Fix usage of vulnerable webpki dependency (#193)

RAnders00 · web-flow · commit a8eb9e5f987b · 2023-08-29T22:31:47.000+02:00
Fixes #192
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,16 @@
+name: Audit Rust dependencies
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '30 3 * * *' # At 3:30 every day
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@ Version numbers follow [Semantic Versioning](https://semver.org/).
 ## Unreleased
 
 - Minor: Removed unused features from the `chrono` dependency (#185)
+- Bugfix: Upgraded dependencies to eliminate vulnerability in the `webpki` crate. (#193)
 
 ## v5.0.0
 
diff --git a/Cargo.toml b/Cargo.toml
@@ -27,7 +27,7 @@ no-default-features = true
 
 [dependencies]
 async-trait = "0.1"
-async-tungstenite = { version = "0.17", features = ["tokio-runtime"], optional = true }
+async-tungstenite = { version = "0.23", features = ["tokio-runtime"], optional = true }
 bytes = { version = "1", optional = true }
 chrono = { version = "0.4", default-features = false }
 either = "1"
@@ -41,11 +41,11 @@ smallvec = "1"
 thiserror = "1"
 tokio = { version = "1", features = ["rt", "time", "sync", "macros"] }
 tokio-native-tls = { version = "0.3", optional = true }
-tokio-rustls = { version = "0.23", optional = true }
+tokio-rustls = { version = "0.24", optional = true }
 tokio-stream = { version = "0.1", features = ["io-util"], optional = true }
 tokio-util = { version = "0.7", features = ["codec"], optional = true }
 tracing = "0.1"
-webpki-roots = { version = "0.22", optional = true }
+webpki-roots = { version = "0.25", optional = true }
 
 [dev-dependencies]
 maplit = "1"
diff --git a/src/transport/tcp.rs b/src/transport/tcp.rs
@@ -108,7 +108,7 @@ impl MakeConnection for TLS {
         let mut root_store = RootCertStore::empty();
 
         #[cfg(feature = "transport-tcp-rustls-webpki-roots")]
-        root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
+        root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
             tokio_rustls::rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
                 ta.subject,
                 ta.spki,
