Upgrade deps with cargo upgrade.

This commit upgrades the deps with `cargo upgrade`. The `rand` dependency was not updated as a downstream dependency uses a backwards incompatible version.
deislabs · Sep 16, 2021 · 9e4a59a · 9e4a59a
1 parent 7f458e6
commit 9e4a59a
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 105 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -37,50 +37,50 @@ cli = ["clap", "tracing-subscriber"]
 all-features = true
 
 [dependencies]
-anyhow = "1.0"
-toml = "0.5"
-serde = {version = "1.0", features = ["derive"]}
-serde_json = "1.0"
-tempfile = "3.2"
-sha2 = "0.9"
-thiserror = "1.0"
-semver = { version = "0.11", features = ["serde"] }
-tokio = { version = "1.0", features = ["full"] }
-tokio-util = { version = "0.6", features = ["io"] }
-tokio-stream = { version = "0.1", features = ["fs"] }
-warp = { version = "0.3", features = ["tls"], optional = true }
-bytes = "1.0"
-async-trait = "0.1"
-futures = "0.3"
+anyhow = "1.0.44"
+toml = "0.5.8"
+serde = { version = "1.0.130", features = ["derive"] }
+serde_json = "1.0.68"
+tempfile = "3.2.0"
+sha2 = "0.9.8"
+thiserror = "1.0.29"
+semver = { version = "1.0.4", features = ["serde"] }
+tokio = { version = "1.11.0", features = ["full"] }
+tokio-util = { version = "0.6.8", features = ["io"] }
+tokio-stream = { version = "0.1.7", features = ["fs"] }
+warp = { version = "0.3.1", features = ["tls"], optional = true }
+bytes = "1.1.0"
+async-trait = "0.1.51"
+futures = "0.3.17"
 clap = { version = "3.0.0-beta.4", optional = true }
-reqwest = { version = "0.11", features = ["stream"] }
-hyper = "0.14"
-url = "2.2"
-tracing-subscriber = { version = "0.2", optional = true }
-dirs = { version = "3.0", optional = true }
-mime_guess = { version = "2.0", optional = true }
-lru = "0.6"
+reqwest = { version = "0.11.4", features = ["stream"] }
+hyper = "0.14.12"
+url = "2.2.2"
+tracing-subscriber = { version = "0.2.22", optional = true }
+dirs = { version = "4.0.0", optional = true }
+mime_guess = { version = "2.0.3", optional = true }
+lru = "0.6.6"
 # We need the older version of rand for dalek
 rand = "0.7"
-ed25519-dalek = "1.0"
-base64 = "0.13"
-tracing = { version = "0.1", features = ["log"] }
-tracing-futures = "0.2"
-mime = "0.3"
-sled = "0.34"
-serde_cbor = "0.11"
-oauth2 = {version = "4.1", features = ["reqwest"]}
-jsonwebtoken = "7.2"
-openid = {version = "0.9", optional = true}
-bcrypt = "0.10"
-chrono = { version = "0.4", features = ["serde"], optional = true }
-either = "1.6"
+ed25519-dalek = "1.0.1"
+base64 = "0.13.0"
+tracing = { version = "0.1.27", features = ["log"] }
+tracing-futures = "0.2.5"
+mime = "0.3.16"
+sled = "0.34.7"
+serde_cbor = "0.11.2"
+oauth2 = { version = "4.1.0", features = ["reqwest"] }
+jsonwebtoken = "7.2.0"
+openid = { version = "0.9.3", optional = true }
+bcrypt = "0.10.1"
+chrono = { version = "0.4.19", features = ["serde"], optional = true }
+either = "1.6.1"
 
 # NOTE: This is a workaround due to a dependency issue in oauth2: https://github.com/tkaitchuck/ahash/issues/95#issuecomment-903560879
 indexmap = "~1.6.2"
 
 [dev-dependencies]
-rstest = "0.11"
+rstest = "0.11.0"
 
 [[bin]]
 name = "bindle-server"

diff --git a/src/invoice/mod.rs b/src/invoice/mod.rs
@@ -31,7 +31,7 @@ pub use signature::{SecretKeyEntry, Signature, SignatureError, SignatureRole};
 pub use verification::VerificationStrategy;
 
 use ed25519_dalek::{Signature as EdSignature, Signer};
-use semver::{Compat, Version, VersionReq};
+use semver::{Version, VersionReq};
 use serde::{Deserialize, Serialize};
 use tracing::info;
 
@@ -377,20 +377,20 @@ fn version_compare(version: &Version, requirement: &str) -> bool {
         return true;
     }
 
-    // Setting Compat::Npm follows the rules here:
-    // https://www.npmjs.com/package/semver
-    //
-    // Most importantly, the requirement "1.2.3" is treated as "= 1.2.3".
-    // Without the compat mode, "1.2.3" is treated as "^1.2.3".
-    match VersionReq::parse_compat(requirement, Compat::Npm) {
-        Ok(req) => {
-            return req.matches(version);
-        }
+    // For compatibility with npm (https://www.npmjs.com/package/semver),
+    // check if the requirement is just a version; if so, treat it as equality (`=`) rather
+    // than Rust's default (`^`).
+    if let Ok(v) = Version::parse(requirement) {
+        return *version == v;
+    }
+
+    match VersionReq::parse(requirement) {
+        Ok(req) => req.matches(version),
         Err(e) => {
             tracing::log::error!("SemVer range could not parse: {}", e);
+            false
         }
     }
-    false
 }
 
 #[cfg(test)]