rust-libp2p icon indicating copy to clipboard operation
rust-libp2p copied to clipboard
verified publisher icon libp2p

deps: bump ring from 0.16.20 to 0.17.5

Open dependabot[bot] opened this issue 2 years ago • 5 comments

Bumps ring from 0.16.20 to 0.17.5.

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Oct 23 '23 08:10 dependabot[bot]

Related: https://github.com/libp2p/rust-libp2p/pull/4779.

thomaseizinger avatar Nov 02 '23 00:11 thomaseizinger

@dependabot recreate

jxs avatar Mar 25 '24 19:03 jxs

Oh hey @jxs :smile: have been watching this PR and was planning on asking what we could do to help move it forward during tomorrow's call.

I think this is keeping some of our stuff from compiling on Android. Seems like a few dependencies need to be bumped to get things working.

What we've found that we think we need to update:

transports/quic
	rustls needs to be upgraded to 0.22.2
	ring 0.17.5

transports/tls
	futures-rustls 0.25.1, which depends on rustls 0.22.x
	rcgen 0.12.1
	ring 0.17.5
	webpki 0.102
	x509-parser 0.16.0
	rustls 0.22.2

transports/webrtc
	rcgen 0.12.1
	webrtc 0.10.1

transports/websocket
	futures-rustls 0.25.1
	ring 0.17.8
	webpki-roots 0.26
	rcgen 0.12.1 (maybe, not sure if required since its a dev dependency)

retrohacker avatar Mar 25 '24 19:03 retrohacker

hi @retrohacker, thanks! would you like to go ahead and superseed this with a PR combining both the rustls quinn and ring deps?

jxs avatar Mar 25 '24 22:03 jxs

Sorry, timezone shift, I missed the meeting this morning by an hour.

Yeah, I'll get it on our next sprint and take a pass.

Disclaimer, I have no idea what I'm doing so will need feedback :sweat_smile:

retrohacker avatar Mar 26 '24 16:03 retrohacker

Superseded by #5404.

dependabot[bot] avatar May 20 '24 08:05 dependabot[bot]