search

mbrubeck / agate

Very simple server for the Gemini hypertext protocol
Apache License 2.0
548 stars 38 forks source link

chore(deps): bump rustls from 0.22.2 to 0.23.1 #337

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps rustls from 0.22.2 to 0.23.1.

Release notes

Sourced from rustls's releases.

0.23.1

  • Fix build with aws_lc_rs feature enabled but std feature disabled.
  • Fix build for docs.rs.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.0...v/0.23.1

0.23.0

  • Default cryptography provider changed to [aws-lc-rs]. Note that this has some implications on [platform support and build-time tool requirements][aws-lc-rs-reqs] such as cmake on all platforms and nasm on Windows. Support for ring continues to be available: set the ring crate feature.

  • Support for FIPS validated mode with [aws-lc-rs]: see [the manual section][fips-manual] and [aws-lc-rs's FIPS documentation][aws-fips-docs]. Note that aws-lc-rs in FIPS mode has further build-time requirements as detailed in the FIPS documentation. Thanks to the aws-lc-rs for their assistance on this.

  • Support for process-wide selection of CryptoProviders. See [the documentation][process-provider]. Note that callers of ClientConfig::builder(), ServerConfig::builder(), WebPkiServerVerifier::builder() and WebPkiClientVerifier::builder() must now ensure that the crate's features are unambiguous or explicitly select a process-level provider using CryptoProvider::install_default(). Otherwise, these calls will panic with:

    no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

    We recommend that libraries rely on the process-level provider by default, and that applications use this new API to select the provider they wish to use.

  • New unbuffered API. [UnbufferedClientConnection] and [UnbufferedServerConnection] offer a [low-level, event-driven API which does not internally buffer data][unbuffered]. Thanks to the team from Ferrous Systems.

  • New no_std support. A new (enabled by default) std crate feature now gates all APIs that depend on std. The above [unbuffered] APIs must be used for no_std support. Note that alloc continues to be required. Work is ongoing to reintroduce certain APIs for no_std users (see #1688) -- please file issues for other no_std use cases. Thanks to the team from Ferrous Systems.

  • Performance improvement: internal copying while sending data is reduced. Thanks to the team from the Sōzu project.

  • Performance improvement: write_vectored now produces less on-the-wire overhead, which will dramatically improve throughput if it is used with a large number of small messages. Thanks to the team from the Sōzu project.

  • Acceptor API error handling improvement. If a TLS alert should be sent to inform the peer of a connection failure, this is now made available in the Err() variant returned from [Acceptor::accept] and [Accepted::into_connection] (which is also a breaking change). Applications should write this data to the peer. See the [server_acceptor] example.

  • Support for FFDHE key exchange: custom CryptoProviders can now support FFDHE key exchange, in accordance with [RFC7919]. Note that the default providers do not do this. Thanks to the team from Fortanix.

  • Support for servers requiring extended_master_secret support from clients. See [ServerConfig::require_ems]. Thanks to the team from Fortanix.

  • Extension ordering in ClientHello messages are now randomised as an anti-fingerprinting measure. We do not foresee any interoperability issues [as Chrome has already rolled out the same change][chrome-ext-order]. Thanks to @​GomesGoncalo.

  • Breaking change: CipherSuiteCommon::integrity_limit field removed (this was QUIC-specific, it has moved to quic::PacketKey::integrity_limit()).

... (truncated)

Commits
  • 546a85d Format imports with cargo +nightly fmt-unstable
  • 2d66fe4 Fix name for benchmarking toolchain step
  • a473526 Run rustfmt nightly in CI
  • b6f283e Ask rustfmt to make our imports consistent
  • bce2e5e Prepare 0.23.1
  • 69920b0 default_fips_provider(): make visible in docs
  • 384b3d6 Avoid fips feature for docs.rs
  • 03f52c1 crypto: gate ticketer module on std for aws-lc-rs
  • 408a42a docs: update RELEASING to mention running daily-tests
  • eb0791b Prepare 0.23.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
mbrubeck commented 4 months ago

This needs to wait until tokio-rustls is updated: https://github.com/rustls/tokio-rustls/pull/44

dependabot[bot] commented 4 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.