From 4d2b948bcf1b00b8aebc61310c18382c68a4655d Mon Sep 17 00:00:00 2001 From: Apoorv Vardhan Date: Mon, 31 Jan 2022 08:15:53 +0530 Subject: [PATCH] Upgrade security/web-cors to v4 (#514) --- Cargo.lock | 372 ++++++++++++++---------- security/web-cors/backend/Cargo.toml | 8 +- security/web-cors/frontend/package.json | 2 +- 3 files changed, 228 insertions(+), 154 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e9f37600..49e726bc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -114,7 +114,7 @@ dependencies = [ "tokio-rustls 0.14.1", "trust-dns-proto 0.19.7", "trust-dns-resolver 0.19.7", - "webpki", + "webpki 0.21.4", ] [[package]] @@ -131,16 +131,18 @@ dependencies = [ [[package]] name = "actix-cors" -version = "0.5.4" +version = "0.6.0-beta.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36b133d8026a9f209a9aeeeacd028e7451bcca975f592881b305d37983f303d7" +checksum = "d4f1bd0e31c745df129f0e94efd374d21f2a455bcc386c15d78ed9a9e7d4dd50" dependencies = [ - "actix-web 3.3.3", + "actix-service 2.0.2", + "actix-utils 3.0.0", + "actix-web 4.0.0-beta.21", "derive_more", "futures-util", "log", "once_cell", - "tinyvec", + "smallvec", ] [[package]] @@ -219,7 +221,7 @@ dependencies = [ "actix-rt 1.1.1", "actix-service 1.0.6", "actix-threadpool", - "actix-tls", + "actix-tls 2.0.0", "actix-utils 2.0.0", "base64 0.13.0", "bitflags", @@ -265,6 +267,7 @@ dependencies = [ "actix-codec 0.4.2", "actix-rt 2.6.0", "actix-service 2.0.2", + "actix-tls 3.0.2", "actix-utils 3.0.0", "ahash 0.7.6", "base64 0.13.0", @@ -329,17 +332,17 @@ dependencies = [ [[package]] name = "actix-multipart" -version = "0.3.0" +version = "0.4.0-beta.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "774bfeb11b54bf9c857a005b8ab893293da4eaff79261a66a9200dab7f5ab6e3" +checksum = "8362a002d669c85fea5504737a68b9f2d5538069ddd9ccd7d6d5f3eaa62cc000" dependencies = [ - "actix-service 1.0.6", - "actix-utils 2.0.0", - "actix-web 3.3.3", - "bytes 0.5.6", + "actix-utils 3.0.0", + "actix-web 4.0.0-beta.21", + "bytes 1.1.0", "derive_more", - "futures-util", + "futures-core", "httparse", + "local-waker", "log", "mime", "twoway", @@ -555,10 +558,28 @@ dependencies = [ "rustls 0.18.1", "tokio-openssl", "tokio-rustls 0.14.1", - "webpki", + "webpki 0.21.4", "webpki-roots 0.20.0", ] +[[package]] +name = "actix-tls" +version = "3.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31ab31563b611fa822480b4255e8750cf0af9ce1b8b7bde298afe8447ef9333" +dependencies = [ + "actix-codec 0.4.2", + "actix-rt 2.6.0", + "actix-service 2.0.2", + "actix-utils 3.0.0", + "futures-core", + "log", + "pin-project-lite 0.2.8", + "tokio-rustls 0.23.2", + "tokio-util 0.6.9", + "webpki-roots 0.22.2", +] + [[package]] name = "actix-todo" version = "2.0.0" @@ -621,7 +642,7 @@ dependencies = [ "actix-service 1.0.6", "actix-testing", "actix-threadpool", - "actix-tls", + "actix-tls 2.0.0", "actix-utils 2.0.0", "actix-web-codegen 0.4.0", "awc", @@ -660,6 +681,7 @@ dependencies = [ "actix-rt 2.6.0", "actix-server 2.0.0", "actix-service 2.0.2", + "actix-tls 3.0.2", "actix-utils 3.0.0", "actix-web-codegen 0.5.0-rc.1", "ahash 0.7.6", @@ -729,9 +751,9 @@ dependencies = [ name = "actix-web-cors" version = "1.0.0" dependencies = [ - "actix-cors 0.5.4", - "actix-web 3.3.3", - "env_logger 0.8.4", + "actix-cors 0.6.0-beta.8", + "actix-web 4.0.0-beta.21", + "env_logger 0.9.0", "futures", "serde 1.0.136", "serde_json", @@ -807,7 +829,7 @@ dependencies = [ "cipher", "ctr", "ghash", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -1631,9 +1653,6 @@ name = "bytes" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e4cec68f03f32e44924783795810fa50a7035d8c8ebe78580ad7e6c703fba38" -dependencies = [ - "serde 1.0.136", -] [[package]] name = "bytes" @@ -2022,16 +2041,6 @@ dependencies = [ "generic-array 0.14.5", ] -[[package]] -name = "crypto-mac" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" -dependencies = [ - "generic-array 0.12.4", - "subtle 1.0.0", -] - [[package]] name = "crypto-mac" version = "0.9.1" @@ -2039,7 +2048,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "58bcd97a54c7ca5ce2f6eb16f6bede5b0ab5f0055fedc17d2f0b4466e21671ca" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -2049,7 +2058,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -2059,7 +2068,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -2301,20 +2310,20 @@ dependencies = [ ] [[package]] -name = "dirs" -version = "2.0.2" +name = "dirs-next" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13aea89a5c93364a98e9b37b2fa237effbb694d5cfe01c5b70941f7eb087d5e3" +checksum = "b98cf8ebf19c3d1b223e151f99a4f9f0690dca41414773390fc824184ac833e1" dependencies = [ - "cfg-if 0.1.10", - "dirs-sys", + "cfg-if 1.0.0", + "dirs-sys-next", ] [[package]] -name = "dirs-sys" -version = "0.3.6" +name = "dirs-sys-next" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03d86534ed367a67548dc68113a0f5db55432fdfbb6e6f9d77704397d95d5780" +checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d" dependencies = [ "libc", "redox_users", @@ -2903,16 +2912,6 @@ dependencies = [ "hmac 0.10.1", ] -[[package]] -name = "hmac" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695" -dependencies = [ - "crypto-mac 0.7.0", - "digest 0.8.1", -] - [[package]] name = "hmac" version = "0.9.0" @@ -2975,6 +2974,17 @@ dependencies = [ "http", ] +[[package]] +name = "http-body" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ff4f84919677303da5f147645dbea6b1881f368d03ac84e1dc09031ebd7b2c6" +dependencies = [ + "bytes 1.1.0", + "http", + "pin-project-lite 0.2.8", +] + [[package]] name = "http-proxy" version = "2.0.0" @@ -3032,7 +3042,7 @@ dependencies = [ "futures-util", "h2 0.2.7", "http", - "http-body", + "http-body 0.3.1", "httparse", "httpdate 0.3.2", "itoa 0.4.8", @@ -3044,6 +3054,30 @@ dependencies = [ "want", ] +[[package]] +name = "hyper" +version = "0.14.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ec3e62bdc98a2f0393a5048e4c30ef659440ea6e0e572965103e72bd836f55" +dependencies = [ + "bytes 1.1.0", + "futures-channel", + "futures-core", + "futures-util", + "h2 0.3.11", + "http", + "http-body 0.4.4", + "httparse", + "httpdate 1.0.2", + "itoa 0.4.8", + "pin-project-lite 0.2.8", + "socket2 0.4.4", + "tokio 1.16.1", + "tower-service", + "tracing", + "want", +] + [[package]] name = "hyper-tls" version = "0.4.3" @@ -3051,12 +3085,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d979acc56dcb5b8dddba3917601745e877576475aa046df3226eabdecef78eed" dependencies = [ "bytes 0.5.6", - "hyper", + "hyper 0.13.10", "native-tls", "tokio 0.2.25", "tokio-tls", ] +[[package]] +name = "hyper-tls" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +dependencies = [ + "bytes 1.1.0", + "hyper 0.14.16", + "native-tls", + "tokio 1.16.1", + "tokio-native-tls", +] + [[package]] name = "ident_case" version = "1.0.1" @@ -3586,9 +3633,10 @@ dependencies = [ name = "middleware-http-to-https" version = "0.1.0" dependencies = [ - "actix-web 3.3.3", + "actix-web 4.0.0-beta.21", "futures", - "rustls 0.18.1", + "rustls 0.20.2", + "rustls-pemfile", ] [[package]] @@ -3668,18 +3716,6 @@ dependencies = [ "winapi 0.3.9", ] -[[package]] -name = "mio-named-pipes" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0840c1c50fd55e521b247f949c241c9997709f23bd7f023b9762cd561e935656" -dependencies = [ - "log", - "mio 0.6.23", - "miow 0.3.7", - "winapi 0.3.9", -] - [[package]] name = "mio-uds" version = "0.6.8" @@ -3767,7 +3803,7 @@ dependencies = [ "typed-builder", "uuid 0.8.2", "version_check 0.9.4", - "webpki", + "webpki 0.21.4", "webpki-roots 0.21.1", ] @@ -3794,7 +3830,7 @@ name = "multipart-example" version = "0.3.0" dependencies = [ "actix-multipart", - "actix-web 3.3.3", + "actix-web 4.0.0-beta.21", "futures-util", "sanitize-filename", "uuid 0.8.2", @@ -3805,8 +3841,7 @@ name = "multipart-s3" version = "0.1.0" dependencies = [ "actix-multipart", - "actix-web 3.3.3", - "bytes 0.5.6", + "actix-web 4.0.0-beta.21", "dotenv", "futures", "rusoto_core", @@ -4798,9 +4833,9 @@ dependencies = [ "futures-core", "futures-util", "http", - "http-body", - "hyper", - "hyper-tls", + "http-body 0.3.1", + "hyper 0.13.10", + "hyper-tls 0.4.3", "ipnet", "js-sys", "lazy_static", @@ -4882,61 +4917,55 @@ dependencies = [ [[package]] name = "rusoto_core" -version = "0.43.0" +version = "0.47.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a8d624cb48fcaca612329e4dd544380aa329ef338e83d3a90f5b7897e631971" +checksum = "5b4f000e8934c1b4f70adde180056812e7ea6b1a247952db8ee98c94cd3116cc" dependencies = [ "async-trait", - "base64 0.12.3", - "bytes 0.5.6", + "base64 0.13.0", + "bytes 1.1.0", + "crc32fast", "futures", - "hmac 0.7.1", "http", - "hyper", - "hyper-tls", + "hyper 0.14.16", + "hyper-tls 0.5.0", "lazy_static", "log", - "md5", - "percent-encoding", - "pin-project 0.4.29", "rusoto_credential", "rusoto_signature", - "rustc_version 0.2.3", + "rustc_version 0.4.0", "serde 1.0.136", "serde_json", - "sha2 0.8.2", - "tokio 0.2.25", + "tokio 1.16.1", "xml-rs", ] [[package]] name = "rusoto_credential" -version = "0.43.0" +version = "0.47.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3e7cdf483d7198d9bca7414746d3ba656239e89e467b715d0571912f0b492f" +checksum = "6a46b67db7bb66f5541e44db22b0a02fed59c9603e146db3a9e633272d3bac2f" dependencies = [ "async-trait", "chrono", - "dirs", + "dirs-next", "futures", - "hyper", - "pin-project 0.4.29", - "regex", + "hyper 0.14.16", "serde 1.0.136", "serde_json", "shlex", - "tokio 0.2.25", + "tokio 1.16.1", "zeroize", ] [[package]] name = "rusoto_s3" -version = "0.43.0" +version = "0.47.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b6bc3221ae5a2c036d5757eee68a2ffb6b7f87b8a83adbf4271c8133fdee01c" +checksum = "048c2fe811a823ad5a9acc976e8bf4f1d910df719dcf44b15c3e96c5b7a51027" dependencies = [ "async-trait", - "bytes 0.5.6", + "bytes 1.1.0", "futures", "rusoto_core", "xml-rs", @@ -4944,27 +4973,28 @@ dependencies = [ [[package]] name = "rusoto_signature" -version = "0.43.0" +version = "0.47.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62940a2bd479900a1bf8935b8f254d3e19368ac3ac4570eb4bd48eb46551a1b7" +checksum = "6264e93384b90a747758bcc82079711eacf2e755c3a8b5091687b5349d870bcc" dependencies = [ - "base64 0.12.3", - "bytes 0.5.6", + "base64 0.13.0", + "bytes 1.1.0", + "chrono", + "digest 0.9.0", "futures", "hex", - "hmac 0.7.1", + "hmac 0.11.0", "http", - "hyper", + "hyper 0.14.16", "log", - "md5", + "md-5", "percent-encoding", - "pin-project 0.4.29", + "pin-project-lite 0.2.8", "rusoto_credential", - "rustc_version 0.2.3", + "rustc_version 0.4.0", "serde 1.0.136", - "sha2 0.8.2", - "time 0.2.27", - "tokio 0.2.25", + "sha2 0.9.9", + "tokio 1.16.1", ] [[package]] @@ -5044,8 +5074,8 @@ dependencies = [ "base64 0.12.3", "log", "ring", - "sct", - "webpki", + "sct 0.6.1", + "webpki 0.21.4", ] [[package]] @@ -5057,19 +5087,32 @@ dependencies = [ "base64 0.13.0", "log", "ring", - "sct", - "webpki", + "sct 0.6.1", + "webpki 0.21.4", +] + +[[package]] +name = "rustls" +version = "0.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d37e5e2290f3e040b594b1a9e04377c2c671f1a1cfd9bfdef82106ac1c113f84" +dependencies = [ + "log", + "ring", + "sct 0.7.0", + "webpki 0.22.0", ] [[package]] name = "rustls-client-cert" version = "1.0.0" dependencies = [ - "actix-tls", - "actix-web 3.3.3", - "env_logger 0.8.4", + "actix-tls 3.0.2", + "actix-web 4.0.0-beta.21", + "env_logger 0.9.0", "log", - "rustls 0.18.1", + "rustls 0.20.2", + "rustls-pemfile", ] [[package]] @@ -5114,9 +5157,9 @@ dependencies = [ [[package]] name = "sanitize-filename" -version = "0.2.1" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23fd0fec94ec480abfd86bb8f4f6c57e0efb36dac5c852add176ea7b04c74801" +checksum = "bf18934a12018228c5b55a6dae9df5d0641e3566b3630cb46cc55564068e7c2f" dependencies = [ "lazy_static", "regex", @@ -5157,6 +5200,16 @@ dependencies = [ "untrusted", ] +[[package]] +name = "sct" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "security-framework" version = "2.5.0" @@ -5393,9 +5446,9 @@ dependencies = [ [[package]] name = "shlex" -version = "0.1.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" +checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] name = "shutdown-server" @@ -5581,7 +5634,7 @@ dependencies = [ "thiserror", "tokio-stream", "url", - "webpki", + "webpki 0.21.4", "webpki-roots 0.21.1", "whoami", ] @@ -5767,12 +5820,6 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" -[[package]] -name = "subtle" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" - [[package]] name = "subtle" version = "2.4.1" @@ -6074,13 +6121,11 @@ dependencies = [ "libc", "memchr", "mio 0.6.23", - "mio-named-pipes", "mio-uds", "num_cpus", "pin-project-lite 0.1.12", "signal-hook-registry", "slab", - "tokio-macros 0.2.6", "winapi 0.3.9", ] @@ -6099,21 +6144,10 @@ dependencies = [ "parking_lot", "pin-project-lite 0.2.8", "signal-hook-registry", - "tokio-macros 1.7.0", + "tokio-macros", "winapi 0.3.9", ] -[[package]] -name = "tokio-macros" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e44da00bfc73a25f814cd8d7e57a68a5c31b74b3152a0a1d1f590c97ed06265a" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "tokio-macros" version = "1.7.0" @@ -6125,6 +6159,16 @@ dependencies = [ "syn", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b" +dependencies = [ + "native-tls", + "tokio 1.16.1", +] + [[package]] name = "tokio-openssl" version = "0.4.0" @@ -6186,7 +6230,7 @@ dependencies = [ "futures-core", "rustls 0.18.1", "tokio 0.2.25", - "webpki", + "webpki 0.21.4", ] [[package]] @@ -6197,7 +6241,18 @@ checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6" dependencies = [ "rustls 0.19.1", "tokio 1.16.1", - "webpki", + "webpki 0.21.4", +] + +[[package]] +name = "tokio-rustls" +version = "0.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a27d5f2b839802bd8267fa19b0530f5a08b9c08cd417976be2a65d130fe1c11b" +dependencies = [ + "rustls 0.20.2", + "tokio 1.16.1", + "webpki 0.22.0", ] [[package]] @@ -6550,7 +6605,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" dependencies = [ "generic-array 0.14.5", - "subtle 2.4.1", + "subtle", ] [[package]] @@ -6901,13 +6956,23 @@ dependencies = [ "untrusted", ] +[[package]] +name = "webpki" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "webpki-roots" version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f20dea7535251981a9670857150d571846545088359b28e4951d350bdaf179f" dependencies = [ - "webpki", + "webpki 0.21.4", ] [[package]] @@ -6916,7 +6981,16 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" dependencies = [ - "webpki", + "webpki 0.21.4", +] + +[[package]] +name = "webpki-roots" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "552ceb903e957524388c4d3475725ff2c8b7960922063af6ce53c9a43da07449" +dependencies = [ + "webpki 0.22.0", ] [[package]] diff --git a/security/web-cors/backend/Cargo.toml b/security/web-cors/backend/Cargo.toml index 3db02f44..9363810b 100644 --- a/security/web-cors/backend/Cargo.toml +++ b/security/web-cors/backend/Cargo.toml @@ -2,13 +2,13 @@ name = "actix-web-cors" version = "1.0.0" authors = ["krircc "] -edition = "2018" +edition = "2021" [dependencies] -actix-web = "3" -actix-cors = "0.5" +actix-web = { version = "4.0.0-beta.21", features = ["rustls"] } +actix-cors = "0.6.0-beta.8" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -env_logger = "0.8" +env_logger = "0.9" futures = "0.3" diff --git a/security/web-cors/frontend/package.json b/security/web-cors/frontend/package.json index 36e132b4..74e1c3d9 100644 --- a/security/web-cors/frontend/package.json +++ b/security/web-cors/frontend/package.json @@ -11,6 +11,6 @@ }, "devDependencies": { "@vue/cli-service": "^3.0.0", - "vue-template-compiler": "^2.6.12" + "vue-template-compiler": "2.6.12" } }