From 11cca918d919c825880796d491e104856e1a4371 Mon Sep 17 00:00:00 2001
From: Lucas Fernandes Nogueira <lucas@tauri.studio>
Date: Mon, 21 Mar 2022 22:34:07 -0300
Subject: [PATCH] chore(deps): update dependencies fixing security issues
 (#3744)

---
 .cargo/audit.toml                   |   4 --
 core/tauri-codegen/Cargo.toml       |   2 +-
 core/tauri-runtime/Cargo.toml       |   2 +-
 core/tauri/Cargo.toml               |  12 ++--
 core/tauri/tests/restart/Cargo.lock |   8 +--
 tooling/bundler/Cargo.toml          |   4 +-
 tooling/cli/Cargo.lock              | 104 ++++++++++++++++++++++++++--
 tooling/cli/Cargo.toml              |   2 +-
 8 files changed, 112 insertions(+), 26 deletions(-)
 delete mode 100644 .cargo/audit.toml

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
deleted file mode 100644
index eb0c6133a..000000000
--- a/.cargo/audit.toml
+++ /dev/null
@@ -1,4 +0,0 @@
-[advisories]
-ignore = [
-  "RUSTSEC-2020-0095" # difference is unmaintained (used by `mockito`)
-]
diff --git a/core/tauri-codegen/Cargo.toml b/core/tauri-codegen/Cargo.toml
index bf10e6356..56450b4c4 100644
--- a/core/tauri-codegen/Cargo.toml
+++ b/core/tauri-codegen/Cargo.toml
@@ -24,7 +24,7 @@ tauri-utils = { version = "1.0.0-rc.3", path = "../tauri-utils", features = [ "b
 thiserror = "1"
 walkdir = "2"
 zstd = { version = "0.10", optional = true }
-regex = { version = "1", optional = true }
+regex = { version = "1.5.5", optional = true }
 uuid = { version = "0.8", features = [ "v4" ] }
 
 [target."cfg(windows)".dependencies]
diff --git a/core/tauri-runtime/Cargo.toml b/core/tauri-runtime/Cargo.toml
index a54d481d7..22acb8ad8 100644
--- a/core/tauri-runtime/Cargo.toml
+++ b/core/tauri-runtime/Cargo.toml
@@ -30,7 +30,7 @@ tauri-utils = { version = "1.0.0-rc.3", path = "../tauri-utils" }
 uuid = { version = "0.8.2", features = [ "v4" ] }
 http = "0.2.4"
 http-range = "0.1.4"
-infer = "0.4"
+infer = "0.7"
 
 [target."cfg(windows)".dependencies]
 webview2-com = "0.13.0"
diff --git a/core/tauri/Cargo.toml b/core/tauri/Cargo.toml
index b9e05ce4a..0545e27d8 100644
--- a/core/tauri/Cargo.toml
+++ b/core/tauri/Cargo.toml
@@ -60,9 +60,9 @@ rand = "0.8"
 semver = "1.0"
 serde_repr = "0.1"
 state = "0.5"
-tar = "0.4"
+tar = "0.4.36"
 tempfile = "3"
-zip = { version = "0.5", default-features = false, optional = true }
+zip = { version = "0.6", default-features = false, optional = true }
 ignore = "0.4"
 either = "1.6"
 flate2 = "1.0"
@@ -80,16 +80,16 @@ open = { version = "2.0", optional = true }
 shared_child = { version = "1.0", optional = true }
 os_pipe = { version = "1.0", optional = true }
 memchr = { version = "2.4", optional = true }
-rfd = { version = "0.7.0", features = [ "parent" ], optional = true }
+rfd = { version = "0.8", optional = true }
 raw-window-handle = "0.4.2"
 minisign-verify = { version = "0.2", optional = true }
 os_info = { version = "3.2.0", optional = true }
 futures-lite = "1.12"
-regex = { version = "1.5", optional = true }
+regex = { version = "1.5.5", optional = true }
 glob = "0.3"
 data-url = { version = "0.1", optional = true }
 serialize-to-javascript = "=0.1.1"
-infer = { version = "0.4", optional = true }
+infer = { version = "0.7", optional = true }
 png = { version = "0.16", optional = true }
 ico = { version = "0.1", optional = true }
 
@@ -108,7 +108,7 @@ features = [ "Win32_Foundation" ]
 cfg_aliases = "0.1.1"
 
 [dev-dependencies]
-mockito = "0.30"
+mockito = "0.31"
 proptest = "1.0.0"
 quickcheck = "1.0.3"
 quickcheck_macros = "1.0.0"
diff --git a/core/tauri/tests/restart/Cargo.lock b/core/tauri/tests/restart/Cargo.lock
index 545778834..61deb9158 100644
--- a/core/tauri/tests/restart/Cargo.lock
+++ b/core/tauri/tests/restart/Cargo.lock
@@ -187,9 +187,9 @@ dependencies = [
 
 [[package]]
 name = "cfb"
-version = "0.4.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca453e8624711b2f0f4eb47076a318feda166252a827ee25d067b43de83dcba0"
+checksum = "74f89d248799e3f15f91b70917f65381062a01bb8e222700ea0e5a7ff9785f9c"
 dependencies = [
  "byteorder",
  "uuid",
@@ -1210,9 +1210,9 @@ dependencies = [
 
 [[package]]
 name = "infer"
-version = "0.4.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f92b41dab759f9e8427c03f519c344a14655490b8db548dac1e57a75b3258391"
+checksum = "20b2b533137b9cad970793453d4f921c2e91312a6d88b1085c07bc15fc51bb3b"
 dependencies = [
  "cfb",
 ]
diff --git a/tooling/bundler/Cargo.toml b/tooling/bundler/Cargo.toml
index ad097ac7c..1e45383c6 100644
--- a/tooling/bundler/Cargo.toml
+++ b/tooling/bundler/Cargo.toml
@@ -33,12 +33,12 @@ thiserror = "1.0"
 serde_json = "1.0"
 serde = { version = "1.0", features = [ "derive" ] }
 strsim = "0.10.0"
-tar = "0.4"
+tar = "0.4.36"
 termcolor = "1.1.3"
 toml = "0.5.8"
 walkdir = "2"
 handlebars = { version = "4.2" }
-zip = { version = "0.5" }
+zip = { version = "0.6" }
 tempfile = "3.3.0"
 os_pipe = "1"
 
diff --git a/tooling/cli/Cargo.lock b/tooling/cli/Cargo.lock
index c60b1faba..76fc89c99 100644
--- a/tooling/cli/Cargo.lock
+++ b/tooling/cli/Cargo.lock
@@ -108,6 +108,12 @@ version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
 
+[[package]]
+name = "base64ct"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a32fd6af2b5827bce66c29053ba0e7c42b9dcab01835835058558c10851a46b"
+
 [[package]]
 name = "bit_field"
 version = "0.10.1"
@@ -227,6 +233,9 @@ name = "cc"
 version = "1.0.73"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
+dependencies = [
+ "jobserver",
+]
 
 [[package]]
 name = "cfg-if"
@@ -340,6 +349,12 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
@@ -1134,6 +1149,15 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35"
 
+[[package]]
+name = "jobserver"
+version = "0.1.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af25a77299a7f711a01975c35a6a424eb6862092cc2d6c72c4ed6cbc56dfc1fa"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "jpeg-decoder"
 version = "0.1.22"
@@ -1712,6 +1736,17 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "password-hash"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d791538a6dcc1e7cb7fe6f6b58aca40e7f79403c45b2bc274008b5e647af1d8"
+dependencies = [
+ "base64ct",
+ "rand_core 0.6.3",
+ "subtle",
+]
+
 [[package]]
 name = "pbkdf2"
 version = "0.10.1"
@@ -1719,6 +1754,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "271779f35b581956db91a3e55737327a03aa051e90b1c47aeb189508533adfd7"
 dependencies = [
  "digest 0.10.3",
+ "hmac",
+ "password-hash",
+ "sha2",
 ]
 
 [[package]]
@@ -2133,9 +2171,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.5.4"
+version = "1.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
+checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -2475,6 +2513,17 @@ dependencies = [
  "sha1_smol",
 ]
 
+[[package]]
+name = "sha1"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c77f4e7f65455545c2153c1253d25056825e77ee2533f0e41deb65a93a34852f"
+dependencies = [
+ "cfg-if 1.0.0",
+ "cpufeatures",
+ "digest 0.10.3",
+]
+
 [[package]]
 name = "sha1_smol"
 version = "1.0.0"
@@ -2853,8 +2902,15 @@ dependencies = [
  "itoa 1.0.1",
  "libc",
  "num_threads",
+ "time-macros",
 ]
 
+[[package]]
+name = "time-macros"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6"
+
 [[package]]
 name = "tinyvec"
 version = "1.5.1"
@@ -3016,7 +3072,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
 dependencies = [
  "getrandom 0.2.5",
- "sha1",
+ "sha1 0.6.1",
 ]
 
 [[package]]
@@ -3293,14 +3349,48 @@ checksum = "50344758e2f40e3a1fcfc8f6f91aa57b5f8ebd8d27919fe6451f15aaaf9ee608"
 
 [[package]]
 name = "zip"
-version = "0.5.13"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93ab48844d61251bb3835145c521d88aa4031d7139e8485990f60ca911fa0815"
+checksum = "e6fa4aa90e99fb8d701bda16fb040d8ed2f9c7176fb44de750e880a74b580315"
 dependencies = [
+ "aes",
  "byteorder",
  "bzip2",
+ "constant_time_eq",
  "crc32fast",
  "flate2",
- "thiserror",
- "time 0.1.43",
+ "hmac",
+ "pbkdf2",
+ "sha1 0.10.1",
+ "time 0.3.7",
+ "zstd",
+]
+
+[[package]]
+name = "zstd"
+version = "0.10.0+zstd.1.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b1365becbe415f3f0fcd024e2f7b45bacfb5bdd055f0dc113571394114e7bdd"
+dependencies = [
+ "zstd-safe",
+]
+
+[[package]]
+name = "zstd-safe"
+version = "4.1.4+zstd.1.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f7cd17c9af1a4d6c24beb1cc54b17e2ef7b593dc92f19e9d9acad8b182bbaee"
+dependencies = [
+ "libc",
+ "zstd-sys",
+]
+
+[[package]]
+name = "zstd-sys"
+version = "1.6.3+zstd.1.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc49afa5c8d634e75761feda8c592051e7eeb4683ba827211eb0d731d3402ea8"
+dependencies = [
+ "cc",
+ "libc",
 ]
diff --git a/tooling/cli/Cargo.toml b/tooling/cli/Cargo.toml
index a51822ba0..06f0908bc 100644
--- a/tooling/cli/Cargo.toml
+++ b/tooling/cli/Cargo.toml
@@ -49,7 +49,7 @@ base64 = "0.13.0"
 ureq = "2.4"
 os_info = "3.2"
 semver = "1.0"
-regex = "1.5"
+regex = "1.5.5"
 lazy_static = "1"
 libc = "0.2"
 terminal_size = "0.1"