From 863479c0bbc37ca12e29307f0a363812cd52f591 Mon Sep 17 00:00:00 2001
From: boxdot <d@zerovolt.org>
Date: Tue, 7 Nov 2023 17:47:28 +0100
Subject: [PATCH 1/5] fix: RUSTSEC-2023-0065 (part 2)

Fix security issue by upgrading tungstenite v0.19.0 -> v0.20.1.

Also specify MSRV in libsignal-service-hyper as 1.70.
---
 libsignal-service-actix/Cargo.toml | 1 +
 libsignal-service-hyper/Cargo.toml | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/libsignal-service-actix/Cargo.toml b/libsignal-service-actix/Cargo.toml
index 7d8124c69..8f14d13fa 100644
--- a/libsignal-service-actix/Cargo.toml
+++ b/libsignal-service-actix/Cargo.toml
@@ -4,6 +4,7 @@ version = "0.1.0"
 authors = ["Ruben De Smet <ruben.de.smet@rubdos.be>"]
 edition = "2018"
 license = "AGPL-3.0"
+rust-version = "1.70.0"
 
 [dependencies]
 # Contrary to hyper, actix does not have Send compatible futures, which means
diff --git a/libsignal-service-hyper/Cargo.toml b/libsignal-service-hyper/Cargo.toml
index d54decbb2..26ebd27d1 100644
--- a/libsignal-service-hyper/Cargo.toml
+++ b/libsignal-service-hyper/Cargo.toml
@@ -20,15 +20,15 @@ thiserror = "1.0"
 url = "2.1"
 
 hyper = { version = "0.14", features = ["client", "stream"] }
-hyper-rustls = "0.23"
+hyper-rustls = "0.24"
 hyper-timeout = "0.4"
 headers = "0.3"
 
 # for websocket support
-async-tungstenite = { version = "0.21", features = ["tokio-rustls-native-certs"] }
+async-tungstenite = { version = "0.23", features = ["tokio-rustls-native-certs"] }
 
 tokio = { version = "1.0", features = ["macros"] }
-tokio-rustls = "0.23"
+tokio-rustls = "0.24"
 
 rustls-pemfile = "0.3"
 

From 919e96c656174195c60a01b6436cd78b6e9cd08d Mon Sep 17 00:00:00 2001
From: boxdot <d@zerovolt.org>
Date: Tue, 7 Nov 2023 17:51:45 +0100
Subject: [PATCH 2/5] remove unused dependencies from service-hyper

---
 libsignal-service-hyper/Cargo.toml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/libsignal-service-hyper/Cargo.toml b/libsignal-service-hyper/Cargo.toml
index 26ebd27d1..af66720bc 100644
--- a/libsignal-service-hyper/Cargo.toml
+++ b/libsignal-service-hyper/Cargo.toml
@@ -9,7 +9,6 @@ license = "AGPL-3.0"
 libsignal-service = { path = "../libsignal-service" }
 
 async-trait = "0.1"
-base64 = "0.13"
 bytes = "1.0"
 futures = "0.3"
 log = "0.4"
@@ -33,12 +32,7 @@ tokio-rustls = "0.24"
 rustls-pemfile = "0.3"
 
 [dev-dependencies]
-env_logger = "0.9"
-image = { version = "0.23", default-features = false, features = ["png"] }
-opener = "0.5"
-qrcode = "0.12"
 rand = "0.8"
-structopt = "0.3"
 tokio = { version = "1.0", features = ["rt-multi-thread"] }
 
 [features]

From 1e0a4c09cfa20b07d3672969c6f4c4ced2b1f281 Mon Sep 17 00:00:00 2001
From: boxdot <d@zerovolt.org>
Date: Tue, 7 Nov 2023 17:52:36 +0100
Subject: [PATCH 3/5] remove unused dependencies from service-actix

---
 libsignal-service-actix/Cargo.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libsignal-service-actix/Cargo.toml b/libsignal-service-actix/Cargo.toml
index 8f14d13fa..ca6fd46ac 100644
--- a/libsignal-service-actix/Cargo.toml
+++ b/libsignal-service-actix/Cargo.toml
@@ -13,7 +13,6 @@ libsignal-service = { path = "../libsignal-service", features = ["unsend-futures
 
 awc = { version = "3.0.0-beta.19", features = ["rustls"] }
 actix = "0.13"
-actix-http = "3.0.0-beta.19"
 actix-rt = "2.4"
 # mpart-async 0.6 requires Rust 2021, violating MSRV = 1.52
 mpart-async = "0.5"

From 1c80a04336d9bf85df806b6b8dd956850e0198c2 Mon Sep 17 00:00:00 2001
From: boxdot <d@zerovolt.org>
Date: Tue, 7 Nov 2023 18:42:17 +0100
Subject: [PATCH 4/5] add msrv to the hyper crate

---
 libsignal-service-hyper/Cargo.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libsignal-service-hyper/Cargo.toml b/libsignal-service-hyper/Cargo.toml
index af66720bc..a62147b57 100644
--- a/libsignal-service-hyper/Cargo.toml
+++ b/libsignal-service-hyper/Cargo.toml
@@ -4,6 +4,7 @@ version = "0.1.0"
 authors = ["Gabriel Féron <g@leirbag.net>"]
 edition = "2018"
 license = "AGPL-3.0"
+rust-version = "1.70.0"
 
 [dependencies]
 libsignal-service = { path = "../libsignal-service" }

From 79fb5782e99cc48246ed9e1612afeb6c57328056 Mon Sep 17 00:00:00 2001
From: boxdot <d@zerovolt.org>
Date: Tue, 14 Nov 2023 17:36:27 +0100
Subject: [PATCH 5/5] change msrv in ci

---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 383eb2fce..a0c8437bb 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -48,7 +48,7 @@ jobs:
             coverage: false
         include:
           - project: "libsignal-service-actix"
-            toolchain: "1.61"
+            toolchain: "1.70"
             coverage: false
     steps:
       - uses: actions/checkout@v3