Update dependencies for RUSTSEC-2023-0052 #487

AldaronLau · 2023-08-22T21:47:39Z

PR Type

PR Checklist

Check your PR fulfills the following:

Tests for the changes have been added / updated.
Documentation comments have been added / updated.
A changelog entry has been made for the appropriate packages.
Format code with the latest stable rustfmt

Overview

Due to the fact that it is a security vulnerability, this updates public dependencies (therefore includes breaking changes). Behavior is mostly the same, except that the error message now calls out that it's actix-tls that doesn't support non-hostnames, rather than rustls (now that that has been fixed). I also changed the ErrorKind to InvalidInput, as I believe that to be more accurate.

I understand that it may be desirable for a number of reasons to update and finish #480 instead of merging this PR (feel free to close), but my personal opinion is that 4.0 is warranted.

robjtede · 2023-08-23T23:03:17Z

Appreciate the contribution, but doing this dependency update in a breaking manner isn't an acceptable way forward for this crate; the existing work in #480 has now been updated.

AldaronLau added 2 commits August 22, 2023 16:25

Update tokio-rustls and webpki-roots

ab7cd16

CHANGES.md entries for tokio-tls and webpki-roots updates

69c99dc

robjtede closed this Aug 23, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies for RUSTSEC-2023-0052 #487

Update dependencies for RUSTSEC-2023-0052 #487

AldaronLau commented Aug 22, 2023

robjtede commented Aug 23, 2023 •

edited

Loading

Update dependencies for RUSTSEC-2023-0052 #487

Update dependencies for RUSTSEC-2023-0052 #487

Conversation

AldaronLau commented Aug 22, 2023

PR Type

PR Checklist

Overview

robjtede commented Aug 23, 2023 • edited Loading

robjtede commented Aug 23, 2023 •

edited

Loading