Upstreams: fix insecure packages, or change upstream providers

[Elizafox]

I've filed upstream issues about most of these.

Nothing here seems to affect us, but it would be good to get these fixed.

• [Chore] Update pretty-env-logger to 0.5 aembke/fred.rs#156 (not my issue)

Crate:     atty
Version:   0.2.14
Warning:   unsound
Title:     Potential unaligned read
Date:      2021-07-04
ID:        RUSTSEC-2021-0145
URL:       https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
└── env_logger 0.7.1
    └── pretty_env_logger 0.4.0
        └── fred 6.3.0
            └── async-fred-session 0.1.5
                └── shadyurl-rust 0.1.0

Crate:     borsh
Version:   0.10.3
Warning:   unsound
Title:     Parsing borsh messages with ZST which are not-copy/clone is unsound
Date:      2023-04-12
ID:        RUSTSEC-2023-0033
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0033
Dependency tree:
borsh 0.10.3
└── rust_decimal 1.31.0
    ├── sqlx-postgres 0.7.1
    │   ├── sqlx-macros-core 0.7.1
    │   │   └── sqlx-macros 0.7.1
    │   │       └── sqlx 0.7.1
    │   │           ├── sea-query-binder 0.5.0
    │   │           │   └── sea-orm 0.12.1
    │   │           │       ├── shadyurl-rust 0.1.0
    │   │           │       ├── sea-orm-migration 0.12.1
    │   │           │       │   └── migration 0.1.0
    │   │           │       │       └── shadyurl-rust 0.1.0
    │   │           │       └── entity 0.1.0
    │   │           │           └── shadyurl-rust 0.1.0
    │   │           └── sea-orm 0.12.1
    │   └── sqlx 0.7.1
    ├── sqlx-mysql 0.7.1
    │   ├── sqlx-macros-core 0.7.1
    │   └── sqlx 0.7.1
    ├── sqlx-core 0.7.1
    │   ├── sqlx-sqlite 0.7.1
    │   │   ├── sqlx-macros-core 0.7.1
    │   │   └── sqlx 0.7.1
    │   ├── sqlx-postgres 0.7.1
    │   ├── sqlx-mysql 0.7.1
    │   ├── sqlx-macros-core 0.7.1
    │   ├── sqlx-macros 0.7.1
    │   └── sqlx 0.7.1
    ├── sea-query-binder 0.5.0
    ├── sea-query 0.30.0
    │   ├── shadyurl-rust 0.1.0
    │   ├── sea-schema 0.14.0
    │   │   ├── sea-orm-migration 0.12.1
    │   │   └── sea-orm-cli 0.12.1
    │   │       └── sea-orm-migration 0.12.1
    │   ├── sea-query-binder 0.5.0
    │   └── sea-orm 0.12.1
    └── sea-orm 0.12.1

warning: 2 allowed warnings found

Reasoning about each issue:

• fred: it doesn't seem that dependency is actually used anywhere in the code, it's just a dev-dep erroneously made a regular dep; even if it did, also not our problem because we don't run on Windows
• borsh: no fix yet, but we don't parse borsh directly and we don't use ZST's anywhere; see chore: release near/borsh-rs#146

[Elizafox]

tower_governor is axed, I'm doing that at another level, so I axed that.

[benwis]

Ok, thanks for reporting this!

[Elizafox]

borsh no longer gives us warnings. We only have the atty warning now, and it's not relevant to us. Closing.