RUSTSEC-2021-0139: ansi_term is Unmaintained

[github-actions]

ansi_term is Unmaintained

Details
Status	unmaintained
Package	ansi_term
Version	0.12.1
URL	ogham/rust-ansi-term#72
Date	2021-08-18

The maintainer has adviced this crate is deprecated and will not
receive any maintenance.

The crate does not seem to have much dependencies and may or may not be ok to use as-is.

Last release seems to have been three years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

• anstyle
• nu-ansi-term
• yansi

See advisory page for additional details.

[cycraig]

I believe this is because of the dataurl dependency in identity_did unconditionally pulling in clap (they use it for their CLI functionality, which we do not need), which depends on ansi_term.

cargo tree -i ansi_term

ansi_term v0.12.1
└── clap v2.34.0
    ├── criterion v0.3.6
    │   [dev-dependencies]
    │   ├── identity_agent v0.6.0 
    │   └── identity_iota v0.6.0
    │       └── examples v0.6.0
    └── dataurl v0.1.2
        └── identity_did v0.6.0

Options:

1. Upstream a PR feature-gating the CLI functionality and clap dependency (or separating them into a different crate) to https://github.com/Y2Z/dataurl
2. Switch to the data-url crate, which is more popular but is mostly concerned with parsing strings, so it lacks some functionality we use for constructing URLs.
3. Reimplement data URL construction and parsing ourselves.

It would be good to remove clap from our dependency tree for Wasm either way.

[PhilippGackstatter]

Option 1 would be my preference. Others might be in a similar situation as we are.