chore(deps): bump remove_dir_all from 0.7.0 to 1.0.0

[dependabot]

Bumps remove_dir_all from 0.7.0 to 1.0.0.

Changelog

Sourced from remove_dir_all's changelog.

0.8.1

Other changes

• Fix use of fcntl, missing undocumented extra argument.

0.8.0

Security changes

• Fix TOCTOU race conditions both inside the implementation of functions and the contract: functions now only operate on directories. Callers wanting to process the contents of a symlink (e.g. for remove_dir_contents) should resolve the symlink themselves. This is an API break from 0.7.0, but the previous behaviour was insecure.

  This is due to the same code pattern as caused CVE-2022-21658 in Rust itself: it was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems.

  For instance, consider deleting a tree called 'etc' in a parent directory called 'p'. Between calling remove_dir_all("a") and remove_dir_all("a") actually starting its work, the attacker can move 'p' to 'p-prime', and replace 'p' with a symlink to '/'. Then the privileged process deletes 'p/etc' which is actually /etc, and now your system is broken. There are some mitigations for this exact scenario, such as CWD relative file lookup, but they are not guaranteed - any code using absolute paths will not have that protection in place.

  The same attack could be performed at any point in the directory tree being deleted: if 'a' contains a child directory called 'etc', attacking the deletion by replacing 'a' with a link is possible.

  The new code in this release mitigates the attack within the directory tree being deleted by using file-handle relative operations: to open 'a/etc', the path 'etc' relative to 'a' is opened, where 'a' is represented by a file descriptor (Unix) or handle (Windows). With the exception of the entry points into the directory deletion logic, this is robust against manipulation of the directory hierarchy, and remove_dir_all will only delete files and directories contained in the tree it is deleting.

  The entry path however is a challenge - as described above, there are some potential mitigations, but since using them must be done by the calling code, it is hard to be confident about the security properties of the path based interface.

  The new extension trait RemoveDir provides an interface where it is much harder to get it wrong.

  somedir.remove_dir_contents("name-of-child").

... (truncated)

Commits

• fdbc6dd Release 1.0.0 (#81)
• c18afff Merge pull request #80 from rbtcollins/rbt/darwin-performance
• 92a0f1a Macos: disable parallel deletion by default
• c4651ca Shift parallel feature from a flag only to an optional runtime behaviour
• e750921 Fix publish-action version tag (#79)
• b367e95 update publish-action (#78)
• bfecb91 Release v0.8.4 (#77)
• d555788 Merge pull request #76 from ChrisDenton/emlink
• 5ee668c Free/NetBSD use EMLINK/EFTYPE instead of ELOOP
• 4306a5f Update windows-sys requirement from 0.52.0 to 0.59.0 (#73)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)