chore(deps): Clean up cargo deny exemptions (#4168)

sfleen · web-flow · commit 50ba196d6a45 · 2025-09-22T17:04:44.000Z
* chore(deps): Clean up cargo deny exemptions

The `linkerd-trace-context` package unecessarily used a few outdated dependencies that were keeping some other dependencies locked to old versions.

This updates the following dependencies in `linkerd-trace-context` that were already updated in other packages (or unused in general):
- `rand` 0.8 -&gt; 0.9
- `thiserror` 1 -&gt; 2
- `base64` 0.13 -&gt; 0.22

The associated `deny.toml` entries have also been removed outright or updated to a narrower exemption.

Signed-off-by: Scott Fleener &lt;scott@buoyant.io&gt;

* fix(clippy): Fix clippy deprecation warnings

Signed-off-by: Scott Fleener &lt;scott@buoyant.io&gt;

---------

Signed-off-by: Scott Fleener &lt;scott@buoyant.io&gt;
diff --git a/Cargo.lock b/Cargo.lock
@@ -257,12 +257,6 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
 [[package]]
 name = "base64"
 version = "0.22.1"
@@ -1073,9 +1067,9 @@ dependencies = [
 
 [[package]]
 name = "hyper-util"
-version = "0.1.17"
+version = "0.1.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8"
+checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e"
 dependencies = [
  "bytes",
  "futures-channel",
@@ -1371,7 +1365,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
 dependencies = [
  "cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets 0.48.5",
 ]
 
 [[package]]
@@ -2623,15 +2617,15 @@ dependencies = [
 name = "linkerd-trace-context"
 version = "0.1.0"
 dependencies = [
- "base64 0.13.1",
+ "base64",
  "bytes",
  "futures",
  "hex",
  "http",
  "linkerd-error",
  "linkerd-stack",
- "rand 0.8.5",
- "thiserror 1.0.69",
+ "rand 0.9.2",
+ "thiserror 2.0.16",
  "tower",
  "tracing",
 ]
@@ -2996,7 +2990,7 @@ version = "0.30.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2e046fd7660710fe5a05e8748e70d9058dc15c94ba914e7c4faa7c728f0e8ddc"
 dependencies = [
- "base64 0.22.1",
+ "base64",
  "hex",
  "opentelemetry",
  "opentelemetry_sdk",
@@ -3050,7 +3044,7 @@ version = "3.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
 dependencies = [
- "base64 0.22.1",
+ "base64",
  "serde",
 ]
 
@@ -3359,8 +3353,6 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
- "libc",
- "rand_chacha 0.3.1",
  "rand_core 0.6.4",
 ]
 
@@ -3370,20 +3362,10 @@ version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
- "rand_chacha 0.9.0",
+ "rand_chacha",
  "rand_core 0.9.0",
 ]
 
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.6.4",
-]
-
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
@@ -3472,9 +3454,9 @@ checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
 
 [[package]]
 name = "resolv-conf"
-version = "0.7.5"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b3789b30bd25ba102de4beabd95d21ac45b69b1be7d14522bab988c526d6799"
+checksum = "95325155c684b1c89f7765e30bc1c42e4a6da51ca513615660cb8a62ef9a88e3"
 
 [[package]]
 name = "ring"
@@ -3623,9 +3605,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "semver"
-version = "1.0.27"
+version = "1.0.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
+checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
 
 [[package]]
 name = "serde"
@@ -3659,15 +3641,14 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.145"
+version = "1.0.143"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a"
 dependencies = [
  "itoa",
  "memchr",
  "ryu",
  "serde",
- "serde_core",
 ]
 
 [[package]]
@@ -3847,9 +3828,9 @@ checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
 
 [[package]]
 name = "tempfile"
-version = "3.22.0"
+version = "3.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84fa4d11fadde498443cca10fd3ac23c951f0dc59e080e9f4b93d4df4e4eea53"
+checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e"
 dependencies = [
  "fastrand",
  "getrandom 0.3.1",
@@ -4092,7 +4073,7 @@ checksum = "7e581ba15a835f4d9ea06c55ab1bd4dce26fc53752c69a04aac00703bfb49ba9"
 dependencies = [
  "async-trait",
  "axum",
- "base64 0.22.1",
+ "base64",
  "bytes",
  "h2",
  "http",
@@ -4268,9 +4249,9 @@ checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.19"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
 
 [[package]]
 name = "untrusted"
diff --git a/deny.toml b/deny.toml
@@ -45,27 +45,16 @@ deny = [
     # aws-lc-rs should be used instead.
     { name = "ring" }
 ]
-skip = [
-    # `linkerd-trace-context`, `rustls-pemfile` and `tonic` depend on `base64`
-    # v0.13.1 while `rcgen` depends on v0.21.5
-    { name = "base64" },
-    # tonic/axum depend on a newer `tower`, which we are still catching up to.
-    # see #3744.
-    { name = "tower", version = "0.5" },
-]
+skip = []
 skip-tree = [
-    # thiserror v2 is still propagating through the ecosystem
-    { name = "thiserror", version = "1" },
     # rand v0.9 is still propagating through the ecosystem
     { name = "rand", version = "0.8" },
-    # rust v1.0 is still propagating through the ecosystem
-    { name = "rustix", version = "0.38" },
     # `pprof` uses a number of old dependencies. for now, we skip its subtree.
     { name = "pprof" },
-    # aws-lc-rs uses a slightly outdated version of bindgen
-    { name = "bindgen", version = "0.69.5" },
     # socket v0.6 is still propagating through the ecosystem
     { name = "socket2", version = "0.5" },
+    # zerocopy v0.8 is still propagating through the ecosystem
+    { name = "zerocopy", version = "0.7" },
 ]
 
 [sources]
diff --git a/linkerd/trace-context/Cargo.toml b/linkerd/trace-context/Cargo.toml
@@ -7,14 +7,14 @@ edition = { workspace = true }
 publish = { workspace = true }
 
 [dependencies]
-base64 = "0.13"
+base64 = "0.22"
 bytes = { workspace = true }
 futures = { version = "0.3", default-features = false }
 hex = "0.4"
 http = { workspace = true }
 linkerd-error = { path = "../error" }
 linkerd-stack = { path = "../stack" }
-rand = "0.8"
-thiserror = "1"
+rand = "0.9"
+thiserror = "2"
 tower = { workspace = true, default-features = false, features = ["util"] }
 tracing = { workspace = true }
diff --git a/linkerd/trace-context/src/propagation/b3.rs b/linkerd/trace-context/src/propagation/b3.rs
@@ -1,9 +1,9 @@
 use crate::propagation::try_split_to;
 use crate::{Flags, Id};
+use base64::Engine;
 use bytes::Bytes;
 use http::header::{HeaderName, HeaderValue};
 use linkerd_error::Error;
-use rand::thread_rng;
 
 use tracing::{debug, trace};
 
@@ -22,7 +22,7 @@ const GRPC_TRACE_FIELD_TRACE_OPTIONS: u8 = 2;
 // the `vec![]` macro, despite clippy's suggestions otherwise...
 #[allow(clippy::vec_init_then_push)]
 pub fn increment_grpc_span_id<B>(request: &mut http::Request<B>, context: &TraceContext) -> Id {
-    let span_id = Id::new_span_id(&mut thread_rng());
+    let span_id = Id::new_span_id(&mut rand::rng());
 
     trace!(%span_id, "Incremented span id");
 
@@ -43,7 +43,7 @@ pub fn increment_grpc_span_id<B>(request: &mut http::Request<B>, context: &Trace
     bytes.push(GRPC_TRACE_FIELD_TRACE_OPTIONS);
     bytes.push(context.flags.0);
 
-    let bytes_b64 = base64::encode(&bytes);
+    let bytes_b64 = base64::engine::general_purpose::STANDARD.encode(&bytes);
 
     if let Ok(hv) = HeaderValue::from_str(&bytes_b64) {
         request.headers_mut().insert(&GRPC_TRACE_HEADER, hv);
@@ -54,7 +54,7 @@ pub fn increment_grpc_span_id<B>(request: &mut http::Request<B>, context: &Trace
 }
 
 pub fn increment_http_span_id<B>(request: &mut http::Request<B>) -> Id {
-    let span_id = Id::new_span_id(&mut thread_rng());
+    let span_id = Id::new_span_id(&mut rand::rng());
 
     trace!(%span_id, "Incremented span id");
 
@@ -71,7 +71,7 @@ pub fn increment_http_span_id<B>(request: &mut http::Request<B>) -> Id {
 pub fn unpack_grpc_trace_context<B>(request: &http::Request<B>) -> Option<TraceContext> {
     get_header_str(request, &GRPC_TRACE_HEADER)
         .and_then(|header_str| {
-            base64::decode(header_str)
+            base64::engine::general_purpose::STANDARD.decode(header_str)
                 .map_err(|error| debug!(header = %GRPC_TRACE_HEADER, header_value = %header_str, %error, "Failed to unpack trace context due to invalid base64 encoding"))
                 .ok()
         })
diff --git a/linkerd/trace-context/src/propagation/w3c.rs b/linkerd/trace-context/src/propagation/w3c.rs
@@ -15,7 +15,7 @@ pub fn unpack_w3c_trace_context<B>(request: &http::Request<B>) -> Option<TraceCo
 /// assign it to the tracecontext header value, in order to propagate
 /// the trace context downstream.
 pub fn increment_http_span_id<B>(request: &mut http::Request<B>, context: &TraceContext) -> Id {
-    let span_id = Id::new_span_id(&mut rand::thread_rng());
+    let span_id = Id::new_span_id(&mut rand::rng());
 
     trace!(%span_id, "Incremented span id");
 
