Fix cargo audit warns for nix, psutil, time (#2699)

## Issue Addressed Fix `cargo audit` failures on `unstable` Closes #2698 ## Proposed Changes The main culprit is `nix`, which is vulnerable for versions below v0.23.0. We can't get by with a straight-forward `cargo update` because `psutil` depends on an old version of `nix` (cf. https://github.com/rust-psutil/rust-psutil/pull/93). Hence I've temporarily forked `psutil` under the `sigp` org, where I've included the update to `nix` v0.23.0. Additionally, I took the chance to update the `time` dependency to v0.3, which removed a bunch of stale deps including `stdweb` which is no longer maintained. Lighthouse only uses the `time` crate in the notifier to do some pretty printing, and so wasn't affected by any of the breaking changes in v0.3 ([changelog here](https://github.com/time-rs/time/blob/main/CHANGELOG.md#030-2021-07-30)).
2026-05-07 00:42:42 +00:00 · 2021-10-11 00:10:35 +00:00
parent 229542cd6c
commit 708557a473
3 changed files with 38 additions and 163 deletions
--- a/common/eth2/Cargo.toml
+++ b/common/eth2/Cargo.toml
@@ -27,7 +27,9 @@ futures = "0.3.8"
 store = { path = "../../beacon_node/store", optional = true }

 [target.'cfg(target_os = "linux")'.dependencies]
-psutil = { version = "3.2.0", optional = true }
+# TODO: update psutil once fix is merged: https://github.com/rust-psutil/rust-psutil/pull/93
+# psutil = { version = "3.2.0", optional = true }
+psutil = { git = "https://github.com/sigp/rust-psutil", rev = "3b42f01273b446128b572aa4fdb9b08f5da5f1d7", optional = true }
 procinfo = { version = "0.4.2", optional = true }

 [features]