Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.1: build(deps): bump rustls from 0.23.17 to 0.23.18 (backport of #3772) #3791

Open
wants to merge 2 commits into
base: v2.1
Choose a base branch
from
Open

v2.1: build(deps): bump rustls from 0.23.17 to 0.23.18 (backport of #3772) #3791

wants to merge 2 commits into from
+9,180 −20

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Nov 26, 2024

Bumps rustls from 0.23.17 to 0.23.18.

Commits
  • 33af2c3 Prepare 0.23.18
  • ffe646d Add reproducer for bug 2227
  • 69b6f74 Record and restore the processed cursor in first_handshake_message
  • 4ef3532 Upgrade to mio 1
  • 092a164 Manage dependencies via the workspace
  • a01bd6b rustls-bench: fix warnings with no features
  • 7d74de2 tests: linearize new test code helper
  • 499d797 fix: do not send session_ticket(35) extension for TLS 1.3
  • faca289 chore(deps): lock file maintenance
  • d12f423 fix(deps): update rust crate asn1 to 0.20
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This is an automatic backport of pull request #3772 done by [Mergify](https://mergify.com).

@dependabot @mergify
build(deps): bump rustls from 0.23.17 to 0.23.18 (#3772)
1566136 
* build(deps): bump rustls from 0.23.17 to 0.23.18

Bumps [rustls](https://github.com/rustls/rustls) from 0.23.17 to 0.23.18.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.17...v/0.23.18)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update all Cargo files

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 92ffcab)

# Conflicts:
#	Cargo.toml
#	svm/examples/Cargo.lock
@mergify mergify bot requested a review from a team as a code owner November 26, 2024 05:44
@mergify mergify bot added the conflicts label Nov 26, 2024
@mergify mergify bot assigned yihau Nov 26, 2024
@mergify Mergify
Copy link
Author

mergify bot commented Nov 26, 2024

Cherry-pick of 92ffcab has failed:

On branch mergify/bp/v2.1/pr-3772
Your branch is up to date with 'origin/v2.1'.

You are currently cherry-picking commit 92ffcabea9.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   Cargo.lock
	modified:   programs/sbf/Cargo.lock

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	both modified:   Cargo.toml
	deleted by us:   svm/examples/Cargo.lock

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@willhickey
Copy link

We either need to bump this version or ignore https://rustsec.org/advisories/RUSTSEC-2024-0399

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behzadnouri behzadnouri Awaiting requested review from behzadnouri

@gregcusack gregcusack Awaiting requested review from gregcusack

At least 2 approving reviews are required to merge this pull request.

Assignees

@yihau yihau

Labels
conflicts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willhickey @yihau