From 59fd45c8a4a6053aa5b5c5924c65a8963a6b79e1 Mon Sep 17 00:00:00 2001 From: Jeongkyu Shin Date: Mon, 11 May 2026 14:59:21 +0900 Subject: [PATCH] update: clean cargo-audit by removing atty and pinning rsa advisory Resolves all cargo-audit findings reported on deps.rs. Replace the unmaintained `atty` crate with `std::io::IsTerminal` (stdlib since Rust 1.70). This drops two advisories at once: RUSTSEC-2024-0375 (unmaintained) and RUSTSEC-2021-0145 (unsound unaligned read). The five call sites in pty, logging, ssh::auth, and the interactive connection now go through `std::io::{stdin, stdout}().is_terminal()`. Run `cargo update` to pick up 33 transitive patch bumps available within current semver constraints (tokio 1.52.1 -> 1.52.3, rustls 0.23.39 -> 0.23.40, h2 0.4.13 -> 0.4.14, digest 0.11.2 -> 0.11.3, rpassword 7.4.0 -> 7.5.2, and others). The Cargo.lock churn is mostly transitive; no direct `[dependencies]` constraints needed loosening except the atty removal. Add `.cargo/audit.toml` ignoring RUSTSEC-2023-0071 (Marvin Attack) with an explanatory comment. Both `rsa 0.9.10` (via ssh-key 0.6.x) and `rsa 0.10.0-rc.17` (via the vendored bssh-russh fork) are affected, and no fixed upstream version exists for any rsa release. Bumping to 0.10.0-rc.18 conflicts with the bssh-russh `pkcs5 = "=0.8.0-rc.13"` pin, so we accept the advisory at the audit layer and document Ed25519/ECDSA as the recommended mitigation for users. Verified: `cargo audit` reports 0 vulnerabilities / 0 warnings, `cargo clippy -- -D warnings` is clean, `cargo test --lib` passes (1222/1222), `cargo fmt --check` is clean. --- .cargo/audit.toml | 21 +++ Cargo.lock | 225 +++++++++++-------------- Cargo.toml | 1 - src/commands/interactive/connection.rs | 4 +- src/pty/mod.rs | 5 +- src/ssh/auth.rs | 3 +- src/utils/logging.rs | 3 +- 7 files changed, 132 insertions(+), 130 deletions(-) create mode 100644 .cargo/audit.toml diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 00000000..d0c01ba1 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,21 @@ +# cargo-audit configuration +# +# https://docs.rs/cargo-audit/latest/cargo_audit/ + +[advisories] +ignore = [ + # RUSTSEC-2023-0071: Marvin Attack — potential RSA key recovery via timing sidechannel. + # + # No fixed upgrade is available for any version of the `rsa` crate. The vulnerability + # is inherent to the current RustCrypto RSA implementation, which lacks constant-time + # primitives. Both `rsa 0.9.x` (via ssh-key 0.6.x) and `rsa 0.10.0-rc.x` (via the + # vendored bssh-russh fork) are affected. + # + # Mitigation: users should prefer Ed25519 or ECDSA host/user keys over RSA where + # possible. The Marvin Attack requires precise timing measurements over many + # observed decryptions; SSH session establishment is a high-noise channel that + # makes practical exploitation against bssh extremely difficult. + # + # Tracking: https://github.com/RustCrypto/RSA/issues/19 + "RUSTSEC-2023-0071", +] diff --git a/Cargo.lock b/Cargo.lock index c3741b93..15478997 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -252,17 +252,6 @@ version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi", -] - [[package]] name = "autocfg" version = "1.5.0" @@ -318,12 +307,12 @@ checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" [[package]] name = "bcrypt" -version = "0.19.0" +version = "0.19.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523ab528ce3a7ada6597f8ccf5bd8d85ebe26d5edf311cad4d1d3cfb2d357ac6" +checksum = "24ae5479c93d3720e4c1dbd6b945b97457c50cb672781104768190371df1a905" dependencies = [ "base64", - "blowfish", + "blowfish 0.10.0", "getrandom 0.4.2", "subtle", "zeroize", @@ -335,7 +324,7 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2" dependencies = [ - "blowfish", + "blowfish 0.9.1", "pbkdf2 0.12.2", "sha2 0.10.9", ] @@ -434,6 +423,16 @@ dependencies = [ "cipher 0.4.4", ] +[[package]] +name = "blowfish" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62ce3946557b35e71d1bbe07ec385073ce9eda05043f95de134eb578fcf1a298" +dependencies = [ + "byteorder", + "cipher 0.5.1", +] + [[package]] name = "bssh" version = "2.1.4" @@ -443,7 +442,6 @@ dependencies = [ "arrayvec", "async-compression", "async-trait", - "atty", "bcrypt", "bssh-russh", "bssh-russh-sftp", @@ -532,7 +530,7 @@ dependencies = [ "enum_dispatch", "flate2", "futures", - "generic-array 1.4.0", + "generic-array 1.4.1", "getrandom 0.2.17", "hex-literal", "hmac 0.12.1", @@ -560,7 +558,7 @@ dependencies = [ "sec1 0.8.1", "sha1 0.10.6", "sha2 0.10.9", - "signature 3.0.0-rc.10", + "signature 3.0.0", "spki 0.8.0", "ssh-encoding", "subtle", @@ -649,9 +647,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.61" +version = "1.2.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d16d90359e986641506914ba71350897565610e87ce0ad9e6f28569db3dd5c6d" +checksum = "a1dce859f0832a7d088c4f1119888ab94ef4b5d6795d1ce05afb7fe159d79f98" dependencies = [ "find-msvc-tools", "jobserver", @@ -936,9 +934,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cpubits" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef0c543070d296ea414df2dd7625d1b24866ce206709d8a4a424f28377f5861" +checksum = "15b85f9c39137c3a891689859392b1bd49812121d0d61c9caf00d46ed5ce06ae" [[package]] name = "cpufeatures" @@ -1179,7 +1177,7 @@ dependencies = [ "cfg-if", "cpufeatures 0.2.17", "curve25519-dalek-derive", - "digest 0.11.2", + "digest 0.11.3", "fiat-crypto", "rustc_version", "subtle", @@ -1329,9 +1327,9 @@ dependencies = [ [[package]] name = "digest" -version = "0.11.2" +version = "0.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2" dependencies = [ "block-buffer 0.12.0", "const-oid 0.10.2", @@ -1409,17 +1407,17 @@ checksum = "1435fa1053d8b2fbbe9be7e97eca7f33d37b28409959813daefc1446a14247f1" [[package]] name = "dsa" -version = "0.7.0-rc.14" +version = "0.7.0-rc.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "205b3f37ceb87c2ed5c72dac75f286848c68b19ba3246e9196f3666ce048a14b" +checksum = "a914d1d3e30ea021331fc4c4b3558aba5b1a26d91cddb920322d209a3a43cb99" dependencies = [ "crypto-bigint 0.7.3", "crypto-primes", "der 0.8.0", - "digest 0.11.2", - "rfc6979 0.5.0-rc.5", + "digest 0.11.3", + "rfc6979 0.5.0", "sha2 0.11.0", - "signature 3.0.0-rc.10", + "signature 3.0.0", "zeroize", ] @@ -1450,10 +1448,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc4bf51f0534ed6e59a0f2f26272b64ba55c470133f8424c2adfd1c4d59d9988" dependencies = [ "der 0.8.0", - "digest 0.11.2", + "digest 0.11.3", "elliptic-curve 0.14.0-rc.31", - "rfc6979 0.5.0-rc.5", - "signature 3.0.0-rc.10", + "rfc6979 0.5.0", + "signature 3.0.0", "spki 0.8.0", "zeroize", ] @@ -1465,7 +1463,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c6e914c7c52decb085cea910552e24c63ac019e3ab8bf001ff736da9a9d9d890" dependencies = [ "pkcs8 0.11.0-rc.11", - "signature 3.0.0-rc.10", + "signature 3.0.0", ] [[package]] @@ -1479,7 +1477,7 @@ dependencies = [ "rand_core 0.10.1", "serde", "sha2 0.11.0", - "signature 3.0.0-rc.10", + "signature 3.0.0", "subtle", "zeroize", ] @@ -1518,7 +1516,7 @@ dependencies = [ "base16ct 1.0.0", "crypto-bigint 0.7.3", "crypto-common 0.2.1", - "digest 0.11.2", + "digest 0.11.3", "hkdf", "hybrid-array", "once_cell", @@ -1813,9 +1811,9 @@ dependencies = [ [[package]] name = "generic-array" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e38154b42567e31b925d3859382888aa6f86e446d1f018c89ef337fc1726bcf2" +checksum = "dab9e9188e97a93276e1fe7b56401b851e2b45a46d045ca658100c1303ada649" dependencies = [ "generic-array 0.14.7", "rustversion", @@ -1899,9 +1897,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +checksum = "171fefbc92fe4a4de27e0698d6a5b392d6a0e333506bc49133760b3bcf948733" dependencies = [ "atomic-waker", "bytes", @@ -1949,9 +1947,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.17.0" +version = "0.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" +checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a" dependencies = [ "allocator-api2", "equivalent", @@ -1964,15 +1962,6 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - [[package]] name = "hermit-abi" version = "0.5.2" @@ -2015,7 +2004,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" dependencies = [ - "digest 0.11.2", + "digest 0.11.3", ] [[package]] @@ -2074,9 +2063,9 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" [[package]] name = "hybrid-array" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d46837a0ed51fe95bd3b05de33cd64a1ee88fc797477ca48446872504507c5" +checksum = "9155a582abd142abc056962c29e3ce5ff2ad5469f4246b537ed42c5deba857da" dependencies = [ "ctutils", "subtle", @@ -2273,9 +2262,9 @@ dependencies = [ [[package]] name = "idna_adapter" -version = "1.2.1" +version = "1.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714" dependencies = [ "icu_normalizer", "icu_properties", @@ -2288,7 +2277,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" dependencies = [ "equivalent", - "hashbrown 0.17.0", + "hashbrown 0.17.1", "serde", "serde_core", ] @@ -2384,7 +2373,7 @@ dependencies = [ "serde", "sha1 0.11.0", "sha2 0.11.0", - "signature 3.0.0-rc.10", + "signature 3.0.0", "ssh-cipher", "ssh-encoding", "subtle", @@ -2415,16 +2404,6 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf370abdafd54d13e54a620e8c3e1145f28e46cc9d704bc6d94414559df41763" -[[package]] -name = "iri-string" -version = "0.7.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25e659a4bb38e810ebc252e53b5814ff908a8c58c2a9ce2fae1bbec24cbf4e20" -dependencies = [ - "memchr", - "serde", -] - [[package]] name = "is_terminal_polyfill" version = "1.70.2" @@ -2467,9 +2446,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.95" +version = "0.3.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" +checksum = "67df7112613f8bfd9150013a0314e196f4800d3201ae742489d999db2f979f08" dependencies = [ "cfg-if", "futures-util", @@ -2607,7 +2586,7 @@ version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e0b564323a0fb6d54b864f625ae139de9612e27edb944dda37c109f05aac531" dependencies = [ - "hashbrown 0.17.0", + "hashbrown 0.17.1", ] [[package]] @@ -2686,9 +2665,9 @@ dependencies = [ [[package]] name = "ml-kem" -version = "0.3.0-rc.2" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04437cb1a66c0b78740927b76cc61f218344b9f6ef3dd430e283274a718ef0e9" +checksum = "68c77d5ff6d755d09a0ef4d4d28c2b7e83658fe83e8c736d55e93d43e380d1cd" dependencies = [ "hybrid-array", "kem", @@ -2750,9 +2729,9 @@ dependencies = [ [[package]] name = "module-lattice" -version = "0.2.1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "164eb3faeaecbd14b0b2a917c1b4d0c035097a9c559b0bed85c2cdd032bc8faa" +checksum = "0c61b87c9683ab7cb1c6871d261ad5479b6b10ceb52c4352aaca3b5d35a8febe" dependencies = [ "ctutils", "hybrid-array", @@ -2892,7 +2871,7 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" dependencies = [ - "hermit-abi 0.5.2", + "hermit-abi", "libc", ] @@ -3204,7 +3183,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "112d82ceb8c5bf524d9af484d4e4970c9fd5a0cc15ba14ad93dccd28873b0629" dependencies = [ - "digest 0.11.2", + "digest 0.11.3", "hmac 0.13.0", ] @@ -3329,18 +3308,18 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.11" +version = "1.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517" +checksum = "cbf0d9e68100b3a7989b4901972f265cd542e560a3a8a724e1e20322f4d06ce9" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.11" +version = "1.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6" +checksum = "a990e22f43e84855daf260dded30524ef4a9021cc7541c26540500a50b624389" dependencies = [ "proc-macro2", "quote", @@ -3912,9 +3891,9 @@ dependencies = [ [[package]] name = "rfc6979" -version = "0.5.0-rc.5" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23a3127ee32baec36af75b4107082d9bd823501ec14a4e016be4b6b37faa74ae" +checksum = "5236ce872cac07e0fb3969b0cbf468c7d2f37d432f1b627dcb7b8d34563fb0c3" dependencies = [ "hmac 0.13.0", "subtle", @@ -3936,13 +3915,13 @@ dependencies = [ [[package]] name = "rpassword" -version = "7.4.0" +version = "7.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66d4c8b64f049c6721ec8ccec37ddfc3d641c4a7fca57e8f2a89de509c73df39" +checksum = "5ac5b223d9738ef56e0b98305410be40fa0941bf6036c56f1506751e43552d64" dependencies = [ "libc", "rtoolbox", - "windows-sys 0.59.0", + "windows-sys 0.61.2", ] [[package]] @@ -3975,12 +3954,12 @@ dependencies = [ "const-oid 0.10.2", "crypto-bigint 0.7.3", "crypto-primes", - "digest 0.11.2", + "digest 0.11.3", "pkcs1 0.8.0-rc.4", "pkcs8 0.11.0-rc.11", "rand_core 0.10.1", "sha2 0.11.0", - "signature 3.0.0-rc.10", + "signature 3.0.0", "spki 0.8.0", "zeroize", ] @@ -4064,9 +4043,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.39" +version = "0.23.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e" +checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b" dependencies = [ "aws-lc-rs", "log", @@ -4357,9 +4336,9 @@ dependencies = [ [[package]] name = "serdect" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9af4a3e75ebd5599b30d4de5768e00b5095d518a79fefc3ecbaf77e665d1ec06" +checksum = "66cf8fedced2fcf12406bcb34223dffb92eaf34908ede12fed414c82b7f00b3e" dependencies = [ "base16ct 1.0.0", "serde", @@ -4410,7 +4389,7 @@ checksum = "aacc4cc499359472b4abe1bf11d0b12e688af9a805fa5e3016f9a386dc2d0214" dependencies = [ "cfg-if", "cpufeatures 0.3.0", - "digest 0.11.2", + "digest 0.11.3", ] [[package]] @@ -4432,7 +4411,7 @@ checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" dependencies = [ "cfg-if", "cpufeatures 0.3.0", - "digest 0.11.2", + "digest 0.11.3", ] [[package]] @@ -4441,7 +4420,7 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be176f1a57ce4e3d31c1a166222d9768de5954f811601fb7ca06fc8203905ce1" dependencies = [ - "digest 0.11.2", + "digest 0.11.3", "keccak", ] @@ -4519,11 +4498,11 @@ dependencies = [ [[package]] name = "signature" -version = "3.0.0-rc.10" +version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f1880df446116126965eeec169136b2e0251dba37c6223bcc819569550edea3" +checksum = "28d567dcbaf0049cb8ac2608a76cd95ff9e4412e1899d389ee400918ca7537f5" dependencies = [ - "digest 0.11.2", + "digest 0.11.3", "rand_core 0.10.1", ] @@ -4541,9 +4520,9 @@ checksum = "bbbb5d9659141646ae647b42fe094daf6c6192d1620870b449d9557f748b2daa" [[package]] name = "siphasher" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2aa850e253778c88a04c3d7323b043aeda9d3e30d5971937c1855769763678e" +checksum = "8ee5873ec9cce0195efcb7a4e9507a04cd49aec9c83d0389df45b1ef7ba2e649" [[package]] name = "slab" @@ -4922,9 +4901,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.52.1" +version = "1.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" dependencies = [ "bytes", "libc", @@ -4995,9 +4974,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.14.5" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fec7c61a0695dc1887c1b53952990f3ad2e3a31453e1f49f10e75424943a93ec" +checksum = "ac2a5518c70fa84342385732db33fb3f44bc4cc748936eb5833d2df34d6445ef" dependencies = [ "async-trait", "base64", @@ -5021,9 +5000,9 @@ dependencies = [ [[package]] name = "tonic-prost" -version = "0.14.5" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a55376a0bbaa4975a3f10d009ad763d8f4108f067c7c2e74f3001fb49778d309" +checksum = "50849f68853be452acf590cde0b146665b8d507b3b8af17261df47e02c209ea0" dependencies = [ "bytes", "prost", @@ -5051,20 +5030,20 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.6.8" +version = "0.6.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +checksum = "68d6fdd9f81c2819c9a8b0e0cd91660e7746a8e6ea2ba7c6b2b057985f6bcb51" dependencies = [ "bitflags 2.11.1", "bytes", "futures-util", "http", "http-body", - "iri-string", "pin-project-lite", "tower", "tower-layer", "tower-service", + "url", ] [[package]] @@ -5357,9 +5336,9 @@ dependencies = [ [[package]] name = "wasm-bindgen" -version = "0.2.118" +version = "0.2.121" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" +checksum = "49ace1d07c165b0864824eee619580c4689389afa9dc9ed3a4c75040d82e6790" dependencies = [ "cfg-if", "once_cell", @@ -5370,9 +5349,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.68" +version = "0.4.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f371d383f2fb139252e0bfac3b81b265689bf45b6874af544ffa4c975ac1ebf8" +checksum = "96492d0d3ffba25305a7dc88720d250b1401d7edca02cc3bcd50633b424673b8" dependencies = [ "js-sys", "wasm-bindgen", @@ -5380,9 +5359,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.118" +version = "0.2.121" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" +checksum = "8e68e6f4afd367a562002c05637acb8578ff2dea1943df76afb9e83d177c8578" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5390,9 +5369,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.118" +version = "0.2.121" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" +checksum = "d95a9ec35c64b2a7cb35d3fead40c4238d0940c86d107136999567a4703259f2" dependencies = [ "bumpalo", "proc-macro2", @@ -5403,9 +5382,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.118" +version = "0.2.121" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" +checksum = "c4e0100b01e9f0d03189a92b96772a1fb998639d981193d7dbab487302513441" dependencies = [ "unicode-ident", ] @@ -5446,9 +5425,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.95" +version = "0.3.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f2dfbb17949fa2088e5d39408c48368947b86f7834484e87b73de55bc14d97d" +checksum = "4b572dff8bcf38bad0fa19729c89bb5748b2b9b1d8be70cf90df697e3a8f32aa" dependencies = [ "js-sys", "wasm-bindgen", @@ -5538,9 +5517,9 @@ dependencies = [ [[package]] name = "whoami" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6a5b12f9df4f978d2cfdb1bd3bac52433f44393342d7ee9c25f5a1c14c0f45d" +checksum = "998767ef88740d1f5b0682a9c53c24431453923962269c2db68ee43788c5a40d" dependencies = [ "libc", "libredox", diff --git a/Cargo.toml b/Cargo.toml index 3d277d95..51162665 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,7 +56,6 @@ lazy_static = "1.5" ctrlc = "3.5.2" signal-hook = "0.4.4" nix = { version = "0.31", features = ["fs", "poll", "process", "signal", "term"] } -atty = "0.2.14" arrayvec = "0.7.6" smallvec = "1.15.1" lru = "0.17.0" diff --git a/src/commands/interactive/connection.rs b/src/commands/interactive/connection.rs index 70312d80..61fd1064 100644 --- a/src/commands/interactive/connection.rs +++ b/src/commands/interactive/connection.rs @@ -18,7 +18,7 @@ use anyhow::{Context, Result}; use crossterm::terminal; use russh::Channel; use russh::client::Msg; -use std::io::{self, Write}; +use std::io::{self, IsTerminal, Write}; use tokio::time::{Duration, timeout}; use zeroize::Zeroizing; @@ -82,7 +82,7 @@ impl InteractiveCommand { let result = match result { Err(ref err) if allow_password_fallback - && atty::is(atty::Stream::Stdin) + && io::stdin().is_terminal() && is_auth_error_for_password_fallback(err) => { tracing::debug!( diff --git a/src/pty/mod.rs b/src/pty/mod.rs index 0561d525..e962befa 100644 --- a/src/pty/mod.rs +++ b/src/pty/mod.rs @@ -22,6 +22,7 @@ use anyhow::{Context, Result}; use russh::{Channel, client::Msg}; use signal_hook::{consts::SIGWINCH, iterator::Signals}; use smallvec::SmallVec; +use std::io::IsTerminal; use terminal_size::{Height, Width, terminal_size}; use tokio::sync::{mpsc, watch}; use tokio::time::Duration; @@ -288,7 +289,7 @@ pub mod utils { } // Auto-detect if we're in an interactive terminal - Ok(atty::is(atty::Stream::Stdin) && atty::is(atty::Stream::Stdout)) + Ok(std::io::stdin().is_terminal() && std::io::stdout().is_terminal()) } /// Get current terminal size @@ -310,7 +311,7 @@ pub mod utils { /// Check if the current process has controlling terminal pub fn has_controlling_terminal() -> bool { - atty::is(atty::Stream::Stdin) && atty::is(atty::Stream::Stdout) + std::io::stdin().is_terminal() && std::io::stdout().is_terminal() } } diff --git a/src/ssh/auth.rs b/src/ssh/auth.rs index 16f23c9c..467a9ff5 100644 --- a/src/ssh/auth.rs +++ b/src/ssh/auth.rs @@ -25,6 +25,7 @@ //! - Error messages do not leak sensitive information use anyhow::{Context, Result}; +use std::io::IsTerminal; use std::path::{Path, PathBuf}; use std::time::Duration; use tokio::time::timeout; @@ -286,7 +287,7 @@ impl AuthContext { Err(_) => { // Priority 6: Fallback to password authentication // Check if we're in an interactive terminal - if atty::is(atty::Stream::Stdin) { + if std::io::stdin().is_terminal() { // If allow_password_fallback is set (interactive mode), skip consent prompt // Otherwise, ask for explicit user consent for security let should_attempt_password = if self.allow_password_fallback { diff --git a/src/utils/logging.rs b/src/utils/logging.rs index 51bc42eb..e7371862 100644 --- a/src/utils/logging.rs +++ b/src/utils/logging.rs @@ -15,6 +15,7 @@ use crate::ui::tui::log_buffer::LogBuffer; use crate::ui::tui::log_layer::TuiLogLayer; use once_cell::sync::OnceCell; +use std::io::IsTerminal; use std::sync::{Arc, Mutex}; use tracing_subscriber::{EnvFilter, prelude::*}; @@ -46,7 +47,7 @@ pub fn create_env_filter(verbosity: u8) -> EnvFilter { /// - CI environment variable is not set fn is_tui_likely() -> bool { // Check if stdout is a TTY - let is_tty = atty::is(atty::Stream::Stdout); + let is_tty = std::io::stdout().is_terminal(); // Check if we're in a CI environment let in_ci = std::env::var("CI").is_ok();