Skip to content

fix(deps): update rust crate hyper-rustls to v0.27.6#7554

Merged
goto-bus-stop merged 3 commits intodevfrom
renovate/hyper-rustls-0.x-lockfile
May 27, 2025
Merged

fix(deps): update rust crate hyper-rustls to v0.27.6#7554
goto-bus-stop merged 3 commits intodevfrom
renovate/hyper-rustls-0.x-lockfile

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented May 23, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
hyper-rustls dependencies patch 0.27.5 -> 0.27.6

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented May 23, 2025

@renovate[bot], please consider creating a changeset entry in /.changesets/. These instructions describe the process and tooling.

@svc-apollo-docs
Copy link
Copy Markdown
Collaborator

svc-apollo-docs commented May 23, 2025
edited
Loading

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: 76290c32fd12ba24db620bbc

@goto-bus-stop
Copy link
Copy Markdown
Member

goto-bus-stop commented May 26, 2025

Failure is due to introduction of a new licence.

@renovate
Copy link
Copy Markdown
Contributor Author

renovate bot commented May 26, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@goto-bus-stop goto-bus-stop merged commit bfbc625 into dev May 27, 2025
15 checks passed
@goto-bus-stop goto-bus-stop deleted the renovate/hyper-rustls-0.x-lockfile branch May 27, 2025 12:32
abernix added a commit that referenced this pull request Mar 23, 2026
@abernix
fix(compliance): exempt RUSTSEC-2026-0049, bump bytes to 1.11.1
cf903bc 
Fixes the 1.x nightly compliance check which was failing on two
advisories.

RUSTSEC-2026-0049 (rustls-webpki CRL matching bug): the patched version
(>=0.103.10) requires the rustls 0.23.x ecosystem — a migration out of
scope for the 1.x LTS branch.  The CRL matching bug requires a
compromised trusted CA to exploit, and the router does not enable CRL
revocation checking, so this code path is not reachable in practice.
On dev this was resolved incidentally via the rustls 0.23.x upgrade
(bfbc625, #7554 and subsequent commits).

RUSTSEC-2026-0007 (bytes integer overflow): bumped bytes from 1.10.1 to
1.11.1, which is the patched version.  On dev this was resolved in
56b7ea8 (#8857).
@abernix abernix mentioned this pull request Mar 23, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abernix abernix abernix approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@svc-apollo-docs @goto-bus-stop @abernix