chore(rustsec): update rustls-webpki 0.103.10

[va-an]

Fixes #276
Fixes #277
Fixes #280

---

Description

Update transitive dependency rustls-webpki from 0.103.10 to 0.103.13 via:

cargo update -p rustls-webpki@0.103.10 --precise 0.103.13

Notes to the reviewers

This does not fix rustls-webpki 0.101.7, pulled in via minreq:

-> % cargo audit
...
Dependency tree:
rustls-webpki 0.101.7
├── rustls 0.21.12
│   └── minreq 2.14.1
│       ├── jsonrpc 0.18.0
│       │   └── bitcoincore-rpc 0.19.0
│       │       └── bdk_bitcoind_rpc 0.21.0
│       │           └── bdk-cli 3.0.0
│       └── esplora-client 0.12.1
│           └── bdk_esplora 0.22.1
│               └── bdk-cli 3.0.0
└── minreq 2.14.1
...

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran cargo fmt and cargo clippy before committing

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 10.96%. Comparing base (7c33b33) to head (aec0c8a).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #281   +/-   ##
=======================================
  Coverage   10.96%   10.96%           
=======================================
  Files           8        8           
  Lines        2526     2526           
=======================================
  Hits          277      277           
  Misses       2249     2249           

Flag	Coverage Δ
rust	10.96% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[tvpeter]

ACK aec0c8a

[notmandatory]

Can this be fixed more permanently by updating to (future) releases of esplora-client and a corepc based rpc client that uses bitreq instead of minreq?

bitcoindevkit/rust-esplora-client#136
rust-bitcoin/corepc#399

[va-an]

Can this be fixed more permanently by updating to (future) releases of esplora-client and a corepc based rpc client that uses bitreq instead of minreq?

I looked into it, current status:

• esplora-client (via bdk_esplora): as you mentioned, esplora-client already uses bitreq on master, so we will get the rustls-webpki fix with the next bdk_esplora release.

• bitcoincore-rpc (via bdk_bitcoind_rpc): bdk_bitcoind_rpc 0.21.0 uses bitcoincore-rpc, which depends on minreq. rust-bitcoincore-rpc is now archived and points users to corepc-client, so the fix is migrating bdk_bitcoind_rpc to corepc-client.

I'll check whether there's already an issue on bdk for migrating bdk_bitcoind_rpc to corepc-client and open one if not.