Removing dependencies with CVE (old version of Nix)

pmeunier

Nov 11, 2022, 4:42 PM

X2MMGGXQEXJQKXV77LMQWY2BLMLOD6WRDGS3ZX3Z4NUDRAI5IDCAC

Dependencies

• [2] PVSY24YP Cargo.lock updates
• [3] GYXIF25T Proper parsing of URLs
• [4] 5FI6SBEZ Re-implement change printing and parsing
• [5] TPEH2XNB 1.0.0-alpha.28, with Tokio 1.0
• [6] PIQCNEEB Upgrading to Clap 3.0.0-alpha.5
• [7] B7YFA54A Cargo.lock update
• [8] OJZWJUF2 MUCH faster `pijul add -r`
• [9] J2D66R2D Enable the pager dependency on OSX, fixes build
• [10] QJXNUQFJ Solving conflicts
• [11] JRENVH5D Reqwest 0.11
• [12] 4EN4MDBQ Update identity dependencies
• [13] YX3VCEOM Version bump
• [14] ZHABNS3S Canonicalize all paths
• [15] 2K7JLB4Z No pager on Windows
• [16] VKBJ6XB6 Formatting and version bump
• [17] VAPBIG46 Version bump
• [18] ZDK3GNDB Tag transactions (including a massive refactoring of errors)
• [19] V4T4SC7O Testing binary diff
• [20] XF3FRWJ6 Version bump (including clap 3.0.0-beta.4)
• [21] OFQY3GUU Formatting and versions
• [*] SXEYMYF7 Fixing the bad changes in history (unfortunately, by rebooting).

Change contents

• replacement in pijul/Cargo.toml at line 56
  [3.1190]→[3.287:301](∅→∅)
  − ctrlc = "3.2"
  [3.1190]

  [3.2288]
  + ctrlc = "=3.2.0"
• edit in pijul/Cargo.toml at line 73
  [3.361]→[3.14079:14137](∅→∅)
  −

  − [dev-dependencies]

  − exitcode = "1.1.2"

  − expectrl = "0.5.2"
• edit in Cargo.lock at line 392
  [3.1463]→[3.3738:3753](∅→∅),[3.3738]→[3.3738:3753](∅→∅),[3.3753]→[3.1464:1670](∅→∅)
  − ]

  −

  − [[package]]

  − name = "conpty"

  − version = "0.3.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "977baae4026273d7f9bb69a0a8eb4aed7ab9dac98799f742dce09173a9734754"

  − dependencies = [

  − "windows",
• replacement in Cargo.lock at line 522
  [3.6858]→[2.2853:2871](∅→∅)
  − version = "3.2.3"
  [3.6858]

  [3.6876]
  + version = "3.2.0"
• replacement in Cargo.lock at line 524
  [3.6941]→[2.2872:2950](∅→∅)
  − checksum = "1d91974fbbe88ec1df0c24a4f00f99583667a7e2e6272b2b92d294d81e462173"
  [3.6941]

  [3.7019]
  + checksum = "377c9b002a72a0b2c1a18c62e2f3864bdfea4a015e3683a96e24aa45dd6c02d1"
• replacement in Cargo.lock at line 526
  [3.7036]→[2.2951:2966](∅→∅)
  − "nix 0.25.0",
  [3.7036]

  [3.7044]
  + "nix",
• edit in Cargo.lock at line 818
  [2.4798]→[2.4798:4811](∅→∅),[2.4811]→[3.3556:3995](∅→∅),[3.3556]→[3.3556:3995](∅→∅),[3.3995]→[3.2079:2081](∅→∅),[3.10879]→[3.2079:2081](∅→∅)
  −

  − [[package]]

  − name = "exitcode"

  − version = "1.1.2"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "de853764b47027c2e862a995c34978ffa63c1501f2e15f987ba11bd4f9bba193"

  −

  − [[package]]

  − name = "expectrl"

  − version = "0.5.2"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "2795e11f4ee3124984d454f25ac899515a5fa6d956562ef2b147fef6050b02f8"

  − dependencies = [

  − "conpty",

  − "nix 0.23.1",

  − "ptyprocess",

  − "regex",

  − ]
• edit in Cargo.lock at line 1611
  [3.5562]→[3.5562:5823](∅→∅)
  − ]

  −

  − [[package]]

  − name = "nix"

  − version = "0.21.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "5c3728fec49d363a50a8828a190b379a446cc5cf085c06259bbbeb34447e4ec7"

  − dependencies = [

  − "bitflags",

  − "cc",

  − "cfg-if",

  − "libc",

  − "memoffset",
• edit in Cargo.lock at line 1618
  [3.6013]→[3.6013:6084](∅→∅),[3.6084]→[3.27795:27823](∅→∅),[3.27795]→[3.27795:27823](∅→∅),[3.27823]→[3.2000:2019](∅→∅),[3.2019]→[3.27842:27907](∅→∅),[3.4040]→[3.27842:27907](∅→∅),[3.5358]→[3.27842:27907](∅→∅),[3.27842]→[3.27842:27907](∅→∅),[3.27907]→[3.2020:2098](∅→∅)
  − dependencies = [

  − "bitflags",

  − "cc",

  − "cfg-if",

  − "libc",

  − "memoffset",

  − ]

  −

  − [[package]]

  − name = "nix"

  − version = "0.23.1"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "9f866317acbd3a240710c63f065ffb1e4fd466259045ccb504130b7f668f35c6"
• edit in Cargo.lock at line 1627
  [3.28286]→[2.9562:9814](∅→∅)
  − name = "nix"

  − version = "0.25.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "e322c04a9e3440c327fca7b6c8a63e6890a32fa2ad689db972425f07e0d22abb"

  − dependencies = [

  − "autocfg",

  − "bitflags",

  − "cfg-if",

  − "libc",

  − ]

  −

  − [[package]]
• edit in Cargo.lock at line 1908
  [3.33699]→[3.7464:7490](∅→∅)
  − "exitcode",

  − "expectrl",
• edit in Cargo.lock at line 2055
  [3.8553]→[3.8553:8781](∅→∅)
  − ]

  −

  − [[package]]

  − name = "ptyprocess"

  − version = "0.3.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "69c28fcebfd842bfe19d69409fc321230ea8c1bebe31f274906485c761ce1917"

  − dependencies = [

  − "nix 0.21.0",
• edit in Cargo.lock at line 3117
  [3.60802]→[3.11105:11314](∅→∅),[3.11314]→[2.17254:17406](∅→∅)
  −

  − [[package]]

  − name = "windows"

  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "aac7fef12f4b59cd0a29339406cc9203ab44e440ddff6b3f5a41455349fa9cf3"

  − dependencies = [

  − "windows_aarch64_msvc 0.29.0",

  − "windows_i686_gnu 0.29.0",

  − "windows_i686_msvc 0.29.0",

  − "windows_x86_64_gnu 0.29.0",

  − "windows_x86_64_msvc 0.29.0",

  − ]
• edit in Cargo.lock at line 3154
  [3.11474]→[3.11474:11649](∅→∅),[3.11649]→[2.18399:18429](∅→∅)
  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "c3d027175d00b01e0cbeb97d6ab6ebe03b12330a35786cbaca5252b1c4bf5d9b"

  −

  − [[package]]

  − name = "windows_aarch64_msvc"
• edit in Cargo.lock at line 3163
  [2.18796]→[2.18796:18809](∅→∅),[2.18809]→[3.11649:11837](∅→∅),[3.11649]→[3.11649:11837](∅→∅)
  −

  − [[package]]

  − name = "windows_i686_gnu"

  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "8793f59f7b8e8b01eda1a652b2697d87b93097198ae85f823b969ca5b89bba58"
• edit in Cargo.lock at line 3178
  [3.11877]→[3.11877:12052](∅→∅),[3.12052]→[2.19214:19241](∅→∅)
  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "8602f6c418b67024be2996c512f5f995de3ba417f4c75af68401ab8756796ae4"

  −

  − [[package]]

  − name = "windows_i686_msvc"
• edit in Cargo.lock at line 3187
  [2.19605]→[2.19605:19618](∅→∅),[2.19618]→[3.12052:12242](∅→∅),[3.12052]→[3.12052:12242](∅→∅)
  −

  − [[package]]

  − name = "windows_x86_64_gnu"

  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "f3d615f419543e0bd7d2b3323af0d86ff19cbc4f816e6453f36a2c2ce889c354"
• edit in Cargo.lock at line 3208
  [3.12272]→[3.12272:12434](∅→∅),[3.12434]→[2.20233:20275](∅→∅)
  − version = "0.29.0"

  − source = "registry+https://github.com/rust-lang/crates.io-index"

  − checksum = "11d95421d9ed3672c280884da53201a5c46b7b2765ca6faf34b0d71cf34a3561"

  −

  − [[package]]

  − name = "windows_x86_64_msvc"
• replacement in Cargo.lock at line 3259
  [3.12752]→[3.12752:12767](∅→∅)
  − "nix 0.22.3",
  [3.12752]

  [3.12767]
  + "nix",