From f6f770b2b58b81e0bedbf2d79b89dd0cd39ffe91 Mon Sep 17 00:00:00 2001
From: Hasky Dragon <hasky-dragon@levana.exchange>
Date: Tue, 21 May 2024 09:57:45 +0530
Subject: [PATCH] Update to use non vulnerable dependencies

Fixes https://github.com/advisories/GHSA-fjx5-qpf4-xjf2
---
 Cargo.toml                               |  1 +
 examples/sol-contract/Cargo.toml         |  7 ++++---
 examples/sol-contract/src/instruction.rs |  2 +-
 examples/sol-contract/src/processor.rs   |  7 ++-----
 pyth-sdk-solana/Cargo.toml               | 10 +++++-----
 pyth-sdk-solana/src/state.rs             |  2 +-
 pyth-sdk-solana/test-contract/Cargo.toml | 14 +++++++-------
 pyth-sdk/Cargo.toml                      |  4 ++--
 pyth-sdk/src/lib.rs                      |  2 +-
 pyth-sdk/src/price.rs                    |  2 +-
 10 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index fda81a3..ac45226 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,4 +1,5 @@
 [workspace]
+resolver = "2"
 
 members = [
     "pyth-sdk",
diff --git a/examples/sol-contract/Cargo.toml b/examples/sol-contract/Cargo.toml
index 5d00052..08b9d69 100644
--- a/examples/sol-contract/Cargo.toml
+++ b/examples/sol-contract/Cargo.toml
@@ -8,7 +8,8 @@ edition = "2021"
 crate-type = ["cdylib", "lib"]
 
 [dependencies]
-borsh = "0.10.3"
+borsh = { version = "1.5.0", features = ["derive"] }
+borsh-derive = "1.5.0"
 arrayref = "0.3.6"
-solana-program = ">= 1.10"
-pyth-sdk-solana = { path = "../../pyth-sdk-solana", version = "0.10.0" }
+solana-program = "1.18.4"
+pyth-sdk-solana = { path = "../../pyth-sdk-solana" }
diff --git a/examples/sol-contract/src/instruction.rs b/examples/sol-contract/src/instruction.rs
index b4409da..dc45b33 100644
--- a/examples/sol-contract/src/instruction.rs
+++ b/examples/sol-contract/src/instruction.rs
@@ -4,7 +4,7 @@
 //!     Init{} initializing some loan information and
 //!     Loan2Value{} checking the loan-to-value ratio of the loan.
 
-use borsh::{
+use borsh_derive::{
     BorshDeserialize,
     BorshSerialize,
 };
diff --git a/examples/sol-contract/src/processor.rs b/examples/sol-contract/src/processor.rs
index e5d8cd3..29ff0ff 100644
--- a/examples/sol-contract/src/processor.rs
+++ b/examples/sol-contract/src/processor.rs
@@ -14,10 +14,7 @@ use solana_program::pubkey::Pubkey;
 use solana_program::sysvar::clock::Clock;
 use solana_program::sysvar::Sysvar;
 
-use borsh::{
-    BorshDeserialize,
-    BorshSerialize,
-};
+use borsh::BorshDeserialize;
 use pyth_sdk_solana::state::SolanaPriceAccount;
 
 use crate::instruction::ExampleInstructions;
@@ -56,7 +53,7 @@ pub fn process_instruction(
             SolanaPriceAccount::account_info_to_feed(pyth_loan_account)?;
             SolanaPriceAccount::account_info_to_feed(pyth_collateral_account)?;
 
-            let config_data = config.try_to_vec()?;
+            let config_data = borsh::to_vec(&config)?;
             let config_dst = &mut admin_config_account.try_borrow_mut_data()?;
             sol_memcpy(config_dst, &config_data, 1 + 32 + 32);
             Ok(())
diff --git a/pyth-sdk-solana/Cargo.toml b/pyth-sdk-solana/Cargo.toml
index 8936ebc..b3336ee 100644
--- a/pyth-sdk-solana/Cargo.toml
+++ b/pyth-sdk-solana/Cargo.toml
@@ -11,9 +11,9 @@ keywords = [ "pyth", "solana", "oracle" ]
 readme = "README.md"
 
 [dependencies]
-solana-program = ">= 1.9"
-borsh = "0.10.3"
-borsh-derive = "0.10.3"
+solana-program = "1.18.14"
+borsh = "1.5.0"
+borsh-derive = "1.5.0"
 bytemuck = "1.7.2"
 num-derive = "0.3"
 num-traits = "0.2"
@@ -22,8 +22,8 @@ serde = { version = "1.0.136", features = ["derive"] }
 pyth-sdk = { path = "../pyth-sdk", version = "0.8.0" }
 
 [dev-dependencies]
-solana-client = ">= 1.9"
-solana-sdk = ">= 1.9"
+solana-client = "1.18.14"
+solana-sdk = "1.18.14"
 
 [lib]
 crate-type = ["cdylib", "lib"]
diff --git a/pyth-sdk-solana/src/state.rs b/pyth-sdk-solana/src/state.rs
index ee47d28..80b7aa8 100644
--- a/pyth-sdk-solana/src/state.rs
+++ b/pyth-sdk-solana/src/state.rs
@@ -1,6 +1,6 @@
 //! Structures and functions for interacting with Solana on-chain account data.
 
-use borsh::{
+use borsh_derive::{
     BorshDeserialize,
     BorshSerialize,
 };
diff --git a/pyth-sdk-solana/test-contract/Cargo.toml b/pyth-sdk-solana/test-contract/Cargo.toml
index 44b9ca4..ca497bd 100644
--- a/pyth-sdk-solana/test-contract/Cargo.toml
+++ b/pyth-sdk-solana/test-contract/Cargo.toml
@@ -8,16 +8,16 @@ test-bpf = []
 no-entrypoint = []
 
 [dependencies]
-pyth-sdk-solana = { path = "../", version = "0.10.0" }
-solana-program = ">= 1.10, <= 1.16"
+pyth-sdk-solana = { path = "../" }
+solana-program = "1.18.14"
 bytemuck = "1.7.2"
-borsh = "0.10.3"
-borsh-derive = "0.10.3"
+borsh = "1.5.0"
+borsh-derive = "1.5.0"
 
 [dev-dependencies]
-solana-program-test = ">= 1.10, <= 1.16"
-solana-client = ">= 1.10, <= 1.16"
-solana-sdk = ">= 1.10, <= 1.16"
+solana-program-test = "1.18.4"
+solana-client = "1.18.4"
+solana-sdk = "1.18.4"
 
 [lib]
 crate-type = ["cdylib", "lib"]
diff --git a/pyth-sdk/Cargo.toml b/pyth-sdk/Cargo.toml
index a3d7cba..07e1037 100644
--- a/pyth-sdk/Cargo.toml
+++ b/pyth-sdk/Cargo.toml
@@ -15,8 +15,8 @@ crate-type = ["cdylib", "lib"]
 
 [dependencies]
 hex = { version = "0.4.3", features = ["serde"] }
-borsh = "0.10.3"
-borsh-derive = "0.10.3"
+borsh = "1.5.0"
+borsh-derive = "1.5.0"
 serde = { version = "1.0.136", features = ["derive"] }
 schemars = "0.8.8"
 getrandom = { version = "0.2.2", features = ["custom"] }
diff --git a/pyth-sdk/src/lib.rs b/pyth-sdk/src/lib.rs
index c22d29f..542979f 100644
--- a/pyth-sdk/src/lib.rs
+++ b/pyth-sdk/src/lib.rs
@@ -1,4 +1,4 @@
-use borsh::{
+use borsh_derive::{
     BorshDeserialize,
     BorshSerialize,
 };
diff --git a/pyth-sdk/src/price.rs b/pyth-sdk/src/price.rs
index 1dc411f..4886662 100644
--- a/pyth-sdk/src/price.rs
+++ b/pyth-sdk/src/price.rs
@@ -1,4 +1,4 @@
-use borsh::{
+use borsh_derive::{
     BorshDeserialize,
     BorshSerialize,
 };