From f761c1607157d35389e917134386c0c49a3bb6f9 Mon Sep 17 00:00:00 2001
From: "Sergey \"Shnatsel\" Davidoff" <shnatsel@gmail.com>
Date: Fri, 4 Nov 2022 21:30:13 +0100
Subject: [PATCH] Drop `bpaf` color - it pulls in `atty` which is unsound and
 appears to be umaintained: https://github.com/softprops/atty/issues/50

---
 CHANGELOG.md |  4 ++++
 Cargo.lock   | 48 +-----------------------------------------------
 Cargo.toml   |  4 ++--
 README.md    |  8 --------
 4 files changed, 7 insertions(+), 57 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd792be..cf2ac59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## v0.3.2 (2022-11-04)
+
+ - Upgrade to `bpaf` 0.7
+
 ## v0.3.1 (2021-03-18)
 
  - Fix `--features` flag not being honored if `--target` is also passed
diff --git a/Cargo.lock b/Cargo.lock
index 838e479..928edcf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -14,17 +14,6 @@ version = "1.0.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bb07d2053ccdbe10e2af2995a2f116c1330396493dc1269f6a91d0ae82e19704"
 
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi",
- "libc",
- "winapi",
-]
-
 [[package]]
 name = "base64"
 version = "0.13.0"
@@ -44,7 +33,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e00fda84cbedef551de0c8c1e248b048cb82c377d95cb7cd9a78664cc935233d"
 dependencies = [
  "bpaf_derive",
- "owo-colors",
 ]
 
 [[package]]
@@ -96,7 +84,7 @@ dependencies = [
 
 [[package]]
 name = "cargo-supply-chain"
-version = "0.3.1"
+version = "0.3.2"
 dependencies = [
  "anyhow",
  "bpaf",
@@ -282,15 +270,6 @@ dependencies = [
  "wasi",
 ]
 
-[[package]]
-name = "hermit-abi"
-version = "0.1.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "humantime"
 version = "2.1.0"
@@ -329,12 +308,6 @@ dependencies = [
  "unicode-width",
 ]
 
-[[package]]
-name = "is_ci"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "616cde7c720bb2bb5824a224687d8f77bfd38922027f01d825cd7453be5099fb"
-
 [[package]]
 name = "itoa"
 version = "0.4.8"
@@ -416,15 +389,6 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
-[[package]]
-name = "owo-colors"
-version = "3.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f"
-dependencies = [
- "supports-color",
-]
-
 [[package]]
 name = "percent-encoding"
 version = "2.1.0"
@@ -653,16 +617,6 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
-[[package]]
-name = "supports-color"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4872ced36b91d47bae8a214a683fe54e7078875b399dfa251df346c9b547d1f9"
-dependencies = [
- "atty",
- "is_ci",
-]
-
 [[package]]
 name = "syn"
 version = "1.0.98"
diff --git a/Cargo.toml b/Cargo.toml
index 2c1c63c..e2e8661 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cargo-supply-chain"
-version = "0.3.1"
+version = "0.3.2"
 description = "Gather author, contributor, publisher data on crates in your dependency graph"
 repository = "https://github.com/rust-secure-code/cargo-supply-chain"
 authors = ["Andreas Molzer <andreas.molzer@gmx.de>", "Sergey \"Shnatsel\" Davidoff <shnatsel@gmail.com>"]
@@ -20,7 +20,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 tar = "0.4.30"
 indicatif = "0.17.0"
-bpaf = { version = "0.7.0", features = ["derive", "bright-color"] }
+bpaf = { version = "0.7.0", features = ["derive"] }
 anyhow = "1.0.28"
 
 [dev-dependencies]
diff --git a/README.md b/README.md
index d6ebb18..c900f18 100644
--- a/README.md
+++ b/README.md
@@ -50,14 +50,6 @@ Most commands also accept flags controlling the features, targets, etc.
 See 'cargo supply-chain <command> --help' for more information on a specific command.
 ```
 
-## Colorful line parser output
-
-You can install `cargo-supply-chain` with one of two features to get prettier command line
-```console
-cargo install cargo-supply-chain -F bright-color
-cargo install cargo-supply-chain -F dull-color
-```
-
 ## License
 
 Triple licensed under any of Apache-2.0, MIT, or zlib terms.