Update deps with minimal changes

Cargo.toml

@@ -27,7 +27,7 @@ debug = 1
 anyhow = "1.0.75"
 foundations = { version = "4.4.2", path = "./foundations" }
 foundations-macros = { version = "4.4.2", path = "./foundations-macros", default-features = false }
-bindgen = { version = "0.68.1", default-features = false }
+bindgen = { version = "0.71", default-features = false }
 cc = "1.0"
 cf-rustracing = "1.1"
 cf-rustracing-jaeger = "1.1"
@@ -57,7 +57,7 @@ socket2 = { version = "0.5.3", features = [ "all" ] }
 syn = "2"
 serde = "1"
 serde_path_to_error = "0.1.15"
-serde_yaml = "0.8.26"
+serde_yaml = "0.8"
 serde_with = "3.3.0"
 slab = "0.4.9"
 slog = "2.7"
@@ -67,9 +67,9 @@ slog-term = "2.4"
 tempfile = "3.7"
 tokio = "1.41.0"
 thread_local = "1.1"
-tikv-jemallocator = "0.5"
-tikv-jemalloc-ctl = "0.5"
-yaml-merge-keys = "0.5"
+tikv-jemallocator = "0.6"
+tikv-jemalloc-ctl = "0.6"
+yaml-merge-keys = { version = "0.5", features = ["serde_yaml"] }
 
 # needed for minver
 async-stream = "0.3.5"

deny.toml

@@ -1,15 +1,14 @@
 [advisories]
-vulnerability = "deny"
-unmaintained = "allow"
-notice = "allow"
-unsound = "deny"
-severity-threshold = "medium"
+unmaintained = "all"
 ignore = [
-    # No fix available, but only applies to Windows, hence not a problem for us.
-    "RUSTSEC-2021-0145",
+    # NOTE: paste which is unmaintained, but
+    # is a dependency of tykv-jemalloc-sys
+    "RUSTSEC-2024-0436",
+    # NOTE: serde_yaml will have to be replaced with
+    # `serde_yml` which is not a drop-in replacement
+    "RUSTSEC-2024-0320",
 ]
 
-
 [bans]
 deny = [
     # NOTE: `boring`, `ring` or `rustls` crates should be used instead
@@ -24,8 +23,33 @@ unknown-git = "allow"
 allow-git = []
 
 [licenses]
-unlicensed = "allow"
-allow-osi-fsf-free = "either"
-copyleft = "deny"
-allow = ["MPL-2.0"]
+private.ignore = true
+unused-allowed-license = "allow"
+# List of explicitly allowed licenses
+# These are explicitly allowed by Cloudflare.
+allow = [
+    "Zlib",
+    "MIT",
+    "0BSD",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "MPL-1.0",
+    "MPL-1.1",
+    "MPL-2.0",
+
+    "GPL-2.0",
+    "GPL-3.0",
+    "LGPL-3.0",
+    "ISC",
+    "CC0-1.0",
+    "Unicode-DFS-2016",
+    "Unicode-3.0",
+    "OpenSSL",
+
+    # for use with internal unpublished code only
+    # (ie crates pulled via git refs)
+    "LicenseRef-Cloudflare-Proprietary",
+]
 confidence-threshold = 0.9

foundations/build.rs

@@ -24,7 +24,7 @@ fn ensure_seccomp_sources_fetched() {
 #[cfg(feature = "security")]
 mod security {
     use super::*;
-    use bindgen::{Builder, CargoCallbacks};
+    use bindgen::Builder;
     use std::fs;
     use std::path::Path;
 
@@ -175,7 +175,7 @@ mod security {
             .allowlist_var("PR_GET_SECCOMP")
             .allowlist_var("PR_SET_NAME")
             .derive_default(true)
-            .parse_callbacks(Box::new(CargoCallbacks))
+            .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
             .generate()
             .unwrap()
             .write_to_file(out_dir.join("security_sys.rs"))

foundations/src/settings/mod.rs

@@ -443,6 +443,7 @@ pub fn to_yaml_string(settings: &impl Settings) -> BootstrapResult<String> {
         // spaces divided by 2.
         key_stack.truncate(spaces / 2);
 
+
         if let Some(colon_idx) = line.find(':') {
             let mut field_name = line[spaces..colon_idx].trim().to_string();
             let is_list_item = field_name.starts_with(LIST_ITEM_PREFIX);

foundations/tests/data/settings_complex.yaml

@@ -23,4 +23,4 @@ tls:
   # mTLS
   mtls:
     # Specifies whether mTLS should be enabled for the endpoint.
-    enabled: false
+    enabled: false

foundations/tests/data/with_option_none.yaml

@@ -1,3 +1,3 @@
 ---
 # Optional field
-optional: ~
+optional: ~

foundations/tests/data/with_vec.yaml

@@ -12,4 +12,4 @@ items:
     # multi-line
     # doc comment
     b: 11
-    c: 0
+    c: 0

foundations/tests/settings.rs

@@ -155,7 +155,7 @@ struct StructWithCrateReexport {
 macro_rules! assert_ser_eq {
     ($obj:expr, $expected:expr) => {
         let actual = to_yaml_string(&$obj).unwrap().trim().to_string();
-        let expected = include_str!($expected);
+        let expected = include_str!($expected).trim();
 
         assert_eq!(
             actual, expected,