chore(deps): bump generic-array from 0.12.3 to 0.12.4 to fix RUSTSEC-2020-0146

[yangby-cryptape]

References

• RUSTSEC-2020-0146: generic-array: arr! macro erases lifetimes
• generic-array Issue-98: arr! unsoundness
• ChangeLog for generic-array from 0.12.3 to 0.12.4

[quake]

bors r=quake,zhangsoledad

[bors]

🕐 Waiting for PR status (Github check) to be set, probably by CI. Bors will automatically try to run when all required PR statuses are set.

[yangby-cryptape]

For RUSTSEC-2020-0146:

• CKB depends on generic-array=0.14.4, too.
• But block-buffer=0.7.3 and digest=0.8.0 requires generic-array=0.12.
• CKB also depends on block-buffer=0.9.0 and digest=0.9.0.
• But sha-1=0.8.1 requires block-buffer=0.7 and digest=0.8.
• sha-1=0.9.4 only depends on block-buffer=0.9 and digest=0.9.
• But ws depends on sha-1=0.8, and ws haven't release new versions for 18 months.

ws also has many other issues (more than 100 issues in it's issues list):

• RUSTSEC-2020-0043: ws: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory.
  We had to skip this issue in security check, already.
  

  ckb/deny.toml

  Line 7 in 99e1e53

  "RUSTSEC-2020-0043", # TODO ws allows remote attacker to run the process out of memory, since it is no longer actively maintained, we couldn't fix it in the short term

• And according to the issues list of ws, some functions no longer work with newer versions of rustc since Nov 24, 2020.

So, maybe we have to upgrade jsonrpc-*.

[bors]

Build succeeded:

• continuous-integration/travis-ci/push