shadowsocks-rust/1.21.2-r2: cve remediation

[octo-sts]

shadowsocks-rust/1.21.2-r2: fix GHSA-h97m-ww89-6jmq

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/shadowsocks-rust.advisories.yaml

[octo-sts]

Gen AI suggestions to solve the build error:

Based on the build log, I can help diagnose and fix the error.

• Detected Error: The build appears to fail silently after running cargobump with no explicit error message, but the pipeline stops after the cargobump step.

• Error Category: Configuration/Build System

• Failure Point: During the rust/cargobump step

• Root Cause Analysis:
The cargobump step is failing because there's no cargobump-deps.yaml file present, but the build system is trying to use it with the --bump-file flag.

• Suggested Fix:
Remove or modify the rust/cargobump step in one of these ways:

Option 1 - Remove the step entirely if dependency bumping isn't needed:

# Delete this line:
- uses: rust/cargobump

Option 2 - Add required configuration:

- uses: rust/cargobump
  with:
    create-if-missing: true

• Explanation:
The rust/cargobump step is a Wolfi-specific build step that helps manage Rust dependencies, but it requires either an existing cargobump-deps.yaml file or explicit configuration to create one. Since this package doesn't have the file, we either need to remove the step or configure it properly.

• Additional Notes:

• The rest of the build configuration looks correct
• The Rust toolchain installation is successful
• The git checkout verifies the correct commit hash
• Dependencies appear to be installing correctly

• References:

• Melange build system documentation for rust/cargobump:
  https://github.com/chainguard-dev/melange/blob/main/docs/reference.md#rustcargobump