Skip to content

Commit

Permalink
Update dependencies to address security warnings (#767)
Browse files Browse the repository at this point in the history
  • Loading branch information
mwylde authored Oct 27, 2024
1 parent 776965a commit 2f73f96
Show file tree
Hide file tree
Showing 19 changed files with 4,709 additions and 4,190 deletions.
2,421 changes: 1,313 additions & 1,108 deletions Cargo.lock

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ prost-reflect = "0.12.0"
prost-build = {version = "0.12" }
prost-types = "0.12"
aws-config = "1.5.6"
reqwest = "0.12"

[profile.release]
debug = 1
Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo-api/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ schemars = "0.8"

# metric querying
prometheus-http-query = "0.6.5"
reqwest = "0.11"
reqwest = {workspace = true}
base64 = '0.21'

# codegen
Expand Down
26 changes: 13 additions & 13 deletions crates/arroyo-connectors/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,10 @@ typify = "0.0.13"
schemars = "0.8"
prost = {workspace = true}
tonic = {workspace = true}
governor = "0.6.0"
governor = "0.7.0"
anyhow = "1.0.71"
tracing = "0.1.37"
regress = "0.7.0"
regress = "0.10.0"
futures = "0.3.28"
axum = {version = "0.6.12"}
rand = "0.8.5"
Expand All @@ -50,21 +50,21 @@ regex = "1"
##########################

# Kafka
rdkafka = { version = "0.33", features = ["cmake-build", "tracing", "sasl", "ssl-vendored"] }
rdkafka = { version = "0.36", features = ["cmake-build", "tracing", "sasl", "ssl-vendored"] }
rdkafka-sys = "4.5.0"
sasl2-sys = { version = "0.1.6", features = ["vendored"] }

# SSE
eventsource-client = "0.12.0"
eventsource-client = "0.13.0"

# Websocket
tokio-tungstenite = { version = "0.20.1", features = ["native-tls"] }
tokio-tungstenite = { version = "0.24", features = ["native-tls"] }

# Webhook
reqwest = { version = "0.11.20", features = ["stream"] }
reqwest = { workspace = true, features = ["stream"] }

# Redis
redis = { version = "0.26.1", features = ["default", "tokio-rustls-comp", "cluster-async", "connection-manager"] }
redis = { version = "0.27", features = ["default", "tokio-rustls-comp", "cluster-async", "connection-manager"] }

# Fluvio
fluvio = {version = "0.23", features = ["openssl"]}
Expand All @@ -82,14 +82,14 @@ deltalake = { workspace = true, features = ["s3"] }
async-compression = { version = "0.4.3", features = ["tokio", "zstd", "gzip"] }

# MQTT
rumqttc = { version = "0.23.0", features = ["url"] }
rustls-native-certs = "0.6"
rustls-pemfile = "1"
tokio-rustls = "0.24"
rustls = "0.21.11"
rumqttc = { version = "0.24.0", features = ["url"] }
rustls-native-certs = "0.8"
rustls-pemfile = "2"
tokio-rustls = "0.25"
rustls = "0.22"

# NATS
async-nats = "0.33.0"
async-nats = "0.37.0"

[build-dependencies]
glob = "0.3"
28 changes: 12 additions & 16 deletions crates/arroyo-connectors/src/mqtt/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,12 @@ use arroyo_rpc::{var_str::VarStr, OperatorConfig};
use rumqttc::v5::mqttbytes::QoS;
use rumqttc::v5::{AsyncClient, Event as MqttEvent, EventLoop, Incoming, MqttOptions};
use rumqttc::Outgoing;
use rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
use rustls_native_certs::load_native_certs;
use serde::{Deserialize, Serialize};
use tokio::sync::mpsc::Sender;
use tokio::sync::oneshot::Receiver;
use tokio_rustls::rustls::{Certificate, ClientConfig, PrivateKey, RootCertStore};
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
use typify::import_types;

const CONFIG_SCHEMA: &str = include_str!("./profile.json");
Expand Down Expand Up @@ -363,30 +364,27 @@ async fn test_inner(
}
}

fn load_certs(certificates: &str) -> anyhow::Result<Vec<Certificate>> {
fn load_certs<'a>(certificates: &str) -> anyhow::Result<Vec<CertificateDer<'a>>> {
let cert_bytes = std::fs::read_to_string(certificates).map_or_else(
|_| certificates.as_bytes().to_owned(),
|certs| certs.as_bytes().to_owned(),
);

let certs = rustls_pemfile::certs(&mut cert_bytes.as_slice()).map_err(|err| anyhow!(err))?;
let certs: Result<Vec<_>, _> = rustls_pemfile::certs(&mut cert_bytes.as_slice()).collect();

Ok(certs.into_iter().map(Certificate).collect())
Ok(certs?)
}

fn load_private_key(certificate: &str) -> anyhow::Result<PrivateKey> {
fn load_private_key<'a>(certificate: &str) -> anyhow::Result<PrivatePkcs8KeyDer<'a>> {
let cert_bytes = std::fs::read_to_string(certificate).map_or_else(
|_| certificate.as_bytes().to_owned(),
|cert| cert.as_bytes().to_owned(),
);

let certs = rustls_pemfile::pkcs8_private_keys(&mut cert_bytes.as_slice())
.map_err(|err| anyhow!(err))?;
let cert = certs
.into_iter()
.next()
.ok_or_else(|| anyhow!("No private key found"))?;
Ok(PrivateKey(cert))
.ok_or_else(|| anyhow!("No private key found"))??;
Ok(certs)
}

pub(crate) fn create_connection(
Expand Down Expand Up @@ -421,17 +419,15 @@ pub(crate) fn create_connection(
let ca = ca.sub_env_vars().map_err(|e| anyhow!("{}", e))?;
let certificates = load_certs(&ca)?;
for cert in certificates {
root_cert_store.add(&cert).unwrap();
root_cert_store.add(cert).unwrap();
}
} else {
for cert in load_native_certs().expect("could not load platform certs") {
root_cert_store.add(&Certificate(cert.0)).unwrap();
root_cert_store.add(cert).unwrap();
}
}

let builder = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_cert_store);
let builder = ClientConfig::builder().with_root_certificates(root_cert_store);

let tls_config = if let Some((Some(client_cert), Some(client_key))) = c
.tls
Expand All @@ -443,7 +439,7 @@ pub(crate) fn create_connection(
let certs = load_certs(&client_cert)?;
let key = load_private_key(&client_key)?;

builder.with_client_auth_cert(certs, key)?
builder.with_client_auth_cert(certs, key.into())?
} else {
builder.with_no_client_auth()
};
Expand Down
1 change: 1 addition & 0 deletions crates/arroyo-connectors/src/sse/operator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ impl SSESourceFunc {
SSE::Comment(s) => {
debug!("Received comment {:?}", s);
}
SSE::Connected(_) => {}
}
}
Some(Err(Error::Eof)) => {
Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo-controller/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ time = "0.3"
cornucopia_async = { workspace = true, features = ["with-serde_json-1"] }
thiserror = "1.0.40"
regex = "1.7.3"
reqwest = { version = "0.11.16", features = ["json"] }
reqwest = { workspace = true, features = ["json"] }
uuid = "1.3.3"
async-stream = "0.3.5"
base64 = "0.21.5"
Expand Down
6 changes: 3 additions & 3 deletions crates/arroyo-openapi/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@ edition = "2021"
[dependencies]
futures = "0.3"
progenitor-client = { git = "https://github.com/oxidecomputer/progenitor" }
reqwest = { version = "0.11", features = ["json", "stream"] }
reqwest = { version = "0.12", features = ["json", "stream"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"

chrono = { version = "0.4", features = ["serde"] }
regress = "0.4.1"
regress = "0.10.1"

[build-dependencies]
prettyplease = "0.1.25"
progenitor = { git = "https://github.com/oxidecomputer/progenitor" }
progenitor = { version = '0.8' }
serde_json = "1.0"
syn = "1.0"

Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo-planner/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ xxhash-rust = { version = "0.8.12", features = ["xxh3", "std"] }

[dev-dependencies]
test-log = {version = "0.2.15", default-features = false, features = ["trace"]}
rstest = { version = "0.18.2" }
rstest = { version = "0.23" }

[build-dependencies]
glob = "0.3.1"
2 changes: 1 addition & 1 deletion crates/arroyo-rpc/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ serde_json = "1.0"
nanoid = "0.4"
utoipa = "4"
anyhow = "1"
reqwest = { version = "0.11.22", features = ["default", "serde_json", "json"] }
reqwest = { workspace = true, features = ["default", "json"] }
log = "0.4.20"
tracing = "0.1.40"
async-trait = "0.1.74"
Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo-server-common/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ axum = "0.6"
lazy_static = "1.4.0"
futures = { version = "0.3" }
once_cell = "1.17.1"
reqwest = { version = "0.11.18", features = ["json"] }
reqwest = { workspace = true, features = ["json"] }
serde_json = "1.0.96"
tokio-util = "0.7.10"
anyhow = "1.0.82"
Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo-worker/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ anyhow = "1.0.71"
typify = "0.0.13"
regress = "0.6.0"
object_store = {workspace = true }
reqwest = "0.11.20"
reqwest = {workspace = true}
memchr = "2.6.3"

datafusion = { workspace = true }
Expand Down
2 changes: 1 addition & 1 deletion crates/arroyo/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ refinery = { version = "0.8.14" , features = ["tokio-postgres", "rusqlite"] }
anyhow = { version = "1.0.79"}
dirs = "5.0.1"
rand = "0.8.5"
reqwest = "0.11"
reqwest = { workspace = true}
clio = { version = "0.3.5", features = ["clap", "clap-parse"] }
async-trait = "0.1.80"
open = '5.3.0'
Expand Down
2 changes: 1 addition & 1 deletion crates/integ/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ tracing = "0.1.37"
tracing-subscriber = "0.3.17"
serde_json = { version = "1", features = ["preserve_order"] }
rdkafka = "0.33"
reqwest = "0.11"
reqwest = { workspace = true }
92 changes: 46 additions & 46 deletions webui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,70 +12,70 @@
"openapi": "cargo build --package arroyo-openapi && npx openapi-typescript $(pwd)/../target/api-spec.json --output $(pwd)/src/gen/api-types.ts"
},
"dependencies": {
"@babel/core": "^7.22.5",
"@chakra-ui/anatomy": "^2.2.1",
"@chakra-ui/icons": "^2.0.19",
"@babel/core": "^7.26.0",
"@chakra-ui/anatomy": "^2.3.4",
"@chakra-ui/icons": "^2.2.4",
"@chakra-ui/pro-theme": "^0.0.57",
"@chakra-ui/react": "^2.8.0",
"@chakra-ui/stepper": "^2.2.0",
"@chakra-ui/styled-system": "^2.9.1",
"@emotion/react": "^11.11.1",
"@emotion/styled": "^11.11.0",
"@fontsource/ibm-plex-mono": "^5.0.13",
"@chakra-ui/react": "^2.10.3",
"@chakra-ui/stepper": "^2.3.1",
"@chakra-ui/styled-system": "^2.12.0",
"@emotion/react": "^11.13.3",
"@emotion/styled": "^11.13.0",
"@fontsource/ibm-plex-mono": "^5.1.0",
"@fontsource/inter": "^4.5.15",
"@monaco-editor/react": "^4.5.1",
"@rjsf/chakra-ui": "^5.8.1",
"@rjsf/core": "^5.8.1",
"@rjsf/utils": "^5.8.1",
"@rjsf/validator-ajv8": "^5.8.1",
"@types/d3": "^7.4.0",
"@types/dagre": "^0.7.48",
"@types/json-schema": "^7.0.12",
"@types/lodash": "^4.14.200",
"@types/react-syntax-highlighter": "^15.5.7",
"ag-grid-community": "^31.3.2",
"ag-grid-react": "^31.3.2",
"ajv": "^8.12.0",
"@monaco-editor/react": "^4.6.0",
"@rjsf/chakra-ui": "^5.22.1",
"@rjsf/core": "^5.22.1",
"@rjsf/utils": "^5.22.1",
"@rjsf/validator-ajv8": "^5.22.1",
"@types/d3": "^7.4.3",
"@types/dagre": "^0.7.52",
"@types/json-schema": "^7.0.15",
"@types/lodash": "^4.17.12",
"@types/react-syntax-highlighter": "^15.5.13",
"ag-grid-community": "^31.3.4",
"ag-grid-react": "^31.3.4",
"ajv": "^8.17.1",
"ajv-formats": "^2.1.1",
"d3": "^7.8.5",
"d3": "^7.9.0",
"dagre": "^0.8.5",
"downshift": "^8.2.3",
"formik": "^2.4.2",
"downshift": "^8.5.0",
"formik": "^2.4.6",
"framer-motion": "^10.18.0",
"lodash": "^4.17.21",
"metrics-graphics": "3.0.0-beta1",
"monaco-editor": "^0.34.1",
"monaco-sql-languages": "^0.9.5",
"openapi-fetch": "^0.6.1",
"openapi-typescript": "^6.2.8",
"openapi-fetch": "^0.6.2",
"openapi-typescript": "^6.7.6",
"prop-types": "^15.8.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-icons": "^4.11.0",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-icons": "^4.12.0",
"react-markdown": "^9.0.1",
"react-resizable-panels": "^0.0.55",
"react-router-dom": "^6.13.0",
"react-syntax-highlighter": "^15.5.0",
"react-test-renderer": "^18.2.0",
"reactflow": "^11.7.2",
"swr": "^2.2.1",
"react-router-dom": "^6.27.0",
"react-syntax-highlighter": "^15.6.1",
"react-test-renderer": "^18.3.1",
"reactflow": "^11.11.4",
"swr": "^2.2.5",
"use-local-storage": "^3.0.0"
},
"devDependencies": {
"@chakra-ui/cli": "^2.4.1",
"@types/node": "^18.16.18",
"@types/react": "^18.2.12",
"@types/react-dom": "^18.2.5",
"@typescript-eslint/eslint-plugin": "^5.59.11",
"@typescript-eslint/parser": "^5.59.11",
"@chakra-ui/cli": "^2.5.5",
"@types/node": "^18.19.59",
"@types/react": "^18.3.12",
"@types/react-dom": "^18.3.1",
"@typescript-eslint/eslint-plugin": "^5.62.0",
"@typescript-eslint/parser": "^5.62.0",
"@vitejs/plugin-react": "^3.1.0",
"eslint": "^8.42.0",
"eslint-plugin-import": "^2.27.5",
"eslint-plugin-react": "^7.32.2",
"eslint": "^8.57.1",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-react": "^7.37.2",
"eslint-plugin-unused-imports": "^2.0.0",
"postcss": ">=8.4.31",
"postcss": "^8.4.47",
"prettier": "^2.8.8",
"typescript": "^4.9.5",
"vite": "^4.5.3"
"vite": "^4.5.5"
}
}
Loading

0 comments on commit 2f73f96

Please sign in to comment.