.0

GitHub Vulnerability Alerts

GHSA-gfgm-chr3-x6px

In function Table::as_ref, a reference of vector is force cast to slice. There are multiple problems here:

  1. To guarantee the size is correct, we have to first do Vec::shrink_to_fit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined behavior (UB).
  2. Even if (1) is sound, &Vec<T> and &[T] still might not have the same layout. Treating them equally may lead to undefinted behavior (UB).

Release Notes

phsym/prettytable-rs (prettytable-rs)

v0.10.0

Compare Source

Fixed

  • Fix panic due to incorrect ANSI escape handling (#​137)
  • Fix display of empty tables (#​127)

Changed

  • Remove the unsafe code in Table::as_ref (#​146)
  • Switch atty to is-terminal (#​151)
  • Minimal Supported Rust Version bumped to 1.56

Thanks

v0.9.0

Compare Source

This release has been updated with latest dependencies versions.

This crate has been abandonned without notice for quite a while due to some personnal reasons. My apologies for that.
I'll try to do my best to continue to maintain it, at least for security updates. If I can't the find time to do it, I'll have no other option than
deprecating it, or find new contributors to handover the maintenance to. Feel free to raise your hand if you're interrested.
In the meantime, please expect a low update rate, and again please accept my apologies.

I'll do a pass on opened PRs after summer vacations.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/crate-prettytable-rs-vulnerability branch from 452a599 to d384205 Compare March 15, 2023 18:28
@renovate renovate bot changed the title Update Rust crate prettytable-rs to ^0.10 [SECURITY] Update Rust crate prettytable-rs to ^0.10.0 [SECURITY] Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants