Temporarily ignore prost-types advisory (backport #18525) (#18526)

* Temporarily ignore prost-types audit (#18525) (cherry picked from commit 6188283ba6) * Bump tokio Co-authored-by: Tyera Eulberg <teulberg@gmail.com> Co-authored-by: Tyera Eulberg <tyera@solana.com>
2021-07-08 14:04:06 -06:00
parent 50393adadd
commit d18a08471e
3 changed files with 54 additions and 45 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1,5 +1,7 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
+version = 3
+
 [[package]]
 name = "Inflector"
 version = "0.11.4"
@ -181,7 +183,7 @@ dependencies = [
 "instant",
 "pin-project 1.0.1",
 "rand 0.8.3",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -1577,7 +1579,7 @@ dependencies = [
 "simpl",
 "smpl_jwt",
 "time 0.2.25",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -1624,7 +1626,7 @@ dependencies = [
 "http",
 "indexmap",
 "slab",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-util 0.6.3",
 "tracing",
 "tracing-futures",
@ -1856,7 +1858,7 @@ dependencies = [
 "itoa",
 "pin-project-lite 0.2.4",
 "socket2",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tower-service",
 "tracing",
 "want",
@ -1872,7 +1874,7 @@ dependencies = [
 "hyper 0.14.3",
 "log 0.4.11",
 "rustls",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-rustls",
 "webpki",
 ]
@ -1886,7 +1888,7 @@ dependencies = [
 "bytes 1.0.1",
 "hyper 0.14.3",
 "native-tls",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-native-tls",
 ]

@ -3480,7 +3482,7 @@ dependencies = [
 "serde",
 "serde_json",
 "serde_urlencoded",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-native-tls",
 "tokio-rustls",
 "url 2.2.0",
@ -4044,7 +4046,7 @@ dependencies = [
 "solana-runtime",
 "solana-sdk",
 "tarpc",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-serde",
 ]

@ -4056,7 +4058,7 @@ dependencies = [
 "serde",
 "solana-sdk",
 "tarpc",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -4072,7 +4074,7 @@ dependencies = [
 "solana-runtime",
 "solana-sdk",
 "tarpc",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-serde",
 "tokio-stream",
 ]
@ -4327,7 +4329,7 @@ dependencies = [
 "solana-version",
 "solana-vote-program",
 "thiserror",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tungstenite",
 "url 2.2.0",
 ]
@ -4424,7 +4426,7 @@ dependencies = [
 "tempfile",
 "thiserror",
 "tokio 0.2.22",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-util 0.3.1",
 "trees",
 ]
@ -4528,7 +4530,7 @@ dependencies = [
 "solana-version",
 "spl-memo",
 "thiserror",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -4731,7 +4733,7 @@ dependencies = [
 "solana-vote-program",
 "tempfile",
 "thiserror",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-stream",
 "trees",
 ]
@ -4768,7 +4770,7 @@ dependencies = [
 "solana-version",
 "solana-vote-program",
 "tempfile",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -4909,7 +4911,7 @@ dependencies = [
 "solana-clap-utils",
 "solana-logger 1.6.17",
 "solana-version",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "url 2.2.0",
 ]

@ -5073,7 +5075,7 @@ dependencies = [
 "solana-stake-program",
 "solana-vote-program",
 "thiserror",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -5828,7 +5830,7 @@ dependencies = [
 "serde",
 "static_assertions",
 "tarpc-plugins",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-serde",
 "tokio-util 0.6.3",
 ]
@ -6077,9 +6079,9 @@ dependencies = [

 [[package]]
 name = "tokio"
-version = "1.1.1"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6714d663090b6b0acb0fa85841c6d66233d150cdb2602c8f9b8abb03370beb3f"
+checksum = "98c8b05dc14c75ea83d63dd391100353789f5f24b8b3866542a5e85c8be8e985"
 dependencies = [
 "autocfg 1.0.0",
 "bytes 1.0.1",
@ -6091,7 +6093,7 @@ dependencies = [
 "parking_lot 0.11.0",
 "pin-project-lite 0.2.4",
 "signal-hook-registry",
- "tokio-macros 1.0.0",
+ "tokio-macros 1.3.0",
 "winapi 0.3.8",
 ]

@ -6161,9 +6163,9 @@ dependencies = [

 [[package]]
 name = "tokio-macros"
-version = "1.0.0"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42517d2975ca3114b22a16192634e8241dc5cc1f130be194645970cc1c371494"
+checksum = "54473be61f4ebe4efd09cec9bd5d16fa51d70ea0192213d754d2d500457db110"
 dependencies = [
 "proc-macro2 1.0.24",
 "quote 1.0.6",
@ -6177,7 +6179,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b"
 dependencies = [
 "native-tls",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -6206,7 +6208,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
 dependencies = [
 "rustls",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "webpki",
 ]

@ -6234,7 +6236,7 @@ checksum = "76066865172052eb8796c686f0b441a93df8b08d40a950b062ffb9a426f00edd"
 dependencies = [
 "futures-core",
 "pin-project-lite 0.2.4",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -6359,7 +6361,7 @@ dependencies = [
 "futures-sink",
 "log 0.4.11",
 "pin-project-lite 0.2.4",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -6391,7 +6393,7 @@ dependencies = [
 "pin-project 1.0.1",
 "prost",
 "prost-derive",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-rustls",
 "tokio-stream",
 "tokio-util 0.6.3",
@ -6413,7 +6415,7 @@ dependencies = [
 "pin-project 1.0.1",
 "rand 0.8.3",
 "slab",
- "tokio 1.1.1",
+ "tokio 1.8.1",
 "tokio-stream",
 "tower-layer",
 "tower-service",
--- a/ci/do-audit.sh
+++ b/ci/do-audit.sh
@ -39,5 +39,10 @@ cargo_audit_ignores=(
  # https://github.com/paritytech/libsecp256k1/issues/66
  --ignore RUSTSEC-2020-0146

+  # prost-types: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
+  #
+  # Blocked on googleapi protobuf build errors
+  --ignore RUSTSEC-2021-0073
+
 )
 scripts/cargo-for-all-lock-files.sh stable audit "${cargo_audit_ignores[@]}"
--- a/programs/bpf/Cargo.lock
+++ b/programs/bpf/Cargo.lock
@ -1,5 +1,7 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
+version = 3
+
 [[package]]
 name = "Inflector"
 version = "0.11.4"
@ -1208,7 +1210,7 @@ dependencies = [
 "http",
 "indexmap",
 "slab",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-util",
 "tracing",
 ]
@ -1365,7 +1367,7 @@ dependencies = [
 "itoa",
 "pin-project",
 "socket2",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tower-service",
 "tracing",
 "want",
@ -1381,7 +1383,7 @@ dependencies = [
 "hyper",
 "log",
 "rustls",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-rustls",
 "webpki",
 ]
@ -2418,7 +2420,7 @@ dependencies = [
 "serde",
 "serde_json",
 "serde_urlencoded",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-rustls",
 "url",
 "wasm-bindgen",
@ -2806,7 +2808,7 @@ dependencies = [
 "solana-program 1.6.17",
 "solana-sdk",
 "tarpc",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-serde",
 ]

@ -2833,7 +2835,7 @@ dependencies = [
 "solana-runtime",
 "solana-sdk",
 "tarpc",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-serde",
 "tokio-stream",
 ]
@ -3220,7 +3222,7 @@ dependencies = [
 "solana-version",
 "solana-vote-program",
 "thiserror",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tungstenite",
 "url",
 ]
@ -3278,7 +3280,7 @@ dependencies = [
 "solana-version",
 "spl-memo",
 "thiserror",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -3400,7 +3402,7 @@ dependencies = [
 "solana-clap-utils",
 "solana-logger 1.6.17",
 "solana-version",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "url",
 ]

@ -3491,7 +3493,7 @@ dependencies = [
 "solana-sdk",
 "solana-vote-program",
 "thiserror",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -3885,7 +3887,7 @@ dependencies = [
 "serde",
 "static_assertions",
 "tarpc-plugins",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "tokio-serde",
 "tokio-util",
 ]
@ -4050,9 +4052,9 @@ dependencies = [

 [[package]]
 name = "tokio"
-version = "1.7.1"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fb2ed024293bb19f7a5dc54fe83bf86532a44c12a2bb8ba40d64a4509395ca2"
+checksum = "98c8b05dc14c75ea83d63dd391100353789f5f24b8b3866542a5e85c8be8e985"
 dependencies = [
 "autocfg",
 "bytes 1.0.1",
@ -4158,7 +4160,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
 dependencies = [
 "rustls",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 "webpki",
 ]

@ -4186,7 +4188,7 @@ checksum = "f8864d706fdb3cc0843a49647ac892720dac98a6eeb818b77190592cf4994066"
 dependencies = [
 "futures-core",
 "pin-project-lite 0.2.4",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 ]

 [[package]]
@ -4286,7 +4288,7 @@ dependencies = [
 "futures-sink",
 "log",
 "pin-project-lite 0.2.4",
- "tokio 1.7.1",
+ "tokio 1.8.1",
 ]

 [[package]]