This project is archived. Its data is read-only.

Unverified Commit 1ae4d194 authored Oct 31, 2023 by John DiSanti Committed by GitHub Oct 31, 2023

Upgrade ring to 0.17.5 (#3116)

Fixes #3112.

I opted to upgrade to the latest 0.17.5 in spite of the guidance in
[RFC-21](https://github.com/awslabs/smithy-rs/blob/main/design/src/rfcs/rfc0021_dependency_versions.md)
since this is a security critical dependency, and the maintainer has
aggressively yanked old versions in the past.

Note: ring 0.16 is still pulled in by rcgen as a dev dependency in
aws-smithy-http-server-python after these changes. The rcgen crate
hasn't upgraded yet.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._

parent f0929e74

CHANGELOG.next.toml

+6 −0

Original line number	Diff line number	Diff line
		@@ -512,3 +512,9 @@ message = "Service builder initialization now takes in a `${serviceName}Config`
		references = ["smithy-rs#3095", "smithy-rs#3096"]
		meta = { "breaking" = true, "tada" = false, "bug" = true, "target" = "server" }
		author = "david-perez"

		[[smithy-rs]]
		message = "Upgrade `ring` to 0.17.5."
		references = ["smithy-rs#3112", "smithy-rs#3116"]
		meta = { "breaking" = false, "tada" = false, "bug" = false, "target" = "client" }
		author = "jdisanti"

aws/rust-runtime/aws-config/Cargo.toml

+1 −1

Original line number	Diff line number	Diff line
		@@ -43,7 +43,7 @@ http = "0.2.4"

		# implementation detail of SSO credential caching
		aws-sdk-sso = { path = "../../sdk/build/aws-sdk/sdk/sso", default-features = false, optional = true }
		ring = { version = "0.16", optional = true }
		ring = { version = "0.17.5", optional = true }
		hex = { version = "0.4.3", optional = true }
		zeroize = { version = "1", optional = true }

aws/rust-runtime/aws-inlineable/Cargo.toml

+1 −1

Original line number	Diff line number	Diff line
		@@ -26,7 +26,7 @@ bytes = "1"
		hex = "0.4.3"
		http = "0.2.9"
		http-body = "0.4.5"
		ring = "0.16"
		ring = "0.17.5"
		tokio = "1.23.1"
		tracing = "0.1"

aws/rust-runtime/aws-sigv4/Cargo.toml

+2 −2

Original line number	Diff line number	Diff line
		@@ -30,7 +30,7 @@ once_cell = "1.8"
		p256 = { version = "0.11", features = ["ecdsa"], optional = true }
		percent-encoding = { version = "2.1", optional = true }
		regex = "1.5"
		ring = { version = "0.16", optional = true }
		ring = { version = "0.17.5", optional = true }
		sha2 = "0.10"
		time = "0.3.5"
		tracing = "0.1"
		@@ -52,7 +52,7 @@ serde_json = "1.0.104"
		time = { version = "0.3.5", features = ["parsing"] }

		[target.'cfg(not(any(target_arch = "powerpc", target_arch = "powerpc64")))'.dev-dependencies]
		ring = "0.16"
		ring = "0.17.5"

		[[bench]]
		name = "hmac"

codegen-core/src/main/kotlin/software/amazon/smithy/rust/codegen/core/rustlang/CargoDependency.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -238,7 +238,7 @@ data class CargoDependency(
		val Md5: CargoDependency = CargoDependency("md-5", CratesIo("0.10.0"), rustName = "md5")
		val PercentEncoding: CargoDependency = CargoDependency("percent-encoding", CratesIo("2.0.0"))
		val Regex: CargoDependency = CargoDependency("regex", CratesIo("1.5.5"))
		val Ring: CargoDependency = CargoDependency("ring", CratesIo("0.16.0"))
		val Ring: CargoDependency = CargoDependency("ring", CratesIo("0.17.5"))
		val TokioStream: CargoDependency = CargoDependency("tokio-stream", CratesIo("0.1.7"))
		val Tower: CargoDependency = CargoDependency("tower", CratesIo("0.4"))
		val Tracing: CargoDependency = CargoDependency("tracing", CratesIo("0.1"))