[BUG] GitHub dependabot warnings from cursive-core dependencies

[mhvelplund]

Describe the bug
cursive-core uses a crate, owning_ref, with known issues which causes GitHub dependabot to show an alert in projects that use cursive-0.20.0.

To Reproduce
I created a project and added Cursive as a dependency:

cursive={ version="0.20.0", default-features=false, features=[
    "crossterm-backend",
] }

Expected behavior
No warnings.

Screenshots

Environment

• Operating system used: Windows 11
• Backend used: crossterm ...
• Current locale (run locale in a terminal): en_US.UTF-8
• Cursive version (from crates.io, from git, ...): 0.20.0

[gyscos]

Thanks for the report.

This looks related to #678 . We're not directly affected by the vulnerability, but I agree it would be nice to eventually move to something that's not causing this warning.

[gyscos]

owning_ref is no longer a dependency.