From 8d80dad1aec0cf3c7606b28ab291b948c88ed678 Mon Sep 17 00:00:00 2001
From: Willem Wyndham <willem@ahalabs.dev>
Date: Thu, 14 Nov 2024 15:27:42 -0500
Subject: [PATCH] fix: migrate from slip10 to slipped10 crate

Fix advisory issue
---
 Cargo.lock                           | 103 ++++++---------------------
 cmd/crates/stellar-ledger/Cargo.toml |   2 +-
 2 files changed, 24 insertions(+), 81 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4d3cc0c78..0b92dcd22 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1022,7 +1022,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
 dependencies = [
  "generic-array",
- "rand_core 0.6.4",
+ "rand_core",
  "subtle",
  "zeroize",
 ]
@@ -1078,19 +1078,6 @@ dependencies = [
  "syn 2.0.77",
 ]
 
-[[package]]
-name = "curve25519-dalek"
-version = "3.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
-dependencies = [
- "byteorder 1.5.0",
- "digest 0.9.0",
- "rand_core 0.5.1",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "curve25519-dalek"
 version = "4.1.3"
@@ -1394,16 +1381,7 @@ dependencies = [
  "digest 0.10.7",
  "elliptic-curve",
  "rfc6979",
- "signature 2.1.0",
-]
-
-[[package]]
-name = "ed25519"
-version = "1.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
-dependencies = [
- "signature 1.6.4",
+ "signature",
 ]
 
 [[package]]
@@ -1413,19 +1391,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
 dependencies = [
  "pkcs8",
- "signature 2.1.0",
-]
-
-[[package]]
-name = "ed25519-dalek"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
-dependencies = [
- "curve25519-dalek 3.2.0",
- "ed25519 1.5.3",
- "sha2 0.9.9",
- "zeroize",
+ "signature",
 ]
 
 [[package]]
@@ -1434,9 +1400,9 @@ version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
 dependencies = [
- "curve25519-dalek 4.1.3",
- "ed25519 2.2.3",
- "rand_core 0.6.4",
+ "curve25519-dalek",
+ "ed25519",
+ "rand_core",
  "serde",
  "sha2 0.10.8",
  "subtle",
@@ -1461,7 +1427,7 @@ dependencies = [
  "ff",
  "generic-array",
  "group",
- "rand_core 0.6.4",
+ "rand_core",
  "sec1",
  "subtle",
  "zeroize",
@@ -1607,7 +1573,7 @@ version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
 dependencies = [
- "rand_core 0.6.4",
+ "rand_core",
  "subtle",
 ]
 
@@ -1880,7 +1846,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
 dependencies = [
  "ff",
- "rand_core 0.6.4",
+ "rand_core",
  "subtle",
 ]
 
@@ -3488,7 +3454,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
  "libc",
  "rand_chacha",
- "rand_core 0.6.4",
+ "rand_core",
 ]
 
 [[package]]
@@ -3498,15 +3464,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
  "ppv-lite86",
- "rand_core 0.6.4",
+ "rand_core",
 ]
 
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-
 [[package]]
 name = "rand_core"
 version = "0.6.4"
@@ -4299,12 +4259,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "signature"
-version = "1.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
-
 [[package]]
 name = "signature"
 version = "2.1.0"
@@ -4312,7 +4266,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"
 dependencies = [
  "digest 0.10.7",
- "rand_core 0.6.4",
+ "rand_core",
 ]
 
 [[package]]
@@ -4336,24 +4290,13 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "slip10"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28724a6e6f70b0cb115c580891483da6f3aa99e6a353598303a57f89d23aa6bc"
-dependencies = [
- "ed25519-dalek 1.0.1",
- "hmac 0.9.0",
- "sha2 0.9.9",
-]
-
 [[package]]
 name = "slipped10"
 version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0a45443e66aa5d96db5e02d17db056e1ca970232a4fe73e1f9bc1816d68f4e98"
 dependencies = [
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "hmac 0.9.0",
  "sha2 0.9.9",
 ]
@@ -4451,7 +4394,7 @@ dependencies = [
  "directories",
  "dirs 4.0.0",
  "dotenvy",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "ethnum",
  "flate2",
  "fqdn",
@@ -4582,9 +4525,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2b7a32c28f281c423189f1298960194f0e0fc4eeb72378028171e556d8cd6160"
 dependencies = [
  "backtrace",
- "curve25519-dalek 4.1.3",
+ "curve25519-dalek",
  "ecdsa",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "elliptic-curve",
  "generic-array",
  "getrandom",
@@ -4618,9 +4561,9 @@ dependencies = [
  "ark-ec",
  "ark-ff",
  "ark-serialize",
- "curve25519-dalek 4.1.3",
+ "curve25519-dalek",
  "ecdsa",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "elliptic-curve",
  "generic-array",
  "getrandom",
@@ -4715,7 +4658,7 @@ dependencies = [
  "arbitrary",
  "bytes-lit",
  "ctor",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "rand",
  "serde",
  "serde_json",
@@ -4735,7 +4678,7 @@ dependencies = [
  "arbitrary",
  "bytes-lit",
  "ctor",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "rand",
  "rustc_version",
  "serde",
@@ -4902,7 +4845,7 @@ version = "22.0.0-rc.1"
 dependencies = [
  "assert_cmd",
  "assert_fs",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "fs_extra",
  "hex",
  "predicates 2.1.5",
@@ -4985,7 +4928,7 @@ dependencies = [
  "async-trait",
  "bollard",
  "byteorder 1.5.0",
- "ed25519-dalek 2.1.1",
+ "ed25519-dalek",
  "env_logger",
  "futures",
  "hex",
@@ -5004,7 +4947,7 @@ dependencies = [
  "serde_json",
  "serial_test",
  "sha2 0.9.9",
- "slip10",
+ "slipped10",
  "soroban-spec 22.0.0-rc.3",
  "stellar-rpc-client",
  "stellar-strkey 0.0.11",
diff --git a/cmd/crates/stellar-ledger/Cargo.toml b/cmd/crates/stellar-ledger/Cargo.toml
index 10fd34e42..24b9ebef4 100644
--- a/cmd/crates/stellar-ledger/Cargo.toml
+++ b/cmd/crates/stellar-ledger/Cargo.toml
@@ -27,7 +27,7 @@ stellar-strkey = { workspace = true }
 ledger-transport-hid = "0.10.0"
 ledger-transport = "0.10.0"
 sep5.workspace = true
-slip10 = "0.4.3"
+slip10 = { package = "slipped10", version = "0.4.6" }
 tracing = { workspace = true }
 hex.workspace = true
 byteorder = "1.5.0"