[Merged by Bors] - update dependencies

[jxs]

Issue Addressed

updates underlying dependencies and removes the ignored RUSTSEC's for cargo audit.

Also switches procinfo to procfs on eth2 to remove the nom warning, procinfo is unmaintained see here.

[jimmygchen]

Nice, looks like this PR addresses both #2727 and #4623 🎉

[jimmygchen]

Are these added to fix some new failing tests?
It makes sense but I'm just asking because the cli definition doesn't actually require "http" to be present when the below flags are used (e.g. "http-address" arg doesn't have .require("http"))

lighthouse/validator_client/src/cli.rs

Lines 170 to 188 in 1373dcf

	.arg(
	Arg::with_name("http-address")
	.long("http-address")
	.value_name("ADDRESS")
	.help("Set the address for the HTTP address. The HTTP server is not encrypted \
	and therefore it is unsafe to publish on a public network. When this \
	flag is used, it additionally requires the explicit use of the \
	`--unencrypted-http-transport` flag to ensure the user is aware of the \
	risks involved. For access via the Internet, users should apply \
	transport-layer security like a HTTPS reverse-proxy or SSH tunnelling.")
	.requires("unencrypted-http-transport"),
	)
	.arg(
	Arg::with_name("unencrypted-http-transport")
	.long("unencrypted-http-transport")
	.help("This is a safety flag to ensure that the user is aware that the http \
	transport is unencrypted and using a custom HTTP address is unsafe.")
	.requires("http-address"),
	)

[jxs]

yes, thanks for bringing this up Jimmy. without the http and the metrics flag the both servers don't run,
see here for the validator client http server:

lighthouse/validator_client/src/lib.rs

Lines 570 to 584 in dfcb336

	self.http_api_listen_addr = if self.config.http_api.enabled {
	let ctx = Arc::new(http_api::Context {
	task_executor: self.context.executor.clone(),
	api_secret,
	validator_store: Some(self.validator_store.clone()),
	validator_dir: Some(self.config.validator_dir.clone()),
	graffiti_file: self.config.graffiti_file.clone(),
	graffiti_flag: self.config.graffiti,
	spec: self.context.eth2_config.spec.clone(),
	config: self.config.http_api.clone(),
	sse_logging_components: self.context.sse_logging_components.clone(),
	slot_clock: self.slot_clock.clone(),
	log: log.clone(),
	_phantom: PhantomData,
	});

and here for the metrics:

lighthouse/validator_client/src/lib.rs

Lines 127 to 155 in dfcb336

	// Optionally start the metrics server.
	let http_metrics_ctx = if config.http_metrics.enabled {
	let shared = http_metrics::Shared {
	validator_store: None,
	genesis_time: None,
	duties_service: None,
	};
	let ctx: Arc<http_metrics::Context<T>> = Arc::new(http_metrics::Context {
	config: config.http_metrics.clone(),
	shared: RwLock::new(shared),
	log: log.clone(),
	});
	let exit = context.executor.exit();
	let (_listen_addr, server) = http_metrics::serve(ctx.clone(), exit)
	.map_err(|e| format!("Unable to start metrics API server: {:?}", e))?;
	context
	.clone()
	.executor
	.spawn_without_exit(server, "metrics-api");
	Some(ctx)
	} else {
	info!(log, "HTTP metrics server is disabled");
	None
	};

I think I commented on mattermost that we should probably make all these flags dependent on the main http and metrics ones, I didn't know it was that simple, I can do that in a subsequent PR if everyone agrees.

[jimmygchen]

These tests actually just verify the parsed configs. The CommandLineTest starts the lighthouse process, dump the loaded config and shuts down immediately (it doesn't even create a ProductionBeaconNode or ProductionValidatorClient). But if were to make these flags required, we'll need them here. Updating in a subsequent PR is fine by me!

lighthouse/lighthouse/tests/exec.rs

Lines 37 to 43 in b6493d5

	cmd.arg("--datadir")
	.arg(tmp_dir.path().as_os_str())
	.arg(format!("--{}", "dump-config"))
	.arg(tmp_config_path.as_os_str())
	.arg(format!("--{}", "dump-chain-config"))
	.arg(tmp_chain_config_path.as_os_str())
	.arg("--immediate-shutdown");

[jxs]

These tests actually just verify the parsed configs.

Yeah but it was one of the tests that already had the metrics flag before that failed and allowed us to acknowledge the CORS bug after the warp update, that's why I added the flag to all the other tests.

But if were to make these flags required, we'll need them here. Updating in a subsequent PR is fine by me!

Ok nice, I'll do it then, thanks Jimmy

[paulhauner]

Nice, thanks! LGTM!

[paulhauner]

bors r+

[bors]

Pull request successfully merged into unstable.

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

• arbitrary-check
• beacon-chain-tests
• cargo-audit
• cargo-fmt
• cargo-udeps
• cargo-vendor
• check-benchmarks
• check-msrv
• clippy
• compile-with-beta-compiler
• debug-tests-ubuntu
• dockerfile-ubuntu
• doppelganger-protection-test
• ef-tests-ubuntu
• eth1-simulator-ubuntu
• execution-engine-integration-ubuntu
• merge-transition-ubuntu
• no-eth1-simulator-ubuntu
• op-pool-tests
• release-tests-ubuntu
• release-tests-windows
• slasher-tests
• state-transition-vectors-ubuntu
• syncing-simulator-ubuntu

[macladson]

Just noting that this effectively fixes and implements both changes from #4287 and #4275 🎉