Update many dependencies (#2439)

* Really wip

* compiles

* ..

* lint

* ..

* ..

* lint

* fix

* ..

* ..

* fixes

* fml

* ..

* better?

* ..

* ..

* ..

* fix ci

* updates

* ..

* ..

* update lock file

* schema

* aa

* Another one bites the dust

* last bump before win

---------

Co-authored-by: Razz4780 <msmolarekg@gmail.com>

Cargo.toml

@@ -35,51 +35,82 @@ authors = ["MetalBear <hi@metalbear.co>"]
 description = "Run a local process in the context of a cloud environment"
 homepage = "https://mirrord.dev"
 publish = false
-keywords = ["cli", "backend", "debug", "test", "kubernetes", "cloud", "native", "local", "ide", "devtool", "developer", "tool"]
+keywords = [
+    "cli",
+    "backend",
+    "debug",
+    "test",
+    "kubernetes",
+    "cloud",
+    "native",
+    "local",
+    "ide",
+    "devtool",
+    "developer",
+    "tool",
+]
 categories = ["development-tools", "backend", "devtool"]
 
 [workspace.dependencies]
 actix-codec = "0.5"
-bincode =  { version = "2.0.0-rc.2", features = ["serde"] }
+bincode = { version = "2.0.0-rc.2", features = ["serde"] }
 bytes = "1"
 tokio = { version = "1" }
 tokio-stream = "0.1"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 anyhow = "1"
-nix = { version = "0.24", features = ["net"] }
+nix = { version = "0.29", features = ["net"] }
 clap = { version = "4", features = ["derive"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
 futures = "0.3"
 thiserror = "1"
-k8s-openapi = { version = "0.20", features = ["v1_24"] }
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "rustls-tls-native-roots", "json", "socks"] }
-kube = { git = "https://github.com/metalbear-co/kube", default-features = false, features = ["runtime", "derive", "client", "ws", "rustls-tls", "oidc", "socks5", "http_proxy"], branch = "fix_mb" }
-trust-dns-resolver = { version = "0.22", features = ["serde-config", "tokio-runtime"] }
+k8s-openapi = { version = "0.22", features = ["earliest"] }
+reqwest = { version = "0.12", default-features = false, features = [
+    "blocking",
+    "rustls-tls-native-roots",
+    "json",
+    "socks",
+    "http2",
+] }
+kube = { git = "https://github.com/kube-rs/kube", default-features = false, features = [
+    "runtime",
+    "derive",
+    "client",
+    "ws",
+    "rustls-tls",
+    "oidc",
+    "socks5",
+    "http-proxy",
+], branch = "main" }
+hickory-resolver = { version = "0.24", features = [
+    "serde-config",
+    "tokio-runtime",
+] }
 tokio-util = { version = "0.7", features = ["net", "codec"] }
 rand = "0.8"
 streammap-ext = "0.1"
 num-traits = "0.2"
 regex = { version = "1", features = ["unicode-case"] }
 miette = "5"
-fancy-regex = { version = "0.10" }
+fancy-regex = { version = "0.13" }
 enum_dispatch = "0.3"
 
-# TODO(alex): hyper 1.0 echosystem update is 
-# blocked on https://github.com/kube-rs/kube/issues/1351
-hyper = { git = "https://github.com/meowjesty/hyper", branch = "master", features = ["full"] }
-hyper-util = { git = "https://github.com/meowjesty/hyper-util", branch = "issue/1869/update-runtime" }
-http-body = "1.0.0-rc.2"
-http-body-util = "0.1.0-rc.3"
+
+hyper = { version = "1", features = ["full"] }
+hyper-util = { version = "0.1" }
+http-body = "1"
+http-body-util = "0.1"
 libc = "0.2"
 bimap = "0.6.2"
-socket2 = { version = "0.5.3", features = ["all"]}
-which = "4"
+socket2 = { version = "0.5.3", features = ["all"] }
+which = "6"
 semver = "1"
 once_cell = "1"
 exec = "0.3"
 drain = "0.1"
+base64 = "0.22"
 
 [workspace.lints.rustdoc]
 private_intra_doc_links = "allow"

changelog.d/+dep-update.changed.md

@@ -0,0 +1 @@
+Dependencies update

mirrord-schema.json

@@ -1278,6 +1278,7 @@
             },
             "path": {
               "description": "<!--${internal}--> Path is optional so that it can also be specified via env var instead of via conf file, but it is not optional in a resulting [`TargetConfig`] object - either there is a path, or the target configuration is `None`.",
+              "default": null,
               "anyOf": [
                 {
                   "$ref": "#/definitions/Target"

mirrord/agent/Cargo.toml

@@ -19,12 +19,12 @@ workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-containerd-client = {git = "https://github.com/containerd/rust-extensions", rev="35a97f17d55753bb1ef04c28cd7c3203993932b0"}
+containerd-client = "0.5"
 tokio = { workspace = true, features = ["rt", "net", "macros", "fs", "process", "signal"] }
 serde.workspace = true
 serde_json.workspace = true
-pnet = "0.33"
-nix = { workspace  = true, features = ["mount"] }
+pnet = "0.35"
+nix = { workspace  = true, features = ["mount", "sched", "user"] }
 clap = { workspace = true, features = ["env"] }
 mirrord-protocol = { path = "../protocol"}
 actix-codec.workspace = true
@@ -33,9 +33,9 @@ tracing.workspace = true
 tracing-subscriber.workspace = true
 tokio-stream.workspace = true
 thiserror.workspace = true
-trust-dns-resolver.workspace = true
+hickory-resolver.workspace = true
 num-traits.workspace = true
-bollard = "0.14"
+bollard = "0.16"
 tokio-util.workspace = true
 rand.workspace = true
 streammap-ext.workspace = true
@@ -54,14 +54,14 @@ fancy-regex = { workspace = true }
 dashmap = { version = "5" }
 oci-spec = "0.6.0"
 async-trait = "0.1"
-tonic = "0.9"
+tonic = "0.11"
 tower = "0.4"
-http = "0.2"
-k8s-cri = "0.7"
+http = "1"
+k8s-cri = "0.8"
 once_cell.workspace = true
 semver.workspace = true
 drain.workspace = true
-tokio-rustls = "0.25"
+tokio-rustls = "0.26"
 x509-parser = "0.16"
 
 [target.'cfg(target_os = "linux")'.dependencies]
@@ -70,6 +70,6 @@ rawsocket = {git = "https://github.com/metalbear-co/rawsocket.git"}
 
 
 [dev-dependencies]
-mockall = "0.11.2" # 0.11.3 is broken
+mockall = "0.12" # 0.11.3 is broken
 test_bin = "0.4"
-rcgen = "0.10"
+rcgen = "0.13"

mirrord/agent/src/client_connection.rs

@@ -225,19 +225,19 @@ mod test {
     #[tokio::test]
     async fn agent_tls_connector_valid_cert() {
         let cert = rcgen::generate_simple_self_signed(vec!["operator".to_string()]).unwrap();
-        let cert_bytes = cert.serialize_der().unwrap();
-        let key_bytes = cert.get_key_pair().serialize_der();
+        let cert_bytes = cert.cert.der();
+        let key_bytes = cert.key_pair.serialize_der();
         let acceptor = ServerConfig::builder()
             .with_no_client_auth()
             .with_single_cert(
-                vec![cert_bytes.into()],
+                vec![cert_bytes.clone()],
                 PrivateKeyDer::Pkcs8(key_bytes.into()),
             )
             .map(Arc::new)
             .map(TlsAcceptor::from)
             .unwrap();
 
-        let connector = AgentTlsConnector::new(cert.serialize_pem().unwrap()).unwrap();
+        let connector = AgentTlsConnector::new(cert.cert.pem()).unwrap();
 
         let listener = TcpListener::bind("0.0.0.0:0").await.unwrap();
         let addr = listener.local_addr().unwrap();
@@ -270,12 +270,12 @@ mod test {
     #[tokio::test]
     async fn agent_tls_connector_invalid_cert() {
         let server_cert = rcgen::generate_simple_self_signed(vec!["operator".to_string()]).unwrap();
-        let server_cert_bytes = server_cert.serialize_der().unwrap();
-        let key_bytes = server_cert.get_key_pair().serialize_der();
+        let cert_bytes = server_cert.cert.der();
+        let key_bytes = server_cert.key_pair.serialize_der();
         let acceptor = ServerConfig::builder()
             .with_no_client_auth()
             .with_single_cert(
-                vec![server_cert_bytes.into()],
+                vec![cert_bytes.clone()],
                 PrivateKeyDer::Pkcs8(key_bytes.into()),
             )
             .map(Arc::new)
@@ -290,8 +290,8 @@ mod test {
                 let connector = AgentTlsConnector::new(
                     rcgen::generate_simple_self_signed(vec!["operator".to_string()])
                         .unwrap()
-                        .serialize_pem()
-                        .unwrap(),
+                        .cert
+                        .pem(),
                 )
                 .unwrap();
 

mirrord/agent/src/dns.rs

@@ -1,6 +1,7 @@
 use std::{future, path::PathBuf, time::Duration};
 
 use futures::{stream::FuturesOrdered, StreamExt};
+use hickory_resolver::{system_conf::parse_resolv_conf, AsyncResolver, Hosts};
 use mirrord_protocol::{
     dns::{DnsLookup, GetAddrInfoRequest, GetAddrInfoResponse},
     DnsLookupError, RemoteResult, ResolveErrorKindInternal, ResponseError,
@@ -13,7 +14,6 @@ use tokio::{
     },
 };
 use tokio_util::sync::CancellationToken;
-use trust_dns_resolver::{system_conf::parse_resolv_conf, AsyncResolver, Hosts};
 
 use crate::{
     error::{AgentError, Result},
@@ -90,12 +90,12 @@ impl DnsWorker {
 
         let (config, mut options) = parse_resolv_conf(resolv_conf)?;
         options.server_ordering_strategy =
-            trust_dns_resolver::config::ServerOrderingStrategy::UserProvidedOrder;
+            hickory_resolver::config::ServerOrderingStrategy::UserProvidedOrder;
         options.timeout = timeout;
         options.attempts = attempts;
-        options.ip_strategy = trust_dns_resolver::config::LookupIpStrategy::Ipv4Only;
+        options.ip_strategy = hickory_resolver::config::LookupIpStrategy::Ipv4Only;
 
-        let mut resolver = AsyncResolver::tokio(config, options)?;
+        let mut resolver = AsyncResolver::tokio(config, options);
 
         let hosts = Hosts::default().read_hosts_conf(hosts_conf.as_slice())?;
         resolver.set_hosts(Some(hosts));

mirrord/agent/src/namespace.rs

@@ -1,4 +1,4 @@
-use std::{fs::File, os::fd::AsRawFd};
+use std::fs::File;
 
 use nix::sched::{setns, CloneFlags};
 use thiserror::Error;
@@ -42,6 +42,6 @@ pub(crate) fn set_namespace(pid: u64, namespace_type: NamespaceType) -> Result<(
     let fd = File::open(namespace_type.path_from_pid(pid))?;
 
     // use as_raw_fd to get reference so it will drop after setns
-    setns(fd.as_raw_fd(), namespace_type.into())?;
+    setns(fd, namespace_type.into())?;
     Ok(())
 }

mirrord/agent/src/sniffer.rs

@@ -99,11 +99,11 @@ struct TCPSession {
 
 type TCPSessionMap = HashMap<TcpSessionIdentifier, TCPSession>;
 
-const fn is_new_connection(flags: u16) -> bool {
+const fn is_new_connection(flags: u8) -> bool {
     0 != (flags & TcpFlags::SYN) && 0 == (flags & (TcpFlags::ACK | TcpFlags::RST | TcpFlags::FIN))
 }
 
-fn is_closed_connection(flags: u16) -> bool {
+fn is_closed_connection(flags: u8) -> bool {
     0 != (flags & (TcpFlags::FIN | TcpFlags::RST))
 }
 
@@ -172,7 +172,7 @@ async fn prepare_sniffer(
 #[derive(Debug)]
 struct TcpPacketData {
     bytes: Vec<u8>,
-    flags: u16,
+    flags: u8,
 }
 
 #[tracing::instrument(skip(eth_packet), level = "trace", fields(bytes = %eth_packet.len()))]
@@ -514,7 +514,7 @@ impl TcpConnectionSniffer {
     ///
     /// tl;dr: checks packet flags, or if it's an HTTP packet, then begins a new sniffing session.
     #[tracing::instrument(level = "trace", ret, skip(bytes))]
-    fn treat_as_new_session(tcp_flags: u16, bytes: &[u8]) -> bool {
+    fn treat_as_new_session(tcp_flags: u8, bytes: &[u8]) -> bool {
         is_new_connection(tcp_flags)
             || matches!(
                 HttpVersion::new(bytes),

mirrord/agent/src/steal/connections/filtered.rs

@@ -163,7 +163,7 @@ impl FilteringService {
 
                 // We need this to progress the connection forward (hyper thing).
                 tokio::spawn(async move {
-                    if let Err(error) = connection.await {
+                    if let Err(error) = connection.with_upgrades().await {
                         tracing::error!(?error, "Connection with original destination failed");
                     }
                 });
@@ -932,10 +932,10 @@ mod test {
                         accept = original_listener.accept() => {
                             let (stream, _) = accept.unwrap();
                             let conn = hyper::server::conn::http1::Builder::new()
-                                .serve_connection(TokioIo::new(stream), service_fn(Self::handle_request));
+                                .serve_connection(TokioIo::new(stream), service_fn(Self::handle_request)).with_upgrades();
 
                             tasks.spawn(async move {
-                                conn.with_upgrades()
+                                conn
                                     .await
                                     .unwrap();
                             });
@@ -975,7 +975,7 @@ mod test {
             .unwrap();
 
             tasks.spawn(async move {
-                conn.await.unwrap();
+                conn.with_upgrades().await.unwrap();
             });
 
             TestSetup {

mirrord/agent/src/steal/http/filter.rs

@@ -74,6 +74,7 @@ impl HttpFilter {
 /// [`HeaderMap`](hyper::http::header::HeaderMap) entries formatted like `k: v` (format expected by
 /// [`HttpFilter::Header`]). Computed and cached in [`Request::extensions`] the first time
 /// [`HttpFilter::matches`] is called on the [`Request`].
+#[derive(Clone)]
 struct NormalizedHeaders(Vec<String>);
 
 impl NormalizedHeaders {

mirrord/analytics/Cargo.toml

@@ -17,7 +17,7 @@ edition.workspace = true
 workspace = true
 
 [dependencies]
-base64 = "0.21"
+base64.workspace = true
 serde.workspace = true
 reqwest = { workspace = true}
 tracing.workspace = true

mirrord/auth/Cargo.toml

@@ -34,15 +34,16 @@ client = [
 chrono = "0.4"
 whoami = { version = "1", optional = true }
 home = { version = "0.5", optional = true }
-pem = "2"
-fs4 = { version = "0.6", features = ["tokio-async"], optional = true }
+pem = "3"
+fs4 = { version = "0.8", features = ["tokio"], optional = true }
 k8s-openapi = { workspace = true, optional = true }
 kube = { workspace = true, optional = true }
 serde = { version = "1", features = ["derive"] }
 serde_yaml = { version = "0.9", optional = true }
 tokio = { workspace = true, features = ["fs"], optional = true  }
 thiserror = "1"
-x509-certificate = "0.19"
+x509-certificate = "0.23"
 # not direct dependency, but if we don't put it here it'll use openssl :(
 reqwest = { workspace = true, features=["json", "rustls-tls-native-roots"], default-features = false, optional = true }
-tracing.workspace = true
+tracing.workspace = true
+ring = "0.17"