move rust crates to chromium_crate_io

[bridiver]

Resolves brave/brave-browser#36271

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[rillian]

As usual, it would help future archaeologists if you included an overview of the change and its motivation in the commit message and/or PR desecription. From a brief look at the code it seems like:

• Upstream chromium has changed the way they're vendoring third-party crates to use more of cargo's capabilities.
• Instead of third_party/rust/crate_name/vX_Y/crate the third party source is in third_party/rust/chromium_crates_io/vendor/crate-X.Y.Z. First party metadata and build description for gn remain in the old location with the third party source referenced from there.

The indent change on line 161 of script/brave_license_helper.py seems spurious (.vscode comment).

I noticed the adblock version numbers don't all match, but that's true of the main branch as well. Looks like things have been moved into //brave/third_party/rust/chromium_crates_io/vendor/ rather than these being fresh copies from crates.io?

Splitting the source changes and file moves into separate commits might help the github review interface not fall over. :(

[bridiver]

The indent change on line 161 of script/brave_license_helper.py seems spurious (.vscode comment).

clang format applies to the whole file

[bridiver]

I noticed the adblock version numbers don't all match, but that's true of the main branch as well. Looks like things have been moved into //brave/third_party/rust/chromium_crates_io/vendor/ rather than these being fresh copies from crates.io?

This is definitely a fresh download from crates.io, although 3 days ago that may not have been the case

[bridiver]

As usual, it would help future archaeologists if you included an overview of the change and its motivation in the commit message and/or PR desecription. From a brief look at the code it seems like:

I intend to squash the commits

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[rillian]

I think this can just exclude //brave/third_party/rust/chromium_crates_io/vendor.

[bridiver]

please see the comment explaining why the entire directory is excluded

[rillian]

I read the comment, but I couldn't reproduce the errors. I suppose it doesn't matter much, but the narrower scope seemed a safer hack.

[bridiver]

I can try it again, but it failed with a very strange error before

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[rillian]

NB you can address the audit failure by applying this patch to lol_html-0.3.1.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[bridiver]

double-checked this removal and it appears to be correct. This appears to only be enabled on v4

[rillian]

Is removing Andrius' email here a bug?

[bridiver]

seems like maybe a gnrt bug? This was auto-generated

[rillian]

Works for me. We have some nits, and should figure out how to manage the cargo vet config four our own purposes, but I'd prefer to see that in a followup, since this will unblock other contributions involving rust code.

@fmarier are you ok with the license helper exemption until we can figure out how to tell it where the actual license files are?

[fmarier]

Licensing exception is okay, but it needs a follow-up issue to be filed so that we don't forget to figure out how to do this properly once the dust has settled.

[bridiver]

linux arm64 failure is unrelated to this PR. See #21443

[yrliou]

wallet++

[bridiver]

at least some of these patches can go to upstream, we'll figure out the details in a follow-up

[mkarolin]

patches and DEPS ++

[bridiver]

There are no substantive changes here for p3a so I'm going to go ahead and merge