tacd: downgrade async-tungstenite as it requires rust >=1.70

hnez · hnez · commit 24d5f2fc6949 · 2023-11-06T09:19:42.000+01:00
… and we still need 1.68 for mickeldore compatibility.

This means we have to live with another advisory in our deny list:

  The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
  a denial of service (minutes of CPU consumption) via an excessive length of an
  HTTP header in a client handshake. The length affects both how many times a parse
  is attempted (e.g., thousands of times) and the average amount of data for each
  parse attempt (e.g., millions of bytes).

Signed-off-by: Leonard Göhrs &lt;l.goehrs@pengutronix.de&gt;
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,7 +16,7 @@ anyhow = "1.0"
 async-sse = "5.1"
 async-std = { version = "1.12", features = ["attributes"] }
 async-trait = "0.1"
-async-tungstenite = "0.23"
+async-tungstenite = "0.22"
 base64 = "0.21"
 chrono = "0.4"
 embedded-graphics = "0.7"
diff --git a/deny.toml b/deny.toml
@@ -16,6 +16,7 @@ ignore = [
    "RUSTSEC-2021-0059",
    "RUSTSEC-2021-0060",
    "RUSTSEC-2021-0064",
+   "RUSTSEC-2023-0065",
 ]
 
 [bans]

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ ignore = [`
`16`	`16`	`"RUSTSEC-2021-0059",`
`17`	`17`	`"RUSTSEC-2021-0060",`
`18`	`18`	`"RUSTSEC-2021-0064",`
	`19`	`+ "RUSTSEC-2023-0065",`
`19`	`20`	`]`
`20`	`21`
`21`	`22`	`[bans]`