diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 000000000..c5dde87a4 --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,6 @@ +[advisories] +# See https://github.com/cloudflare/wrangler/issues/2117 +ignore = [ + "RUSTSEC-2020-0159", # Potential segfault in `localtime_r` invocations + "RUSTSEC-2020-0071", # Potential segfault in the time crate +] diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index d211cf462..4135c61e2 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -6,6 +6,7 @@ on: paths: - "**/Cargo.toml" - "**/Cargo.lock" + - ".cargo/audit.toml" - "**/package-lock.json" - "**/npm-shrinkwrap.json" schedule: diff --git a/Cargo.lock b/Cargo.lock index 9a7f474a4..aa921ef51 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2795,9 +2795,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.13.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "588b2d10a336da58d877567cd8fb8a14b463e2104910f8132cd054b4b96e29ee" +checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" dependencies = [ "autocfg", "bytes 1.1.0", @@ -2814,9 +2814,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.5.1" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "114383b041aa6212c579467afa0075fbbdd0718de036100bc0ba7961d8cb9095" +checksum = "c9efc1aba077437943f7515666aa2b882dfabfbfdf89c819ea75a8d6e9eaba5e" dependencies = [ "proc-macro2", "quote", @@ -2993,7 +2993,7 @@ version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f559b464de2e2bdabcac6a210d12e9b5a5973c251e102c44c585c71d51bd78e" dependencies = [ - "cfg-if 1.0.0", + "cfg-if 0.1.10", "rand 0.8.4", "static_assertions", ] diff --git a/npm/binary-install.js b/npm/binary-install.js index cb84e0aab..d29314377 100644 --- a/npm/binary-install.js +++ b/npm/binary-install.js @@ -92,7 +92,21 @@ class Binary { return axios({ url: this.url, responseType: "stream" }) .then(res => { - res.data.pipe(tar.x({ strip: 1, C: this.binaryDirectory })); + const writer = tar.x({ strip: 1, C: this.binaryDirectory }); + + return new Promise((resolve, reject) => { + res.data.pipe(writer); + let error = null; + writer.on('error', err => { + error = err; + reject(err); + }); + writer.on('close', () => { + if (!error) { + resolve(true); + } + }); + }) }) .then(() => { console.log( diff --git a/npm/package.json b/npm/package.json index f13346c8a..06b6c94a9 100644 --- a/npm/package.json +++ b/npm/package.json @@ -7,7 +7,8 @@ "postinstall": "node ./install-wrangler.js" }, "bin": { - "wrangler": "./run-wrangler.js" + "wrangler": "./run-wrangler.js", + "wrangler1": "./run-wrangler.js" }, "repository": { "type": "git", diff --git a/src/main.rs b/src/main.rs index 493126577..70f8cb14c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -22,7 +22,6 @@ fn main() -> Result<()> { } env_logger::init(); - let latest_version_receiver = background_check_for_updates(); if let Ok(me) = env::current_exe() { // If we're actually running as the installer then execute our // self-installation, otherwise just continue as usual. @@ -36,7 +35,7 @@ fn main() -> Result<()> { } } run()?; - if let Ok(latest_version) = latest_version_receiver.try_recv() { + if let Ok(latest_version) = background_check_for_updates().try_recv() { let latest_version = styles::highlight(latest_version.to_string()); let new_version_available = format!( "A new version of Wrangler ({}) is available!",