Fix RUSTSEC-2018-0017 (#5338)

Mikayla Maki created 

[[PR Description]]

This replaces the `tempdir` crate with `tempfile`, which resolves
[RUSTSEC-2018-0017](https://rustsec.org/advisories/RUSTSEC-2018-0017).

Change summary

Cargo.lock                                        | 126 ++++------------
Cargo.toml                                        |   2 
crates/auto_update/Cargo.toml                     |   2 
crates/auto_update/src/auto_update.rs             |   4 
crates/db/Cargo.toml                              |   2 
crates/db/src/db.rs                               |  16 +
crates/fsevent/Cargo.toml                         |   2 
crates/fsevent/src/fsevent.rs                     |  21 ++
crates/project/Cargo.toml                         |   2 
crates/rpc/Cargo.toml                             |   2 
crates/semantic_index/Cargo.toml                  |   2 
crates/semantic_index/src/semantic_index_tests.rs |   5 
crates/util/Cargo.toml                            |   6 
crates/util/src/test.rs                           |   4 
crates/zed/Cargo.toml                             |   2 
15 files changed, 79 insertions(+), 119 deletions(-)

Detailed changes

Cargo.lock 🔗 

@@ -692,7 +692,7 @@ dependencies = [
  "serde_json",
  "settings",
  "smol",
- "tempdir",
+ "tempfile",
  "theme",
  "util",
  "workspace",
@@ -2060,7 +2060,7 @@ dependencies = [
  "smol",
  "sqlez",
  "sqlez_macros",
- "tempdir",
+ "tempfile",
  "util",
 ]
 
@@ -2412,23 +2412,12 @@ dependencies = [
 
 [[package]]
 name = "errno"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd"
-dependencies = [
- "errno-dragonfly",
- "libc",
- "windows-sys 0.48.0",
-]
-
-[[package]]
-name = "errno-dragonfly"
-version = "0.1.2"
+version = "0.3.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
 dependencies = [
- "cc",
  "libc",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -2757,7 +2746,7 @@ dependencies = [
  "bitflags 1.3.2",
  "fsevent-sys",
  "parking_lot 0.11.2",
- "tempdir",
+ "tempfile",
 ]
 
 [[package]]
@@ -2769,12 +2758,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "fuchsia-cprng"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba"
-
 [[package]]
 name = "fuchsia-zircon"
 version = "0.3.3"
@@ -3863,9 +3846,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.148"
+version = "0.2.152"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b"
+checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7"
 
 [[package]]
 name = "libgit2-sys"
@@ -5564,7 +5547,7 @@ dependencies = [
  "similar",
  "smol",
  "sum_tree",
- "tempdir",
+ "tempfile",
  "terminal",
  "text",
  "thiserror",
@@ -5801,19 +5784,6 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
 
-[[package]]
-name = "rand"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
-dependencies = [
- "fuchsia-cprng",
- "libc",
- "rand_core 0.3.1",
- "rdrand",
- "winapi 0.3.9",
-]
-
 [[package]]
 name = "rand"
 version = "0.7.3"
@@ -5858,21 +5828,6 @@ dependencies = [
  "rand_core 0.6.4",
 ]
 
-[[package]]
-name = "rand_core"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b"
-dependencies = [
- "rand_core 0.4.2",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc"
-
 [[package]]
 name = "rand_core"
 version = "0.5.1"
@@ -5938,15 +5893,6 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "be9e29cb19c8fe84169fcb07f8f11e66bc9e6e0280efd4715c54818296f8a4a8"
 
-[[package]]
-name = "rdrand"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2"
-dependencies = [
- "rand_core 0.3.1",
-]
-
 [[package]]
 name = "recent_projects"
 version = "0.1.0"
@@ -5986,6 +5932,15 @@ dependencies = [
  "bitflags 1.3.2",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+dependencies = [
+ "bitflags 1.3.2",
+]
+
 [[package]]
 name = "redox_users"
 version = "0.4.3"
@@ -6051,15 +6006,6 @@ version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da"
 
-[[package]]
-name = "remove_dir_all"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-dependencies = [
- "winapi 0.3.9",
-]
-
 [[package]]
 name = "rend"
 version = "0.4.0"
@@ -6272,7 +6218,7 @@ dependencies = [
  "smol",
  "smol-timeout",
  "strum",
- "tempdir",
+ "tempfile",
  "tracing",
  "util",
  "zstd",
@@ -6422,15 +6368,15 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.21"
+version = "0.38.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3"
+checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca"
 dependencies = [
  "bitflags 2.4.1",
  "errno",
  "libc",
  "linux-raw-sys 0.4.12",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -6797,7 +6743,7 @@ dependencies = [
  "settings",
  "sha1",
  "smol",
- "tempdir",
+ "tempfile",
  "tiktoken-rs",
  "tree-sitter",
  "tree-sitter-cpp",
@@ -7797,27 +7743,17 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
 
-[[package]]
-name = "tempdir"
-version = "0.3.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8"
-dependencies = [
- "rand 0.4.6",
- "remove_dir_all",
-]
-
 [[package]]
 name = "tempfile"
-version = "3.8.0"
+version = "3.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef"
+checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa"
 dependencies = [
  "cfg-if 1.0.0",
  "fastrand 2.0.0",
- "redox_syscall 0.3.5",
- "rustix 0.38.21",
- "windows-sys 0.48.0",
+ "redox_syscall 0.4.1",
+ "rustix 0.38.30",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -8973,7 +8909,7 @@ dependencies = [
  "serde_json",
  "smol",
  "take-until",
- "tempdir",
+ "tempfile",
  "url",
 ]
 
@@ -9300,7 +9236,7 @@ dependencies = [
  "either",
  "home",
  "once_cell",
- "rustix 0.38.21",
+ "rustix 0.38.30",
 ]
 
 [[package]]
@@ -9786,7 +9722,7 @@ dependencies = [
  "smallvec",
  "smol",
  "sum_tree",
- "tempdir",
+ "tempfile",
  "terminal_view",
  "text",
  "theme",

Cargo.toml 🔗 

@@ -121,7 +121,7 @@ smallvec = { version = "1.6", features = ["union"] }
 smol = { version = "1.2" }
 strum = { version = "0.25.0", features = ["derive"] }
 sysinfo = "0.29.10"
-tempdir = { version = "0.3.7" }
+tempfile = { version = "3.9.0" }
 thiserror = { version = "1.0.29" }
 time = { version = "0.3", features = ["serde", "serde-well-known"] }
 toml = { version = "0.5" }

crates/auto_update/Cargo.toml 🔗 

@@ -29,4 +29,4 @@ serde.workspace = true
 serde_derive.workspace = true
 serde_json.workspace = true
 smol.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true

crates/auto_update/src/auto_update.rs 🔗 

@@ -291,7 +291,9 @@ impl AutoUpdater {
             cx.notify();
         })?;
 
-        let temp_dir = tempdir::TempDir::new("zed-auto-update")?;
+        let temp_dir = tempfile::Builder::new()
+            .prefix("zed-auto-update")
+            .tempdir()?;
         let dmg_path = temp_dir.path().join("Zed.dmg");
         let mount_path = temp_dir.path().join("Zed");
         let running_app_path = ZED_APP_PATH

crates/db/Cargo.toml 🔗 

@@ -32,4 +32,4 @@ smol.workspace = true
 [dev-dependencies]
 gpui = { path = "../gpui", features = ["test-support"] }
 env_logger.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true

crates/db/src/db.rs 🔗 

@@ -196,7 +196,6 @@ mod tests {
 
     use sqlez::domain::Domain;
     use sqlez_macros::sql;
-    use tempdir::TempDir;
 
     use crate::open_db;
 
@@ -220,7 +219,10 @@ mod tests {
             }
         }
 
-        let tempdir = TempDir::new("DbTests").unwrap();
+        let tempdir = tempfile::Builder::new()
+            .prefix("DbTests")
+            .tempdir()
+            .unwrap();
         let _bad_db = open_db::<BadDB>(tempdir.path(), &util::channel::ReleaseChannel::Dev).await;
     }
 
@@ -253,7 +255,10 @@ mod tests {
             }
         }
 
-        let tempdir = TempDir::new("DbTests").unwrap();
+        let tempdir = tempfile::Builder::new()
+            .prefix("DbTests")
+            .tempdir()
+            .unwrap();
         {
             let corrupt_db =
                 open_db::<CorruptedDB>(tempdir.path(), &util::channel::ReleaseChannel::Dev).await;
@@ -297,7 +302,10 @@ mod tests {
             }
         }
 
-        let tempdir = TempDir::new("DbTests").unwrap();
+        let tempdir = tempfile::Builder::new()
+            .prefix("DbTests")
+            .tempdir()
+            .unwrap();
         {
             // Setup the bad database
             let corrupt_db =

crates/fsevent/Cargo.toml 🔗 

@@ -16,7 +16,7 @@ fsevent-sys = "3.0.2"
 parking_lot.workspace = true
 
 [dev-dependencies]
-tempdir.workspace = true
+tempfile.workspace = true
 
 [package.metadata.docs.rs]
 targets = ["x86_64-apple-darwin"]

crates/fsevent/src/fsevent.rs 🔗 

@@ -370,12 +370,14 @@ extern "C" {
 mod tests {
     use super::*;
     use std::{fs, sync::mpsc, thread, time::Duration};
-    use tempdir::TempDir;
 
     #[test]
     fn test_event_stream_simple() {
         for _ in 0..3 {
-            let dir = TempDir::new("test-event-stream").unwrap();
+            let dir = tempfile::Builder::new()
+                .prefix("test-event-stream")
+                .tempdir()
+                .unwrap();
             let path = dir.path().canonicalize().unwrap();
             for i in 0..10 {
                 fs::write(path.join(format!("existing-file-{}", i)), "").unwrap();
@@ -404,7 +406,10 @@ mod tests {
     #[test]
     fn test_event_stream_delayed_start() {
         for _ in 0..3 {
-            let dir = TempDir::new("test-event-stream").unwrap();
+            let dir = tempfile::Builder::new()
+                .prefix("test-event-stream")
+                .tempdir()
+                .unwrap();
             let path = dir.path().canonicalize().unwrap();
             for i in 0..10 {
                 fs::write(path.join(format!("existing-file-{}", i)), "").unwrap();
@@ -438,7 +443,10 @@ mod tests {
 
     #[test]
     fn test_event_stream_shutdown_by_dropping_handle() {
-        let dir = TempDir::new("test-event-stream").unwrap();
+        let dir = tempfile::Builder::new()
+            .prefix("test-event-stream")
+            .tempdir()
+            .unwrap();
         let path = dir.path().canonicalize().unwrap();
         flush_historical_events();
 
@@ -465,7 +473,10 @@ mod tests {
 
     #[test]
     fn test_event_stream_shutdown_before_run() {
-        let dir = TempDir::new("test-event-stream").unwrap();
+        let dir = tempfile::Builder::new()
+            .prefix("test-event-stream")
+            .tempdir()
+            .unwrap();
         let path = dir.path().canonicalize().unwrap();
 
         let (stream, handle) = EventStream::new(&[&path], Duration::from_millis(50));

crates/project/Cargo.toml 🔗 

@@ -83,5 +83,5 @@ prettier = { path = "../prettier", features = ["test-support"] }
 util = { path = "../util", features = ["test-support"] }
 rpc = { path = "../rpc", features = ["test-support"] }
 git2.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 unindent.workspace = true

crates/rpc/Cargo.toml 🔗 

@@ -43,6 +43,6 @@ prost-build = "0.9"
 collections = { path = "../collections", features = ["test-support"] }
 gpui = { path = "../gpui", features = ["test-support"] }
 smol.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 ctor.workspace = true
 env_logger.workspace = true

crates/semantic_index/Cargo.toml 🔗 

@@ -56,7 +56,7 @@ node_runtime = { path = "../node_runtime"}
 pretty_assertions.workspace = true
 rand.workspace = true
 unindent.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 ctor.workspace = true
 env_logger.workspace = true

crates/semantic_index/src/semantic_index_tests.rs 🔗 

@@ -63,7 +63,10 @@ async fn test_semantic_index(cx: &mut TestAppContext) {
     languages.add(rust_language);
     languages.add(toml_language);
 
-    let db_dir = tempdir::TempDir::new("vector-store").unwrap();
+    let db_dir = tempfile::Builder::new()
+        .prefix("vector-store")
+        .tempdir()
+        .unwrap();
     let db_path = db_dir.path().join("db.sqlite");
 
     let embedding_provider = Arc::new(FakeEmbeddingProvider::default());

crates/util/Cargo.toml 🔗 

@@ -11,7 +11,7 @@ path = "src/util.rs"
 doctest = true
 
 [features]
-test-support = ["tempdir", "git2"]
+test-support = ["tempfile", "git2"]
 
 [dependencies]
 anyhow.workspace = true
@@ -25,7 +25,7 @@ smol.workspace = true
 url = "2.2"
 rand.workspace = true
 rust-embed.workspace = true
-tempdir = { workspace = true, optional = true }
+tempfile = { workspace = true, optional = true }
 serde.workspace = true
 serde_json.workspace = true
 git2 = { workspace = true, optional = true }
@@ -33,5 +33,5 @@ dirs = "3.0"
 take-until = "0.2.0"
 
 [dev-dependencies]
-tempdir.workspace = true
+tempfile.workspace = true
 git2.workspace = true

crates/util/src/test.rs 🔗 

@@ -6,13 +6,13 @@ use std::{
     ffi::OsStr,
     path::{Path, PathBuf},
 };
-use tempdir::TempDir;
+use tempfile::TempDir;
 
 pub use assertions::*;
 pub use marked_text::*;
 
 pub fn temp_tree(tree: serde_json::Value) -> TempDir {
-    let dir = TempDir::new("").unwrap();
+    let dir = TempDir::new().unwrap();
     write_tree(dir.path(), tree);
     dir
 }

crates/zed/Cargo.toml 🔗 

@@ -109,7 +109,7 @@ schemars.workspace = true
 simplelog = "0.9"
 smallvec.workspace = true
 smol.workspace = true
-tempdir.workspace = true
+tempfile.workspace = true
 thiserror.workspace = true
 tiny_http = "0.8"
 toml.workspace = true