resolve cargo audit CVEs, unmaintained deps, cmake build, and clippy warnings#2598
Open
Sachin-Bhat wants to merge 10 commits intohyperium:masterfrom
Open
resolve cargo audit CVEs, unmaintained deps, cmake build, and clippy warnings#2598Sachin-Bhat wants to merge 10 commits intohyperium:masterfrom
Sachin-Bhat wants to merge 10 commits intohyperium:masterfrom
Conversation
…er errors Bump abseil from 20240722.0 to 20260107.0 to match what protobuf 34.0 uses internally, resolving undefined symbol errors for Printer::Emit and related absl::lts_20260107 symbols. Also add missing absl::status, absl::statusor, absl::log* link targets. Prepend the cmake-built bin dir to PATH in interop/build.rs so the built protoc (34.0) takes priority over any system protoc (e.g 34.1). Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Bump rustls-webpki from 0.102 to 0.103 to fix RUSTSEC-2026-0099, RUSTSEC-2026-0098, and RUSTSEC-2026-0049. Remove rustls-pemfile (RUSTSEC-2025-0134, archived) and migrate to the PemObject trait from rustls-pki-types 1.9+: parse_certs: CertificateDer::pem_slice_iter parse_key: PrivateKeyDer::from_pem_slice / from_pem_reader Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
- NameServerConfigGroup::from_ips_clear -> NameServerConfig + ConnectionConfig - TokioConnectionProvider -> TokioRuntimeProvider (hickory_resolver::net::runtime) - TxtLookup::iter -> Lookup::answers().iter() with RData::TXT pattern match - build() now returns Result, propagate with ? - InMemoryAuthority -> InMemoryZoneHandler + AxfrPolicy::Deny - ServerFuture -> Server, authority:: -> zone_handler:: Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Replace unmaintained backoff 0.4 with backon 1.6. backon exposes ExponentialBackoff as an Iterator<Item = Duration>, so next_backoff() becomes next(). Manual Clone impl resets per-request backoff state, matching the previous behavior. Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Replace unmaintained paste 1.0 with pastey 0.2. The paste! macro invocation syntax is identical. Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
rand 0.10 moved random_range to the RngExt trait; update all call sites. Replace criterion::black_box (deprecated) with std::hint::black_box. Replace x % 2 == 0 with x.is_multiple_of(2) per clippy. Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Collapse nested if-let chains into && let guards (collapsible_if,
collapsible_match). Replace assert!(CONST) with const { assert!(..) }.
Remove useless .into() on Vec<u8>.
Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
…ion test connect_handles_tls connects to github.com but with_enabled_roots() is a no-op unless the tls-native-roots or tls-webpki-roots feature is enabled. Add tls-native-roots so root CAs are loaded. Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
Signed-off-by: Sachin Bhat <sachubhat17@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
cargo auditsurfaced 3 CVEs inrustls-webpki 0.102and 4 unmaintained crate warnings(
rustls-pemfile,backoff,paste,instant). Separately, theprotoc-gen-rust-grpcCMake build was broken due to an abseil LTS namespace mismatch after protobuf bumped its
internal abseil to
20260107. Tracked in #2597.Solution
rustls-webpki0.102 → 0.103 (RUSTSEC-2023-0071, RUSTSEC-2024-0336, RUSTSEC-2024-0384)rustls-pemfile→rustls-pki-types1.9+PemObjecttrait (pem_slice_iter,from_pem_slice, etc.)backoff→backon1.6 (ExponentialBuilderiterator; manualCloneimpl to reset per-request state)paste→pastey0.2 (drop-in replacement, same macro syntax)protoc-gen-rust-grpc): bump abseil20240722.0→20260107.0to match protobuf 34.0's internal abseil; add missing linker targets (absl::status,absl::statusor,absl::log, etc.)NameServerConfigGroupremoved,ServerFuture→Server,InMemoryAuthority→InMemoryZoneHandler); rand 0.9 → 0.10 (RngExttrait forrandom_range)collapsible_if/match,assertions_on_constants,useless_conversion,manual_is_multiple_of,criterion::black_box→std::hint::black_boxtls-native-rootsfeature totests/integration_testssoconnect_handles_tlscan verify certificates against the system root store