Update dependencies with reported vulnerabilities

bumpalo 3.12.1 (yanked) * updated to 3.13.0 tokio 1.8.4 - https://rustsec.org/advisories/RUSTSEC-2023-0001 * updated to 1.28.2 remove_dir_all 0.5.3 - https://rustsec.org/advisories/RUSTSEC-2023-0018 * removed by using the standard library function in `rust-installer` instead and updating to `tempfile@3.5.0` (which also removes the dependency).
2023-06-02 11:40:36 -05:00 · 2023-06-02 11:40:36 -05:00 · 4d9b476bb1
commit 4d9b476bb1
parent 0939ec13d8
5 changed files with 29 additions and 29 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -316,9 +316,9 @@ dependencies = [

 [[package]]
 name = "bumpalo"
-version = "3.12.1"
+version = "3.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"

 [[package]]
 name = "bytecount"
@ -1219,7 +1219,7 @@ checksum = "8a3de6e8d11b22ff9edc6d916f890800597d60f8b2da1caf2955c274638d6412"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
 "windows-sys 0.45.0",
 ]

@ -1761,7 +1761,6 @@ dependencies = [
 "flate2",
 "num_cpus",
 "rayon",
- "remove_dir_all",
 "tar",
 "walkdir",
 "xz2",
@ -2445,7 +2444,7 @@ dependencies = [
 "cfg-if",
 "instant",
 "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
 "smallvec",
 "winapi",
 ]
@ -2458,7 +2457,7 @@ checksum = "4dc9e0dc2adc1c69d09143aff38d3d30c5c3f0df0dad82e6d25547af174ebec0"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
 "smallvec",
 "windows-sys 0.42.0",
 ]
@ -2801,6 +2800,15 @@ dependencies = [
 "bitflags",
 ]

+[[package]]
+name = "redox_syscall"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "redox_users"
 version = "0.4.0"
@ -2808,7 +2816,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64"
 dependencies = [
 "getrandom",
- "redox_syscall",
+ "redox_syscall 0.2.10",
 ]

 [[package]]
@ -2860,15 +2868,6 @@ version = "0.1.0"
 name = "remote-test-server"
 version = "0.1.0"

-[[package]]
-name = "remove_dir_all"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "replace-version-placeholder"
 version = "0.1.0"
@ -4789,16 +4788,15 @@ dependencies = [

 [[package]]
 name = "tempfile"
-version = "3.3.0"
+version = "3.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
+checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
 dependencies = [
 "cfg-if",
 "fastrand",
- "libc",
- "redox_syscall",
- "remove_dir_all",
- "winapi",
+ "redox_syscall 0.3.5",
+ "rustix",
+ "windows-sys 0.45.0",
 ]

 [[package]]
@ -4984,14 +4982,14 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"

 [[package]]
 name = "tokio"
-version = "1.8.4"
+version = "1.28.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50dae83881bc9b0403dd5b44ea9deed3e939856cc8722d5be37f0d6e5c6d53dd"
+checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
 dependencies = [
 "autocfg",
 "bytes",
- "memchr",
 "pin-project-lite",
+ "windows-sys 0.48.0",
 ]

 [[package]]
--- a/compiler/rustc_data_structures/src/temp_dir.rs
+++ b/compiler/rustc_data_structures/src/temp_dir.rs
@ -16,7 +16,7 @@ fn drop(&mut self) {
        // occur.
        let dir = unsafe { ManuallyDrop::take(&mut self.dir) };
        if self.keep {
-            dir.into_path();
+            let _ = dir.into_path();
        }
    }
 }
--- a/src/tools/rust-installer/Cargo.toml
+++ b/src/tools/rust-installer/Cargo.toml
@ -17,7 +17,6 @@ tar = "0.4.38"
 walkdir = "2"
 xz2 = "0.1.4"
 num_cpus = "1"
-remove_dir_all = "0.5"

 [dependencies.clap]
 features = ["derive"]
--- a/src/tools/rust-installer/src/util.rs
+++ b/src/tools/rust-installer/src/util.rs
@ -82,7 +82,7 @@ pub fn open_file<P: AsRef<Path>>(path: P) -> Result<fs::File> {

 /// Wraps `remove_dir_all` with a nicer error message.
 pub fn remove_dir_all<P: AsRef<Path>>(path: P) -> Result<()> {
-    remove_dir_all::remove_dir_all(path.as_ref())
+    fs::remove_dir_all(path.as_ref())
        .with_context(|| format!("failed to remove dir '{}'", path.as_ref().display()))?;
    Ok(())
 }
--- a/src/tools/tidy/src/deps.rs
+++ b/src/tools/tidy/src/deps.rs
@ -168,12 +168,14 @@
    "instant",
    "intl-memoizer",
    "intl_pluralrules",
+    "io-lifetimes",
    "itertools",
    "itoa",
    "jobserver",
    "lazy_static",
    "libc",
    "libloading",
+    "linux-raw-sys",
    "litemap",
    "lock_api",
    "log",
@ -211,12 +213,12 @@
    "regex",
    "regex-automata",
    "regex-syntax",
-    "remove_dir_all",
    "rustc-demangle",
    "rustc-hash",
    "rustc-rayon",
    "rustc-rayon-core",
    "rustc_version",
+    "rustix",
    "ruzstd", // via object in thorin-dwp
    "ryu",
    "scoped-tls",
@ -280,6 +282,7 @@
    "winapi-util",
    "winapi-x86_64-pc-windows-gnu",
    "windows",
+    "windows-sys",
    "windows-targets",
    "windows_aarch64_gnullvm",
    "windows_aarch64_msvc",