From 4d9b476bb1f63fa25ca9bb7f85b536352c744570 Mon Sep 17 00:00:00 2001 From: Arlo Siemsen Date: Fri, 2 Jun 2023 11:40:36 -0500 Subject: [PATCH] Update dependencies with reported vulnerabilities bumpalo 3.12.1 (yanked) * updated to 3.13.0 tokio 1.8.4 - https://rustsec.org/advisories/RUSTSEC-2023-0001 * updated to 1.28.2 remove_dir_all 0.5.3 - https://rustsec.org/advisories/RUSTSEC-2023-0018 * removed by using the standard library function in `rust-installer` instead and updating to `tempfile@3.5.0` (which also removes the dependency). --- Cargo.lock | 48 +++++++++---------- .../rustc_data_structures/src/temp_dir.rs | 2 +- src/tools/rust-installer/Cargo.toml | 1 - src/tools/rust-installer/src/util.rs | 2 +- src/tools/tidy/src/deps.rs | 5 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 00bfbadece3..be622bbb935 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -316,9 +316,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.12.1" +version = "3.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8" +checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" [[package]] name = "bytecount" @@ -1219,7 +1219,7 @@ checksum = "8a3de6e8d11b22ff9edc6d916f890800597d60f8b2da1caf2955c274638d6412" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.2.10", "windows-sys 0.45.0", ] @@ -1761,7 +1761,6 @@ dependencies = [ "flate2", "num_cpus", "rayon", - "remove_dir_all", "tar", "walkdir", "xz2", @@ -2445,7 +2444,7 @@ dependencies = [ "cfg-if", "instant", "libc", - "redox_syscall", + "redox_syscall 0.2.10", "smallvec", "winapi", ] @@ -2458,7 +2457,7 @@ checksum = "4dc9e0dc2adc1c69d09143aff38d3d30c5c3f0df0dad82e6d25547af174ebec0" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.2.10", "smallvec", "windows-sys 0.42.0", ] @@ -2801,6 +2800,15 @@ dependencies = [ "bitflags", ] +[[package]] +name = "redox_syscall" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +dependencies = [ + "bitflags", +] + [[package]] name = "redox_users" version = "0.4.0" @@ -2808,7 +2816,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64" dependencies = [ "getrandom", - "redox_syscall", + "redox_syscall 0.2.10", ] [[package]] @@ -2860,15 +2868,6 @@ version = "0.1.0" name = "remote-test-server" version = "0.1.0" -[[package]] -name = "remove_dir_all" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" -dependencies = [ - "winapi", -] - [[package]] name = "replace-version-placeholder" version = "0.1.0" @@ -4789,16 +4788,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.3.0" +version = "3.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" +checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998" dependencies = [ "cfg-if", "fastrand", - "libc", - "redox_syscall", - "remove_dir_all", - "winapi", + "redox_syscall 0.3.5", + "rustix", + "windows-sys 0.45.0", ] [[package]] @@ -4984,14 +4982,14 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.8.4" +version = "1.28.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50dae83881bc9b0403dd5b44ea9deed3e939856cc8722d5be37f0d6e5c6d53dd" +checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2" dependencies = [ "autocfg", "bytes", - "memchr", "pin-project-lite", + "windows-sys 0.48.0", ] [[package]] diff --git a/compiler/rustc_data_structures/src/temp_dir.rs b/compiler/rustc_data_structures/src/temp_dir.rs index a780d2386a6..621d3011a2a 100644 --- a/compiler/rustc_data_structures/src/temp_dir.rs +++ b/compiler/rustc_data_structures/src/temp_dir.rs @@ -16,7 +16,7 @@ impl Drop for MaybeTempDir { // occur. let dir = unsafe { ManuallyDrop::take(&mut self.dir) }; if self.keep { - dir.into_path(); + let _ = dir.into_path(); } } } diff --git a/src/tools/rust-installer/Cargo.toml b/src/tools/rust-installer/Cargo.toml index 97734f048ab..85e979f07bf 100644 --- a/src/tools/rust-installer/Cargo.toml +++ b/src/tools/rust-installer/Cargo.toml @@ -17,7 +17,6 @@ tar = "0.4.38" walkdir = "2" xz2 = "0.1.4" num_cpus = "1" -remove_dir_all = "0.5" [dependencies.clap] features = ["derive"] diff --git a/src/tools/rust-installer/src/util.rs b/src/tools/rust-installer/src/util.rs index 674617c657c..6cac314b68d 100644 --- a/src/tools/rust-installer/src/util.rs +++ b/src/tools/rust-installer/src/util.rs @@ -82,7 +82,7 @@ pub fn open_file>(path: P) -> Result { /// Wraps `remove_dir_all` with a nicer error message. pub fn remove_dir_all>(path: P) -> Result<()> { - remove_dir_all::remove_dir_all(path.as_ref()) + fs::remove_dir_all(path.as_ref()) .with_context(|| format!("failed to remove dir '{}'", path.as_ref().display()))?; Ok(()) } diff --git a/src/tools/tidy/src/deps.rs b/src/tools/tidy/src/deps.rs index db2b7910b71..3dbf2884ed1 100644 --- a/src/tools/tidy/src/deps.rs +++ b/src/tools/tidy/src/deps.rs @@ -168,12 +168,14 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[ "instant", "intl-memoizer", "intl_pluralrules", + "io-lifetimes", "itertools", "itoa", "jobserver", "lazy_static", "libc", "libloading", + "linux-raw-sys", "litemap", "lock_api", "log", @@ -211,12 +213,12 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[ "regex", "regex-automata", "regex-syntax", - "remove_dir_all", "rustc-demangle", "rustc-hash", "rustc-rayon", "rustc-rayon-core", "rustc_version", + "rustix", "ruzstd", // via object in thorin-dwp "ryu", "scoped-tls", @@ -280,6 +282,7 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[ "winapi-util", "winapi-x86_64-pc-windows-gnu", "windows", + "windows-sys", "windows-targets", "windows_aarch64_gnullvm", "windows_aarch64_msvc",