*: deny yanked, unsound and unknown git source crates (tikv#16372)

ref tikv#16328

Deny yanked crates

* Upgrade yanked crossbeam-channel
  crossbeam-channel v0.5.6 has yanked, it may cause segfault.
  See crossbeam-rs/crossbeam#971
* Upgrade yanked ahash
  ahash v0.7.4 and v0.8.3 have been yanked.

Deny unsound crates

* Fix RUSTSEC-2023-0072 by baning unsound `X509StoreRef::objects`.
* Mitigate RUSTSEC-2021-0145 by disabling clap default features.
* Fix RUSTSEC-2022-0078 by upgrading bumpalo.

Deny crates from unknown git source

* Replace xiongjiwei/encoding_rs with tikv/encoding_rs
* Replace busyjay/rust-snappy with tikv/rust-snappy
* Replace tabokie/fs2-rs with tikv/fs2-rs

Signed-off-by: Neil Shen <[email protected]>

Co-authored-by: glorv <[email protected]>

Cargo.toml

@@ -202,10 +202,10 @@ rusoto_sts = { git = "https://github.com/tikv/rusoto", branch = "gh1482-s3-addr-
 # NOTICE: use openssl for signature to support fips 140
 tame-oauth = { git = "https://github.com/tikv/tame-oauth", branch = "fips-0.9" }
 
-snappy-sys = { git = "https://github.com/busyjay/rust-snappy.git", branch = "static-link" }
+snappy-sys = { git = "https://github.com/tikv/rust-snappy.git", branch = "static-link" }
 
 # remove this when https://github.com/danburkert/fs2-rs/pull/42 is merged.
-fs2 = { git = "https://github.com/tabokie/fs2-rs", branch = "tikv" }
+fs2 = { git = "https://github.com/tikv/fs2-rs", branch = "tikv" }
 
 # Remove this when a new version is release. We need to solve rust-lang/cmake-rs#143.
 cmake = { git = "https://github.com/rust-lang/cmake-rs" }
@@ -315,9 +315,12 @@ batch-system = { path = "components/batch-system" }
 case_macros = { path = "components/case_macros" }
 causal_ts = { path = "components/causal_ts" }
 cdc = { path = "components/cdc", default-features = false }
-# Do not enable default features that implicitly enables oldtime which is
+# Do not enable default-features because it implicitly enables oldtime which is
 # vulnerable to RUSTSEC-2020-0071, see more in deny.toml.
 chrono = { version = "0.4", default-features = false }
+# Do not enable default-features because it implicitly enables the unsound
+# "atty" crate, see more about RUSTSEC-2021-0145 in deny.toml.
+clap = { version = "2.32", default-features = false, features = ["suggestions", "vec_map"] }
 cloud = { path = "components/cloud" }
 codec = { path = "components/codec" }
 collections = { path = "components/collections" }
@@ -384,6 +387,8 @@ tracker = { path = "components/tracker" }
 txn_types = { path = "components/txn_types" }
 # External libs
 raft = { version = "0.7.0", default-features = false, features = ["protobuf-codec"] }
+raft-engine = { git = "https://github.com/tikv/raft-engine.git", features = ["swap"] }
+raft-engine-ctl = { git = "https://github.com/tikv/raft-engine.git" }
 grpcio = { version = "0.10.4", default-features = false, features = ["openssl", "protobuf-codec", "nightly"] }
 grpcio-health = { version = "0.10.4", default-features = false, features = ["protobuf-codec"] }
 tipb = { git = "https://github.com/pingcap/tipb.git" }
@@ -392,7 +397,7 @@ yatp = { git = "https://github.com/tikv/yatp.git", branch = "master" }
 tokio-timer = { git = "https://github.com/tikv/tokio", branch = "tokio-timer-hotfix" }
 tokio-executor = { git = "https://github.com/tikv/tokio", branch = "tokio-timer-hotfix" }
 slog = { version = "2.3", features = ["max_level_trace", "release_max_level_debug"] }
-slog-global = { version = "0.1", git = "https://github.com/breeswish/slog-global.git", rev = "d592f88e4dbba5eb439998463054f1a44fbf17b9" }
+slog-global = { version = "0.1", git = "https://github.com/tikv/slog-global.git", rev = "d592f88e4dbba5eb439998463054f1a44fbf17b9" }
 tracing-active-tree = { git = "https://github.com/tikv/tracing-active-tree.git", features = ["coarsetime"], rev = "a71f8f8148f88ab759deb6d3e1d62d07ab218347" }
 # This `tracing` is only used for `tracing-active-tree`, enable its attributes only.
 tracing = { version = "0.1.39", default-features = false, features = [ "attributes", "std" ] }