From f31d7c6719d5b7f8c95db492ec7ca59e32621a94 Mon Sep 17 00:00:00 2001 From: Alexander Koz Date: Thu, 14 Sep 2023 15:09:58 +0400 Subject: [PATCH] update cargo (fixes [CVE-2023-38497][]) [CVE-2023-38497]: https://github.com/advisories/GHSA-j3xp-wfr4-hx87 --- Cargo.lock | 209 ++++++++++++++++++++++----------------- cargo/Cargo.toml | 4 +- cargo/src/package/mod.rs | 5 +- 3 files changed, 125 insertions(+), 93 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 116275b2..2cccfe0a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -285,9 +285,9 @@ dependencies = [ [[package]] name = "cargo" -version = "0.72.1" +version = "0.73.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cb394cfa92bba1e9dc828a3ad68a7a943dc76fb7095bdd3710f77e516b13585" +checksum = "77a6fe1f5394d14b81d2f3f605832a3ce35ed0bf120bc7ef437ce27fd4929c6a" dependencies = [ "anyhow", "base64", @@ -315,10 +315,8 @@ dependencies = [ "ignore", "im-rc", "indexmap 1.9.3", - "is-terminal", "itertools", "jobserver", - "lazy_static", "lazycell", "libc", "libgit2-sys", @@ -328,6 +326,7 @@ dependencies = [ "os_info", "pasetors", "pathdiff", + "pulldown-cmark", "rand", "rustfix", "semver", @@ -338,6 +337,7 @@ dependencies = [ "sha1", "shell-escape", "strip-ansi-escapes", + "syn 2.0.33", "tar", "tempfile", "termcolor", @@ -394,9 +394,9 @@ dependencies = [ [[package]] name = "cargo-util" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5e2320a2b1242f9181a3347ae0884bb497e1853d299da99780fa1e96f9abe23" +checksum = "dd54c8b94a0c851d687924460637361c355afafa72d973fe8644499fbdee8fae" dependencies = [ "anyhow", "core-foundation", @@ -411,7 +411,7 @@ dependencies = [ "shell-escape", "tempfile", "walkdir", - "windows-sys 0.45.0", + "windows-sys 0.48.0", ] [[package]] @@ -1019,12 +1019,13 @@ dependencies = [ [[package]] name = "gix" -version = "0.44.1" +version = "0.45.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bf41b61f7df395284f7a579c0fa1a7e012c5aede655174d4e91299ef1cac643" +checksum = "bf2a03ec66ee24d1b2bae3ab718f8d14f141613810cb7ff6756f7db667f1cd82" dependencies = [ "gix-actor", "gix-attributes", + "gix-commitgraph", "gix-config", "gix-credentials", "gix-date", @@ -1039,6 +1040,7 @@ dependencies = [ "gix-index", "gix-lock", "gix-mailmap", + "gix-negotiate", "gix-object", "gix-odb", "gix-pack", @@ -1067,9 +1069,9 @@ dependencies = [ [[package]] name = "gix-actor" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "848efa0f1210cea8638f95691c82a46f98a74b9e3524f01d4955ebc25a8f84f3" +checksum = "9fe73f9f6be1afbf1bd5be919a9636fa560e2f14d42262a934423ed6760cd838" dependencies = [ "bstr 1.6.2", "btoi", @@ -1081,9 +1083,9 @@ dependencies = [ [[package]] name = "gix-attributes" -version = "0.12.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3015baa01ad2122fbcaab7863c857a603eb7b7ec12ac8141207c42c6439805e2" +checksum = "78b79590ac382f80d87e06416f5fcac6fee5d83dcb152a00ed0bdbaa988acc31" dependencies = [ "bstr 1.6.2", "gix-glob", @@ -1123,11 +1125,25 @@ dependencies = [ "bstr 1.6.2", ] +[[package]] +name = "gix-commitgraph" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8490ae1b3d55c47e6a71d247c082304a2f79f8d0332c1a2f5693d42a2021a09" +dependencies = [ + "bstr 1.6.2", + "gix-chunk", + "gix-features", + "gix-hash", + "memmap2", + "thiserror", +] + [[package]] name = "gix-config" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d252a0eddb6df74600d3d8872dc9fe98835a7da43110411d705b682f49d4ac1" +checksum = "51f310120ae1ba8f0ca52fb22876ce9bad5b15c8ffb3eb7302e4b64a3b9f681c" dependencies = [ "bstr 1.6.2", "gix-config-value", @@ -1160,9 +1176,9 @@ dependencies = [ [[package]] name = "gix-credentials" -version = "0.14.0" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4874a4fc11ffa844a3c2b87a66957bda30a73b577ef1acf15ac34df5745de5ff" +checksum = "c6f89fea8acd28f5ef8fa5042146f1637afd4d834bc8f13439d8fd1e5aca0d65" dependencies = [ "bstr 1.6.2", "gix-command", @@ -1188,9 +1204,9 @@ dependencies = [ [[package]] name = "gix-diff" -version = "0.29.0" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "644a0f2768bc42d7a69289ada80c9e15c589caefc6a315d2307202df83ed1186" +checksum = "9029ad0083cc286a4bd2f5b3bf66bb66398abc26f2731a2824cd5edfc41a0e33" dependencies = [ "gix-hash", "gix-object", @@ -1200,9 +1216,9 @@ dependencies = [ [[package]] name = "gix-discover" -version = "0.18.1" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a6b61363e63e7cdaa3e6f96acb0257ebdb3d8883e21eba5930c99f07f0a5fc0" +checksum = "aba9c6c0d1f2b2efe65581de73de4305004612d49c83773e783202a7ef204f46" dependencies = [ "bstr 1.6.2", "dunce", @@ -1215,9 +1231,9 @@ dependencies = [ [[package]] name = "gix-features" -version = "0.29.0" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf69b0f5c701cc3ae22d3204b671907668f6437ca88862d355eaf9bc47a4f897" +checksum = "3a8c493409bf6060d408eec9bbdd1b12ea351266b50012e2a522f75dfc7b8314" dependencies = [ "bytes", "crc32fast", @@ -1235,18 +1251,18 @@ dependencies = [ [[package]] name = "gix-fs" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b37a1832f691fdc09910bd267f9a2e413737c1f9ec68c6e31f9e802616278a9" +checksum = "30da8997008adb87f94e15beb7ee229f8a48e97af585a584bfee4a5a1880aab5" dependencies = [ "gix-features", ] [[package]] name = "gix-glob" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c07c98204529ac3f24b34754540a852593d2a4c7349008df389240266627a72a" +checksum = "cd0ade1e80ab1f079703d1824e1daf73009096386aa7fd2f0477f6e4ac0a558e" dependencies = [ "bitflags 2.4.0", "bstr 1.6.2", @@ -1277,9 +1293,9 @@ dependencies = [ [[package]] name = "gix-ignore" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba205b6df563e2906768bb22834c82eb46c5fdfcd86ba2c347270bc8309a05b2" +checksum = "fc6f7f101a0ccce808dbf7008ba131dede94e20257e7bde7a44cbb2f8c775625" dependencies = [ "bstr 1.6.2", "gix-glob", @@ -1289,9 +1305,9 @@ dependencies = [ [[package]] name = "gix-index" -version = "0.16.1" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f39c1ccc8f1912cbbd5191efc28dbc5f0d0598042aa56bc09427b7c34efab3ba" +checksum = "616ba958fabfb11263fa042c35690d48a6c7be4e9277e2c7e24ff263b3fe7b82" dependencies = [ "bitflags 2.4.0", "bstr 1.6.2", @@ -1311,9 +1327,9 @@ dependencies = [ [[package]] name = "gix-lock" -version = "5.0.1" +version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c693d7f05730fa74a7c467150adc7cea393518410c65f0672f80226b8111555" +checksum = "3ec5d5e6f07316d3553aa7425e3ecd935ec29882556021fe1696297a448af8d2" dependencies = [ "gix-tempfile", "gix-utils", @@ -1322,20 +1338,35 @@ dependencies = [ [[package]] name = "gix-mailmap" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8856cec3bdc3610c06970d28b6cb20a0c6621621cf9a8ec48cbd23f2630f362" +checksum = "4653701922c920e009f1bc4309feaff14882ade017770788f9a150928da3fa6a" dependencies = [ "bstr 1.6.2", "gix-actor", "thiserror", ] +[[package]] +name = "gix-negotiate" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "945c3ef1e912e44a5f405fc9e924edf42000566a1b257ed52cb1293300f6f08c" +dependencies = [ + "bitflags 2.4.0", + "gix-commitgraph", + "gix-hash", + "gix-object", + "gix-revision", + "smallvec", + "thiserror", +] + [[package]] name = "gix-object" -version = "0.29.2" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d96bd620fd08accdd37f70b2183cfa0b001b4f1c6ade8b7f6e15cb3d9e261ce" +checksum = "8926c8f51c44dec3e709cb5dbc93deb9e8d4064c43c9efc54c158dcdfe8446c7" dependencies = [ "bstr 1.6.2", "btoi", @@ -1352,9 +1383,9 @@ dependencies = [ [[package]] name = "gix-odb" -version = "0.45.0" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bca2f324aa67672b6d0f2c0fa93f96eb6a7029d260e4c1df5dce3c015f5e5add" +checksum = "4b234d806278eeac2f907c8b5a105c4ba537230c1a9d9236d822bf0db291f8f3" dependencies = [ "arc-swap", "gix-features", @@ -1370,9 +1401,9 @@ dependencies = [ [[package]] name = "gix-pack" -version = "0.35.0" +version = "0.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "164a515900a83257ae4aa80e741655bee7a2e39113fb535d7a5ac623b445ff20" +checksum = "7d2a14cb3156037eedb17d6cb7209b7180522b8949b21fd0fe3184c0a1d0af88" dependencies = [ "clru", "gix-chunk", @@ -1429,9 +1460,9 @@ dependencies = [ [[package]] name = "gix-protocol" -version = "0.32.0" +version = "0.33.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877e49417f1730f4dbc2f7d9a2ab0f8b2f49ef08f97270691403ecde3d961e3a" +checksum = "92a17058b45c461f0847528c5fb6ee6e76115e026979eb2d2202f98ee94f6c24" dependencies = [ "bstr 1.6.2", "btoi", @@ -1457,9 +1488,9 @@ dependencies = [ [[package]] name = "gix-ref" -version = "0.29.1" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e03989e9d49954368e1b526578230fc7189d1634acdfbe79e9ba1de717e15d5" +checksum = "ebdd999256f4ce8a5eefa89999879c159c263f3493a951d62aa5ce42c0397e1c" dependencies = [ "gix-actor", "gix-features", @@ -1477,9 +1508,9 @@ dependencies = [ [[package]] name = "gix-refspec" -version = "0.10.1" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a6ea733820df67e4cd7797deb12727905824d8f5b7c59d943c456d314475892" +checksum = "72bfd622abc86dd8ad1ec51b9eb77b4f1a766b94e3a1b87cf4a022c5b5570cf4" dependencies = [ "bstr 1.6.2", "gix-hash", @@ -1491,15 +1522,30 @@ dependencies = [ [[package]] name = "gix-revision" -version = "0.13.0" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "810f35e9afeccca999d5d348b239f9c162353127d2e13ff3240e31b919e35476" +checksum = "5044f56cd7a487ce9b034cbe0252ae0b6b47ff56ca3dabd79bc30214d0932cd7" dependencies = [ "bstr 1.6.2", "gix-date", "gix-hash", "gix-hashtable", "gix-object", + "gix-revwalk", + "thiserror", +] + +[[package]] +name = "gix-revwalk" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc2623ba8747914f151f5e12b65adac576ab459dbed5f50a36c7a3e9cbf2d3ca" +dependencies = [ + "gix-commitgraph", + "gix-hash", + "gix-hashtable", + "gix-object", + "smallvec", "thiserror", ] @@ -1517,9 +1563,9 @@ dependencies = [ [[package]] name = "gix-tempfile" -version = "5.0.3" +version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71a0d32f34e71e86586124225caefd78dabc605d0486de580d717653addf182" +checksum = "b3785cb010e9dc5c446dfbf02bc1119fc17d3a48a27c029efcb3a3c32953eb10" dependencies = [ "gix-fs", "libc", @@ -1538,9 +1584,9 @@ checksum = "96b6d623a1152c3facb79067d6e2ecdae48130030cf27d6eb21109f13bd7b836" [[package]] name = "gix-transport" -version = "0.31.0" +version = "0.32.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f01c2bf7b989c679695ef635fc7d9e80072e08101be4b53193c8e8b649900102" +checksum = "64a39ffed9a9078ed700605e064b15d7c6ae50aa65e7faa36ca6919e8081df15" dependencies = [ "base64", "bstr 1.6.2", @@ -1557,9 +1603,9 @@ dependencies = [ [[package]] name = "gix-traverse" -version = "0.25.0" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5be1e807f288c33bb005075111886cceb43ed8a167b3182a0f62c186e2a0dd1" +checksum = "b0842e984cb4bf26339dc559f3a1b8bf8cdb83547799b2b096822a59f87f33d9" dependencies = [ "gix-hash", "gix-hashtable", @@ -1569,9 +1615,9 @@ dependencies = [ [[package]] name = "gix-url" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc77f89054297cc81491e31f1bab4027e554b5ef742a44bd7035db9a0f78b76" +checksum = "f1663df25ac42047a2547618d2a6979a26f478073f6306997429235d2cd4c863" dependencies = [ "bstr 1.6.2", "gix-features", @@ -1602,9 +1648,9 @@ dependencies = [ [[package]] name = "gix-worktree" -version = "0.17.1" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a69eaff0ae973a9d37c40f02ae5ae50fa726c8fc2fd3ab79d0a19eb61975aafa" +checksum = "d388ad962e8854402734a7387af8790f6bdbc8d05349052dab16ca4a0def50f6" dependencies = [ "bstr 1.6.2", "filetime", @@ -2318,7 +2364,7 @@ dependencies = [ "libc", "redox_syscall 0.3.5", "smallvec", - "windows-targets 0.48.5", + "windows-targets", ] [[package]] @@ -2670,13 +2716,24 @@ dependencies = [ [[package]] name = "prodash" -version = "23.1.2" +version = "25.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9516b775656bc3e8985e19cd4b8c0c0de045095074e453d2c0a513b5f978392d" +checksum = "1d67eb4220992a4a052a4bb03cf776e493ecb1a3a36bab551804153d63486af7" dependencies = [ "parking_lot", ] +[[package]] +name = "pulldown-cmark" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77a1a2f1f0a7ecff9c31abbe177637be0e97a0aef46cf8738ece09327985d998" +dependencies = [ + "bitflags 1.3.2", + "memchr", + "unicase", +] + [[package]] name = "quick-xml" version = "0.29.0" @@ -3631,7 +3688,7 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" dependencies = [ - "windows-targets 0.48.5", + "windows-targets", ] [[package]] @@ -3649,37 +3706,13 @@ dependencies = [ "windows_x86_64_msvc 0.42.2", ] -[[package]] -name = "windows-sys" -version = "0.45.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" -dependencies = [ - "windows-targets 0.42.2", -] - [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets 0.48.5", -] - -[[package]] -name = "windows-targets" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" -dependencies = [ - "windows_aarch64_gnullvm 0.42.2", - "windows_aarch64_msvc 0.42.2", - "windows_i686_gnu 0.42.2", - "windows_i686_msvc 0.42.2", - "windows_x86_64_gnu 0.42.2", - "windows_x86_64_gnullvm 0.42.2", - "windows_x86_64_msvc 0.42.2", + "windows-targets", ] [[package]] diff --git a/cargo/Cargo.toml b/cargo/Cargo.toml index 6f0d6eef..3bec02f2 100644 --- a/cargo/Cargo.toml +++ b/cargo/Cargo.toml @@ -38,8 +38,8 @@ clap_lex = "0.5" dirs = "5.0" fs_extra = "1.3" -cargo = "=0.72.1" -cargo-util = "=0.2.4" +cargo = "=0.73.1" +cargo-util = "=0.2.5" cargo-platform = "0.1.3" semver = "1.0" diff --git a/cargo/src/package/mod.rs b/cargo/src/package/mod.rs index bfdd8bfe..9b1400f5 100644 --- a/cargo/src/package/mod.rs +++ b/cargo/src/package/mod.rs @@ -291,10 +291,9 @@ fn execute_pdc<'l, Layout: playdate::layout::Layout>(config: &Config, let profile = profiles.base_profile(); let optimized = profile.opt_level.as_str() == "0"; let debuginfo = match profile.debuginfo { - DebugInfo::None => false, - DebugInfo::Explicit(TomlDebugInfo::None) => false, + DebugInfo::Resolved(TomlDebugInfo::None) => false, DebugInfo::Deferred(TomlDebugInfo::None) => false, - DebugInfo::Explicit(_) => true, + DebugInfo::Resolved(_) => true, DebugInfo::Deferred(_) => true, }; (optimized, debuginfo)