Bump rustls form 0.21.7 to 0.21.11

nick-mobilecoin commented 4 months ago

Bumping rustls from 0.21.7 to 0.21.11 to mitigate, https://rustsec.org/advisories/RUSTSEC-2024-0336 Unfortunately due to mc-ledger-distribution using rusoto it is still using a version of rustls that is susceptible to RUSTSEC-2024-0336

cargo tree -i -p rustls@0.20.7
rustls v0.20.7
├── hyper-rustls v0.23.2
│   └── rusoto_core v0.48.0
│       ├── mc-ledger-distribution v6.0.0 (/Users/nick/git/mobilecoin/ledger/distribution)
│       └── rusoto_s3 v0.48.0
│           └── mc-ledger-distribution v6.0.0 (/Users/nick/git/mobilecoin/ledger/distribution)
└── tokio-rustls v0.23.4
    └── hyper-rustls v0.23.2 (*)

rusoto is unmaintained and we should probably look at moving toward https://github.com/awslabs/aws-sdk-rust

github-actions[bot] commented 4 months ago

⚠️ Downstream repo mobilecoinofficial/android-bindings failed to build. Check actions status for details.

github-actions[bot] commented 4 months ago

⚠️ Downstream repo mobilecoinofficial/full-service failed to build. Check actions status for details.

mobilecoinfoundation / mobilecoin

Bump rustls form 0.21.7 to 0.21.11 #3967