From e66aa1ef8cf5de81e4762e51be5d06c14a40d873 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 21 Jul 2025 10:29:39 +0100 Subject: [PATCH] runtime: Bump promethus and ttrpc-codegen Bump these crates to remove the old version of protobuf and remediate RUSTSEC-2024-0437 Signed-off-by: stevenhorsman --- src/runtime-rs/Cargo.lock | 204 +++----------------- src/runtime-rs/crates/hypervisor/Cargo.toml | 2 +- src/runtime-rs/crates/runtimes/Cargo.toml | 2 +- 3 files changed, 25 insertions(+), 183 deletions(-) diff --git a/src/runtime-rs/Cargo.lock b/src/runtime-rs/Cargo.lock index 1ca4333b8e..c7050fc563 100644 --- a/src/runtime-rs/Cargo.lock +++ b/src/runtime-rs/Cargo.lock @@ -50,7 +50,7 @@ dependencies = [ "logging", "nix 0.26.4", "oci-spec 0.8.1", - "protobuf 3.7.2", + "protobuf", "protocols", "serde", "serde_json", @@ -563,7 +563,7 @@ dependencies = [ "nix 0.26.4", "oci-spec 0.8.1", "persist", - "protobuf 3.7.2", + "protobuf", "protocols", "resource", "runtime-spec", @@ -655,9 +655,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de174e763d62b6b1aaed7d9ec7f21369e18d4f4098ae1f11f2ea1a3eb4a31c61" dependencies = [ "async-trait", - "protobuf 3.7.2", + "protobuf", "ttrpc", - "ttrpc-codegen 0.6.0", + "ttrpc-codegen", ] [[package]] @@ -1178,7 +1178,7 @@ dependencies = [ "log", "nix 0.24.3", "procfs 0.12.0", - "prometheus 0.14.0", + "prometheus", "seccompiler", "serde", "serde_derive", @@ -1799,7 +1799,7 @@ dependencies = [ "oci-spec 0.8.1", "path-clean", "persist", - "protobuf 3.7.2", + "protobuf", "protocols", "qapi", "qapi-qmp", @@ -1821,7 +1821,7 @@ dependencies = [ "tokio", "tracing", "ttrpc", - "ttrpc-codegen 0.4.2", + "ttrpc-codegen", "vmm-sys-util 0.11.1", ] @@ -2220,12 +2220,6 @@ dependencies = [ "vm-memory", ] -[[package]] -name = "linux-raw-sys" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4" - [[package]] name = "linux-raw-sys" version = "0.3.8" @@ -3260,19 +3254,6 @@ dependencies = [ "libc", ] -[[package]] -name = "procfs" -version = "0.14.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1de8dacb0873f77e6aefc6d71e044761fcc68060290f5b1089fcdf84626bb69" -dependencies = [ - "bitflags 1.3.2", - "byteorder", - "hex", - "lazy_static", - "rustix 0.36.17", -] - [[package]] name = "procfs" version = "0.17.0" @@ -3295,23 +3276,6 @@ dependencies = [ "hex", ] -[[package]] -name = "prometheus" -version = "0.13.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "449811d15fbdf5ceb5c1144416066429cf82316e2ec8ce0c1f6f8a02e7bbcf8c" -dependencies = [ - "cfg-if 1.0.0", - "fnv", - "lazy_static", - "libc", - "memchr", - "parking_lot", - "procfs 0.14.2", - "protobuf 2.28.0", - "thiserror 1.0.69", -] - [[package]] name = "prometheus" version = "0.14.0" @@ -3325,7 +3289,7 @@ dependencies = [ "memchr", "parking_lot", "procfs 0.17.0", - "protobuf 3.7.2", + "protobuf", "thiserror 2.0.11", ] @@ -3380,12 +3344,6 @@ dependencies = [ "prost", ] -[[package]] -name = "protobuf" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" - [[package]] name = "protobuf" version = "3.7.2" @@ -3397,15 +3355,6 @@ dependencies = [ "thiserror 1.0.69", ] -[[package]] -name = "protobuf-codegen" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "033460afb75cf755fcfc16dfaed20b86468082a2ea24e05ac35ab4a099a017d6" -dependencies = [ - "protobuf 2.28.0", -] - [[package]] name = "protobuf-codegen" version = "3.7.2" @@ -3414,7 +3363,7 @@ checksum = "5d3976825c0014bbd2f3b34f0001876604fe87e0c86cd8fa54251530f1544ace" dependencies = [ "anyhow", "once_cell", - "protobuf 3.7.2", + "protobuf", "protobuf-parse", "regex", "tempfile", @@ -3430,7 +3379,7 @@ dependencies = [ "anyhow", "indexmap 2.8.0", "log", - "protobuf 3.7.2", + "protobuf", "protobuf-support", "tempfile", "thiserror 1.0.69", @@ -3452,11 +3401,11 @@ version = "0.1.0" dependencies = [ "async-trait", "oci-spec 0.8.1", - "protobuf 3.7.2", + "protobuf", "serde", "serde_json", "ttrpc", - "ttrpc-codegen 0.6.0", + "ttrpc-codegen", ] [[package]] @@ -3870,7 +3819,7 @@ dependencies = [ "opentelemetry-jaeger", "persist", "procfs 0.12.0", - "prometheus 0.13.3", + "prometheus", "resource", "runtime-spec", "serde_json", @@ -3918,20 +3867,6 @@ version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" -[[package]] -name = "rustix" -version = "0.36.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "305efbd14fde4139eb501df5f136994bb520b033fa9fbdce287507dc23b8c7ed" -dependencies = [ - "bitflags 1.3.2", - "errno", - "io-lifetimes", - "libc", - "linux-raw-sys 0.1.4", - "windows-sys 0.45.0", -] - [[package]] name = "rustix" version = "0.37.28" @@ -4275,7 +4210,7 @@ dependencies = [ "logging", "nix 0.26.4", "oci-spec 0.8.1", - "protobuf 3.7.2", + "protobuf", "rand 0.8.5", "runtime-spec", "runtimes", @@ -5004,51 +4939,24 @@ dependencies = [ "libc", "log", "nix 0.26.4", - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "thiserror 1.0.69", "tokio", "tokio-vsock", "windows-sys 0.48.0", ] -[[package]] -name = "ttrpc-codegen" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94d7f7631d7a9ebed715a47cd4cb6072cbc7ae1d4ec01598971bbec0024340c2" -dependencies = [ - "protobuf 2.28.0", - "protobuf-codegen 3.7.2", - "protobuf-support", - "ttrpc-compiler 0.6.1", -] - [[package]] name = "ttrpc-codegen" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e5c657ef5cea6f6c6073c1be0787ba4482f42a569d4821e467daec795271f86" dependencies = [ - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "protobuf-support", - "ttrpc-compiler 0.8.0", -] - -[[package]] -name = "ttrpc-compiler" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3cb5dbf1f0865a34fe3f722290fe776cacb16f50428610b779467b76ddf647" -dependencies = [ - "derive-new", - "prost", - "prost-build", - "prost-types", - "protobuf 2.28.0", - "protobuf-codegen 2.28.0", - "tempfile", + "ttrpc-compiler", ] [[package]] @@ -5061,8 +4969,8 @@ dependencies = [ "prost", "prost-build", "prost-types", - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "tempfile", ] @@ -5217,7 +5125,7 @@ dependencies = [ "nix 0.26.4", "oci-spec 0.8.1", "persist", - "protobuf 3.7.2", + "protobuf", "resource", "runtime-spec", "sendfd", @@ -5476,7 +5384,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.48.0", ] [[package]] @@ -5553,15 +5461,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "windows-sys" -version = "0.45.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" -dependencies = [ - "windows-targets 0.42.2", -] - [[package]] name = "windows-sys" version = "0.48.0" @@ -5580,21 +5479,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "windows-targets" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" -dependencies = [ - "windows_aarch64_gnullvm 0.42.2", - "windows_aarch64_msvc 0.42.2", - "windows_i686_gnu 0.42.2", - "windows_i686_msvc 0.42.2", - "windows_x86_64_gnu 0.42.2", - "windows_x86_64_gnullvm 0.42.2", - "windows_x86_64_msvc 0.42.2", -] - [[package]] name = "windows-targets" version = "0.48.1" @@ -5626,12 +5510,6 @@ dependencies = [ "windows_x86_64_msvc 0.52.6", ] -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" - [[package]] name = "windows_aarch64_gnullvm" version = "0.48.0" @@ -5644,12 +5522,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" -[[package]] -name = "windows_aarch64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" - [[package]] name = "windows_aarch64_msvc" version = "0.48.0" @@ -5662,12 +5534,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" -[[package]] -name = "windows_i686_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" - [[package]] name = "windows_i686_gnu" version = "0.48.0" @@ -5686,12 +5552,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" -[[package]] -name = "windows_i686_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" - [[package]] name = "windows_i686_msvc" version = "0.48.0" @@ -5704,12 +5564,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" -[[package]] -name = "windows_x86_64_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" - [[package]] name = "windows_x86_64_gnu" version = "0.48.0" @@ -5722,12 +5576,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" - [[package]] name = "windows_x86_64_gnullvm" version = "0.48.0" @@ -5740,12 +5588,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" -[[package]] -name = "windows_x86_64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" - [[package]] name = "windows_x86_64_msvc" version = "0.48.0" diff --git a/src/runtime-rs/crates/hypervisor/Cargo.toml b/src/runtime-rs/crates/hypervisor/Cargo.toml index d4348fa803..a9469472df 100644 --- a/src/runtime-rs/crates/hypervisor/Cargo.toml +++ b/src/runtime-rs/crates/hypervisor/Cargo.toml @@ -85,7 +85,7 @@ hypervisor = { workspace = true, features = ["cloud-hypervisor"] } test-utils = { workspace = true } [build-dependencies] -ttrpc-codegen = "0.4.2" +ttrpc-codegen = "0.6.0" [lints.rust] unexpected_cfgs = { level = "warn", check-cfg = [ diff --git a/src/runtime-rs/crates/runtimes/Cargo.toml b/src/runtime-rs/crates/runtimes/Cargo.toml index 13e5eec911..018e5a86a8 100644 --- a/src/runtime-rs/crates/runtimes/Cargo.toml +++ b/src/runtime-rs/crates/runtimes/Cargo.toml @@ -31,7 +31,7 @@ serde_json = { workspace = true } nix = "0.25.0" url = { workspace = true } procfs = "0.12.0" -prometheus = { version = "0.13.0", features = ["process"] } +prometheus = { version = "0.14.0", features = ["process"] } oci-spec = { workspace = true } # Local dependencies