Cargo outdated (#268)

* Cargo outdated

* Update the version of the rcgen crate to actually zeroize the keys

Co-authored-by: Wenzek <diw@softwareag.com>

9 files changed, 53 insertions, 98 deletions

diff --git a/Cargo.lock b/Cargo.lock
index a933b5ea..c06f9da5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -558,6 +558,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "diff"
+version = "0.1.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e25ea47919b1560c4e3b7fe0aaab9becf5b84a10325ddf7db0f0ba5e1026499"
+
+[[package]]
 name = "difference"
 version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -794,24 +800,13 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.1.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.9.0+wasi-snapshot-preview1",
-]
-
-[[package]]
-name = "getrandom"
 version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi 0.10.2+wasi-snapshot-preview1",
+ "wasi",
 ]
 
 [[package]]
@@ -1174,7 +1169,7 @@ dependencies = [
  "httparse",
  "lazy_static",
  "log",
- "rand 0.8.3",
+ "rand",
  "regex",
  "serde_json",
  "serde_urlencoded",
@@ -1192,7 +1187,7 @@ dependencies = [
  "json",
  "log",
  "mockall",
- "rand 0.8.3",
+ "rand",
  "rumqttc",
  "thiserror",
  "tokio",
@@ -1474,13 +1469,13 @@ dependencies = [
 
 [[package]]
 name = "pretty_assertions"
-version = "0.6.1"
+version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f81e1644e1b54f5a68959a29aa86cde704219254669da328ecfdf6a1f09d427"
+checksum = "1cab0e7c02cf376875e9335e0ba1da535775beb5450d21e1dffca068818ed98b"
 dependencies = [
- "ansi_term 0.11.0",
+ "ansi_term 0.12.1",
  "ctor",
- "difference",
+ "diff",
  "output_vt100",
 ]
 
@@ -1540,18 +1535,18 @@ dependencies = [
 
 [[package]]
 name = "proptest"
-version = "0.10.1"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12e6c80c1139113c28ee4670dc50cc42915228b51f56a9e407f0ec60f966646f"
+checksum = "1e0d9cc07f18492d879586c92b485def06bc850da3118075cd45d50e9c95b0e5"
 dependencies = [
  "bit-set",
  "bitflags",
  "byteorder",
  "lazy_static",
  "num-traits",
- "quick-error",
- "rand 0.7.3",
- "rand_chacha 0.2.2",
+ "quick-error 2.0.1",
+ "rand",
+ "rand_chacha",
  "rand_xorshift",
  "regex-syntax",
  "rusty-fork",
@@ -1565,6 +1560,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
 
 [[package]]
+name = "quick-error"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
+
+[[package]]
 name = "quote"
 version = "0.6.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1590,37 +1591,14 @@ checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
 
 [[package]]
 name = "rand"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
-dependencies = [
- "getrandom 0.1.16",
- "libc",
- "rand_chacha 0.2.2",
- "rand_core 0.5.1",
- "rand_hc 0.2.0",
-]
-
-[[package]]
-name = "rand"
 version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
 dependencies = [
  "libc",
- "rand_chacha 0.3.0",
- "rand_core 0.6.2",
- "rand_hc 0.3.0",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.5.1",
+ "rand_chacha",
+ "rand_core",
+ "rand_hc",
 ]
 
 [[package]]
@@ -1630,16 +1608,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d"
 dependencies = [
  "ppv-lite86",
- "rand_core 0.6.2",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-dependencies = [
- "getrandom 0.1.16",
+ "rand_core",
 ]
 
 [[package]]
@@ -1648,16 +1617,7 @@ version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7"
 dependencies = [
- "getrandom 0.2.2",
-]
-
-[[package]]
-name = "rand_hc"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
-dependencies = [
- "rand_core 0.5.1",
+ "getrandom",
 ]
 
 [[package]]
@@ -1666,16 +1626,16 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73"
 dependencies = [
- "rand_core 0.6.2",
+ "rand_core",
 ]
 
 [[package]]
 name = "rand_xorshift"
-version = "0.2.0"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77d416b86801d23dde1aa643023b775c3a462efc0ed96443add11546cdf1dca8"
+checksum = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f"
 dependencies = [
- "rand_core 0.5.1",
+ "rand_core",
 ]
 
 [[package]]
@@ -1705,14 +1665,15 @@ dependencies = [
 
 [[package]]
 name = "rcgen"
-version = "0.8.9"
+version = "0.8.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cb7a2dc0e5307189b6933a61290ff06b65b35bdcaae2b2c50a0c3e355cb118e"
+checksum = "48b4fc1b81d685fcd442a86da2e2c829d9e353142633a8159f42bf28e7e94428"
 dependencies = [
  "chrono",
  "pem",
  "ring",
  "yasna",
+ "zeroize",
 ]
 
 [[package]]
@@ -1889,7 +1850,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
 dependencies = [
  "fnv",
- "quick-error",
+ "quick-error 1.2.3",
  "tempfile",
  "wait-timeout",
 ]
@@ -2199,7 +2160,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
 dependencies = [
  "cfg-if",
  "libc",
- "rand 0.8.3",
+ "rand",
  "redox_syscall",
  "remove_dir_all",
  "winapi",
@@ -2303,9 +2264,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
 
 [[package]]
 name = "tokio"
-version = "1.4.0"
+version = "1.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "134af885d758d645f0f0505c9a8b3f9bf8a348fd822e112ab5248138348f1722"
+checksum = "0a38d31d7831c6ed7aad00aa4c12d9375fd225a6dd77da1d25b707346319a975"
 dependencies = [
  "autocfg",
  "bytes",
@@ -2613,12 +2574,6 @@ dependencies = [
 
 [[package]]
 name = "wasi"
-version = "0.9.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
-
-[[package]]
-name = "wasi"
 version = "0.10.2+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
@@ -2796,9 +2751,9 @@ dependencies = [
 
 [[package]]
 name = "yasna"
-version = "0.3.2"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de7bff972b4f2a06c85f6d8454b09df153af7e3a4ec2aac81db1b105b684ddb"
+checksum = "e262a29d0e61ccf2b6190d7050d4b237535fc76ce4c1210d9caa316f71dffa75"
 dependencies = [
  "chrono",
 ]
diff --git a/common/certificate/Cargo.toml b/common/certificate/Cargo.toml
index cdd0d352..601a58ab 100644
--- a/common/certificate/Cargo.toml
+++ b/common/certificate/Cargo.toml
@@ -7,7 +7,7 @@ edition = "2018"
 
 [dependencies]
 chrono = "0.4"
-rcgen = { version = "0.8", features = ["pem"] }
+rcgen = { version = "0.8.11", features = ["pem", "zeroize"] }
 sha-1 = "0.9"
 thiserror = "1.0"
 x509-parser = "0.9"
diff --git a/common/certificate/src/lib.rs b/common/certificate/src/lib.rs
index d4da0cbf..c89328e5 100644
--- a/common/certificate/src/lib.rs
+++ b/common/certificate/src/lib.rs
@@ -86,7 +86,7 @@ impl PemCertificate {
 }
 
 pub struct KeyCertPair {
-    certificate: rcgen::Certificate,
+    certificate: Zeroizing<rcgen::Certificate>,
 }
 
 impl KeyCertPair {
@@ -123,7 +123,7 @@ impl KeyCertPair {
         params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained); // IsCa::SelfSignedOnly is rejected by C8Y
 
         Ok(KeyCertPair {
-            certificate: Certificate::from_params(params)?,
+            certificate: Zeroizing::new(Certificate::from_params(params)?),
         })
     }
 
diff --git a/common/mqtt_client/Cargo.toml b/common/mqtt_client/Cargo.toml
index c5183c84..dc8e17ad 100644
--- a/common/mqtt_client/Cargo.toml
+++ b/common/mqtt_client/Cargo.toml
@@ -9,7 +9,7 @@ edition = "2018"
 futures = "0.3"
 rumqttc = { git = "https://github.com/mneumann/rumqtt", branch = "support-publish-ack" }
 thiserror = "1.0"
-tokio = { version = "1.1", features = ["sync"] }
+tokio = { version = "1.6", features = ["sync"] }
 mockall = "0.9"
 async-trait = "0.1"
 
diff --git a/mapper/collectd_mapper/Cargo.toml b/mapper/collectd_mapper/Cargo.toml
index 7e208a1d..ce94bd5c 100644
--- a/mapper/collectd_mapper/Cargo.toml
+++ b/mapper/collectd_mapper/Cargo.toml
@@ -24,7 +24,7 @@ clock = {path = "../../common/clock" }
 mqtt_client = {path = "../../common/mqtt_client" }
 chrono = "0.4"
 futures = "0.3"
-tokio = { version = "1.1", features = ["rt", "sync", "time"] }
+tokio = { version = "1.6", features = ["rt", "sync", "time"] }
 anyhow = "1.0"
 thiserror = "1.0"
 tracing = { version = "0.1", features = ["attributes", "log"] }
diff --git a/mapper/cumulocity/c8y_translator_lib/Cargo.toml b/mapper/cumulocity/c8y_translator_lib/Cargo.toml
index ed135490..f02bb251 100644
--- a/mapper/cumulocity/c8y_translator_lib/Cargo.toml
+++ b/mapper/cumulocity/c8y_translator_lib/Cargo.toml
@@ -17,8 +17,8 @@ anyhow = "1.0.40"
 assert-json-diff = "2"
 assert_matches = "1.5.0"
 criterion = "0.3"
-pretty_assertions = "0.6"
-proptest = "0.10"
+pretty_assertions = "0.7"
+proptest = "1.0"
 serde_json = "1"
 
 [features]
diff --git a/mapper/tedge_mapper/Cargo.toml b/mapper/tedge_mapper/Cargo.toml
index 9957bfb3..3fdaaa4b 100644
--- a/mapper/tedge_mapper/Cargo.toml
+++ b/mapper/tedge_mapper/Cargo.toml
@@ -28,7 +28,7 @@ env_logger = "0.8"
 flockfile = {path = "../../common/flockfile" }
 log = "0.4"
 mqtt_client = {path = "../../common/mqtt_client" }
-tokio = { version = "1.1", features = ["full"] }
+tokio = { version = "1.6", features = ["rt", "sync", "time"] }
 tracing = { version = "0.1", features = ["attributes", "log"] }
 tracing-subscriber = "0.2"
 async-trait = "0.1"
diff --git a/mapper/thin_edge_json/Cargo.toml b/mapper/thin_edge_json/Cargo.toml
index e4aa5d04..1d8596e8 100644
--- a/mapper/thin_edge_json/Cargo.toml
+++ b/mapper/thin_edge_json/Cargo.toml
@@ -13,7 +13,7 @@ thiserror = "1.0"
 clock = {path = "../../common/clock" }
 
 [dev-dependencies]
-pretty_assertions = "0.6"
-proptest = "0.10"
+pretty_assertions = "0.7"
+proptest = "1.0"
 anyhow = "1"
 mockall = "0.9"
diff --git a/tedge/Cargo.toml b/tedge/Cargo.toml
index 6d5109b5..07da9142 100644
--- a/tedge/Cargo.toml
+++ b/tedge/Cargo.toml
@@ -23,7 +23,7 @@ serde = { version = "1.0", features = ["derive"] }
 structopt = "0.3"
 tempfile = "3.2"
 thiserror = "1.0"
-tokio = { version = "1.1", features = ["rt", "signal", "io-util", "sync"] }
+tokio = { version = "1.6", features = ["rt", "signal", "io-util", "sync"] }
 toml = "0.5"
 url = "2.2"
 which = "4.0"