Update prometheus to 0.10

The older version of `prometheus` depended on an old version of `spin` which had a vulnerability related to locking. The new version of prometheus doesn't use `spin` anymore so that the vulnerability is fixed. Note that the vulnerability was unlikely on `x86_64` machines but likely on ARM. `electrs` seems to be quite popular on various SBCs such as Raspberry Pi, so fixing this is important. More information: https://rustsec.org/advisories/RUSTSEC-2019-0013 Thankfully, `electrs` compiles with new `prometheus` without changes despite it being semver breaking.
2025-02-25 07:17:41 +01:00 · 2020-11-24 17:58:11 +01:00 · 2020-11-24 17:58:11 +01:00 · 68b89165c3
commit 68b89165c3
parent ceb899fd8f
2 changed files with 102 additions and 16 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -81,7 +81,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46254cf2fdcdf1badb5934448c1bcbe046a56537b3987d96c51a7afc5d03f293"
 dependencies = [
 "addr2line",
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
 "miniz_oxide",
 "object",
@ -127,7 +127,7 @@ checksum = "2a817f8356b784c37ee29b7a9a15c3fec321cd46b0ec67bcebe5530207f62e2d"
 dependencies = [
 "bitflags",
 "cexpr",
- "cfg-if",
+ "cfg-if 0.1.10",
 "clang-sys",
 "clap",
 "env_logger",
@ -221,6 +221,12 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"

+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
 [[package]]
 name = "chrono"
 version = "0.4.18"
@ -266,6 +272,15 @@ dependencies = [
 "vec_map",
 ]

+[[package]]
+name = "cloudabi"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4344512281c643ae7638bbabc3af17a11307803ec8f0fcad9fae512a8bf36467"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "configure_me"
 version = "0.3.4"
@ -315,7 +330,7 @@ version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "04973fa96e96579258a5091af6003abde64af786b860f18622b82e026cca60e6"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "lazy_static 1.4.0",
 ]

@ -326,7 +341,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3c7c73a2d1e9fc0886a08b93e98eb643461230d5f1925e4036204d5f2e261a8"
 dependencies = [
 "autocfg",
- "cfg-if",
+ "cfg-if 0.1.10",
 "lazy_static 1.4.0",
 ]

@ -457,7 +472,7 @@ version = "0.1.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "libc",
 "wasi 0.9.0+wasi-snapshot-preview1",
 ]
@ -487,7 +502,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3bae29b6653b3412c2e71e9d486db9f9df5d701941d86683005efb9f2d28e3da"
 dependencies = [
 "byteorder",
- "scopeguard",
+ "scopeguard 0.3.3",
 ]

 [[package]]
@ -531,6 +546,15 @@ dependencies = [
 "unicode-normalization",
 ]

+[[package]]
+name = "instant"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "61124eeebbd69b8190558df225adf7e4caafce0d743919e5d6b19652314ec5ec"
+dependencies = [
+ "cfg-if 1.0.0",
+]
+
 [[package]]
 name = "itoa"
 version = "0.4.6"
@ -596,13 +620,22 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "lock_api"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd96ffd135b2fd7b973ac026d28085defbe8983df057ced3eb4f2130b0831312"
+dependencies = [
+ "scopeguard 1.1.0",
+]
+
 [[package]]
 name = "log"
 version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 ]

 [[package]]
@ -706,6 +739,32 @@ dependencies = [
 "winapi 0.3.9",
 ]

+[[package]]
+name = "parking_lot"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d7744ac029df22dca6284efe4e898991d28e3085c706c972bcd7da4a27a15eb"
+dependencies = [
+ "instant",
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c361aa727dd08437f2f1447be8b59a33b0edd15e0fcee698f935613d9efbca9b"
+dependencies = [
+ "cfg-if 0.1.10",
+ "cloudabi",
+ "instant",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "parse_arg"
 version = "0.1.4"
@ -744,16 +803,17 @@ dependencies = [

 [[package]]
 name = "prometheus"
-version = "0.5.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48e3f33ff50a88c73ad8458fa6c22931aa7a6e19bb4a95d62816618c153b3f02"
+checksum = "30d70cf4412832bcac9cffe27906f4a66e450d323525e977168c70d1b36120ae"
 dependencies = [
- "cfg-if",
+ "cfg-if 0.1.10",
 "fnv",
 "lazy_static 1.4.0",
+ "parking_lot",
 "protobuf",
- "quick-error",
- "spin",
+ "regex",
+ "thiserror",
 ]

 [[package]]
@ -942,6 +1002,12 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27"

+[[package]]
+name = "scopeguard"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
+
 [[package]]
 name = "secp256k1"
 version = "0.18.0"
@ -1016,10 +1082,10 @@ dependencies = [
 ]

 [[package]]
-name = "spin"
-version = "0.4.10"
+name = "smallvec"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ceac490aa12c567115b40b7b7fceca03a6c9d53d5defea066123debc83c5dc1f"
+checksum = "7acad6f34eb9e8a259d3283d1e8c1d34d7415943d4895f65cc73813c7396fc85"

 [[package]]
 name = "stderrlog"
@ -1093,6 +1159,26 @@ dependencies = [
 "unicode-width",
 ]

+[[package]]
+name = "thiserror"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "318234ffa22e0920fe9a40d7b8369b5f649d490980cf7aadcf1eb91594869b42"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cae2447b6282786c3493999f40a9be2a6ad20cb8bd268b0a0dbf5a065535c0ab"
+dependencies = [
+ "proc-macro2 1.0.23",
+ "quote 1.0.7",
+ "syn",
+]
+
 [[package]]
 name = "thread_local"
 version = "0.3.4"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -37,7 +37,7 @@ log = "0.4"
 lru = "0.1"
 num_cpus = "1.0"
 page_size = "0.4"
-prometheus = "0.5"
+prometheus = "0.10"
 protobuf = "= 2.14.0"   # https://github.com/stepancheg/rust-protobuf/blob/master/CHANGELOG.md#2150---2020-06-21
 rocksdb = { version = "0.12.2", default-features = false } # due to https://github.com/romanz/electrs/issues/193
 rust-crypto = "0.2"