vulnerability in sv1_api

[Fi3]

sv1_api import pretty_env_logger = "0.4.0" that import atty. This trigger the below warning:
https://github.com/demand-open-source/demand-cli/security/dependabot/1

[plebhash]

@Fi3 the link above resolves to a 404

[rrybarczyk]

@Fi3 can you add more context here?

We will likely need to replace the pretty_env_logger dependency and standardize on the tracing.

[Fi3]

On windows, atty dereferences a potentially unaligned pointer.

In practice however, the pointer won't be unaligned unless a custom global allocator is used.

In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.
atty is Unmaintained

A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.

Last release of atty was almost 3 years ago.
Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

[std::io::IsTerminal](https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - Stable since Rust 1.70.0
[is-terminal](https://crates.io/crates/is-terminal) - Standalone crate supporting Rust older than 1.70.0"

[plebhash]

should we just remove pretty_env_logger as a dependency so we don't need to worry about this?

tracing seems to have everything we need, and pretty_env_logger is only used inside sv1_api crate