Unverified Commit d6a1befb authored by ysaito1001's avatar ysaito1001 Committed by GitHub
Browse files

Fix vulnerability report from `cargo audit` (#3066) 

## Motivation and Context
With `cargo-audit` v0.18.2, it reports the following vulnerabilities
when run against generated SDKs.
```
$ pwd
<smithy-rs root>/aws/sdk/build/aws-sdk
$ cargo generate-lockfile && cargo audit
...
    Scanning Cargo.lock for vulnerabilities (339 crate dependencies)

Crate:     atty
Version:   0.2.14
Warning:   unsound
Title:     Potential unaligned read
Date:      2021-07-04
ID:        RUSTSEC-2021-0145
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
├── env_logger 0.9.3
│   └── aws-credential-types 0.56.1
|
...
|___ criterion 0.4.0
```
Both of the latest `env_logger` and `criterion` removed their
dependencies on `atty`. This PR, therefore, updates a version of
`env_logger` and that of `criterion` within the `smithy-rs` codebase.

## Testing
Ran the above repro steps against SDKs generated from this branch. No
vulnerabilities detected.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent d293d1f7
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment