Skip to content

Commit

Permalink
Upgrade webpki and rustls-webpki crates (#3728)
Browse files Browse the repository at this point in the history
Brings fixes for:

* https://rustsec.org/advisories/RUSTSEC-2023-0052
* https://rustsec.org/advisories/RUSTSEC-2023-0053

Fix #3645 

Because Apollo Router does not accept client certificates, it could only
be affected if a subgraph supplied a pathological TLS server
certificate.

---------

Co-authored-by: Geoffroy Couprie <[email protected]>
  • Loading branch information
SimonSapin and Geal authored Sep 5, 2023
1 parent ad07e8e commit 4780e21
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 9 deletions.
11 changes: 11 additions & 0 deletions .changesets/maint_simon_pkiup.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
### Upgrade webpki and rustls-webpki crates ([PR #3728](https://github.com/apollographql/router/pull/3728))

Brings fixes for:

* https://rustsec.org/advisories/RUSTSEC-2023-0052
* https://rustsec.org/advisories/RUSTSEC-2023-0053

Because Apollo Router does not accept client certificates, it could only be affected
if a subgraph supplied a pathological TLS server certificate.

By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3728
4 changes: 2 additions & 2 deletions Cargo.lock
Original file line number Diff line number Diff line change
Expand Up @@ -7200,9 +7200,9 @@ dependencies = [

[[package]]
name = "webpki"
version = "0.22.0"
version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
checksum = "f0e74f82d49d545ad128049b7e88f6576df2da6b02e9ce565c6f533be576957e"
dependencies = [
"ring",
"untrusted",
Expand Down
5 changes: 2 additions & 3 deletions deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ git-fetch-with-cli = true
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.

# RUSTSEC-2023-0052 and RUSTSEC-2023-0053 are pending a webpki update that is tracked by https://github.com/apollographql/router/issues/3645
# and will be fixed by https://github.com/apollographql/router/pull/3643
ignore = ["RUSTSEC-2023-0053", "RUSTSEC-2023-0052"]
# rustsec advisory exemptions
ignore = []

# This section is considered when running `cargo deny check licenses`
# More documentation for the licenses section can be found here:
Expand Down
8 changes: 4 additions & 4 deletions xtask/Cargo.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1196,9 +1196,9 @@ dependencies = [

[[package]]
name = "rustls-webpki"
version = "0.101.3"
version = "0.101.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "261e9e0888cba427c3316e6322805653c9425240b6fd96cee7cb671ab70ab8d0"
checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
dependencies = [
"ring",
"untrusted",
Expand Down Expand Up @@ -1732,9 +1732,9 @@ dependencies = [

[[package]]
name = "webpki"
version = "0.22.0"
version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
checksum = "f0e74f82d49d545ad128049b7e88f6576df2da6b02e9ce565c6f533be576957e"
dependencies = [
"ring",
"untrusted",
Expand Down

0 comments on commit 4780e21

Please sign in to comment.