Skip to content

chore(deps): bump the crypto-tls group across 1 directory with 2 updates#92

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/crypto-tls-5c390a54f4
Open

chore(deps): bump the crypto-tls group across 1 directory with 2 updates#92
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/crypto-tls-5c390a54f4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps the crypto-tls group with 2 updates in the / directory: rustls and aws-lc-rs.

Updates rustls from 0.23.37 to 0.23.40

Commits
  • b44c09f Prepare 0.23.40
  • e7a555f Prefer Ord::max to core::cmp
  • c0005be ech: base inner name padding on actual extension
  • 4e49529 ech: test inner name padding
  • 3e06ef1 ech: add both name and "gross" padding
  • c574ffd ech: avoid short-lived allocation for padding
  • 8bf935c ech: pop comment from match arm
  • 9088004 ech: expand maximum_name_length to usize ASAP
  • a612901 Default require_ems based on CryptoProvider FIPS status
  • 0541605 Cargo: version 0.23.38 -> 0.23.39
  • Additional commits viewable in compare view

Updates aws-lc-rs from 1.16.2 to 1.16.3

Release notes

Sourced from aws-lc-rs's releases.

aws-lc-rs v1.16.3

What's Changed

  • Key length validation in UnboundCipherKey::new() now enforced at runtime by @​justsmth in aws/aws-lc-rs#1092
    • The documented error on key length mismatch was never actually checked. Streaming cipher constructors also relied on debug_assert_eq! which gets stripped in release builds — these are now runtime checks.
  • Support MSAN and TSAN sanitizer builds via AWS_LC_SYS_SANITIZER environment variable by @​justsmth in aws/aws-lc-rs#1100
    • Accepts asan, msan, or tsan. The existing asan feature flag continues to work.

Build Improvements

Issues Being Closed

  • Clarify that build needs to run from VS Developer shell for Windows builds -- aws/aws-lc-rs#1056
  • Add MSAN (MemorySanitizer) support, matching existing ASAN support -- aws/aws-lc-rs#1077
  • aws-lc-sys fails to compile on iOS arm64 with Clang 15.0.7: undeclared ioctl in urandom.c -- aws/aws-lc-rs#1068

Other Merged PRs

New Contributors

Full Changelog: aws/aws-lc-rs@v1.16.2...v1.16.3

Commits
  • f75bae5 Support MSAN and TSAN sanitizer builds via environment variable (#1100)
  • 64677e8 Improve clang-cl discovery for Windows ARM64 builds (#1060)
  • e2e3e15 Prepare aws-lc-sys v0.40.0 (#1099)
  • e0ec100 Prepare aws-lc-rs v1.16.3 (#1098)
  • 46ed951 MSVC Fix: use 8.3 short paths on Windows to avoid MAX_PATH limits in building...
  • 27c4cca Add jitterentropy src subdirectory to include search path (#1085)
  • 6b30158 MSVC Fix: Improve bad intrinsic check on msvc (#1086)
  • 5a3f9ca Bump codecov/codecov-action from 4 to 6 (#1094)
  • 6a7b379 Bump actions/setup-go from 4 to 6 (#1095)
  • f7cb890 Bump actions/checkout from 4 to 6 (#1096)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Apr 27, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 27, 2026
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Free

Run ID: f95589b6-6681-4c39-b772-fee78578b370

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot dependabot Bot changed the title chore(deps): bump the crypto-tls group with 2 updates chore(deps): bump the crypto-tls group across 1 directory with 2 updates Apr 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/crypto-tls-5c390a54f4 branch from c359e0e to da6e46c Compare April 29, 2026 04:33
@dependabot
chore(deps): bump the crypto-tls group across 1 directory with 2 updates
2466365 
Bumps the crypto-tls group with 2 updates in the / directory: [rustls](https://github.com/rustls/rustls) and [aws-lc-rs](https://github.com/aws/aws-lc-rs).


Updates `rustls` from 0.23.37 to 0.23.40
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.37...v/0.23.40)

Updates `aws-lc-rs` from 1.16.2 to 1.16.3
- [Release notes](https://github.com/aws/aws-lc-rs/releases)
- [Commits](aws/aws-lc-rs@v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: aws-lc-rs
  dependency-version: 1.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crypto-tls
- dependency-name: rustls
  dependency-version: 0.23.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crypto-tls
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/crypto-tls-5c390a54f4 branch from da6e46c to 2466365 Compare May 11, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants