update dependencies (#4639)

## Issue Addressed

updates underlying dependencies and removes the ignored `RUSTSEC`'s for `cargo audit`.

Also switches `procinfo` to `procfs` on `eth2` to remove the `nom` warning, `procinfo` is unmaintained see [here](danburkert/procinfo-rs#46).

Cargo.toml

@@ -91,7 +91,8 @@ resolver = "2"
 
 [patch]
 [patch.crates-io]
-warp = { git = "https://github.com/macladson/warp", rev="7e75acc368229a46a236a8c991bf251fe7fe50ef" }
+# TODO: remove when 0.3.6 get's released.
+warp = { git = "https://github.com/seanmonstar/warp.git", rev="149913fe" }
 
 [profile.maxperf]
 inherits = "release"

Makefile

@@ -206,9 +206,8 @@ arbitrary-fuzz:
 
 # Runs cargo audit (Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database)
 audit:
-	# cargo install --force cargo-audit
-	cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2022-0093 \
-		--ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2023-0053
+	cargo install --force cargo-audit
+	cargo audit --ignore RUSTSEC-2023-0052
 
 # Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose.
 vendor:

beacon_node/execution_layer/Cargo.toml

@@ -50,4 +50,4 @@ keccak-hash = "0.10.0"
 hash256-std-hasher = "0.15.2"
 triehash = "0.8.4"
 hash-db = "0.15.2"
-pretty_reqwest_error = { path = "../../common/pretty_reqwest_error" }
+pretty_reqwest_error = { path = "../../common/pretty_reqwest_error" }

common/eth2/Cargo.toml

@@ -35,14 +35,8 @@ tokio = { version = "1.14.0", features = ["full"] }
 
 [target.'cfg(target_os = "linux")'.dependencies]
 psutil = { version = "3.2.2", optional = true }
-procinfo = { version = "0.4.2", optional = true }
+procfs = { version = "0.15.1", optional = true }
 
 [features]
 default = ["lighthouse"]
-lighthouse = [
-    "proto_array",
-    "psutil",
-    "procinfo",
-    "store",
-    "slashing_protection",
-]
+lighthouse = ["proto_array", "psutil", "procfs", "store", "slashing_protection"]

common/eth2/src/lighthouse.rs

@@ -95,8 +95,8 @@ pub struct ValidatorInclusionData {
 
 #[cfg(target_os = "linux")]
 use {
-    procinfo::pid, psutil::cpu::os::linux::CpuTimesExt,
-    psutil::memory::os::linux::VirtualMemoryExt, psutil::process::Process,
+    psutil::cpu::os::linux::CpuTimesExt, psutil::memory::os::linux::VirtualMemoryExt,
+    psutil::process::Process,
 };
 
 /// Reports on the health of the Lighthouse instance.
@@ -238,7 +238,7 @@ pub struct ProcessHealth {
     /// The pid of this process.
     pub pid: u32,
     /// The number of threads used by this pid.
-    pub pid_num_threads: i32,
+    pub pid_num_threads: i64,
     /// The total resident memory used by this pid.
     pub pid_mem_resident_set_size: u64,
     /// The total virtual memory used by this pid.
@@ -262,7 +262,12 @@ impl ProcessHealth {
             .memory_info()
             .map_err(|e| format!("Unable to get process memory info: {:?}", e))?;
 
-        let stat = pid::stat_self().map_err(|e| format!("Unable to get stat: {:?}", e))?;
+        let me = procfs::process::Process::myself()
+            .map_err(|e| format!("Unable to get process: {:?}", e))?;
+        let stat = me
+            .stat()
+            .map_err(|e| format!("Unable to get stat: {:?}", e))?;
+
         let process_times = process
             .cpu_times()
             .map_err(|e| format!("Unable to get process cpu times : {:?}", e))?;

common/eth2_network_config/Cargo.toml

@@ -7,7 +7,7 @@ edition = "2021"
 build = "build.rs"
 
 [build-dependencies]
-zip = "0.5.8"
+zip = "0.6"
 eth2_config = { path = "../eth2_config"}
 
 [dev-dependencies]
@@ -18,4 +18,4 @@ serde_yaml = "0.8.13"
 types = { path = "../../consensus/types"}
 ethereum_ssz = "0.5.0"
 eth2_config = { path = "../eth2_config"}
-discv5 = "0.3.1"
+discv5 = "0.3.1"

common/logging/Cargo.toml

@@ -17,6 +17,6 @@ sloggers = { version = "2.1.1", features = ["json"] }
 slog-async = "2.7.0"
 take_mut = "0.2.2"
 parking_lot = "0.12.1"
-serde = "1.0.153" 
+serde = "1.0.153"
 serde_json = "1.0.94"
-chrono = "0.4.23"
+chrono = { version = "0.4", default-features = false, features = ["clock", "std"] }

common/warp_utils/src/cors.rs

@@ -10,10 +10,14 @@ pub fn set_builder_origins(
     default_origin: (IpAddr, u16),
 ) -> Result<Builder, String> {
     if let Some(allow_origin) = allow_origin {
-        let origins = allow_origin
-            .split(',')
-            .map(|s| verify_cors_origin_str(s).map(|_| s))
-            .collect::<Result<Vec<_>, _>>()?;
+        let mut origins = vec![];
+        for origin in allow_origin.split(',') {
+            verify_cors_origin_str(origin)?;
+            if origin == "*" {
+                return Ok(builder.allow_any_origin());
+            }
+            origins.push(origin)
+        }
         Ok(builder.allow_origins(origins))
     } else {
         let origin = match default_origin.0 {

common/warp_utils/src/metrics.rs

@@ -87,7 +87,7 @@ pub fn scrape_process_health_metrics() {
     // This will silently fail if we are unable to observe the health. This is desired behaviour
     // since we don't support `Health` for all platforms.
     if let Ok(health) = ProcessHealth::observe() {
-        set_gauge(&PROCESS_NUM_THREADS, health.pid_num_threads as i64);
+        set_gauge(&PROCESS_NUM_THREADS, health.pid_num_threads);
         set_gauge(&PROCESS_RES_MEM, health.pid_mem_resident_set_size as i64);
         set_gauge(&PROCESS_VIRT_MEM, health.pid_mem_virtual_memory_size as i64);
         set_gauge(&PROCESS_SECONDS, health.pid_process_seconds_total as i64);

lighthouse/tests/beacon_node.rs

@@ -11,6 +11,7 @@ use lighthouse_network::PeerId;
 use std::fs::File;
 use std::io::{Read, Write};
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+use std::path::Path;
 use std::path::PathBuf;
 use std::process::Command;
 use std::str::FromStr;
@@ -1460,77 +1461,82 @@ fn disable_inbound_rate_limiter_flag() {
 #[test]
 fn http_allow_origin_flag() {
     CommandLineTest::new()
-        .flag("http-allow-origin", Some("127.0.0.99"))
+        .flag("http", None)
+        .flag("http-allow-origin", Some("http://127.0.0.99"))
         .run_with_zero_port()
         .with_config(|config| {
-            assert_eq!(config.http_api.allow_origin, Some("127.0.0.99".to_string()));
+            assert_eq!(
+                config.http_api.allow_origin,
+                Some("http://127.0.0.99".to_string())
+            );
         });
 }
 #[test]
 fn http_allow_origin_all_flag() {
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-allow-origin", Some("*"))
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.allow_origin, Some("*".to_string())));
 }
 #[test]
 fn http_allow_sync_stalled_flag() {
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-allow-sync-stalled", None)
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.allow_sync_stalled, true));
 }
 #[test]
 fn http_enable_beacon_processor() {
     CommandLineTest::new()
+        .flag("http", None)
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.enable_beacon_processor, true));
 
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-enable-beacon-processor", Some("true"))
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.enable_beacon_processor, true));
 
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-enable-beacon-processor", Some("false"))
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.enable_beacon_processor, false));
 }
 #[test]
 fn http_tls_flags() {
-    let dir = TempDir::new().expect("Unable to create temporary directory");
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-enable-tls", None)
-        .flag(
-            "http-tls-cert",
-            dir.path().join("certificate.crt").as_os_str().to_str(),
-        )
-        .flag(
-            "http-tls-key",
-            dir.path().join("private.key").as_os_str().to_str(),
-        )
+        .flag("http-tls-cert", Some("tests/tls/cert.pem"))
+        .flag("http-tls-key", Some("tests/tls/key.rsa"))
         .run_with_zero_port()
         .with_config(|config| {
             let tls_config = config
                 .http_api
                 .tls_config
                 .as_ref()
                 .expect("tls_config was empty.");
-            assert_eq!(tls_config.cert, dir.path().join("certificate.crt"));
-            assert_eq!(tls_config.key, dir.path().join("private.key"));
+            assert_eq!(tls_config.cert, Path::new("tests/tls/cert.pem"));
+            assert_eq!(tls_config.key, Path::new("tests/tls/key.rsa"));
         });
 }
 
 #[test]
 fn http_spec_fork_default() {
     CommandLineTest::new()
+        .flag("http", None)
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.spec_fork_name, None));
 }
 
 #[test]
 fn http_spec_fork_override() {
     CommandLineTest::new()
+        .flag("http", None)
         .flag("http-spec-fork", Some("altair"))
         .run_with_zero_port()
         .with_config(|config| assert_eq!(config.http_api.spec_fork_name, Some(ForkName::Altair)));

lighthouse/tests/tls/cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u
+eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE2MDgxMzE2MDcwNFoX
+DTIyMDIwMzE2MDcwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVhh1/FNP2qvWenbZSghari/UThwe
+dynfnHG7gc3JmygkEdErWBO/CHzHgsx7biVE5b8sZYNEDKFojyoPHGWK2bQM/FTy
+niJCgNCLdn6hUqqxLAml3cxGW77hAWu94THDGB1qFe+eFiAUnDmob8gNZtAzT6Ky
+b/JGJdrEU0wj+Rd7wUb4kpLInNH/Jc+oz2ii2AjNbGOZXnRz7h7Kv3sO9vABByYe
+LcCj3qnhejHMqVhbAT1MD6zQ2+YKBjE52MsQKU/xhUpu9KkUyLh0cxkh3zrFiKh4
+Vuvtc+n7aeOv2jJmOl1dr0XLlSHBlmoKqH6dCTSbddQLmlK7dms8vE01AgMBAAGj
+gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFMeUzGYV
+bXwJNQVbY1+A8YXYZY8pMEIGA1UdIwQ7MDmAFJvEsUi7+D8vp8xcWvnEdVBGkpoW
+oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO
+dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0
+MA0GCSqGSIb3DQEBCwUAA4IBgQBsk5ivAaRAcNgjc7LEiWXFkMg703AqDDNx7kB1
+RDgLalLvrjOfOp2jsDfST7N1tKLBSQ9bMw9X4Jve+j7XXRUthcwuoYTeeo+Cy0/T
+1Q78ctoX74E2nB958zwmtRykGrgE/6JAJDwGcgpY9kBPycGxTlCN926uGxHsDwVs
+98cL6ZXptMLTR6T2XP36dAJZuOICSqmCSbFR8knc/gjUO36rXTxhwci8iDbmEVaf
+BHpgBXGU5+SQ+QM++v6bHGf4LNQC5NZ4e4xvGax8ioYu/BRsB/T3Lx+RlItz4zdU
+XuxCNcm3nhQV2ZHquRdbSdoyIxV5kJXel4wCmOhWIq7A2OBKdu5fQzIAzzLi65EN
+RPAKsKB4h7hGgvciZQ7dsMrlGw0DLdJ6UrFyiR5Io7dXYT/+JP91lP5xsl6Lhg9O
+FgALt7GSYRm2cZdgi9pO9rRr83Br1VjQT1vHz6yoZMXSqc4A2zcN2a2ZVq//rHvc
+FZygs8miAhWPzqnpmgTj1cPiU1M=
+-----END CERTIFICATE-----

lighthouse/tests/tls/key.rsa

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAqVYYdfxTT9qr1np22UoIWq4v1E4cHncp35xxu4HNyZsoJBHR
+K1gTvwh8x4LMe24lROW/LGWDRAyhaI8qDxxlitm0DPxU8p4iQoDQi3Z+oVKqsSwJ
+pd3MRlu+4QFrveExwxgdahXvnhYgFJw5qG/IDWbQM0+ism/yRiXaxFNMI/kXe8FG
++JKSyJzR/yXPqM9ootgIzWxjmV50c+4eyr97DvbwAQcmHi3Ao96p4XoxzKlYWwE9
+TA+s0NvmCgYxOdjLEClP8YVKbvSpFMi4dHMZId86xYioeFbr7XPp+2njr9oyZjpd
+Xa9Fy5UhwZZqCqh+nQk0m3XUC5pSu3ZrPLxNNQIDAQABAoIBAFKtZJgGsK6md4vq
+kyiYSufrcBLaaEQ/rkQtYCJKyC0NAlZKFLRy9oEpJbNLm4cQSkYPXn3Qunx5Jj2k
+2MYz+SgIDy7f7KHgr52Ew020dzNQ52JFvBgt6NTZaqL1TKOS1fcJSSNIvouTBerK
+NCSXHzfb4P+MfEVe/w1c4ilE+kH9SzdEo2jK/sRbzHIY8TX0JbmQ4SCLLayr22YG
+usIxtIYcWt3MMP/G2luRnYzzBCje5MXdpAhlHLi4TB6x4h5PmBKYc57uOVNngKLd
+YyrQKcszW4Nx5v0a4HG3A5EtUXNCco1+5asXOg2lYphQYVh2R+1wgu5WiDjDVu+6
+EYgjFSkCgYEA0NBk6FDoxE/4L/4iJ4zIhu9BptN8Je/uS5c6wRejNC/VqQyw7SHb
+hRFNrXPvq5Y+2bI/DxtdzZLKAMXOMjDjj0XEgfOIn2aveOo3uE7zf1i+njxwQhPu
+uSYA9AlBZiKGr2PCYSDPnViHOspVJjxRuAgyWM1Qf+CTC0D95aj0oz8CgYEAz5n4
+Cb3/WfUHxMJLljJ7PlVmlQpF5Hk3AOR9+vtqTtdxRjuxW6DH2uAHBDdC3OgppUN4
+CFj55kzc2HUuiHtmPtx8mK6G+otT7Lww+nLSFL4PvZ6CYxqcio5MPnoYd+pCxrXY
+JFo2W7e4FkBOxb5PF5So5plg+d0z/QiA7aFP1osCgYEAtgi1rwC5qkm8prn4tFm6
+hkcVCIXc+IWNS0Bu693bXKdGr7RsmIynff1zpf4ntYGpEMaeymClCY0ppDrMYlzU
+RBYiFNdlBvDRj6s/H+FTzHRk2DT/99rAhY9nzVY0OQFoQIXK8jlURGrkmI/CYy66
+XqBmo5t4zcHM7kaeEBOWEKkCgYAYnO6VaRtPNQfYwhhoFFAcUc+5t+AVeHGW/4AY
+M5qlAlIBu64JaQSI5KqwS0T4H+ZgG6Gti68FKPO+DhaYQ9kZdtam23pRVhd7J8y+
+xMI3h1kiaBqZWVxZ6QkNFzizbui/2mtn0/JB6YQ/zxwHwcpqx0tHG8Qtm5ZAV7PB
+eLCYhQKBgQDALJxU/6hMTdytEU5CLOBSMby45YD/RrfQrl2gl/vA0etPrto4RkVq
+UrkDO/9W4mZORClN3knxEFSTlYi8YOboxdlynpFfhcs82wFChs+Ydp1eEsVHAqtu
+T+uzn0sroycBiBfVB949LExnzGDFUkhG0i2c2InarQYLTsIyHCIDEA==
+-----END RSA PRIVATE KEY-----