near · ppca · Jul 22, 2024 · Jul 19, 2024 · Jul 22, 2024 · Jul 22, 2024
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -77,10 +77,10 @@ jobs:
       - name: Run Audit (FastAuth)
         working-directory: integration-tests/fastauth
         run: |
-          cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0019 --ignore RUSTSEC-2024-0344
+          cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0019 --ignore RUSTSEC-2024-0344 --ignore RUSTSEC-2024-0357
       - name: Run Audit (Chain Signatures)
         # even if previous audit step fails, run this audit step to ensure all crates are audited
         if: always()
         working-directory: integration-tests/chain-signatures
         run: |
-          cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0019 --ignore RUSTSEC-2024-0344 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2024-0346 --ignore RUSTSEC-2024-0347
+          cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0019 --ignore RUSTSEC-2024-0344 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2024-0346 --ignore RUSTSEC-2024-0347 --ignore RUSTSEC-2024-0357
diff --git a/chain-signatures/Cargo.lock b/chain-signatures/Cargo.lock
diff --git a/chain-signatures/node/src/gcp/mod.rs b/chain-signatures/node/src/gcp/mod.rs
@@ -342,15 +342,15 @@ impl GcpService {
     ) -> anyhow::Result<Self> {
         let project_id = storage_options.gcp_project_id.clone();
         let secret_manager;
-        let client = hyper::Client::builder().build(
-            hyper_rustls::HttpsConnectorBuilder::new()
-                .with_native_roots()
-                .https_or_http()
-                .enable_http1()
-                .enable_http2()
-                .build(),
-        );
         let datastore = if let Some(gcp_datastore_url) = storage_options.gcp_datastore_url.clone() {
+            let client = hyper::Client::builder().build(
+                hyper_rustls::HttpsConnectorBuilder::new()
+                    .with_native_roots()
+                    .https_or_http()
+                    .enable_http1()
+                    .enable_http2()
+                    .build(),
+            );
             // Assuming custom GCP URL points to an emulator, so the token does not matter
             let authenticator = AccessTokenAuthenticator::builder("TOKEN".to_string())
                 .build()
@@ -361,6 +361,15 @@ impl GcpService {
             datastore.root_url(gcp_datastore_url);
             datastore
         } else {
+            // restring client to use https in production
+            let client = hyper::Client::builder().build(
+                hyper_rustls::HttpsConnectorBuilder::new()
+                    .with_native_roots()
+                    .https_only()
+                    .enable_http1()
+                    .enable_http2()
+                    .build(),
+            );
             let opts = ApplicationDefaultCredentialsFlowOpts::default();
             let authenticator = match ApplicationDefaultCredentialsAuthenticator::builder(opts)
                 .await