chore: update base64 crate (denoland#20877)

Cargo.toml

@@ -72,8 +72,7 @@ deno_napi = { version = "0.51.0", path = "./ext/napi" }
 aes = "=0.8.3"
 anyhow = "1.0.57"
 async-trait = "0.1.73"
-# TODO(mmastrac): Requires code changes to bump
-base64 = "=0.13.1"
+base64 = "0.21.4"
 bencher = "0.1"
 brotli = "3.3.4"
 bytes = "1.4.0"

cli/auth_tokens.rs

@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::ModuleSpecifier;
 use log::debug;
 use log::error;
@@ -23,7 +25,7 @@ impl fmt::Display for AuthToken {
  AuthTokenData::Bearer(token) => write!(f, "Bearer {token}"),
  AuthTokenData::Basic { username, password } => {
  let credentials = format!("{username}:{password}");
- write!(f, "Basic {}", base64::encode(credentials))
+ write!(f, "Basic {}", BASE64_STANDARD.encode(credentials))
  }
  }
  }

cli/npm/managed/tarball.rs

@@ -5,6 +5,8 @@ use std::fs;
 use std::path::Path;
 use std::path::PathBuf;
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::anyhow::bail;
 use deno_core::error::AnyError;
 use deno_npm::registry::NpmPackageVersionDistInfo;
@@ -52,7 +54,7 @@ fn verify_tarball_integrity(
  let mut hash_ctx = Context::new(algo);
  hash_ctx.update(data);
  let digest = hash_ctx.finish();
- let tarball_checksum = base64::encode(digest.as_ref());
+ let tarball_checksum = BASE64_STANDARD.encode(digest.as_ref());
  (tarball_checksum, base64_hash)
  }
  NpmPackageVersionDistInfoIntegrity::LegacySha1Hex(hex) => {

cli/util/text_encoding.rs

@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::ModuleCode;
 use encoding_rs::*;
 use std::borrow::Cow;
@@ -62,7 +64,8 @@ pub fn source_map_from_code(code: &ModuleCode) -> Option<Vec<u8>> {
  let last_line = bytes.rsplit(|u| *u == b'\n').next()?;
  if last_line.starts_with(SOURCE_MAP_PREFIX) {
  let input = last_line.split_at(SOURCE_MAP_PREFIX.len()).1;
- let decoded_map = base64::decode(input)
+ let decoded_map = BASE64_STANDARD
+ .decode(input)
  .expect("Unable to decode source map from emitted file.");
  Some(decoded_map)
  } else {

ext/crypto/ed25519.rs

@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::ToJsBuffer;
@@ -151,8 +153,5 @@ pub fn op_crypto_jwk_x_ed25519(
  #[buffer] pkey: &[u8],
 ) -> Result<String, AnyError> {
  let pair = Ed25519KeyPair::from_seed_unchecked(pkey)?;
- Ok(base64::encode_config(
- pair.public_key().as_ref(),
- base64::URL_SAFE_NO_PAD,
- ))
+ Ok(BASE64_URL_SAFE_NO_PAD.encode(pair.public_key().as_ref()))
 }

ext/crypto/export_key.rs

@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use const_oid::AssociatedOid;
 use const_oid::ObjectIdentifier;
 use deno_core::error::custom_error;
@@ -111,11 +113,11 @@ pub fn op_crypto_export_key(
 }
 
 fn uint_to_b64(bytes: UIntRef) -> String {
- base64::encode_config(bytes.as_bytes(), base64::URL_SAFE_NO_PAD)
+ BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes())
 }
 
 fn bytes_to_b64(bytes: &[u8]) -> String {
- base64::encode_config(bytes, base64::URL_SAFE_NO_PAD)
+ BASE64_URL_SAFE_NO_PAD.encode(bytes)
 }
 
 fn export_key_rsa(

ext/crypto/import_key.rs

@@ -1,5 +1,6 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::JsBuffer;
@@ -106,12 +107,19 @@ pub fn op_crypto_import_key(
  }
 }
 
-const URL_SAFE_FORGIVING: base64::Config =
- base64::URL_SAFE_NO_PAD.decode_allow_trailing_bits(true);
+const BASE64_URL_SAFE_FORGIVING:
+ base64::engine::general_purpose::GeneralPurpose =
+ base64::engine::general_purpose::GeneralPurpose::new(
+ &base64::alphabet::URL_SAFE,
+ base64::engine::general_purpose::GeneralPurposeConfig::new()
+ .with_decode_allow_trailing_bits(true)
+ .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent),
+ );
 
 macro_rules! jwt_b64_int_or_err {
  ($name:ident, $b64:expr, $err:expr) => {
- let bytes = base64::decode_config($b64, URL_SAFE_FORGIVING)
+ let bytes = BASE64_URL_SAFE_FORGIVING
+ .decode($b64)
  .map_err(|_| data_error($err))?;
  let $name = UIntRef::new(&bytes).map_err(|_| data_error($err))?;
  };
@@ -759,7 +767,8 @@ fn import_key_ec(
 fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
  Ok(match key_data {
  KeyData::JwkSecret { k } => {
- let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+ let data = BASE64_URL_SAFE_FORGIVING
+ .decode(k)
  .map_err(|_| data_error("invalid key data"))?;
  ImportKeyResult::Hmac {
  raw_data: RustRawKeyData::Secret(data.into()),
@@ -772,7 +781,8 @@ fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
 fn import_key_hmac(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
  Ok(match key_data {
  KeyData::JwkSecret { k } => {
- let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+ let data = BASE64_URL_SAFE_FORGIVING
+ .decode(k)
  .map_err(|_| data_error("invalid key data"))?;
  ImportKeyResult::Hmac {
  raw_data: RustRawKeyData::Secret(data.into()),

ext/crypto/lib.rs

@@ -4,6 +4,8 @@ use aes_kw::KekAes128;
 use aes_kw::KekAes192;
 use aes_kw::KekAes256;
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::custom_error;
 use deno_core::error::not_supported;
 use deno_core::error::type_error;
@@ -120,14 +122,14 @@ deno_core::extension!(deno_crypto,
 pub fn op_crypto_base64url_decode(
  #[string] data: String,
 ) -> Result<ToJsBuffer, AnyError> {
- let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?;
+ let data: Vec<u8> = BASE64_URL_SAFE_NO_PAD.decode(data)?;
  Ok(data.into())
 }
 
 #[op2]
 #[string]
 pub fn op_crypto_base64url_encode(#[buffer] data: JsBuffer) -> String {
- let data: String = base64::encode_config(data, base64::URL_SAFE_NO_PAD);
+ let data: String = BASE64_URL_SAFE_NO_PAD.encode(data);
  data
 }
 

ext/http/lib.rs

@@ -3,6 +3,8 @@
 use async_compression::tokio::write::BrotliEncoder;
 use async_compression::tokio::write::GzipEncoder;
 use async_compression::Level;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use cache_control::CacheControl;
 use deno_core::error::custom_error;
 use deno_core::error::AnyError;
@@ -990,7 +992,7 @@ fn op_http_websocket_accept_header(
  &ring::digest::SHA1_FOR_LEGACY_USE_ONLY,
  format!("{key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11").as_bytes(),
  );
- Ok(base64::encode(digest))
+ Ok(BASE64_STANDARD.encode(digest))
 }
 
 #[op2(async)]

ext/kv/lib.rs

@@ -12,6 +12,8 @@ use std::cell::RefCell;
 use std::num::NonZeroU32;
 use std::rc::Rc;
 
+use base64::prelude::BASE64_URL_SAFE;
+use base64::Engine;
 use chrono::Utc;
 use codec::decode_key;
 use codec::encode_key;
@@ -543,11 +545,7 @@ fn encode_cursor(
  if !boundary_key.starts_with(common_prefix) {
  return Err(type_error("invalid boundary key"));
  }
-
- Ok(base64::encode_config(
- &boundary_key[common_prefix.len()..],
- base64::URL_SAFE,
- ))
+ Ok(BASE64_URL_SAFE.encode(&boundary_key[common_prefix.len()..]))
 }
 
 fn decode_selector_and_cursor(
@@ -560,7 +558,8 @@ fn decode_selector_and_cursor(
  };
 
  let common_prefix = selector.common_prefix();
- let cursor = base64::decode_config(cursor, base64::URL_SAFE)
+ let cursor = BASE64_URL_SAFE
+ .decode(cursor)
  .map_err(|_| type_error("invalid cursor"))?;
 
  let first_key: Vec<u8>;

test_util/src/lib.rs

@@ -2,6 +2,8 @@
 // Usage: provide a port as argument to run hyper_hello benchmark server
 // otherwise this starts multiple servers on many ports for test endpoints.
 use anyhow::anyhow;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use futures::Future;
 use futures::FutureExt;
 use futures::Stream;
@@ -317,7 +319,7 @@ async fn basic_auth_redirect(
  {
  let credentials =
  format!("{TEST_BASIC_AUTH_USERNAME}:{TEST_BASIC_AUTH_PASSWORD}");
- if auth == format!("Basic {}", base64::encode(credentials)) {
+ if auth == format!("Basic {}", BASE64_STANDARD.encode(credentials)) {
  let p = req.uri().path();
  assert_eq!(&p[0..1], "/");
  let url = format!("http:https://localhost:{PORT}{p}");

test_util/src/npm.rs

@@ -5,6 +5,8 @@ use std::fs;
 
 use anyhow::Context;
 use anyhow::Result;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use flate2::write::GzEncoder;
 use flate2::Compression;
 use once_cell::sync::Lazy;
@@ -104,7 +106,7 @@ fn get_npm_package(package_name: &str) -> Result<Option<CustomNpmPackage>> {
  let mut hash_ctx = Context::new(&SHA512);
  hash_ctx.update(&tarball_bytes);
  let digest = hash_ctx.finish();
- let tarball_checksum = base64::encode(digest.as_ref());
+ let tarball_checksum = BASE64_STANDARD.encode(digest.as_ref());
 
  // create the registry file JSON for this version
  let mut dist = serde_json::Map::new();