Auto merge of rust-lang#112217 - arlosi:update-vuln-deps, r=Mark-Simulacrum

Update dependencies with reported vulnerabilities

Vulnerable dependencies:
* bumpalo 3.12.1 (yanked)
  * updated to 3.13.0
* tokio 1.8.4 - https://rustsec.org/advisories/RUSTSEC-2023-0001
  * updated to 1.28.2
* remove_dir_all 0.5.3 - https://rustsec.org/advisories/RUSTSEC-2023-0018
  * removed by using the standard library function in `rust-installer` instead and updating to `[email protected]` (which also removes the dependency).

The new dependencies come from `[email protected]` which adds the dependency on `rustix`

Author: bors

Cargo.lock

@@ -316,9 +316,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.12.1"
+version = "3.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
 
 [[package]]
 name = "bytecount"
@@ -1209,7 +1209,7 @@ checksum = "8a3de6e8d11b22ff9edc6d916f890800597d60f8b2da1caf2955c274638d6412"
 dependencies = [
  "cfg-if",
  "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
  "windows-sys 0.45.0",
 ]
 
@@ -1751,7 +1751,6 @@ dependencies = [
  "flate2",
  "num_cpus",
  "rayon",
- "remove_dir_all",
  "tar",
  "walkdir",
  "xz2",
@@ -2435,7 +2434,7 @@ dependencies = [
  "cfg-if",
  "instant",
  "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
  "smallvec",
  "winapi",
 ]
@@ -2448,7 +2447,7 @@ checksum = "4dc9e0dc2adc1c69d09143aff38d3d30c5c3f0df0dad82e6d25547af174ebec0"
 dependencies = [
  "cfg-if",
  "libc",
- "redox_syscall",
+ "redox_syscall 0.2.10",
  "smallvec",
  "windows-sys 0.42.0",
 ]
@@ -2791,14 +2790,23 @@ dependencies = [
  "bitflags",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "redox_users"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64"
 dependencies = [
  "getrandom",
- "redox_syscall",
+ "redox_syscall 0.2.10",
 ]
 
 [[package]]
@@ -2850,15 +2858,6 @@ version = "0.1.0"
 name = "remote-test-server"
 version = "0.1.0"
 
-[[package]]
-name = "remove_dir_all"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-dependencies = [
- "winapi",
-]
-
 [[package]]
 name = "replace-version-placeholder"
 version = "0.1.0"
@@ -4778,16 +4777,15 @@ dependencies = [
 
 [[package]]
 name = "tempfile"
-version = "3.3.0"
+version = "3.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4"
+checksum = "b9fbec84f381d5795b08656e4912bec604d162bff9291d6189a78f4c8ab87998"
 dependencies = [
  "cfg-if",
  "fastrand",
- "libc",
- "redox_syscall",
- "remove_dir_all",
- "winapi",
+ "redox_syscall 0.3.5",
+ "rustix",
+ "windows-sys 0.45.0",
 ]
 
 [[package]]
@@ -4973,14 +4971,14 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
 
 [[package]]
 name = "tokio"
-version = "1.8.4"
+version = "1.28.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50dae83881bc9b0403dd5b44ea9deed3e939856cc8722d5be37f0d6e5c6d53dd"
+checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
 dependencies = [
  "autocfg",
  "bytes",
- "memchr",
  "pin-project-lite",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]

compiler/rustc_data_structures/src/temp_dir.rs

@@ -16,7 +16,7 @@ impl Drop for MaybeTempDir {
         // occur.
         let dir = unsafe { ManuallyDrop::take(&mut self.dir) };
         if self.keep {
-            dir.into_path();
+            let _ = dir.into_path();
         }
     }
 }

src/tools/rust-installer/Cargo.toml

@@ -17,7 +17,6 @@ tar = "0.4.38"
 walkdir = "2"
 xz2 = "0.1.4"
 num_cpus = "1"
-remove_dir_all = "0.5"
 
 [dependencies.clap]
 features = ["derive"]

src/tools/rust-installer/src/util.rs

@@ -82,7 +82,7 @@ pub fn open_file<P: AsRef<Path>>(path: P) -> Result<fs::File> {
 
 /// Wraps `remove_dir_all` with a nicer error message.
 pub fn remove_dir_all<P: AsRef<Path>>(path: P) -> Result<()> {
-    remove_dir_all::remove_dir_all(path.as_ref())
+    fs::remove_dir_all(path.as_ref())
         .with_context(|| format!("failed to remove dir '{}'", path.as_ref().display()))?;
     Ok(())
 }

src/tools/tidy/src/deps.rs

@@ -167,12 +167,14 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[
     "instant",
     "intl-memoizer",
     "intl_pluralrules",
+    "io-lifetimes",
     "itertools",
     "itoa",
     "jobserver",
     "lazy_static",
     "libc",
     "libloading",
+    "linux-raw-sys",
     "litemap",
     "lock_api",
     "log",
@@ -210,12 +212,12 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[
     "regex",
     "regex-automata",
     "regex-syntax",
-    "remove_dir_all",
     "rustc-demangle",
     "rustc-hash",
     "rustc-rayon",
     "rustc-rayon-core",
     "rustc_version",
+    "rustix",
     "ruzstd", // via object in thorin-dwp
     "ryu",
     "scoped-tls",
@@ -279,6 +281,7 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[
     "winapi-util",
     "winapi-x86_64-pc-windows-gnu",
     "windows",
+    "windows-sys",
     "windows-targets",
     "windows_aarch64_gnullvm",
     "windows_aarch64_msvc",