chore: version update to resolve sec issue

2025-04-19 03:24:42 -04:00 · 2024-12-20 09:37:25 +08:00 · 2024-12-20 09:37:25 +08:00 · 6f98894c6f
commit 6f98894c6f
parent 1f83e48362
15 changed files with 269 additions and 292 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -90,7 +90,7 @@ async-trait.workspace = true
 prometheus-client.workspace = true
 itertools = "0.11"
 uuid.workspace = true
-tokio-tungstenite = { version = "0.20.1", features = ["native-tls"] }
+tokio-tungstenite = { version = "0.26.1", features = ["native-tls"] }
 dotenvy.workspace = true
 url = "2.5.0"
 brotli.workspace = true
@ -155,7 +155,7 @@ console-subscriber = { version = "0.4.1", optional = true }
 base64.workspace = true
 md5.workspace = true
 nanoid = "0.4.0"
-http = "0.2.12"
+http.workspace = true

 [dev-dependencies]
 once_cell = "1.19.0"
@ -268,7 +268,7 @@ sqlx = { version = "0.8.1", default-features = false }
 dashmap = "5.5.3"
 futures = "0.3.30"
 async-stream = "0.3.5"
-reqwest = "0.11.27"
+reqwest = "0.12.9"
 lazy_static = "1.4.0"
 tonic = "0.12.3"
 prost = "0.13.3"
@ -287,6 +287,8 @@ chrono = { version = "0.4.39", features = [
  "serde",
  "clock",
 ], default-features = false }
+http = "0.2.12"
+tokio-tungstenite = "0.20"

 # collaboration
 yrs = { version = "0.21.3", features = ["sync"] }
--- a/admin_frontend/Cargo.toml
+++ b/admin_frontend/Cargo.toml
@ -26,7 +26,7 @@ redis = { version = "0.25.2", features = [
 ] }
 uuid = { workspace = true, features = ["v4"] }
 dotenvy = "0.15"
-reqwest = "0.11.27"
+reqwest.workspace = true
 tower-service = "0.3"
 tower-http = { version = "0.5", features = ["fs"] }
 tower = "0.4"
--- a/libs/appflowy-ai-client/Cargo.toml
+++ b/libs/appflowy-ai-client/Cargo.toml
@ -6,7 +6,7 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [dependencies]
-reqwest = { version = "0.12", features = [
+reqwest = { workspace = true, features = [
  "json",
  "rustls-tls",
  "cookies",
--- a/libs/client-api/Cargo.toml
+++ b/libs/client-api/Cargo.toml
@ -30,7 +30,7 @@ chrono = "0.4"
 client-websocket = { workspace = true, features = ["native-tls"] }
 semver = "1.0.22"
 zstd = { version = "0.13.2" }
-
+tokio-tungstenite.workspace = true

 collab = { workspace = true, optional = true }
 yrs = { workspace = true, optional = true }
--- a/libs/client-api/src/retry.rs
+++ b/libs/client-api/src/retry.rs
@ -7,13 +7,13 @@ use app_error::gotrue::GoTrueError;
 use client_websocket::{connect_async, WebSocketStream};
 use gotrue::grant::{Grant, RefreshTokenGrant};
 use parking_lot::RwLock;
-use reqwest::header::HeaderMap;
 use std::future::Future;
 use std::pin::Pin;
 use std::sync::{Arc, Weak};
 use std::time::Duration;
 use tokio_retry::strategy::FixedInterval;
 use tokio_retry::{Action, Condition, RetryIf};
+use tokio_tungstenite::tungstenite::http::HeaderMap;
 use tracing::{debug, info, trace};

 pub(crate) struct RefreshTokenAction {
--- a/libs/client-api/src/ws/client.rs
+++ b/libs/client-api/src/ws/client.rs
@ -7,11 +7,13 @@ use std::time::Duration;
 use futures_util::stream::{SplitSink, SplitStream};
 use futures_util::{SinkExt, StreamExt};
 use parking_lot::RwLock;
-use reqwest::header::{HeaderMap, HeaderValue, AUTHORIZATION};
+// use reqwest::header::{HeaderMap, HeaderValue, AUTHORIZATION};
 use semver::Version;
 use tokio::sync::broadcast::{channel, Receiver, Sender};
 use tokio::sync::oneshot;
 use tokio::sync::Mutex;
+use tokio_tungstenite::tungstenite::http::header::AUTHORIZATION;
+use tokio_tungstenite::tungstenite::http::{HeaderMap, HeaderValue};
 use tracing::{error, info, trace, warn};

 use crate::ping::ServerFixIntervalPing;
@ -493,7 +495,7 @@ impl Display for ConnectInfo {
 }

 impl From<ConnectInfo> for HeaderMap {
-  fn from(info: ConnectInfo) -> Self {
+  fn from(info: ConnectInfo) -> HeaderMap {
    let mut headers = HeaderMap::new();
    headers.insert(
      "device-id",
--- a/libs/client-api/src/ws/error.rs
+++ b/libs/client-api/src/ws/error.rs
@ -36,7 +36,7 @@ impl From<Error> for WSError {
      Error::Protocol(ProtocolError::SendAfterClosing) => WSError::Close(value.to_string()),
      Error::Http(resp) => {
        let status = resp.status();
-        if status == StatusCode::UNAUTHORIZED || status == StatusCode::NOT_FOUND {
+        if status == StatusCode::UNAUTHORIZED.as_u16() || status == StatusCode::NOT_FOUND.as_u16() {
          WSError::AuthError("Unauthorized websocket connection".to_string())
        } else {
          WSError::TungsteniteError(value)
--- a/libs/client-websocket/Cargo.toml
+++ b/libs/client-websocket/Cargo.toml
@ -19,7 +19,6 @@ __rustls-tls = []

 [dependencies]
 thiserror = "1"
-http = "0.2"
 httparse = "1.8"
 futures-util = { version = "0.3", default-features = false, features = [
  "sink",
@ -27,7 +26,7 @@ futures-util = { version = "0.3", default-features = false, features = [
 ] }

 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
-tokio-tungstenite = "0.20"
+tokio-tungstenite.workspace = true
 tokio = { workspace = true, features = ["net"] }

 [target.'cfg(target_arch = "wasm32")'.dependencies]
--- a/libs/client-websocket/src/error.rs
+++ b/libs/client-websocket/src/error.rs
@ -1,6 +1,7 @@
 use http::{header::HeaderName, Response};
 use std::{io, result, str, string};
 use thiserror::Error;
+use tokio_tungstenite::tungstenite::http;

 /// These error types are copy-pasted from the tokio_tungstenite crate.
 pub type Result<T, E = Error> = result::Result<T, E>;
--- a/libs/client-websocket/src/lib.rs
+++ b/libs/client-websocket/src/lib.rs
@ -6,12 +6,12 @@ mod native;
 mod web;

 pub use error::{Error, ProtocolError, Result};
-use http::HeaderMap;
 pub use message::coding::*;
 pub use message::CloseFrame;
 pub use message::Message;
 #[cfg(not(target_arch = "wasm32"))]
 use native as ws;
+use tokio_tungstenite::tungstenite::http::HeaderMap;
 #[cfg(target_arch = "wasm32")]
 use web as ws;
 pub use ws::WebSocketStream;
--- a/libs/client-websocket/src/native.rs
+++ b/libs/client-websocket/src/native.rs
@ -1,8 +1,8 @@
 use futures_util::{Sink, Stream, StreamExt};
-use http::HeaderMap;
 use std::pin::Pin;
 use std::task::{Context, Poll};
 use tokio_tungstenite::tungstenite::client::IntoClientRequest;
+use tokio_tungstenite::tungstenite::http::HeaderMap;
 use tokio_tungstenite::{
  tungstenite::{
    error::*,
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.80.0"
+channel = "1.81.0"
--- a/services/appflowy-worker/Cargo.toml
+++ b/services/appflowy-worker/Cargo.toml
@ -61,5 +61,5 @@ mailer.workspace = true
 md5.workspace = true
 base64.workspace = true
 prometheus-client = "0.22.3"
-reqwest = "0.12.5"
+reqwest.workspace = true
 zstd.workspace = true
--- a/src/api/template.rs
+++ b/src/api/template.rs
@ -1,4 +1,5 @@
 use actix_multipart::form::{bytes::Bytes as MPBytes, MultipartForm};
+use actix_web::http::StatusCode;
 use actix_web::{
  web::{self, Data, Json},
  HttpResponse, Result, Scope,
@ -11,7 +12,6 @@ use database_entity::dto::{
  TemplateCreators, TemplateHomePage, TemplateHomePageQueryParams, TemplateWithPublishInfo,
  Templates, UpdateTemplateCategoryParams, UpdateTemplateCreatorParams, UpdateTemplateParams,
 };
-use reqwest::StatusCode;
 use shared_entity::response::{AppResponse, JsonAppResponse};
 use uuid::Uuid;