Fix cargo audit vulnerabilities: rustls-webpki

[didier-wenzek]

https://github.com/thin-edge/thin-edge.io/actions/runs/5941141470/job/16111321664?pr=2169 reports vulnerabilities on

• rustls-webpki
• webpki

Proposed changes

• for rustls-webpki: cargo update except for time and time-macros which require rust 1.67
• for webpki: there is no fix yet

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s)
• I ran cargo fmt as mentioned in CODING_GUIDELINES
• I used cargo clippy as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[Bravo555]

Looks like there's still a problem with cargo check, assert_cmd v2.0.12 can't be built on rust 1.65 (requires at least 1.66)
https://github.com/thin-edge/thin-edge.io/actions/runs/5941664849/job/16112981268?pr=2180

Assuming there would be no other blockers, I would be in favour of bumping MSRV as I believe let ... else support is in 1.66 or 1.67

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %
257	0	5	257	100

[didier-wenzek]

Assuming there would be no other blockers, I would be in favour of bumping MSRV

I'm okay to bump the MSRV. The question is now: which version?

as I believe let ... else support is in 1.66 or 1.67

let ... else support has been added by 1.65.

[Bravo555]

I'm okay to bump the MSRV. The question is now: which version?

I think we can bump to the smallest version that satisfies updated dependencies as part of this PR, and go from there. Maybe we'll have to do another bump to solve the 2nd vuln, but also shouldn't be a problem. As for Yocto, which was usually the blocker, we now use meta-rust, which has rust 1.71, so we can choose pretty much any version.

[didier-wenzek]

Bump MSRV to 1.67

[codecov]

Codecov Report

Merging #2180 (3033549) into main (75127c6) will increase coverage by 0.0%.
Report is 7 commits behind head on main.
The diff coverage is n/a.

❗ Current head 3033549 differs from pull request most recent head 6e16a6f. Consider uploading reports for the commit 6e16a6f to get more accurate results

Additional details and impacted files

see 16 files with indirect coverage changes