Dependency updates

Cargo.toml

@@ -32,12 +32,15 @@ interim = { version = "0.1.0", features = ["chrono"] }
 itertools = "0.10.5"
 rand = { version = "0.8.5", features = ["std"] }
 semver = "1.0.14"
-serde = { version = "1.0.145", features = ["derive"] }
+# https://github.com/serde-rs/serde/issues/2538
+# I don't trust dtolnay with our user's builds. especially as we
+# have things like encryption keys
+serde = { version = "1.0.145, <=1.0.171", features = ["derive"] }
 serde_json = "1.0.99"
 tokio = { version = "1", features = ["full"] }
 uuid = { version = "1.3", features = ["v4", "serde"] }
 whoami = "1.1.2"
-typed-builder = "0.14.0"
+typed-builder = "0.15.0"
 pretty_assertions = "1.3.0"
 
 [workspace.dependencies.reqwest]
@@ -46,5 +49,5 @@ features = ["json", "rustls-tls-native-roots"]
 default-features = false
 
 [workspace.dependencies.sqlx]
-version = "0.6"
+version = "0.7.1"
 features = ["runtime-tokio-rustls", "chrono", "postgres", "uuid"]

atuin-client/Cargo.toml

@@ -44,11 +44,11 @@ sql-builder = "3"
 lazy_static = "1"
 memchr = "2.5"
 rmp = { version = "0.8.11" }
-typed-builder = "0.14.0"
+typed-builder = { workspace = true }
 tokio = { workspace = true }
 semver = { workspace = true }
 futures = "0.3"
-xsalsa20poly1305 = "0.9.0"
+crypto_secretbox = "0.1.1"
 generic-array = { version = "0.14", features = ["serde"] }
 
 # encryption

atuin-client/src/database.rs

@@ -166,7 +166,7 @@ impl Sqlite {
         .bind(h.session.as_str())
         .bind(h.hostname.as_str())
         .bind(h.deleted_at.map(|t|t.timestamp_nanos()))
-        .execute(tx)
+        .execute(&mut **tx)
         .await?;
 
         Ok(())

atuin-client/src/encryption.rs

@@ -12,15 +12,15 @@ use std::{io::prelude::*, path::PathBuf};
 
 use base64::prelude::{Engine, BASE64_STANDARD};
 use chrono::{DateTime, Utc};
+pub use crypto_secretbox::Key;
+use crypto_secretbox::{
+    aead::{Nonce, OsRng},
+    AeadCore, AeadInPlace, KeyInit, XSalsa20Poly1305,
+};
 use eyre::{bail, ensure, eyre, Context, Result};
 use fs_err as fs;
 use rmp::{decode::Bytes, Marker};
 use serde::{Deserialize, Serialize};
-pub use xsalsa20poly1305::Key;
-use xsalsa20poly1305::{
-    aead::{Nonce, OsRng},
-    AeadInPlace, KeyInit, XSalsa20Poly1305,
-};
 
 use crate::{history::History, settings::Settings};
 
@@ -240,7 +240,7 @@ fn error_report<E: std::fmt::Debug>(err: E) -> eyre::Report {
 
 #[cfg(test)]
 mod test {
-    use xsalsa20poly1305::{aead::OsRng, KeyInit, XSalsa20Poly1305};
+    use crypto_secretbox::{aead::OsRng, KeyInit, XSalsa20Poly1305};
 
     use crate::history::History;
 

atuin-client/src/kv.rs

@@ -218,8 +218,8 @@ impl KvStore {
 
 #[cfg(test)]
 mod tests {
+    use crypto_secretbox::{KeyInit, XSalsa20Poly1305};
     use rand::rngs::OsRng;
-    use xsalsa20poly1305::{KeyInit, XSalsa20Poly1305};
 
     use crate::record::sqlite_store::SqliteStore;
 

atuin-client/src/record/sqlite_store.rs

@@ -72,7 +72,7 @@ impl SqliteStore {
         .bind(r.version.as_str())
         .bind(r.data.data.as_str())
         .bind(r.data.content_encryption_key.as_str())
-        .execute(tx)
+        .execute(&mut **tx)
         .await?;
 
         Ok(())

atuin-client/src/sync.rs

@@ -6,7 +6,7 @@ use chrono::prelude::*;
 use eyre::Result;
 
 use atuin_common::api::AddHistoryRequest;
-use xsalsa20poly1305::Key;
+use crypto_secretbox::Key;
 
 use crate::{
     api_client,

atuin-server-postgres/src/lib.rs

@@ -247,7 +247,7 @@ impl Database for Postgres {
             .bind(hostname)
             .bind(i.timestamp)
             .bind(data)
-            .execute(&mut tx)
+            .execute(&mut *tx)
             .await
             .map_err(fix_error)?;
         }
@@ -375,7 +375,7 @@ impl Database for Postgres {
             .bind(&i.data.data)
             .bind(&i.data.content_encryption_key)
             .bind(user.id)
-            .execute(&mut tx)
+            .execute(&mut *tx)
             .await
             .map_err(fix_error)?;
         }

deny.toml

@@ -0,0 +1,105 @@
+# This template contains all of the possible sections and their default values
+
+# Note that all fields that take a lint level have these possible values:
+# * deny - An error will be produced and the check will fail
+# * warn - A warning will be produced, but the check will not fail
+# * allow - No warning or error will be produced, though in some cases a note
+# will be
+
+# The values provided in this template are the default values that will be used
+# when any section or field is not specified in your own configuration
+
+# Root options
+
+targets = []
+all-features = true
+no-default-features = false
+
+# This section is considered when running `cargo deny check advisories`
+# More documentation for the advisories section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
+[advisories]
+db-path = "~/.cargo/advisory-db"
+db-urls = ["https://github.com/rustsec/advisory-db"]
+vulnerability = "deny"
+unmaintained = "warn"
+yanked = "warn"
+notice = "warn"
+ignore = [
+    # time 0.1 - code path not taken
+    "RUSTSEC-2020-0071",
+    # potential to misuse ed25519-dalek 1.0
+    # used by rusty-paseto. not in a vulnerable way
+    # and we don't even use paseto public key crypto so we don't use this
+    "RUSTSEC-2022-0093",
+    # DoS with untrusted input. Only runs on the client so not a concern
+    "RUSTSEC-2021-0041",
+]
+
+# This section is considered when running `cargo deny check licenses`
+# More documentation for the licenses section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
+[licenses]
+unlicensed = "deny"
+allow = [
+    "Apache-2.0",
+    "BSD-3-Clause",
+    "ISC",
+    "MIT",
+    "MPL-2.0",
+    "OpenSSL",
+    "Unicode-DFS-2016",
+]
+deny = []
+copyleft = "warn"
+allow-osi-fsf-free = "neither"
+default = "deny"
+confidence-threshold = 0.8
+exceptions = []
+
+# Some crates don't have (easily) machine readable licensing information,
+# adding a clarification entry for it allows you to manually specify the
+# licensing information
+[[licenses.clarify]]
+name = "ring"
+version = "*"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+# This section is considered when running `cargo deny check bans`.
+# More documentation about the 'bans' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
+[bans]
+multiple-versions = "allow"
+wildcards = "warn"
+highlight = "all"
+workspace-default-features = "allow"
+external-default-features = "allow"
+allow = []
+deny = []
+skip = []
+skip-tree = []
+
+# This section is considered when running `cargo deny check sources`.
+# More documentation about the 'sources' section can be found here:
+# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
+[sources]
+# Lint level for what to happen when a crate from a crate registry that is not
+# in the allow list is encountered
+unknown-registry = "warn"
+# Lint level for what to happen when a crate from a git repository that is not
+# in the allow list is encountered
+unknown-git = "warn"
+# List of URLs for allowed crate registries. Defaults to the crates.io index
+# if not specified. If it is specified but empty, no registries are allowed.
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
+# List of URLs for allowed Git repositories
+allow-git = []
+
+[sources.allow-org]
+# 1 or more github.com organizations to allow git sources for
+github = []
+# 1 or more gitlab.com organizations to allow git sources for
+gitlab = []
+# 1 or more bitbucket.org organizations to allow git sources for
+bitbucket = []