chore(iota-types,iota-cluster-test): Remove derivative dependency

.github/workflows/_cargo_deny.yml

@@ -17,10 +17,12 @@ jobs:
     name: cargo deny (bans, licenses, sources)
     runs-on: [self-hosted]
     steps:
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4
       - run: cargo deny --manifest-path ${{ inputs.manifest-path || './Cargo.toml' }} check bans licenses sources
 
   advisories:
     name: cargo deny (advisories)
     runs-on: [self-hosted]
     steps:
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4
       - run: cargo deny --manifest-path ${{ inputs.manifest-path || './Cargo.toml' }} check advisories

Cargo.toml

@@ -238,7 +238,7 @@ crossterm = "0.25.0"
 csv = "1.2.1"
 dashmap = "5.5.3"
 datatest-stable = { git = "https://github.com/nextest-rs/datatest-stable.git", rev = "72db7f6d1bbe36a5407e96b9488a581f763e106f" }
-derivative = "2.2.0"
+derive_more = "1.0"
 diesel = { version = "2.1.0", features = ["chrono", "r2d2", "serde_json", "64-column-tables", "i-implement-a-third-party-backend-and-opt-into-breaking-changes"] }
 dirs = "5.0"
 ed25519-consensus = { version = "2.0.1", features = ["serde"] }

crates/iota-cluster-test/Cargo.toml

@@ -11,7 +11,7 @@ publish = false
 anyhow = { workspace = true, features = ["backtrace"] }
 async-trait.workspace = true
 clap.workspace = true
-derivative.workspace = true
+derive_more = { workspace = true, features = ["debug"] }
 diesel.workspace = true
 fastcrypto.workspace = true
 futures.workspace = true

crates/iota-cluster-test/src/config.rs

@@ -19,8 +19,7 @@ pub enum Env {
     NewLocal,
 }
 
-#[derive(derivative::Derivative, Parser)]
-#[derivative(Debug)]
+#[derive(derive_more::Debug, Parser)]
 #[clap(name = "", rename_all = "kebab-case")]
 pub struct ClusterTestOpt {
     #[clap(value_enum)]
@@ -36,7 +35,7 @@ pub struct ClusterTestOpt {
     pub indexer_address: Option<String>,
     /// URL for the Indexer Postgres DB
     #[clap(long)]
-    #[derivative(Debug(format_with = "obfuscated_pg_address"))]
+    #[debug("{}", ObfuscatedPgAddress(pg_address))]
     pub pg_address: Option<String>,
     #[clap(long)]
     pub config_dir: Option<PathBuf>,
@@ -53,17 +52,24 @@ pub struct ClusterTestOpt {
     pub remote_migration_snapshots: Vec<SnapshotUrl>,
 }
 
-fn obfuscated_pg_address(val: &Option<String>, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-    match val {
-        None => write!(f, "None"),
-        Some(val) => {
-            write!(
-                f,
-                "{}",
-                Regex::new(r":.*@")
-                    .unwrap()
-                    .replace_all(val.as_str(), ":*****@")
-            )
+// This is not actually dead, but rust thinks it is because it is only used in
+// the derive macro above.
+#[allow(dead_code)]
+struct ObfuscatedPgAddress<'a>(&'a Option<String>);
+
+impl<'a> std::fmt::Display for ObfuscatedPgAddress<'a> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self.0 {
+            None => write!(f, "None"),
+            Some(val) => {
+                write!(
+                    f,
+                    "{}",
+                    Regex::new(r":.*@")
+                        .unwrap()
+                        .replace_all(val.as_str(), ":*****@")
+                )
+            }
         }
     }
 }

crates/iota-types/Cargo.toml

@@ -19,8 +19,7 @@ better_any.workspace = true
 bincode.workspace = true
 byteorder.workspace = true
 chrono.workspace = true
-derivative.workspace = true
-derive_more = "0.99.17"
+derive_more = { workspace = true, features = ["as_ref", "from", "debug", "display"] }
 enum_dispatch.workspace = true
 eyre.workspace = true
 fastcrypto = { workspace = true, features = ["copy_key"] }

crates/iota-types/src/iota_system_state/iota_system_state_inner_v1.rs

@@ -96,14 +96,13 @@ pub struct ValidatorMetadataV1 {
     pub extra_fields: Bag,
 }
 
-#[derive(derivative::Derivative, Clone, Eq, PartialEq)]
-#[derivative(Debug)]
+#[derive(derive_more::Debug, Clone, Eq, PartialEq)]
 pub struct VerifiedValidatorMetadataV1 {
     pub iota_address: IotaAddress,
     pub authority_pubkey: AuthorityPublicKey,
     pub network_pubkey: NetworkPublicKey,
     pub protocol_pubkey: NetworkPublicKey,
-    #[derivative(Debug = "ignore")]
+    #[debug(skip)]
     pub proof_of_possession_bytes: Vec<u8>,
     pub name: String,
     pub description: String,

crates/iota-types/src/move_package.rs

@@ -121,11 +121,11 @@ pub struct MovePackage {
 #[repr(u8)]
 #[derive(Display, Debug, Clone, Copy)]
 pub enum UpgradePolicy {
-    #[display(fmt = "COMPATIBLE")]
+    #[display("COMPATIBLE")]
     Compatible = 0,
-    #[display(fmt = "ADDITIVE")]
+    #[display("ADDITIVE")]
     Additive = 128,
-    #[display(fmt = "DEP_ONLY")]
+    #[display("DEP_ONLY")]
     DepOnly = 192,
 }
 

deny.toml

@@ -52,6 +52,10 @@ ignore = [
   "RUSTSEC-2023-0049",
   # difference is unmaintained
   "RUSTSEC-2020-0095",
+  # derivative is unmaintained
+  "RUSTSEC-2024-0388",
+  # instant is unmaintained
+  "RUSTSEC-2024-0384",
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score
 # lower than the range specified will be ignored. Note that ignored advisories