chore: bump dependencies (#152)

- bumped dependencies to fix CVE's
- fixed clippy warnings
- bumped to 0.27.1

Signed-off-by: Jan Zachmann <50990105+JanZachmann@users.noreply.github.com>

Author: JanZachmann

Cargo.lock

@@ -7,7 +7,7 @@ license = "MIT OR Apache-2.0"
 name = "omnect-cli"
 readme = "README.md"
 repository = "https://github.com/omnect/omnect-cli"
-version = "0.27.0"
+version = "0.27.1"
 
 [dependencies]
 actix-web = "4.11"
@@ -26,9 +26,7 @@ azure_identity = { git = "https://github.com/omnect/azure-sdk-for-rust.git", def
 azure_storage = { git = "https://github.com/omnect/azure-sdk-for-rust.git", default-features = false }
 azure_storage_blobs = { git = "https://github.com/omnect/azure-sdk-for-rust.git", default-features = false }
 base64 = { version = "0.22", default-features = false }
-bzip2 = { version = "0.5", default-features = false, features = [
-    "libbz2-rs-sys",
-] }
+bzip2 = { version = "0.6", default-features = true }
 clap = { version = "4.5", default-features = false, features = [
     "derive",
     "std",
@@ -41,28 +39,34 @@ filemagic = { version = "0.13", default-features = false, features = [
 flate2 = { version = "1.1", default-features = false }
 omnect-crypto = { git = "https://github.com/omnect/omnect-crypto.git", tag = "0.4.0" }
 keyring = { version = "3.6", default-features = false }
-libfs = { version = "0.8", default-features = false }
+libfs = { version = "0.9", default-features = false }
 log = { version = "0.4", default-features = false }
 num_cpus = { version = "1.17", default-features = false }
 oauth2 = { version = "5.0", default-features = false, features = ["reqwest"] }
 open = { version = "5.3", default-features = false }
 regex = { version = "1.11", default-features = false }
-reqwest = { version = "0.12", default-features = false, features = ["json", "native-tls"] }
+reqwest = { version = "0.13", default-features = false, features = [
+    "json",
+    "native-tls",
+] }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
 serde_json = { version = "1.0", default-features = false }
 serde_path_to_error = { version = "0.1", default-features = false }
 sha2 = { version = "0.10", default-features = false }
 stdext = { version = "0.3", default-features = false }
-strum = { version = "0.27", default-features = false }
-strum_macros = { version = "0.27", default-features = false }
+strum = { version = "0.28", default-features = false }
+strum_macros = { version = "0.28", default-features = false }
 tempfile = { version = "3.20", default-features = false }
 time = { version = "0.3", default-features = false }
 tokio = { version = "1", default-features = false, features = [
     "macros",
     "fs",
     "rt-multi-thread",
 ] }
-toml = { version = "0.8", default-features = false, features = ["parse"] }
+toml = { version = "1.0", default-features = false, features = [
+    "parse",
+    "serde",
+] }
 uuid = { version = "1.17", default-features = false, features = ["v4"] }
 url = { version = "2.5", default-features = false }
 validator = { version = "0.20", default-features = false, features = [
@@ -75,7 +79,7 @@ assert_cmd = "2.0"
 assert-json-diff = "2.0"
 data-encoding = "2.9"
 file_diff = "1.0"
-httpmock = "0.7"
+httpmock = "0.8"
 ring = "0.17"
 tar = "0.4"
 

Cargo.toml

@@ -176,7 +176,7 @@ async fn request_access_token(auth_info: &AuthInfo) -> Result<Token> {
     let _ = open::that(auth_url.to_string());
 
     let async_http_client = oauth2::reqwest::ClientBuilder::new()
-        .redirect(reqwest::redirect::Policy::none())
+        .redirect(oauth2::reqwest::redirect::Policy::none())
         .build()
         .expect("Failed to request access token: could not create client.");
 
@@ -198,7 +198,7 @@ async fn refresh_access_token(auth_info: &AuthInfo) -> Option<Token> {
         .set_token_uri(TokenUrl::new(auth_info.token_url.clone()).unwrap());
 
     let async_http_client = oauth2::reqwest::ClientBuilder::new()
-        .redirect(reqwest::redirect::Policy::none())
+        .redirect(oauth2::reqwest::redirect::Policy::none())
         .build()
         .expect("Failed to refresh access token: could not create client.");
 

src/auth.rs

@@ -305,7 +305,7 @@ pub async fn remove_update(
     Ok(())
 }
 
-fn get_file_attributes(file: &Path) -> Result<File> {
+fn get_file_attributes(file: &Path) -> Result<File<'_>> {
     debug!("get file attributes for {file:#?}");
 
     let filename = file.file_name().unwrap().to_string_lossy();

src/device_update.rs

@@ -129,10 +129,11 @@ impl Compression {
 pub fn decompress(image_file_name: &PathBuf, compression: &Compression) -> Result<PathBuf> {
     let mut new_image_file = PathBuf::from(image_file_name);
 
-    if let Some(extension) = new_image_file.extension() {
-        if extension == compression.extension() {
-            new_image_file.set_extension("");
-        }
+    if new_image_file
+        .extension()
+        .is_some_and(|ext| ext == compression.extension())
+    {
+        new_image_file.set_extension("");
     }
 
     let mut destination = File::create(&new_image_file)?;

src/file/compression.rs

@@ -234,11 +234,14 @@ fn configure_hostname(
     let hosts_file = get_file_path(image_file, "hosts")?;
 
     // get hostname from identity_config_file
-    let identity: IdentityConfig = serde_path_to_error::deserialize(toml::Deserializer::new(
-        fs::read_to_string(identity_config_file.to_str().unwrap())
-            .context("configure_hostname: cannot read identity file")?
-            .as_str(),
-    ))
+    let identity: IdentityConfig = serde_path_to_error::deserialize(
+        toml::Deserializer::parse(
+            fs::read_to_string(identity_config_file.to_str().unwrap())
+                .context("configure_hostname: cannot read identity file")?
+                .as_str(),
+        )
+        .context("configure_hostname: couldn't parse identity toml")?,
+    )
     .context("configure_hostname: couldn't read identity")?;
 
     fs::write(&hostname_file, &identity.hostname)

src/file/mod.rs

@@ -251,14 +251,17 @@ pub fn run() -> Result<()> {
             generate_bmap,
             compress_image,
         }) => {
-            let cert_info = create_image_cert(&image, CertificateOptions {
-                intermediate_full_chain_cert: &intermediate_full_chain_cert,
-                intermediate_key: &intermediate_key,
-                target_cert: "device_cert_path.pem",
-                target_key: "device_key_path.key.pem",
-                subject: &device_id,
-                validity_days: days,
-            })
+            let cert_info = create_image_cert(
+                &image,
+                CertificateOptions {
+                    intermediate_full_chain_cert: &intermediate_full_chain_cert,
+                    intermediate_key: &intermediate_key,
+                    target_cert: "device_cert_path.pem",
+                    target_key: "device_key_path.key.pem",
+                    subject: &device_id,
+                    validity_days: days,
+                },
+            )
             .context("set_device_certificate: could not create certificate")?;
 
             run_image_command(image, generate_bmap, compress_image, |img| {
@@ -279,14 +282,17 @@ pub fn run() -> Result<()> {
             generate_bmap,
             compress_image,
         }) => {
-            let cert_info = create_image_cert(&image, CertificateOptions {
-                intermediate_full_chain_cert: &intermediate_full_chain_cert,
-                intermediate_key: &intermediate_key,
-                target_cert: "edge_ca_cert_path.pem",
-                target_key: "edge_ca_key_path.key.pem",
-                subject: &device_id,
-                validity_days: days,
-            })
+            let cert_info = create_image_cert(
+                &image,
+                CertificateOptions {
+                    intermediate_full_chain_cert: &intermediate_full_chain_cert,
+                    intermediate_key: &intermediate_key,
+                    target_cert: "edge_ca_cert_path.pem",
+                    target_key: "edge_ca_key_path.key.pem",
+                    subject: &device_id,
+                    validity_days: days,
+                },
+            )
             .context("set_edge_ca_certificate: could not create certificate")?;
 
             run_image_command(image, generate_bmap, compress_image, |img| {

src/lib.rs

@@ -95,37 +95,36 @@ impl Config {
         };
 
         // if user wants to use existing key pair, check that it exists
-        if let Some(key_path) = &priv_key_path {
-            if !key_path.try_exists().is_ok_and(|exists| exists)
+        if let Some(key_path) = &priv_key_path
+            && (!key_path.try_exists().is_ok_and(|exists| exists)
                 || !key_path
                     .with_extension("pub")
                     .try_exists()
-                    .is_ok_and(|exists| exists)
-            {
-                anyhow::bail!("Missing private/public ssh key.");
-            }
+                    .is_ok_and(|exists| exists))
+        {
+            anyhow::bail!("Missing private/public ssh key.");
         }
 
         // if user wants specific config file path, check whether an existing
         // config file would be overwritten. If so, query, whether this is
         // intended.
-        if let Some(ref config_path) = config_path {
-            if config_path.exists() {
-                if query_yes_no(
-                    format!(
-                        r#"Config file "{}" would be overwritten by operation. Continue? [y/N]"#,
-                        config_path.to_string_lossy(),
-                    ),
-                    std::io::BufReader::new(std::io::stdin()),
-                    std::io::stderr(),
-                )? {
-                    log::info!(
-                        "Overwriting existing config: {}",
-                        config_path.to_string_lossy()
-                    );
-                } else {
-                    anyhow::bail!("Not overwriting config.");
-                }
+        if let Some(ref config_path) = config_path
+            && config_path.exists()
+        {
+            if query_yes_no(
+                format!(
+                    r#"Config file "{}" would be overwritten by operation. Continue? [y/N]"#,
+                    config_path.to_string_lossy(),
+                ),
+                std::io::BufReader::new(std::io::stdin()),
+                std::io::stderr(),
+            )? {
+                log::info!(
+                    "Overwriting existing config: {}",
+                    config_path.to_string_lossy()
+                );
+            } else {
+                anyhow::bail!("Not overwriting config.");
             }
         }
 

src/ssh.rs

@@ -210,7 +210,8 @@ pub fn validate_identity(
     let file_content = std::fs::read_to_string(config_file_name)
         .context("validate_identity: cannot read identity file")?;
     debug!("validate identity for:\n{}", file_content);
-    let des = toml::Deserializer::new(&file_content);
+    let des = toml::Deserializer::parse(&file_content)
+        .context("validate_identity: cannot parse identity toml")?;
     let body: Result<IdentityConfig, _> = serde_path_to_error::deserialize(des);
     let body = match body {
         Err(e) => {
@@ -256,8 +257,8 @@ pub fn validate_identity(
                         }
                     }
                 }
-                if p.payload.is_some() {
-                    if p.payload.unwrap().uri.ne(PAYLOAD_FILEPATH) {
+                if let Some(p_payload) = p.payload {
+                    if p_payload.uri.ne(PAYLOAD_FILEPATH) {
                         out.push(WARN_UNEXPECTED_PATH);
                     } else if payload.is_none() {
                         out.push(WARN_PAYLOAD_FILEPATH_MISSING);