RUST-2097 / RUST-2114 Dependency security fixes

Cargo.toml

@@ -75,16 +75,16 @@ chrono = { version = "0.4.7", default-features = false, features = [
     "clock",
     "std",
 ] }
-derivative = "2.1.1"
 derive_more = "0.99.17"
+derive-where = "1.2.7"
 flate2 = { version = "1.0", optional = true }
 futures-io = "0.3.21"
 futures-core = "0.3.14"
 futures-util = { version = "0.3.14", features = ["io"] }
 futures-executor = "0.3.14"
 hex = "0.4.0"
-hickory-proto = { version = "0.24.1", optional = true }
-hickory-resolver = { version = "0.24.1", optional = true }
+hickory-proto = { version = "0.24.2", optional = true }
+hickory-resolver = { version = "0.24.2", optional = true }
 hmac = "0.12.1"
 once_cell = "1.19.0"
 log = { version = "0.4.17", optional = true }

src/change_stream.rs

@@ -14,7 +14,7 @@ use std::{
 #[cfg(test)]
 use bson::RawDocumentBuf;
 use bson::{Document, Timestamp};
-use derivative::Derivative;
+use derive_where::derive_where;
 use futures_core::{future::BoxFuture, Stream};
 use serde::de::DeserializeOwned;
 #[cfg(test)]
@@ -74,8 +74,7 @@ use crate::{
 ///
 /// See the documentation [here](https://www.mongodb.com/docs/manual/changeStreams) for more
 /// details. Also see the documentation on [usage recommendations](https://www.mongodb.com/docs/manual/administration/change-streams-production-recommendations/).
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive_where(Debug)]
 pub struct ChangeStream<T>
 where
     T: DeserializeOwned,
@@ -90,7 +89,7 @@ where
     data: ChangeStreamData,
 
     /// A pending future for a resume.
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     pending_resume: Option<BoxFuture<'static, Result<ChangeStream<T>>>>,
 }
 

src/client.rs

@@ -13,7 +13,7 @@ use std::{
 
 #[cfg(feature = "in-use-encryption-unstable")]
 pub use self::csfle::client_builder::*;
-use derivative::Derivative;
+use derive_where::derive_where;
 use futures_core::Future;
 use futures_util::FutureExt;
 
@@ -116,8 +116,7 @@ const _: fn() = || {
     assert_sync(_c);
 };
 
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive(Debug)]
 struct ClientInner {
     topology: Topology,
     options: ClientOptions,
@@ -604,10 +603,9 @@ impl WeakClient {
     }
 }
 
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive_where(Debug)]
 pub(crate) struct AsyncDropToken {
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     tx: Option<tokio::sync::oneshot::Sender<BoxFuture<'static, ()>>>,
 }
 

src/client/auth.rs

@@ -15,7 +15,7 @@ mod x509;
 use std::{borrow::Cow, fmt::Debug, str::FromStr};
 
 use bson::RawDocumentBuf;
-use derivative::Derivative;
+use derive_where::derive_where;
 use hmac::{digest::KeyInit, Mac};
 use rand::Rng;
 use serde::Deserialize;
@@ -459,8 +459,8 @@ impl FromStr for AuthMechanism {
 ///
 /// Some fields (mechanism and source) may be omitted and will either be negotiated or assigned a
 /// default value, depending on the values of other fields in the credential.
-#[derive(Clone, Default, Deserialize, TypedBuilder, Derivative)]
-#[derivative(PartialEq)]
+#[derive(Clone, Default, Deserialize, TypedBuilder)]
+#[derive_where(PartialEq)]
 #[builder(field_defaults(default, setter(into)))]
 #[non_exhaustive]
 pub struct Credential {
@@ -507,7 +507,7 @@ pub struct Credential {
     /// }
     /// ```
     #[serde(skip)]
-    #[derivative(Debug = "ignore", PartialEq = "ignore")]
+    #[derive_where(skip)]
     #[builder(default)]
     pub oidc_callback: oidc::Callback,
 }

src/client/csfle.rs

@@ -5,7 +5,7 @@ pub(crate) mod state_machine;
 
 use std::{path::Path, time::Duration};
 
-use derivative::Derivative;
+use derive_where::derive_where;
 use mongocrypt::Crypt;
 
 use crate::{
@@ -28,13 +28,12 @@ use self::state_machine::{CryptExecutor, MongocryptdOptions};
 
 use super::WeakClient;
 
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive_where(Debug)]
 pub(super) struct ClientState {
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     crypt: Crypt,
     exec: CryptExecutor,
-    internal_client: Option<Client>,
+    _internal_client: Option<Client>,
     opts: AutoEncryptionOptions,
 }
 
@@ -79,7 +78,7 @@ impl ClientState {
         Ok(Self {
             crypt,
             exec,
-            internal_client: aux_clients.internal_client,
+            _internal_client: aux_clients.internal_client,
             opts,
         })
     }

src/client/options.rs

@@ -17,7 +17,7 @@ use std::{
 };
 
 use bson::UuidRepresentation;
-use derivative::Derivative;
+use derive_where::derive_where;
 use once_cell::sync::Lazy;
 use serde::{de::Unexpected, Deserialize, Deserializer, Serialize};
 use serde_with::skip_serializing_none;
@@ -357,9 +357,9 @@ pub struct ServerApi {
 }
 
 /// Contains the options that can be used to create a new [`Client`](../struct.Client.html).
-#[derive(Clone, Derivative, Deserialize, TypedBuilder)]
+#[derive(Clone, Deserialize, TypedBuilder)]
 #[builder(field_defaults(default, setter(into)))]
-#[derivative(Debug, PartialEq)]
+#[derive_where(Debug, PartialEq)]
 #[serde(rename_all = "camelCase")]
 #[non_exhaustive]
 pub struct ClientOptions {
@@ -393,15 +393,15 @@ pub struct ClientOptions {
     pub compressors: Option<Vec<Compressor>>,
 
     /// The handler that should process all Connection Monitoring and Pooling events.
-    #[derivative(Debug = "ignore", PartialEq = "ignore")]
+    #[derive_where(skip)]
     #[builder(setter(strip_option))]
     #[serde(skip)]
     pub cmap_event_handler: Option<EventHandler<crate::event::cmap::CmapEvent>>,
 
     /// The handler that should process all command-related events.
     ///
     /// Note that monitoring command events may incur a performance penalty.
-    #[derivative(Debug = "ignore", PartialEq = "ignore")]
+    #[derive_where(skip)]
     #[builder(setter(strip_option))]
     #[serde(skip)]
     pub command_event_handler: Option<EventHandler<crate::event::command::CommandEvent>>,
@@ -497,7 +497,7 @@ pub struct ClientOptions {
     pub server_monitoring_mode: Option<ServerMonitoringMode>,
 
     /// The handler that should process all Server Discovery and Monitoring events.
-    #[derivative(Debug = "ignore", PartialEq = "ignore")]
+    #[derive_where(skip)]
     #[builder(setter(strip_option))]
     #[serde(skip)]
     pub sdam_event_handler: Option<EventHandler<crate::event::sdam::SdamEvent>>,
@@ -531,7 +531,7 @@ pub struct ClientOptions {
     pub default_database: Option<String>,
 
     #[builder(setter(skip))]
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip(Debug))]
     pub(crate) socket_timeout: Option<Duration>,
 
     /// The TLS configuration for the Client to use in its connections with the server.
@@ -561,12 +561,12 @@ pub struct ClientOptions {
     /// Information from the SRV URI that generated these client options, if applicable.
     #[builder(setter(skip))]
     #[serde(skip)]
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip(Debug))]
     pub(crate) original_srv_info: Option<OriginalSrvInfo>,
 
     #[cfg(test)]
     #[builder(setter(skip))]
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip(Debug))]
     pub(crate) original_uri: Option<String>,
 
     /// Configuration of the DNS resolver used for SRV and TXT lookups.
@@ -576,15 +576,15 @@ pub struct ClientOptions {
     /// system configuration, so a custom configuration is recommended.
     #[builder(setter(skip))]
     #[serde(skip)]
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip(Debug))]
     #[cfg(feature = "dns-resolver")]
     pub(crate) resolver_config: Option<ResolverConfig>,
 
     /// Control test behavior of the client.
     #[cfg(test)]
     #[builder(setter(skip))]
     #[serde(skip)]
-    #[derivative(PartialEq = "ignore")]
+    #[derive_where(skip)]
     pub(crate) test_options: Option<TestOptions>,
 }
 

src/client/session/cluster_time.rs

@@ -1,4 +1,4 @@
-use derivative::Derivative;
+use derive_where::derive_where;
 use serde::{Deserialize, Serialize};
 
 use crate::bson::{Document, Timestamp};
@@ -7,13 +7,13 @@ use crate::bson::{Document, Timestamp};
 ///
 /// See [the MongoDB documentation](https://www.mongodb.com/docs/manual/core/read-isolation-consistency-recency/)
 /// for more information.
-#[derive(Debug, Deserialize, Clone, Serialize, Derivative)]
-#[derivative(PartialEq, Eq)]
+#[derive(Debug, Deserialize, Clone, Serialize)]
+#[derive_where(PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
 pub struct ClusterTime {
     pub(crate) cluster_time: Timestamp,
 
-    #[derivative(PartialEq = "ignore")]
+    #[derive_where(skip)]
     pub(crate) signature: Document,
 }
 

src/cmap.rs

@@ -11,7 +11,7 @@ mod worker;
 
 use std::time::Instant;
 
-use derivative::Derivative;
+use derive_where::derive_where;
 
 pub use self::conn::ConnectionInfo;
 pub(crate) use self::{
@@ -51,15 +51,15 @@ pub(crate) const DEFAULT_MAX_POOL_SIZE: u32 = 10;
 /// A pool of connections implementing the CMAP spec.
 /// This type is actually a handle to task that manages the connections and is cheap to clone and
 /// pass around.
-#[derive(Clone, Derivative)]
-#[derivative(Debug)]
+#[derive(Clone)]
+#[derive_where(Debug)]
 pub(crate) struct ConnectionPool {
     address: ServerAddress,
     manager: PoolManager,
     connection_requester: ConnectionRequester,
     generation_subscriber: PoolGenerationSubscriber,
 
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     event_emitter: CmapEventEmitter,
 }
 

src/cmap/conn.rs

@@ -7,7 +7,7 @@ use std::{
     time::{Duration, Instant},
 };
 
-use derivative::Derivative;
+use derive_where::derive_where;
 use serde::Serialize;
 use tokio::{
     io::BufStream,
@@ -59,8 +59,7 @@ pub struct ConnectionInfo {
 }
 
 /// A wrapper around Stream that contains all the CMAP information needed to maintain a connection.
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive_where(Debug)]
 pub(crate) struct Connection {
     /// Driver-generated ID for the connection.
     pub(crate) id: u32,
@@ -118,11 +117,11 @@ pub(crate) struct Connection {
 
     /// Type responsible for emitting events related to this connection. This is None for
     /// monitoring connections as we do not emit events for those.
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     event_emitter: Option<CmapEventEmitter>,
 
     /// The token callback for OIDC authentication.
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     pub(crate) oidc_token_gen_id: tokio::sync::Mutex<u32>,
 }
 

src/cmap/options.rs

@@ -2,7 +2,7 @@
 use std::cmp::Ordering;
 use std::time::Duration;
 
-use derivative::Derivative;
+use derive_where::derive_where;
 #[cfg(test)]
 use serde::de::{Deserializer, Error};
 use serde::Deserialize;
@@ -18,16 +18,16 @@ use crate::{
 };
 
 /// Contains the options for creating a connection pool.
-#[derive(Clone, Default, Deserialize, Derivative)]
-#[derivative(Debug, PartialEq)]
+#[derive(Clone, Default, Deserialize)]
+#[derive_where(Debug, PartialEq)]
 #[serde(rename_all = "camelCase")]
 pub(crate) struct ConnectionPoolOptions {
     /// The credential to use for authenticating connections in this pool.
     #[serde(skip)]
     pub(crate) credential: Option<Credential>,
 
     /// Processes all events generated by the pool.
-    #[derivative(Debug = "ignore", PartialEq = "ignore")]
+    #[derive_where(skip)]
     #[serde(skip)]
     pub(crate) cmap_event_handler: Option<EventHandler<CmapEvent>>,
 

src/cursor.rs

@@ -12,6 +12,7 @@ use bson::RawDocument;
 
 #[cfg(test)]
 use bson::RawDocumentBuf;
+use derive_where::derive_where;
 use futures_core::Stream;
 use serde::{de::DeserializeOwned, Deserialize};
 #[cfg(test)]
@@ -98,7 +99,7 @@ pub(crate) use common::{
 /// If a [`Cursor`] is still open when it goes out of scope, it will automatically be closed via an
 /// asynchronous [killCursors](https://www.mongodb.com/docs/manual/reference/command/killCursors/) command executed
 /// from its [`Drop`](https://doc.rust-lang.org/std/ops/trait.Drop.html) implementation.
-#[derive(Debug)]
+#[derive_where(Debug)]
 pub struct Cursor<T> {
     client: Client,
     drop_token: AsyncDropToken,
@@ -108,6 +109,7 @@ pub struct Cursor<T> {
     drop_address: Option<ServerAddress>,
     #[cfg(test)]
     kill_watcher: Option<oneshot::Sender<()>>,
+    #[derive_where(skip)]
     _phantom: std::marker::PhantomData<fn() -> T>,
 }
 

src/cursor/common.rs

@@ -6,7 +6,7 @@ use std::{
 };
 
 use bson::{RawDocument, RawDocumentBuf};
-use derivative::Derivative;
+use derive_where::derive_where;
 use futures_core::{future::BoxFuture, Future};
 #[cfg(test)]
 use tokio::sync::oneshot;
@@ -35,10 +35,9 @@ pub(super) enum AdvanceResult {
 }
 
 /// An internal cursor that can be used in a variety of contexts depending on its `GetMoreProvider`.
-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive_where(Debug)]
 pub(super) struct GenericCursor<'s, S> {
-    #[derivative(Debug = "ignore")]
+    #[derive_where(skip)]
     provider: GetMoreProvider<'s, S>,
     client: Client,
     info: CursorInformation,