From cd4685c171c3daf1ee10d9591346cb659ee8c421 Mon Sep 17 00:00:00 2001
From: Patrick Roy <roypat@amazon.co.uk>
Date: Wed, 12 Mar 2025 11:25:33 +0000
Subject: [PATCH 1/3] Revert "fix: test_sec_audit: ignore cargo audit output"

This reverts commit d761b013db1caeec046b187927133b7fdac1375d. The output
to stdout was fixed in cargo audit 0.21.2, so if we rebuild the docker
container the grep is no longer necessary.

In fact, the grep has broken this test in our nightly pipeline because
it overwrites the return code of cargo audit itself, meaning the non-PR
version of this test (which is supposed to fail if there exist any cargo
audit warnings) was never failing.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
---
 tests/integration_tests/security/test_sec_audit.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration_tests/security/test_sec_audit.py b/tests/integration_tests/security/test_sec_audit.py
index 1ad625cc7c9..e8265c3ae2a 100644
--- a/tests/integration_tests/security/test_sec_audit.py
+++ b/tests/integration_tests/security/test_sec_audit.py
@@ -35,6 +35,6 @@ def set_of_vulnerabilities(output: CommandReturn):
         )
 
     git_ab_test_host_command_if_pr(
-        "cargo audit --deny warnings -q --json |grep -Po '{.*}'",
+        "cargo audit --deny warnings -q --json",
         comparator=set_did_not_grow_comparator(set_of_vulnerabilities),
     )

From 008a5507f3ca437e9ca01f41e2293563a93b999f Mon Sep 17 00:00:00 2001
From: Patrick Roy <roypat@amazon.co.uk>
Date: Wed, 12 Mar 2025 12:03:19 +0000
Subject: [PATCH 2/3] devctr: pin cargo-deny to 0.17.0

The newest 0.18.0 release requires at least rust 1.85.0 to compile.
Needs to be unpinned later after toolchain upgrade.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
---
 tools/devctr/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/devctr/Dockerfile b/tools/devctr/Dockerfile
index a9f6710a8a7..f855033fc4d 100644
--- a/tools/devctr/Dockerfile
+++ b/tools/devctr/Dockerfile
@@ -113,7 +113,8 @@ RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-too
     && rustup target add x86_64-unknown-linux-musl \
     && rustup target add aarch64-unknown-linux-musl \
     && rustup component add llvm-tools-preview clippy rustfmt \
-    && cargo install --locked cargo-audit cargo-deny grcov cargo-sort cargo-afl \
+    && cargo install --locked cargo-audit grcov cargo-sort cargo-afl \
+    && cargo install --locked cargo-deny --version 0.17.0 \
     && cargo install --locked kani-verifier && cargo kani setup \
     \
     && NIGHTLY_TOOLCHAIN=$(rustup toolchain list | grep nightly | tr -d '\n') \

From 2309677d85df77574e0337048f02d64f2e1615a8 Mon Sep 17 00:00:00 2001
From: Patrick Roy <roypat@amazon.co.uk>
Date: Wed, 12 Mar 2025 13:38:01 +0000
Subject: [PATCH 3/3] chore: bump devctr version

v78 contains updated cargo-audit

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
---
 tools/devtool | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/devtool b/tools/devtool
index 35794256138..9011510d7e6 100755
--- a/tools/devtool
+++ b/tools/devtool
@@ -68,7 +68,7 @@
 DEVCTR_IMAGE_NO_TAG="public.ecr.aws/firecracker/fcuvm"
 
 # Development container tag
-DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v77}
+DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v78}
 
 # Development container image (name:tag)
 # This should be updated whenever we upgrade the development container.