Auto merge of #112217 - arlosi:update-vuln-deps, r=Mark-Simulacrum
Update dependencies with reported vulnerabilities
Vulnerable dependencies:
* bumpalo 3.12.1 (yanked)
* updated to 3.13.0
* tokio 1.8.4 - https://rustsec.org/advisories/RUSTSEC-2023-0001
* updated to 1.28.2
* remove_dir_all 0.5.3 - https://rustsec.org/advisories/RUSTSEC-2023-0018
* removed by using the standard library function in `rust-installer` instead and updating to `tempfile@3.5.0` (which also removes the dependency).
The new dependencies come from `tempfile@3.5.0` which adds the dependency on `rustix`
diff --git a/Cargo.lock b/Cargo.lock
index 30d1fe5..416a1ae 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -316,9 +316,9 @@
[[package]]
name = "bumpalo"
-version = "3.12.1"
+version = "3.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
[[package]]
name = "bytecount"
@@ -1209,7 +1209,7 @@
dependencies = [
"cfg-if",
"libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
"windows-sys 0.45.0",
]
@@ -1751,7 +1751,6 @@
"flate2",
"num_cpus",
"rayon",
- "remove_dir_all",
"tar",
"walkdir",
"xz2",
@@ -2435,7 +2434,7 @@
"cfg-if",
"instant",
"libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
"smallvec",
"winapi",
]
@@ -2448,7 +2447,7 @@
dependencies = [
"cfg-if",
"libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
"smallvec",
"windows-sys 0.42.0",
]
@@ -2792,13 +2791,22 @@
]
[[package]]
+name = "redox_syscall"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
name = "redox_users"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64"
dependencies = [
"getrandom",
- "redox_syscall",
+ "redox_syscall 0.2.10",
]
[[package]]
@@ -2851,15 +2859,6 @@
version = "0.1.0"
[[package]]
-name = "remove_dir_all"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-dependencies = [
- "winapi",
-]
-
-[[package]]
name = "replace-version-placeholder"
version = "0.1.0"
dependencies = [
@@ -4778,16 +4777,15 @@
[[package]]
name = "tempfile"
-version = "3.3.0"
+version = "3.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
+checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
dependencies = [
"cfg-if",
"fastrand",
- "libc",
- "redox_syscall",
- "remove_dir_all",
- "winapi",
+ "redox_syscall 0.3.5",
+ "rustix",
+ "windows-sys 0.45.0",
]
[[package]]
@@ -4973,14 +4971,14 @@
[[package]]
name = "tokio"
-version = "1.8.4"
+version = "1.28.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50dae83881bc9b0403dd5b44ea9deed3e939856cc8722d5be37f0d6e5c6d53dd"
+checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
dependencies = [
"autocfg",
"bytes",
- "memchr",
"pin-project-lite",
+ "windows-sys 0.48.0",
]
[[package]]
diff --git a/compiler/rustc_data_structures/src/temp_dir.rs b/compiler/rustc_data_structures/src/temp_dir.rs
index a780d23..621d301 100644
--- a/compiler/rustc_data_structures/src/temp_dir.rs
+++ b/compiler/rustc_data_structures/src/temp_dir.rs
@@ -16,7 +16,7 @@
// occur.
let dir = unsafe { ManuallyDrop::take(&mut self.dir) };
if self.keep {
- dir.into_path();
+ let _ = dir.into_path();
}
}
}
diff --git a/src/tools/rust-installer/Cargo.toml b/src/tools/rust-installer/Cargo.toml
index 97734f0..85e979f 100644
--- a/src/tools/rust-installer/Cargo.toml
+++ b/src/tools/rust-installer/Cargo.toml
@@ -17,7 +17,6 @@
walkdir = "2"
xz2 = "0.1.4"
num_cpus = "1"
-remove_dir_all = "0.5"
[dependencies.clap]
features = ["derive"]
diff --git a/src/tools/rust-installer/src/util.rs b/src/tools/rust-installer/src/util.rs
index 674617c..6cac314 100644
--- a/src/tools/rust-installer/src/util.rs
+++ b/src/tools/rust-installer/src/util.rs
@@ -82,7 +82,7 @@
/// Wraps `remove_dir_all` with a nicer error message.
pub fn remove_dir_all<P: AsRef<Path>>(path: P) -> Result<()> {
- remove_dir_all::remove_dir_all(path.as_ref())
+ fs::remove_dir_all(path.as_ref())
.with_context(|| format!("failed to remove dir '{}'", path.as_ref().display()))?;
Ok(())
}
diff --git a/src/tools/tidy/src/deps.rs b/src/tools/tidy/src/deps.rs
index abaed95..9979dfb 100644
--- a/src/tools/tidy/src/deps.rs
+++ b/src/tools/tidy/src/deps.rs
@@ -167,12 +167,14 @@
"instant",
"intl-memoizer",
"intl_pluralrules",
+ "io-lifetimes",
"itertools",
"itoa",
"jobserver",
"lazy_static",
"libc",
"libloading",
+ "linux-raw-sys",
"litemap",
"lock_api",
"log",
@@ -210,12 +212,12 @@
"regex",
"regex-automata",
"regex-syntax",
- "remove_dir_all",
"rustc-demangle",
"rustc-hash",
"rustc-rayon",
"rustc-rayon-core",
"rustc_version",
+ "rustix",
"ruzstd", // via object in thorin-dwp
"ryu",
"scoped-tls",
@@ -279,6 +281,7 @@
"winapi-util",
"winapi-x86_64-pc-windows-gnu",
"windows",
+ "windows-sys",
"windows-targets",
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",