Atlas depends on a version of libthrift that's vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2020-13949 .

This dependency, however, is not exposed as a transitive dependency to downstream consumers. Instead, the version is being exposed is 0.9.2. While 0.9.2 is not affected, it will need to be upgraded eventually.

In the interest of future-proofing, it's worth looking at upgrading to 0.14.0 across the board.