fix(CI): Fix cargo deny #1106

DaughterOfMars · 2024-07-09T18:43:11Z

Description of change

This PR fixes the errors in the cargo deny CI by updating various out of date dependencies with audit issues.

Weirdness

Some changes were made because dependencies are out-of-date, non-update-able, and have out-of-date sub-dependencies that cause build errors for us due to mismatching versions.

For instance, in crates/iota-node/src/lib.rs I have had to copy the functionality from the fastcrypto crate because that library uses an older version of reqwest, and the public API accepts a reqwest::Client. If we tried to use the provided fetch_jwks function then we would have a compilation error due to the different versions of that type.

Similarly for crates/iota-tls/src/acceptor.rs, the functionality of the RustlsAcceptor from axum_server was copied to avoid version conflicts with rustls.

These could be resolved in some cases by forking the dependency and updating the sub-dependencies.

Links to any relevant issues

Fixes #805

… into dev-tools/fix-deny

Cargo.toml

deny.toml

crates/iota-source-validation-service/src/lib.rs

crates/iota-json-rpc/src/transaction_builder_api.rs

crates/iota-json-rpc/src/axum_router.rs

crates/iota-indexer/src/apis/read_api.rs

crates/iota-node/src/lib.rs

crates/iota-sdk/src/json_rpc_error.rs

crates/iota-json-rpc/src/logger.rs

crates/iota-json-rpc/src/read_api.rs

Dr-Electron

Just here to approve the workflow changes ;)
Out of interest, do we have a formatter for yml files now? Is it dprint?
And why use double quotes if you can save space and just use a single one?

Dr-Electron · 2024-07-25T19:35:49Z

.github/workflows/rust.yml

    services:
      postgres:
        image: postgres
+        env:
+          POSTGRES_PASSWORD: postgrespw


Just for me to maybe learn something. Why is this needed if the password is already set as job env?

I'm going to go ahead and merge this, please remember to ask Chloé on Monday (she's off today)

* chore(dependencies): Update jsonrpsee and related dependencies * replace todos * update dependencies * dprint * feature * update baselines and license * Switch from ethers to alloy * merge * Fix mock provider and a bug in the ws impl * update arrow/parquet * fix tokio dependency msim compatability * install crypto provider and other misc * update pcg crate usage and use vendored openssl * test fixes * more fixes and clippy * baselines and more clippy * disable mysticeti simtests too * fix test and fmt * roll back gcp-bigquery-client version * fix bug in mock provider and cleanup * remove outdated doc comment * replace B256 with TxHash * simplify * comment * remove merge problem * fix graphql-rpc job * Add prost to git allow * clippy * update dependencies * revert commented line * fix borked merge * move rustfmt skip * Reviews * Add comment explaining TlsAcceptor * remove axum macros feature usage * review and update dependencies * remove yaml_rust RUSTSEC ignore * reviews * cleanup helper functions * move import --------- Co-authored-by: Thibault Martinez <[email protected]>

DaughterOfMars added the dev-tools Issues related to the Developer Tools Team label Jul 9, 2024

DaughterOfMars added 27 commits July 16, 2024 10:50

chore(dependencies): Update jsonrpsee and related dependencies

bcbf9e3

replace todos

75ff451

Merge branch 'develop' into dev-tools/fix-deny

c6dece0

update dependencies

7564b8c

Merge branch 'develop' into dev-tools/fix-deny

079457d

dprint

48cf7cc

feature

7d6cf22

update baselines and license

e581d0f

Switch from ethers to alloy

3ad448b

merge

4320696

Fix mock provider and a bug in the ws impl

cb5e933

Merge branch 'develop' into dev-tools/fix-deny

cecb73e

update arrow/parquet

a607fcb

fix tokio dependency msim compatability

a82d7f0

install crypto provider and other misc

868bca3

update pcg crate usage and use vendored openssl

1fee3ff

test fixes

9fd875f

more fixes and clippy

8c3e6aa

Merge branch 'develop' into dev-tools/fix-deny

33e41c4

baselines and more clippy

10ce8a5

disable mysticeti simtests too

819a77a

fix test and fmt

3112487

Merge branch 'develop' into dev-tools/fix-deny

05d4a52

roll back gcp-bigquery-client version

bea17d6

Merge branch 'dev-tools/fix-deny' of https://github.com/iotaledger/iota…

86e1c24

… into dev-tools/fix-deny

fix bug in mock provider and cleanup

5101785

remove outdated doc comment

c878480

DaughterOfMars force-pushed the dev-tools/fix-deny branch from 67b7356 to c878480 Compare July 16, 2024 14:54

DaughterOfMars marked this pull request as ready for review July 16, 2024 14:54