Update dependencies (#1181)

This commit is contained in:
Conrad Ludgate 2023-08-18 21:45:29 +01:00 committed by GitHub
parent 69a772d1ca
commit aa8e5f5c04
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 1091 additions and 666 deletions

1615
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -32,12 +32,15 @@ interim = { version = "0.1.0", features = ["chrono"] }
itertools = "0.10.5" itertools = "0.10.5"
rand = { version = "0.8.5", features = ["std"] } rand = { version = "0.8.5", features = ["std"] }
semver = "1.0.14" semver = "1.0.14"
serde = { version = "1.0.145", features = ["derive"] } # https://github.com/serde-rs/serde/issues/2538
# I don't trust dtolnay with our user's builds. especially as we
# have things like encryption keys
serde = { version = "1.0.145, <=1.0.171", features = ["derive"] }
serde_json = "1.0.99" serde_json = "1.0.99"
tokio = { version = "1", features = ["full"] } tokio = { version = "1", features = ["full"] }
uuid = { version = "1.3", features = ["v4", "serde"] } uuid = { version = "1.3", features = ["v4", "serde"] }
whoami = "1.1.2" whoami = "1.1.2"
typed-builder = "0.14.0" typed-builder = "0.15.0"
pretty_assertions = "1.3.0" pretty_assertions = "1.3.0"
[workspace.dependencies.reqwest] [workspace.dependencies.reqwest]
@ -46,5 +49,5 @@ features = ["json", "rustls-tls-native-roots"]
default-features = false default-features = false
[workspace.dependencies.sqlx] [workspace.dependencies.sqlx]
version = "0.6" version = "0.7.1"
features = ["runtime-tokio-rustls", "chrono", "postgres", "uuid"] features = ["runtime-tokio-rustls", "chrono", "postgres", "uuid"]

View file

@ -44,11 +44,11 @@ sql-builder = "3"
lazy_static = "1" lazy_static = "1"
memchr = "2.5" memchr = "2.5"
rmp = { version = "0.8.11" } rmp = { version = "0.8.11" }
typed-builder = "0.14.0" typed-builder = { workspace = true }
tokio = { workspace = true } tokio = { workspace = true }
semver = { workspace = true } semver = { workspace = true }
futures = "0.3" futures = "0.3"
xsalsa20poly1305 = "0.9.0" crypto_secretbox = "0.1.1"
generic-array = { version = "0.14", features = ["serde"] } generic-array = { version = "0.14", features = ["serde"] }
# encryption # encryption

View file

@ -166,7 +166,7 @@ impl Sqlite {
.bind(h.session.as_str()) .bind(h.session.as_str())
.bind(h.hostname.as_str()) .bind(h.hostname.as_str())
.bind(h.deleted_at.map(|t|t.timestamp_nanos())) .bind(h.deleted_at.map(|t|t.timestamp_nanos()))
.execute(tx) .execute(&mut **tx)
.await?; .await?;
Ok(()) Ok(())

View file

@ -12,15 +12,15 @@ use std::{io::prelude::*, path::PathBuf};
use base64::prelude::{Engine, BASE64_STANDARD}; use base64::prelude::{Engine, BASE64_STANDARD};
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
pub use crypto_secretbox::Key;
use crypto_secretbox::{
aead::{Nonce, OsRng},
AeadCore, AeadInPlace, KeyInit, XSalsa20Poly1305,
};
use eyre::{bail, ensure, eyre, Context, Result}; use eyre::{bail, ensure, eyre, Context, Result};
use fs_err as fs; use fs_err as fs;
use rmp::{decode::Bytes, Marker}; use rmp::{decode::Bytes, Marker};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
pub use xsalsa20poly1305::Key;
use xsalsa20poly1305::{
aead::{Nonce, OsRng},
AeadInPlace, KeyInit, XSalsa20Poly1305,
};
use crate::{history::History, settings::Settings}; use crate::{history::History, settings::Settings};
@ -240,7 +240,7 @@ fn error_report<E: std::fmt::Debug>(err: E) -> eyre::Report {
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use xsalsa20poly1305::{aead::OsRng, KeyInit, XSalsa20Poly1305}; use crypto_secretbox::{aead::OsRng, KeyInit, XSalsa20Poly1305};
use crate::history::History; use crate::history::History;

View file

@ -218,8 +218,8 @@ impl KvStore {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crypto_secretbox::{KeyInit, XSalsa20Poly1305};
use rand::rngs::OsRng; use rand::rngs::OsRng;
use xsalsa20poly1305::{KeyInit, XSalsa20Poly1305};
use crate::record::sqlite_store::SqliteStore; use crate::record::sqlite_store::SqliteStore;

View file

@ -72,7 +72,7 @@ impl SqliteStore {
.bind(r.version.as_str()) .bind(r.version.as_str())
.bind(r.data.data.as_str()) .bind(r.data.data.as_str())
.bind(r.data.content_encryption_key.as_str()) .bind(r.data.content_encryption_key.as_str())
.execute(tx) .execute(&mut **tx)
.await?; .await?;
Ok(()) Ok(())

View file

@ -6,7 +6,7 @@ use chrono::prelude::*;
use eyre::Result; use eyre::Result;
use atuin_common::api::AddHistoryRequest; use atuin_common::api::AddHistoryRequest;
use xsalsa20poly1305::Key; use crypto_secretbox::Key;
use crate::{ use crate::{
api_client, api_client,

View file

@ -247,7 +247,7 @@ impl Database for Postgres {
.bind(hostname) .bind(hostname)
.bind(i.timestamp) .bind(i.timestamp)
.bind(data) .bind(data)
.execute(&mut tx) .execute(&mut *tx)
.await .await
.map_err(fix_error)?; .map_err(fix_error)?;
} }
@ -375,7 +375,7 @@ impl Database for Postgres {
.bind(&i.data.data) .bind(&i.data.data)
.bind(&i.data.content_encryption_key) .bind(&i.data.content_encryption_key)
.bind(user.id) .bind(user.id)
.execute(&mut tx) .execute(&mut *tx)
.await .await
.map_err(fix_error)?; .map_err(fix_error)?;
} }

105
deny.toml Normal file
View file

@ -0,0 +1,105 @@
# This template contains all of the possible sections and their default values
# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be
# The values provided in this template are the default values that will be used
# when any section or field is not specified in your own configuration
# Root options
targets = []
all-features = true
no-default-features = false
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
db-path = "~/.cargo/advisory-db"
db-urls = ["https://github.com/rustsec/advisory-db"]
vulnerability = "deny"
unmaintained = "warn"
yanked = "warn"
notice = "warn"
ignore = [
# time 0.1 - code path not taken
"RUSTSEC-2020-0071",
# potential to misuse ed25519-dalek 1.0
# used by rusty-paseto. not in a vulnerable way
# and we don't even use paseto public key crypto so we don't use this
"RUSTSEC-2022-0093",
# DoS with untrusted input. Only runs on the client so not a concern
"RUSTSEC-2021-0041",
]
# This section is considered when running `cargo deny check licenses`
# More documentation for the licenses section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
unlicensed = "deny"
allow = [
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"MIT",
"MPL-2.0",
"OpenSSL",
"Unicode-DFS-2016",
]
deny = []
copyleft = "warn"
allow-osi-fsf-free = "neither"
default = "deny"
confidence-threshold = 0.8
exceptions = []
# Some crates don't have (easily) machine readable licensing information,
# adding a clarification entry for it allows you to manually specify the
# licensing information
[[licenses.clarify]]
name = "ring"
version = "*"
expression = "MIT AND ISC AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
multiple-versions = "allow"
wildcards = "warn"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
allow = []
deny = []
skip = []
skip-tree = []
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "warn"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "warn"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = []
[sources.allow-org]
# 1 or more github.com organizations to allow git sources for
github = []
# 1 or more gitlab.com organizations to allow git sources for
gitlab = []
# 1 or more bitbucket.org organizations to allow git sources for
bitbucket = []