chore: update base64 crate (#20877)

13 files changed, 56 insertions, 32 deletions

diff --git a/Cargo.lock b/Cargo.lock
index ebd6900a6..729cdd6bb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -971,7 +971,7 @@ version = "1.37.2"
 dependencies = [
  "async-trait",
  "base32",
- "base64 0.13.1",
+ "base64 0.21.4",
  "bincode",
  "bytes",
  "cache_control",
@@ -1236,7 +1236,7 @@ dependencies = [
  "aes",
  "aes-gcm",
  "aes-kw",
- "base64 0.13.1",
+ "base64 0.21.4",
  "cbc",
  "const-oid",
  "ctr",
@@ -1378,7 +1378,7 @@ version = "0.116.0"
 dependencies = [
  "async-compression",
  "async-trait",
- "base64 0.13.1",
+ "base64 0.21.4",
  "bencher",
  "brotli",
  "bytes",
@@ -1428,7 +1428,7 @@ version = "0.29.0"
 dependencies = [
  "anyhow",
  "async-trait",
- "base64 0.13.1",
+ "base64 0.21.4",
  "chrono",
  "deno_core",
  "deno_node",
@@ -5647,7 +5647,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "async-stream",
- "base64 0.13.1",
+ "base64 0.21.4",
  "bytes",
  "console_static_text",
  "fastwebsockets",
diff --git a/Cargo.toml b/Cargo.toml
index 6f56f5702..81e0f388c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -72,8 +72,7 @@ deno_napi = { version = "0.51.0", path = "./ext/napi" }
 aes = "=0.8.3"
 anyhow = "1.0.57"
 async-trait = "0.1.73"
-# TODO(mmastrac): Requires code changes to bump
-base64 = "=0.13.1"
+base64 = "0.21.4"
 bencher = "0.1"
 brotli = "3.3.4"
 bytes = "1.4.0"
diff --git a/cli/auth_tokens.rs b/cli/auth_tokens.rs
index 6c3ed3846..2e0a4bc37 100644
--- a/cli/auth_tokens.rs
+++ b/cli/auth_tokens.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::ModuleSpecifier;
 use log::debug;
 use log::error;
@@ -23,7 +25,7 @@ impl fmt::Display for AuthToken {
       AuthTokenData::Bearer(token) => write!(f, "Bearer {token}"),
       AuthTokenData::Basic { username, password } => {
         let credentials = format!("{username}:{password}");
-        write!(f, "Basic {}", base64::encode(credentials))
+        write!(f, "Basic {}", BASE64_STANDARD.encode(credentials))
       }
     }
   }
diff --git a/cli/npm/managed/tarball.rs b/cli/npm/managed/tarball.rs
index 17ab7711f..c1fb7de16 100644
--- a/cli/npm/managed/tarball.rs
+++ b/cli/npm/managed/tarball.rs
@@ -5,6 +5,8 @@ use std::fs;
 use std::path::Path;
 use std::path::PathBuf;
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::anyhow::bail;
 use deno_core::error::AnyError;
 use deno_npm::registry::NpmPackageVersionDistInfo;
@@ -52,7 +54,7 @@ fn verify_tarball_integrity(
       let mut hash_ctx = Context::new(algo);
       hash_ctx.update(data);
       let digest = hash_ctx.finish();
-      let tarball_checksum = base64::encode(digest.as_ref());
+      let tarball_checksum = BASE64_STANDARD.encode(digest.as_ref());
       (tarball_checksum, base64_hash)
     }
     NpmPackageVersionDistInfoIntegrity::LegacySha1Hex(hex) => {
diff --git a/cli/util/text_encoding.rs b/cli/util/text_encoding.rs
index 29a8d4069..d85950a75 100644
--- a/cli/util/text_encoding.rs
+++ b/cli/util/text_encoding.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use deno_core::ModuleCode;
 use encoding_rs::*;
 use std::borrow::Cow;
@@ -62,7 +64,8 @@ pub fn source_map_from_code(code: &ModuleCode) -> Option<Vec<u8>> {
   let last_line = bytes.rsplit(|u| *u == b'\n').next()?;
   if last_line.starts_with(SOURCE_MAP_PREFIX) {
     let input = last_line.split_at(SOURCE_MAP_PREFIX.len()).1;
-    let decoded_map = base64::decode(input)
+    let decoded_map = BASE64_STANDARD
+      .decode(input)
       .expect("Unable to decode source map from emitted file.");
     Some(decoded_map)
   } else {
diff --git a/ext/crypto/ed25519.rs b/ext/crypto/ed25519.rs
index 591dce19d..e2a0ce408 100644
--- a/ext/crypto/ed25519.rs
+++ b/ext/crypto/ed25519.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::ToJsBuffer;
@@ -151,8 +153,5 @@ pub fn op_crypto_jwk_x_ed25519(
   #[buffer] pkey: &[u8],
 ) -> Result<String, AnyError> {
   let pair = Ed25519KeyPair::from_seed_unchecked(pkey)?;
-  Ok(base64::encode_config(
-    pair.public_key().as_ref(),
-    base64::URL_SAFE_NO_PAD,
-  ))
+  Ok(BASE64_URL_SAFE_NO_PAD.encode(pair.public_key().as_ref()))
 }
diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs
index 94cc0c64f..a34c40402 100644
--- a/ext/crypto/export_key.rs
+++ b/ext/crypto/export_key.rs
@@ -1,5 +1,7 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use const_oid::AssociatedOid;
 use const_oid::ObjectIdentifier;
 use deno_core::error::custom_error;
@@ -111,11 +113,11 @@ pub fn op_crypto_export_key(
 }
 
 fn uint_to_b64(bytes: UIntRef) -> String {
-  base64::encode_config(bytes.as_bytes(), base64::URL_SAFE_NO_PAD)
+  BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes())
 }
 
 fn bytes_to_b64(bytes: &[u8]) -> String {
-  base64::encode_config(bytes, base64::URL_SAFE_NO_PAD)
+  BASE64_URL_SAFE_NO_PAD.encode(bytes)
 }
 
 fn export_key_rsa(
diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs
index b2d5cdc4f..0a864d68c 100644
--- a/ext/crypto/import_key.rs
+++ b/ext/crypto/import_key.rs
@@ -1,5 +1,6 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 
+use base64::Engine;
 use deno_core::error::AnyError;
 use deno_core::op2;
 use deno_core::JsBuffer;
@@ -106,12 +107,19 @@ pub fn op_crypto_import_key(
   }
 }
 
-const URL_SAFE_FORGIVING: base64::Config =
-  base64::URL_SAFE_NO_PAD.decode_allow_trailing_bits(true);
+const BASE64_URL_SAFE_FORGIVING:
+  base64::engine::general_purpose::GeneralPurpose =
+  base64::engine::general_purpose::GeneralPurpose::new(
+    &base64::alphabet::URL_SAFE,
+    base64::engine::general_purpose::GeneralPurposeConfig::new()
+      .with_decode_allow_trailing_bits(true)
+      .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent),
+  );
 
 macro_rules! jwt_b64_int_or_err {
   ($name:ident, $b64:expr, $err:expr) => {
-    let bytes = base64::decode_config($b64, URL_SAFE_FORGIVING)
+    let bytes = BASE64_URL_SAFE_FORGIVING
+      .decode($b64)
       .map_err(|_| data_error($err))?;
     let $name = UIntRef::new(&bytes).map_err(|_| data_error($err))?;
   };
@@ -759,7 +767,8 @@ fn import_key_ec(
 fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
   Ok(match key_data {
     KeyData::JwkSecret { k } => {
-      let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+      let data = BASE64_URL_SAFE_FORGIVING
+        .decode(k)
         .map_err(|_| data_error("invalid key data"))?;
       ImportKeyResult::Hmac {
         raw_data: RustRawKeyData::Secret(data.into()),
@@ -772,7 +781,8 @@ fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
 fn import_key_hmac(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
   Ok(match key_data {
     KeyData::JwkSecret { k } => {
-      let data = base64::decode_config(k, URL_SAFE_FORGIVING)
+      let data = BASE64_URL_SAFE_FORGIVING
+        .decode(k)
         .map_err(|_| data_error("invalid key data"))?;
       ImportKeyResult::Hmac {
         raw_data: RustRawKeyData::Secret(data.into()),
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index e47cc8f3c..3be6bcc3d 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -4,6 +4,8 @@ use aes_kw::KekAes128;
 use aes_kw::KekAes192;
 use aes_kw::KekAes256;
 
+use base64::prelude::BASE64_URL_SAFE_NO_PAD;
+use base64::Engine;
 use deno_core::error::custom_error;
 use deno_core::error::not_supported;
 use deno_core::error::type_error;
@@ -120,14 +122,14 @@ deno_core::extension!(deno_crypto,
 pub fn op_crypto_base64url_decode(
   #[string] data: String,
 ) -> Result<ToJsBuffer, AnyError> {
-  let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?;
+  let data: Vec<u8> = BASE64_URL_SAFE_NO_PAD.decode(data)?;
   Ok(data.into())
 }
 
 #[op2]
 #[string]
 pub fn op_crypto_base64url_encode(#[buffer] data: JsBuffer) -> String {
-  let data: String = base64::encode_config(data, base64::URL_SAFE_NO_PAD);
+  let data: String = BASE64_URL_SAFE_NO_PAD.encode(data);
   data
 }
 
diff --git a/ext/http/lib.rs b/ext/http/lib.rs
index 7d2397fff..d47011119 100644
--- a/ext/http/lib.rs
+++ b/ext/http/lib.rs
@@ -3,6 +3,8 @@
 use async_compression::tokio::write::BrotliEncoder;
 use async_compression::tokio::write::GzipEncoder;
 use async_compression::Level;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use cache_control::CacheControl;
 use deno_core::error::custom_error;
 use deno_core::error::AnyError;
@@ -990,7 +992,7 @@ fn op_http_websocket_accept_header(
     &ring::digest::SHA1_FOR_LEGACY_USE_ONLY,
     format!("{key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11").as_bytes(),
   );
-  Ok(base64::encode(digest))
+  Ok(BASE64_STANDARD.encode(digest))
 }
 
 #[op2(async)]
diff --git a/ext/kv/lib.rs b/ext/kv/lib.rs
index e99b14552..20f774033 100644
--- a/ext/kv/lib.rs
+++ b/ext/kv/lib.rs
@@ -12,6 +12,8 @@ use std::cell::RefCell;
 use std::num::NonZeroU32;
 use std::rc::Rc;
 
+use base64::prelude::BASE64_URL_SAFE;
+use base64::Engine;
 use chrono::Utc;
 use codec::decode_key;
 use codec::encode_key;
@@ -543,11 +545,7 @@ fn encode_cursor(
   if !boundary_key.starts_with(common_prefix) {
     return Err(type_error("invalid boundary key"));
   }
-
-  Ok(base64::encode_config(
-    &boundary_key[common_prefix.len()..],
-    base64::URL_SAFE,
-  ))
+  Ok(BASE64_URL_SAFE.encode(&boundary_key[common_prefix.len()..]))
 }
 
 fn decode_selector_and_cursor(
@@ -560,7 +558,8 @@ fn decode_selector_and_cursor(
   };
 
   let common_prefix = selector.common_prefix();
-  let cursor = base64::decode_config(cursor, base64::URL_SAFE)
+  let cursor = BASE64_URL_SAFE
+    .decode(cursor)
     .map_err(|_| type_error("invalid cursor"))?;
 
   let first_key: Vec<u8>;
diff --git a/test_util/src/lib.rs b/test_util/src/lib.rs
index 9f764007c..b7106a2b3 100644
--- a/test_util/src/lib.rs
+++ b/test_util/src/lib.rs
@@ -2,6 +2,8 @@
 // Usage: provide a port as argument to run hyper_hello benchmark server
 // otherwise this starts multiple servers on many ports for test endpoints.
 use anyhow::anyhow;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use futures::Future;
 use futures::FutureExt;
 use futures::Stream;
@@ -317,7 +319,7 @@ async fn basic_auth_redirect(
   {
     let credentials =
       format!("{TEST_BASIC_AUTH_USERNAME}:{TEST_BASIC_AUTH_PASSWORD}");
-    if auth == format!("Basic {}", base64::encode(credentials)) {
+    if auth == format!("Basic {}", BASE64_STANDARD.encode(credentials)) {
       let p = req.uri().path();
       assert_eq!(&p[0..1], "/");
       let url = format!("http://localhost:{PORT}{p}");
diff --git a/test_util/src/npm.rs b/test_util/src/npm.rs
index 9cbadad5c..543d28a41 100644
--- a/test_util/src/npm.rs
+++ b/test_util/src/npm.rs
@@ -5,6 +5,8 @@ use std::fs;
 
 use anyhow::Context;
 use anyhow::Result;
+use base64::prelude::BASE64_STANDARD;
+use base64::Engine;
 use flate2::write::GzEncoder;
 use flate2::Compression;
 use once_cell::sync::Lazy;
@@ -104,7 +106,7 @@ fn get_npm_package(package_name: &str) -> Result<Option<CustomNpmPackage>> {
     let mut hash_ctx = Context::new(&SHA512);
     hash_ctx.update(&tarball_bytes);
     let digest = hash_ctx.finish();
-    let tarball_checksum = base64::encode(digest.as_ref());
+    let tarball_checksum = BASE64_STANDARD.encode(digest.as_ref());
 
     // create the registry file JSON for this version
     let mut dist = serde_json::Map::new();