fix(security): Fix rustsec advisories

.cargo/audit.toml

@@ -0,0 +1,2 @@
+[advisories]
+ignore = ["RUSTSEC-2021-0137"]

Cargo.toml

@@ -55,7 +55,7 @@ eyre = "0.6"
 ed25519-compact = { version = "2", default-features = false, features = ["std", "x25519", "opt_size"] }
 
 [dev-dependencies]
-criterion = "0.3"
+criterion = "0.4"
 pretty_assertions = "1.3"
 proteus-wasm = { path = ".", package = "proteus-wasm", features = ["hazmat", "cryptobox-identity"] }
 wasm-bindgen-test = "0.3"

crates/cbor-codec/Cargo.toml

@@ -29,4 +29,5 @@ json-codec        = ">= 0.3"
 quickcheck        = "1.0"
 quickcheck_macros = "1.0"
 rand              = "0.8"
-rustc-serialize   = "0.3"
+hex               = "0.4"
+base64            = "0.21"

crates/cbor-codec/src/decoder.rs

@@ -33,15 +33,11 @@
 //! # Example 2: Direct decoding (nested array)
 //!
 //! ```
-//! extern crate cbor;
-//! extern crate rustc_serialize;
-//!
 //! use cbor::{Config, Decoder};
-//! use rustc_serialize::hex::FromHex;
 //! use std::io::Cursor;
 //!
 //! fn main() {
-//!     let input   = Cursor::new("828301020383010203".from_hex().unwrap());
+//!     let input   = Cursor::new(hex::decode("828301020383010203").unwrap());
 //!     let mut dec = Decoder::new(Config::default(), input);
 //!     let mut res = Vec::new();
 //!     for _ in 0 .. dec.array().unwrap() {
@@ -58,16 +54,12 @@
 //! # Example 3: Generic decoding
 //!
 //! ```
-//! extern crate cbor;
-//! extern crate rustc_serialize;
-//!
 //! use cbor::{Config, GenericDecoder};
 //! use cbor::value::{self, Key};
-//! use rustc_serialize::hex::FromHex;
 //! use std::io::Cursor;
 //!
 //! fn main() {
-//!     let input = Cursor::new("a2616101028103".from_hex().unwrap());
+//!     let input = Cursor::new(hex::decode("a2616101028103").unwrap());
 //!     let mut d = GenericDecoder::new(Config::default(), input);
 //!     let value = d.value().unwrap();
 //!     let     c = value::Cursor::new(&value);
@@ -1355,7 +1347,6 @@ mod tests {
     use super::*;
     use crate::types::Tag;
     use crate::value::{self, Int, Key, Simple, Value};
-    use rustc_serialize::hex::FromHex;
     use std::collections::BTreeMap;
     use std::io::Cursor;
     use std::{f32, f64, u64};
@@ -1690,7 +1681,7 @@ mod tests {
     }
 
     fn decoder(s: &str) -> Decoder<Cursor<Vec<u8>>> {
-        Decoder::new(Config::default(), Cursor::new(s.from_hex().unwrap()))
+        Decoder::new(Config::default(), Cursor::new(hex::decode(s).unwrap()))
     }
 
     fn gen_decoder(s: &str) -> GenericDecoder<Cursor<Vec<u8>>> {

crates/cbor-codec/src/encoder.rs

@@ -12,46 +12,35 @@
 //! # Example 1: Direct encoding
 //!
 //! ```
-//! extern crate cbor;
-//! extern crate rustc_serialize;
-//!
 //! use cbor::Encoder;
-//! use rustc_serialize::hex::FromHex;
 //! use std::io::Cursor;
 //!
 //! fn main() {
 //!     let mut e = Encoder::new(Cursor::new(Vec::new()));
 //!     e.u16(1000).unwrap();
-//!     assert_eq!("1903e8".from_hex().unwrap(), e.into_writer().into_inner())
+//!     assert_eq!(hex::decode("1903e8").unwrap(), e.into_writer().into_inner())
 //! }
 //! ```
 //!
 //! # Example 2: Direct encoding (indefinite string)
 //!
 //! ```
-//! extern crate cbor;
-//! extern crate rustc_serialize;
-//!
 //! use cbor::Encoder;
-//! use rustc_serialize::hex::FromHex;
 //! use std::io::Cursor;
 //!
 //! fn main() {
 //!     let mut e = Encoder::new(Cursor::new(Vec::new()));
 //!     e.text_iter(vec!["strea", "ming"].into_iter()).unwrap();
-//!     let output = "7f657374726561646d696e67ff".from_hex().unwrap();
+//!     let output = hex::decode("7f657374726561646d696e67ff").unwrap();
 //!     assert_eq!(output, e.into_writer().into_inner())
 //! }
 //! ```
 //!
 //! # Example 3: Direct encoding (nested array)
 //!
 //! ```
-//! extern crate cbor;
-//! extern crate rustc_serialize;
 //!
 //! use cbor::Encoder;
-//! use rustc_serialize::hex::FromHex;
 //! use std::io::Cursor;
 //!
 //! fn main() {
@@ -61,7 +50,7 @@
 //!      .and(e.array(2)).and(e.u8(2)).and(e.u8(3))
 //!      .and(e.array(2)).and(e.u8(4)).and(e.u8(5))
 //!      .unwrap();
-//!     let output = "8301820203820405".from_hex().unwrap();
+//!     let output = hex::decode("8301820203820405").unwrap();
 //!     assert_eq!(output, e.into_writer().into_inner())
 //! }
 //! ```
@@ -546,7 +535,6 @@ mod tests {
     use super::*;
     use crate::types::Tag;
     use crate::value::Simple;
-    use rustc_serialize::hex::FromHex;
     use std::io::Cursor;
     use std::{f32, f64};
 
@@ -742,7 +730,7 @@ mod tests {
         let mut buffer = vec![0u8; 128];
         assert!(f(Encoder::new(Cursor::new(&mut buffer[..]))).is_ok());
         assert_eq!(
-            &expected.from_hex().unwrap()[..],
+            &hex::decode(expected).unwrap()[..],
             &buffer[0..expected.len() / 2]
         )
     }

crates/cbor-codec/tests/unit.rs

@@ -7,7 +7,6 @@ use cbor::value::{Int, Key, Text, Value};
 use cbor::{Config, GenericDecoder};
 use json::decoder::ReadIter;
 use json::{DecodeResult, Decoder, FromJson, Json};
-use rustc_serialize::base64::FromBase64;
 use std::fs::File;
 
 pub mod util;
@@ -83,8 +82,9 @@ fn int_min_max() {
 fn test_all() {
     let iter = ReadIter::new(File::open("tests/appendix_a.json").unwrap());
     let test_vectors: Vec<TestVector> = Decoder::default(iter).from_json().unwrap();
+    use base64::prelude::{Engine as _, BASE64_STANDARD};
     for v in test_vectors {
-        let raw = v.cbor.from_base64().unwrap();
+        let raw = BASE64_STANDARD.decode(v.cbor).unwrap();
         let mut dec = GenericDecoder::new(Config::default(), &raw[..]);
         let val = dec.value().unwrap();
         if let Some(x) = v.decoded {