Merge pull request #1195 from iced-rs/fix/vulnerabilities

Fix `cargo-audit` vulnerabilities

.github/workflows/audit.yml

@@ -0,0 +1,16 @@
+name: Audit
+on: [push]
+jobs:
+  dependencies:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: hecrj/setup-rust-action@v1
+    - name: Install cargo-audit
+      run: cargo install cargo-audit
+    - uses: actions/checkout@master
+    - name: Manually update `nix` crates # See https://github.com/nix-rust/nix/issues/1627
+      run: |
+        cargo update --package nix:0.20.0 --precise 0.20.2
+        cargo update --package nix:0.22.0 --precise 0.22.2
+    - name: Audit dependencies
+      run: cargo audit

Cargo.toml

@@ -38,8 +38,6 @@ glow_default_system_font = ["iced_glow/default_system_font"]
 debug = ["iced_winit/debug"]
 # Enables `tokio` as the `executor::Default` on native platforms
 tokio = ["iced_futures/tokio"]
-# Enables old `tokio` (0.2) as the `executor::Default` on native platforms
-tokio_old = ["iced_futures/tokio_old"]
 # Enables `async-std` as the `executor::Default` on native platforms
 async-std = ["iced_futures/async-std"]
 # Enables `smol` as the `executor::Default` on native platforms

core/Cargo.toml

@@ -11,5 +11,5 @@ repository = "https://github.com/iced-rs/iced"
 bitflags = "1.2"
 
 [dependencies.palette]
-version = "0.5.0"
+version = "0.5"
 optional = true

examples/clock/Cargo.toml

@@ -7,4 +7,4 @@ publish = false
 
 [dependencies]
 iced = { path = "../..", features = ["canvas", "tokio", "debug"] }
-chrono = "0.4"
+time = { version = "0.3.5", features = ["local-offset"] }

examples/clock/src/main.rs

@@ -1,7 +1,7 @@
 use iced::{
     canvas::{self, Cache, Canvas, Cursor, Geometry, LineCap, Path, Stroke},
-    executor, time, Application, Color, Command, Container, Element, Length,
-    Point, Rectangle, Settings, Subscription, Vector,
+    executor, Application, Color, Command, Container, Element, Length, Point,
+    Rectangle, Settings, Subscription, Vector,
 };
 
 pub fn main() -> iced::Result {
@@ -12,13 +12,13 @@ pub fn main() -> iced::Result {
 }
 
 struct Clock {
-    now: chrono::DateTime<chrono::Local>,
+    now: time::OffsetDateTime,
     clock: Cache,
 }
 
 #[derive(Debug, Clone, Copy)]
 enum Message {
-    Tick(chrono::DateTime<chrono::Local>),
+    Tick(time::OffsetDateTime),
 }
 
 impl Application for Clock {
@@ -29,7 +29,8 @@ impl Application for Clock {
     fn new(_flags: ()) -> (Self, Command<Message>) {
         (
             Clock {
-                now: chrono::Local::now(),
+                now: time::OffsetDateTime::now_local()
+                    .unwrap_or_else(|_| time::OffsetDateTime::now_utc()),
                 clock: Default::default(),
             },
             Command::none(),
@@ -56,8 +57,12 @@ impl Application for Clock {
     }
 
     fn subscription(&self) -> Subscription<Message> {
-        time::every(std::time::Duration::from_millis(500))
-            .map(|_| Message::Tick(chrono::Local::now()))
+        iced::time::every(std::time::Duration::from_millis(500)).map(|_| {
+            Message::Tick(
+                time::OffsetDateTime::now_local()
+                    .unwrap_or_else(|_| time::OffsetDateTime::now_utc()),
+            )
+        })
     }
 
     fn view(&mut self) -> Element<Message> {
@@ -77,8 +82,6 @@ impl Application for Clock {
 
 impl canvas::Program<Message> for Clock {
     fn draw(&self, bounds: Rectangle, _cursor: Cursor) -> Vec<Geometry> {
-        use chrono::Timelike;
-
         let clock = self.clock.draw(bounds.size(), |frame| {
             let center = frame.center();
             let radius = frame.width().min(frame.height()) / 2.0;
@@ -126,7 +129,7 @@ impl canvas::Program<Message> for Clock {
     }
 }
 
-fn hand_rotation(n: u32, total: u32) -> f32 {
+fn hand_rotation(n: u8, total: u8) -> f32 {
     let turns = n as f32 / total as f32;
 
     2.0 * std::f32::consts::PI * turns

examples/download_progress/Cargo.toml

@@ -9,4 +9,8 @@ publish = false
 iced = { path = "../..", features = ["tokio"] }
 iced_native = { path = "../../native" }
 iced_futures = { path = "../../futures" }
-reqwest = "0.11"
+
+[dependencies.reqwest]
+version = "0.11"
+default-features = false
+features = ["rustls-tls"]

examples/pokedex/Cargo.toml

@@ -6,16 +6,17 @@ edition = "2018"
 publish = false
 
 [dependencies]
-iced = { path = "../..", features = ["image", "debug", "tokio_old"] }
+iced = { path = "../..", features = ["image", "debug", "tokio"] }
 serde_json = "1.0"
 
 [dependencies.serde]
 version = "1.0"
 features = ["derive"]
 
 [dependencies.reqwest]
-version = "0.10.2"
-features = ["json"]
+version = "0.11"
+default-features = false
+features = ["json", "rustls-tls"]
 
 [dependencies.rand]
 version = "0.7"

futures/Cargo.toml

@@ -19,12 +19,6 @@ log = "0.4"
 [dependencies.futures]
 version = "0.3"
 
-[target.'cfg(not(target_arch = "wasm32"))'.dependencies.tokio_old]
-package = "tokio"
-version = "0.2"
-optional = true
-features = ["rt-core", "rt-threaded", "time", "stream"]
-
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies.tokio]
 package = "tokio"
 version = "1.0"

futures/src/executor.rs

@@ -7,9 +7,6 @@ mod thread_pool;
 #[cfg(all(not(target_arch = "wasm32"), feature = "tokio"))]
 mod tokio;
 
-#[cfg(all(not(target_arch = "wasm32"), feature = "tokio_old"))]
-mod tokio_old;
-
 #[cfg(all(not(target_arch = "wasm32"), feature = "async-std"))]
 mod async_std;
 
@@ -27,9 +24,6 @@ pub use thread_pool::ThreadPool;
 #[cfg(all(not(target_arch = "wasm32"), feature = "tokio"))]
 pub use self::tokio::Tokio;
 
-#[cfg(all(not(target_arch = "wasm32"), feature = "tokio_old"))]
-pub use self::tokio_old::TokioOld;
-
 #[cfg(all(not(target_arch = "wasm32"), feature = "async-std"))]
 pub use self::async_std::AsyncStd;
 

futures/src/lib.rs

@@ -20,12 +20,7 @@ pub mod executor;
 pub mod subscription;
 
 #[cfg(all(
-    any(
-        feature = "tokio",
-        feature = "tokio_old",
-        feature = "async-std",
-        feature = "smol"
-    ),
+    any(feature = "tokio", feature = "async-std", feature = "smol"),
     not(target_arch = "wasm32")
 ))]
 #[cfg_attr(

futures/src/time.rs

@@ -14,7 +14,7 @@ pub fn every<H: std::hash::Hasher, E>(
 struct Every(std::time::Duration);
 
 #[cfg(all(
-    not(any(feature = "tokio_old", feature = "tokio", feature = "async-std")),
+    not(any(feature = "tokio", feature = "async-std")),
     feature = "smol"
 ))]
 impl<H, E> subscription::Recipe<H, E> for Every
@@ -67,7 +67,7 @@ where
 }
 
 #[cfg(all(
-    any(feature = "tokio", feature = "tokio_old"),
+    feature = "tokio",
     not(any(feature = "async-std", feature = "smol"))
 ))]
 impl<H, E> subscription::Recipe<H, E> for Every
@@ -89,23 +89,15 @@ where
     ) -> futures::stream::BoxStream<'static, Self::Output> {
         use futures::stream::StreamExt;
 
-        #[cfg(feature = "tokio_old")]
-        use tokio_old as tokio;
-
         let start = tokio::time::Instant::now() + self.0;
 
         let stream = {
-            #[cfg(feature = "tokio")]
-            {
-                futures::stream::unfold(
-                    tokio::time::interval_at(start, self.0),
-                    |mut interval| async move {
-                        Some((interval.tick().await, interval))
-                    },
-                )
-            }
-            #[cfg(feature = "tokio_old")]
-            tokio::time::interval_at(start, self.0)
+            futures::stream::unfold(
+                tokio::time::interval_at(start, self.0),
+                |mut interval| async move {
+                    Some((interval.tick().await, interval))
+                },
+            )
         };
 
         stream.map(tokio::time::Instant::into_std).boxed()

src/executor.rs

@@ -7,30 +7,19 @@ pub use platform::Default;
 mod platform {
     use iced_futures::{executor, futures};
 
-    #[cfg(feature = "tokio_old")]
-    type Executor = executor::TokioOld;
-
-    #[cfg(all(feature = "tokio", not(feature = "tokio_old")))]
+    #[cfg(feature = "tokio")]
     type Executor = executor::Tokio;
 
-    #[cfg(all(
-        feature = "async-std",
-        not(any(feature = "tokio_old", feature = "tokio")),
-    ))]
+    #[cfg(all(feature = "async-std", not(feature = "tokio"),))]
     type Executor = executor::AsyncStd;
 
     #[cfg(all(
         feature = "smol",
-        not(any(
-            feature = "tokio_old",
-            feature = "tokio",
-            feature = "async-std"
-        )),
+        not(any(feature = "tokio", feature = "async-std")),
     ))]
     type Executor = executor::Smol;
 
     #[cfg(not(any(
-        feature = "tokio_old",
         feature = "tokio",
         feature = "async-std",
         feature = "smol",

src/lib.rs

@@ -195,19 +195,13 @@ pub mod widget;
 pub mod window;
 
 #[cfg(all(
-    any(
-        feature = "tokio",
-        feature = "tokio_old",
-        feature = "async-std",
-        feature = "smol"
-    ),
+    any(feature = "tokio", feature = "async-std", feature = "smol"),
     not(target_arch = "wasm32")
 ))]
 #[cfg_attr(
     docsrs,
     doc(cfg(any(
         feature = "tokio",
-        feature = "tokio_old",
         feature = "async-std"
         feature = "smol"
     )))