Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Bump secrecy from 0.6.0 to 0.7.0 #7568

Merged
merged 2 commits into from
Nov 22, 2020
Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 20, 2020

Bumps secrecy from 0.6.0 to 0.7.0.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added A2-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. labels Nov 20, 2020
@github-actions github-actions bot added the A0-please_review Pull request needs code review. label Nov 20, 2020
@tomaka tomaka requested a review from cecton November 20, 2020 14:08
@tomaka
Copy link
Contributor

tomaka commented Nov 20, 2020

Pushed a commit that fixes the compilation errors.
I don't understand why we called SecretString::from_str(password) then zero-ed password, when SecretString::new already takes ownership of the password.

Note that to me there is potentially an unsafety when calling read_to_string, as the underlying implementation might re-allocate the String and not zero the partially-read password.

@cheme
Copy link
Contributor

cheme commented Nov 20, 2020

I don't understand why we called SecretString::from_str(password) then zero-ed password, when SecretString::new already takes ownership of the password.

Not useful indeed.

Copy link
Contributor

@cheme cheme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cecton
Copy link
Contributor

cecton commented Nov 20, 2020

Pushed a commit that fixes the compilation errors.
I don't understand why we called SecretString::from_str(password) then zero-ed password, when SecretString::new already takes ownership of the password.

I think you're right on that. Zeroing is not needed if we move the value to a Secret.

Note that to me there is potentially an unsafety when calling read_to_string, as the underlying implementation might re-allocate the String and not zero the partially-read password.

It must be a very very long password to exceed a single read right? 😁 In doubt, I asked.

@wheresaddie wheresaddie self-requested a review November 22, 2020 08:28
@bkchr bkchr merged commit 24eec92 into master Nov 22, 2020
@bkchr bkchr deleted the dependabot/cargo/secrecy-0.7.0 branch November 22, 2020 11:57
clearloop added a commit to patractlabs/substrate that referenced this pull request Nov 25, 2020
* make ClientConfig public (paritytech#7544)

* sc-basic-authorship: remove useless dependencies (paritytech#7550)

Signed-off-by: koushiro <[email protected]>

* Add slashing events to elections-phragmen. (paritytech#7543)

* Add slashing events to elections-phragmen.

* Fix build

* Apply suggestions from code review

* Update frame/elections-phragmen/src/lib.rs

* Update frame/elections-phragmen/src/lib.rs

Co-authored-by: Guillaume Thiolliere <[email protected]>

Co-authored-by: Guillaume Thiolliere <[email protected]>

* Remove necessity to pass ConsensusEngineId when registering notifications protocol (paritytech#7549)

* Remove necessity to pass ConsensusEngineId when registering notifications protocol

* Line width

* Fix tests protocol name

* Other renames

* Doc update

* Change issue in TODO

* sc-cli: replace bip39 with tiny-bip39 (paritytech#7551)

Signed-off-by: koushiro <[email protected]>

* Add extra docs to on_initialize (paritytech#7552)

* Add some extra on_initialize docs.

* Address review comments.

* More Extensible Multiaddress Format (paritytech#7380)

* More extensible multiaddress format

* update name

* Don't depend on indices to define multiaddress type

* Use MultiAddress in Node Template too!

* reduce traits, fix build

* support multiple `StaticLookup`

* bump tx version

* feedback

* Fix weight template to remove ugliness in rust doc (paritytech#7565)

fixed weight template

* Cargo.lock: Run cargo update (paritytech#7553)

* Cargo.lock: Run cargo update

* Cargo.lock: Downgrade cc to v1.0.62

* Cargo.lock: Revert wasm-* updates

* .github: Add dependabot config and thus enable dependabot (paritytech#7509)

* .github: Add dependabot config and thus enable dependabot

* Update .github/dependabot.yml

Co-authored-by: Pierre Krieger <[email protected]>

Co-authored-by: Pierre Krieger <[email protected]>

* Thread-local parameter_types for testing. (paritytech#7542)

* Thread-local parameter_types for testing.

* Better docs.

* Some minors

* Merge'em

* Update frame/support/src/lib.rs

Co-authored-by: Bastian Köcher <[email protected]>

* Align more to basti's trick

* Update frame/support/src/lib.rs

* Update frame/support/src/lib.rs

Co-authored-by: Bastian Köcher <[email protected]>
Co-authored-by: Bastian Köcher <[email protected]>

* Bump wasm-bindgen-test from 0.3.12 to 0.3.17 (paritytech#7567)

* Bump wasm-bindgen-test from 0.3.12 to 0.3.17

Bumps [wasm-bindgen-test](https://github.com/rustwasm/wasm-bindgen) from 0.3.12 to 0.3.17.
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Signed-off-by: dependabot[bot] <[email protected]>

* Update wasm-bindgen pin to 0.2.68

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pierre Krieger <[email protected]>

* pallet-evm: move to Frontier (Part IV) (paritytech#7573)

* Bump secrecy from 0.6.0 to 0.7.0 (paritytech#7568)

* Bump secrecy from 0.6.0 to 0.7.0

Bumps [secrecy](https://github.com/iqlusioninc/crates) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/iqlusioninc/crates/releases)
- [Commits](iqlusioninc/crates@secrecy/v0.6.0...secrecy/v0.7.0)

Signed-off-by: dependabot[bot] <[email protected]>

* Fix compilation errors

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pierre Krieger <[email protected]>

* Bump wasm-bindgen-futures from 0.4.17 to 0.4.18 (paritytech#7572)

Bumps [wasm-bindgen-futures](https://github.com/rustwasm/wasm-bindgen) from 0.4.17 to 0.4.18.
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump lru from 0.4.3 to 0.6.1 (paritytech#7577)

Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.4.3 to 0.6.1.
- [Release notes](https://github.com/jeromefroe/lru-rs/releases)
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](jeromefroe/lru-rs@0.4.3...0.6.1)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wasm-bindgen-test from 0.3.17 to 0.3.18 (paritytech#7579)

Bumps [wasm-bindgen-test](https://github.com/rustwasm/wasm-bindgen) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wasm-timer from 0.2.4 to 0.2.5 (paritytech#7578)

Bumps [wasm-timer](https://github.com/tomaka/wasm-timer) from 0.2.4 to 0.2.5.
- [Release notes](https://github.com/tomaka/wasm-timer/releases)
- [Commits](https://github.com/tomaka/wasm-timer/commits)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* grandpa: remove light-client specific block import pipeline (paritytech#7546)

* grandpa: remove light-client specific block import

* consensus, network: remove finality proofs

* client/authority-discovery: Publish and query on exponential interval (paritytech#7545)

* client/authority-discovery: Publish and query on exponential interval

When a node starts up publishing and querying might fail due to various
reasons, for example due to being not yet fully bootstrapped on the DHT.
Thus one should retry rather sooner than later. On the other hand, a
long running node is likely well connected and thus timely retries are
not needed. For this reasoning use an exponentially increasing interval
for `publish_interval`, `query_interval` and
`priority_group_set_interval` instead of a constant interval.

* client/authority-discovery/src/interval.rs: Add license header

* .maintain/gitlab: Ensure adder collator tests are run on CI

* sc-network: update some dependencies (paritytech#7582)

Signed-off-by: koushiro <[email protected]>

* Bump linregress and do some other cleanups (paritytech#7580)

* Wasm-builder 3.0 (paritytech#7532)

* Build every wasm crate in its own project with wasm-builder

Building all wasm crates in one workspace was a nice idea, however it
just introduced problems:

1. We needed to prune old members, but this didn't worked for old git
deps.
2. We locked the whole wasm workspace while building one crate. This
could lead to infinitely locking the workspace on a crash.

Now we just build every crate in its own project, this means we will
build the dependencies multiple times. While building the dependencies
multiple times, we still decrease the build time by around 30 seconds
for Polkadot and Substrate because of the new parallelism ;)

* Remove the requirement on wasm-builder-runner

This removes the requirement on wasm-builder-runner by using the new
`build_dep` feature of cargo. We use nightly anyway and that enables us
to use this feature. This solves the problem of not mixing
build/proc-macro deps with normal deps. By doing this we get rid off
this complicated project structure and can depend directly on
`wasm-builder`. This also removes all the code from wasm-builder-runner
and mentions that it is deprecated.

* Copy the `Cargo.lock` to the correct folder

* Remove wasm-builder-runner

* Update docs

* Fix deterministic check

Modified-by: Bastian Köcher <[email protected]>

* Try to make the ui test happy

* Switch to `SKIP_WASM_BUILD`

* Rename `SKIP_WASM_BINARY` to the correct name...

* Update utils/wasm-builder/src/builder.rs

Co-authored-by: André Silva <[email protected]>

* Update utils/wasm-builder/src/builder.rs

Co-authored-by: André Silva <[email protected]>

Co-authored-by: André Silva <[email protected]>

* Bump tracing from 0.1.21 to 0.1.22 (paritytech#7589)

Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.21 to 0.1.22.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](tokio-rs/tracing@tracing-0.1.21...tracing-0.1.22)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* contracts: Add `salt` argument to contract instantiation (paritytech#7482)

* pallet-contracts: Fix seal_restore_to to output proper module errors

Those errors where part of the decl_error for some time but where
never actually returned. This allows proper debugging of failed
restorations. Previously, any error did return the misleading
`ContractTrapped`.

* Bind UncheckedFrom<T::Hash> + AsRef<[u8]> everywhere

This allows us to make assumptions about the AccoutId
that are necessary for testing and in order to benchmark
the module properly.

This also groups free standing functions into inherent functions
in order to minimize the places where the new bounds need to
be specified.

* Rework contract address determination

* Do not allow override by runtime author
* Instantiate gained a new parameter "salt"

This change is done now in expecation of the upcoming code rent
which needs to change the instantiation dispatchable and
host function anyways.

The situation in where we have only something that is like CREATE2
makes it impossible for UIs to help the user to create an arbitrary
amount of instantiations from the same code.

With this change we have the same functionality as ethereum with
a CREATE and CREATE2 instantation semantic.

* Remove TrieIdGenerator

The new trait bounds allows us to remove this workaround
from the configuration trait.

* Remove default parameters for config trait

It should be solely the responsiblity to determine proper values for
these parameter. As a matter of fact most runtime weren't using these
values anyways.

* Fix tests for new account id type

Because of the new bounds on the trait tests can't get away by using
u64 as accound id. Replacing the 8 byte value by a 32 byte value
creates out quite a bit of code churn.

* Fix benchmarks

The benchmarks need adaption to the new instantiate semantics.

* Fix compile errors caused by adding new trait bounds
* Fix compile errors caused by renaming storage and rent functions
* Adapt host functions and dispatchables to the new salt
* Add tests for instantiate host functions (was not possible before)

* Add benchmark results

* Adapt to the new WeightInfo

The new benchmarks add a new parameter for salt "s" to the instantiate weights
that needs to be applied.

* Fix deploying_wasm_contract_should_work integration test

This test is adapted to use the new instantiate signature.

* Break overlong line

* Break more long lines

Co-authored-by: Parity Benchmarking Bot <[email protected]>

* */Cargo.toml: Remove unused dependencies (paritytech#7590)

* */Cargo.toml: Remove unused dependencies

Using cargo-udeps to detect unused dependencies.

* client/network/Cargo: Revert dependency removal

* Cargo.lock: Update

Co-authored-by: Andrew Plaza <[email protected]>
Co-authored-by: Qinxuan Chen <[email protected]>
Co-authored-by: Kian Paimani <[email protected]>
Co-authored-by: Guillaume Thiolliere <[email protected]>
Co-authored-by: Pierre Krieger <[email protected]>
Co-authored-by: Tomasz Drwięga <[email protected]>
Co-authored-by: Shawn Tabrizi <[email protected]>
Co-authored-by: Alexander Theißen <[email protected]>
Co-authored-by: Max Inden <[email protected]>
Co-authored-by: Bastian Köcher <[email protected]>
Co-authored-by: Bastian Köcher <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wei Tang <[email protected]>
Co-authored-by: André Silva <[email protected]>
Co-authored-by: Parity Benchmarking Bot <[email protected]>
darkfriend77 pushed a commit to mogwaicoin/substrate that referenced this pull request Jan 11, 2021
* Bump secrecy from 0.6.0 to 0.7.0

Bumps [secrecy](https://github.com/iqlusioninc/crates) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/iqlusioninc/crates/releases)
- [Commits](iqlusioninc/crates@secrecy/v0.6.0...secrecy/v0.7.0)

Signed-off-by: dependabot[bot] <[email protected]>

* Fix compilation errors

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pierre Krieger <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
A0-please_review Pull request needs code review. A2-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants