update tls-api to 0.8.0

and remove corresponding RUSTSEC from ignored list

Cargo.lock

@@ -1218,12 +1218,6 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
-[[package]]
-name = "fuchsia-cprng"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba"
-
 [[package]]
 name = "fuchsia-zircon"
 version = "0.3.3"
@@ -2379,19 +2373,6 @@ dependencies = [
  "proc-macro2",
 ]
 
-[[package]]
-name = "rand"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
-dependencies = [
- "fuchsia-cprng",
- "libc",
- "rand_core 0.3.1",
- "rdrand",
- "winapi 0.3.9",
-]
-
 [[package]]
 name = "rand"
 version = "0.7.3"
@@ -2436,21 +2417,6 @@ dependencies = [
  "rand_core 0.6.3",
 ]
 
-[[package]]
-name = "rand_core"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b"
-dependencies = [
- "rand_core 0.4.2",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc"
-
 [[package]]
 name = "rand_core"
 version = "0.5.1"
@@ -2478,15 +2444,6 @@ dependencies = [
  "rand_core 0.5.1",
 ]
 
-[[package]]
-name = "rdrand"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2"
-dependencies = [
- "rand_core 0.3.1",
-]
-
 [[package]]
 name = "redox_syscall"
 version = "0.2.13"
@@ -2981,16 +2938,6 @@ dependencies = [
  "unicode-xid",
 ]
 
-[[package]]
-name = "tempdir"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8"
-dependencies = [
- "rand 0.4.6",
- "remove_dir_all",
-]
-
 [[package]]
 name = "tempfile"
 version = "3.3.0"
@@ -3016,12 +2963,12 @@ dependencies = [
 
 [[package]]
 name = "test-cert-gen"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3208d0ae2e3736d4ac2f6ba2229c4d9bbd54080e228e662a7684eabcf13ff419"
+checksum = "3707ef7be06a3bca379fed2e472e6f06bb4a3b3715d5eb4039eaee186a37e98a"
 dependencies = [
  "pem",
- "tempdir",
+ "tempfile",
 ]
 
 [[package]]
@@ -3098,14 +3045,14 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
 
 [[package]]
 name = "tls-api"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7dded74ddc6d4a98f9f94f17f1c4d796e4af3cb5fba9e7655f157a036ee7de0"
+checksum = "0dadeb49014c6aa53335ea388f2661ec050774d63dbc264340c707c9bda5bd0f"
 dependencies = [
  "anyhow",
  "log",
  "pem",
- "tempdir",
+ "tempfile",
  "thiserror",
  "tokio",
  "void",
@@ -3114,9 +3061,9 @@ dependencies = [
 
 [[package]]
 name = "tls-api-native-tls"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c547db405b51a4e549f803c980572f3cb3957dff153b04e3e7aebb1fc5f249b4"
+checksum = "457be0f7a4699e91449a7d2dae0cbfe0ef799acc5bdbbb4a5316c4beed904f70"
 dependencies = [
  "anyhow",
  "native-tls",
@@ -3128,9 +3075,9 @@ dependencies = [
 
 [[package]]
 name = "tls-api-test"
-version = "0.7.0"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "344ab291be7ed9ab296fc28153fe3ac1e430f44c4dfb3f1324a3c09bbbb5f104"
+checksum = "c3f040610fa42a1214aff0b7d8f5c903c5eb390e81fff56992d4d85e62e46bdf"
 dependencies = [
  "anyhow",
  "env_logger",

crates/arti-hyper/Cargo.toml

@@ -38,8 +38,8 @@ tokio = { package = "tokio", version = "1.7", features = [
     "macros",
 ] }
 thiserror = "1"
-tls-api = { version = "0.7" }
+tls-api = { version = "0.8" }
-tls-api-native-tls = { version = "0.7.0" }
+tls-api-native-tls = { version = "0.8.0" }
 tor-error = { path = "../tor-error", version = "0.2.0" }
 tor-rtcompat = { path = "../tor-rtcompat", version = "0.2.0", features = ["tokio"] }
 

maint/cargo_audit

@@ -18,16 +18,16 @@ IGNORE=(
     # fixed in `notify` 5.0 however only pre-releases are available
     # for now.
     --ignore RUSTSEC-2020-0016
-    # This is not a vulnerability but an unmaintained warn for the
-    # `tempdir` crate. It's pulled by `tls-api` 0.7.0. As of now
-    # there is no available fix, but a patch was submitted upstream.
-    --ignore RUSTSEC-2018-0017
 )
 
 cargo audit -D warnings "${IGNORE[@]}"
 
 
 OBSOLETE_IGNORE=(
+    # This is not a vulnerability but an unmaintained warn for the
+    # `tempdir` crate. It was pulled by `tls-api` 0.7.0. `tls-api`
+    # 0.8.0 switched to tempfile instead.
+    --ignore RUSTSEC-2018-0017
     # This is a vulnerability in the `nix` crate caused by an
     # out-of-bounds write in `getgrouplist`.  We got our `nix`
     # dependency via `async-ctrlc`, which uses `ctrlc`, which uses