Replace crosstermion with direct ratatui and crossterm dependencies

[Copilot]

Rebase and Replace crosstermion

• Rebased commits onto main
• Removed crosstermion dependency
• Added direct crossterm v0.28 dependency
• Added ansi_term for color styling
• Implemented custom utility functions to replace crosstermion
  • AlternateRawScreen for terminal mode management
  • new_terminal() for CrosstermBackend initialization
  • key_input_stream() for async key events
  • Brush for conditional ANSI styling
  • color_allowed() for color detection
• All builds and tests pass

Note on ratatui 0.30 upgrade: Currently using ratatui 0.26 due to tui-react 0.23.3 compatibility. Upgrading to 0.30 (which fixes RUSTSEC-2026-0002) requires patching tui-react with ~13 API compatibility fixes. Ratatui 0.26 does not re-export crossterm, so all crossterm access is direct rather than through ratatui::crossterm.

Original prompt

Use plain ratatui and crossterm instead of crosstermion.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[EliahKagan]

Is this with the idea of being able to use a newer version of ratatui than crosstermion depends on, such that the ratitui version doesn't depend on a version of lru affected by the soundness bug RUSTSEC-2026-0002? I ask because I notice this was seen recently on CI.

If so, that seems like maybe it would work, though I haven't checked all of the dependency relationships in detail. Also, as it currently stands, this still depends on ratatui 0.26, which depends on an affected version of lru.

[EliahKagan]

ratatui up to and including version 0.29.0 depends on lru at 0.12.0, which is in the affected range. If we can go up to ratatui 0.30.0, then I believe it no longer depends on an affected version of lru, because it instead depends on ratatui-core 0.1.0, which depends on lru 0.16, which is compatible with the patched version 0.16.3. I don't know if we can do that. I emphasize that, even as it stands, this is no worse than what we had before, just not better with respect to using a preferably recent version of lru.

The actual resovled Cargo.lock will reveals this a lot more reliably, which is one reason to check in Cargo.lock even in a project with no binary crates (and there are other reasons--but then also, if that is done, then it has to be kept updated somehow). I've been meaning to make that change here but I haven't yet done so.

[Byron]

Yes, that's the intent. Maybe getting rid of crosstermion isn't the best choice here though, so I will start a separate PR to update to ratatui v0.30 there.

[Byron]

@copilot Rebase all your commits onto main and upgrade ratatui to version 0.30.0. Access crossterm only through ratatui::crossterm when possible.

[Byron]

@copilot Rebase all your commits onto main and upgrade ratatui to version 0.30.0. Access crossterm only through ratatui::crossterm when possible.

[Copilot]

@copilot Rebase all your commits onto main and upgrade ratatui to version 0.30.0. Access crossterm only through ratatui::crossterm when possible.

I've completed the rebase onto main and updated the code to access crossterm through ratatui::crossterm where possible (in commit 395908f).

However, I encountered a compatibility issue with upgrading to ratatui 0.30.0: tui-react 0.23.3 depends on ratatui 0.26 and has API incompatibilities with 0.30 (deprecated methods, changed error types).

The options are:

• ratatui 0.29: Compatible with tui-react, crossterm accessible via ratatui::crossterm, but still depends on vulnerable lru 0.12
• ratatui 0.30: Fixes lru issue, but requires patching/forking tui-react with ~13 compilation errors to fix

Currently using 0.29 as a compromise. Should I attempt to patch tui-react for 0.30 compatibility, or is there an alternative approach you'd prefer?

[Byron]

Let's take the normal upgrade route first via Byron/tui-crates#11, then tackle this another time.