diff --git a/Cargo.lock b/Cargo.lock index 447c45497..0a21ee739 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -889,12 +889,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" -[[package]] -name = "cfg_aliases" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" - [[package]] name = "chacha20" version = "0.9.1" @@ -2042,10 +2036,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi 0.11.0+wasi-snapshot-preview1", - "wasm-bindgen", ] [[package]] @@ -2055,11 +2047,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" dependencies = [ "cfg-if", - "js-sys", "libc", "r-efi", "wasi 0.14.2+wasi-0.2.4", - "wasm-bindgen", ] [[package]] @@ -2388,7 +2378,7 @@ dependencies = [ "libc", "percent-encoding", "pin-project-lite", - "socket2 0.6.0", + "socket2", "tokio", "tower-service", "tracing", @@ -3015,9 +3005,9 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "lettre" -version = "0.11.15" +version = "0.11.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "759bc2b8eabb6a30b235d6f716f7f36479f4b38cbe65b8747aefee51f89e8437" +checksum = "5cb54db6ff7a89efac87dba5baeac57bb9ccd726b49a9b6f21fb92b3966aaf56" dependencies = [ "async-std", "async-trait", @@ -3036,12 +3026,12 @@ dependencies = [ "percent-encoding", "quoted_printable", "rustls", - "socket2 0.5.10", + "rustls-platform-verifier", + "socket2", "tokio", "tokio-rustls", "tracing", "url", - "webpki-roots", ] [[package]] @@ -3057,7 +3047,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -3559,7 +3549,7 @@ dependencies = [ "mas-context", "pin-project-lite", "rustls-pemfile", - "socket2 0.6.0", + "socket2", "thiserror 2.0.12", "tokio", "tokio-rustls", @@ -4832,60 +4822,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "quinn" -version = "0.11.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3bd15a6f2967aef83887dcb9fec0014580467e33720d073560cf015a5683012" -dependencies = [ - "bytes", - "cfg_aliases", - "pin-project-lite", - "quinn-proto", - "quinn-udp", - "rustc-hash 2.1.1", - "rustls", - "socket2 0.5.10", - "thiserror 2.0.12", - "tokio", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-proto" -version = "0.11.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b820744eb4dc9b57a3398183639c511b5a26d2ed702cedd3febaa1393caa22cc" -dependencies = [ - "bytes", - "getrandom 0.3.2", - "rand 0.9.0", - "ring", - "rustc-hash 2.1.1", - "rustls", - "rustls-pki-types", - "slab", - "thiserror 2.0.12", - "tinyvec", - "tracing", - "web-time", -] - -[[package]] -name = "quinn-udp" -version = "0.5.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "541d0f57c6ec747a90738a52741d3221f7960e8ac2f0ff4b1a63680e033b4ab5" -dependencies = [ - "cfg_aliases", - "libc", - "once_cell", - "socket2 0.5.10", - "tracing", - "windows-sys 0.59.0", -] - [[package]] name = "quote" version = "1.0.40" @@ -5107,7 +5043,6 @@ dependencies = [ "mime", "percent-encoding", "pin-project-lite", - "quinn", "rustls", "rustls-pki-types", "serde", @@ -5287,14 +5222,13 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.30" +version = "0.23.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "069a8df149a16b1a12dcc31497c3396a173844be3cac4bd40c9e7671fef96671" +checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" dependencies = [ "aws-lc-rs", "log", "once_cell", - "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -5328,15 +5262,14 @@ version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79" dependencies = [ - "web-time", "zeroize", ] [[package]] name = "rustls-platform-verifier" -version = "0.5.3" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19787cda76408ec5404443dc8b31795c87cd8fec49762dc75fa727740d34acc1" +checksum = "eda84358ed17f1f354cf4b1909ad346e6c7bc2513e8c40eb08e0157aa13a9070" dependencies = [ "core-foundation", "core-foundation-sys", @@ -5923,16 +5856,6 @@ dependencies = [ "serde", ] -[[package]] -name = "socket2" -version = "0.5.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "socket2" version = "0.6.0" @@ -6496,7 +6419,7 @@ dependencies = [ "pin-project-lite", "signal-hook-registry", "slab", - "socket2 0.6.0", + "socket2", "tokio-macros", "windows-sys 0.59.0", ] @@ -7384,9 +7307,9 @@ dependencies = [ [[package]] name = "webpki-root-certs" -version = "0.26.8" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09aed61f5e8d2c18344b3faa33a4c837855fe56642757754775548fee21386c4" +checksum = "4e4ffd8df1c57e87c325000a3d6ef93db75279dc3a231125aac571650f22b12a" dependencies = [ "rustls-pki-types", ] diff --git a/Cargo.toml b/Cargo.toml index d5040ac77..fc4f4dd09 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -353,10 +353,12 @@ features = ["serde"] # Email sending [workspace.dependencies.lettre] -version = "0.11.15" +version = "0.11.18" default-features = false features = [ - "tokio1-rustls-tls", + "tokio1-rustls", + "rustls-platform-verifier", + "aws-lc-rs", "hostname", "builder", "tracing", @@ -499,7 +501,13 @@ version = "1.11.1" [workspace.dependencies.reqwest] version = "0.12.22" default-features = false -features = ["http2", "rustls-tls-manual-roots", "charset", "json", "socks"] +features = [ + "http2", + "rustls-tls-manual-roots-no-provider", + "charset", + "json", + "socks", +] # RSA cryptography [workspace.dependencies.rsa] @@ -516,7 +524,7 @@ version = "0.15.4" # TLS stack [workspace.dependencies.rustls] -version = "0.23.30" +version = "0.23.31" # PEM parsing for rustls [workspace.dependencies.rustls-pemfile] @@ -528,7 +536,7 @@ version = "1.12.0" # Use platform-specific verifier for TLS [workspace.dependencies.rustls-platform-verifier] -version = "0.5.3" +version = "0.6.0" # systemd service status notification [workspace.dependencies.sd-notify] diff --git a/crates/http/src/reqwest.rs b/crates/http/src/reqwest.rs index 5ee863ab1..a399a7423 100644 --- a/crates/http/src/reqwest.rs +++ b/crates/http/src/reqwest.rs @@ -91,7 +91,13 @@ impl reqwest::dns::Resolve for TracingResolver { #[must_use] pub fn client() -> reqwest::Client { // TODO: can/should we limit in-flight requests? - let tls_config = rustls::ClientConfig::with_platform_verifier(); + + // The explicit typing here is because `use_preconfigured_tls` accepts + // `Any`, but wants a `ClientConfig` under the hood. This helps us detect + // breaking changes in the rustls-platform-verifier API. + let tls_config: rustls::ClientConfig = + rustls::ClientConfig::with_platform_verifier().expect("failed to create TLS config"); + reqwest::Client::builder() .dns_resolver(Arc::new(TracingResolver::new())) .use_preconfigured_tls(tls_config) diff --git a/deny.toml b/deny.toml index 9f7d18646..333ad892b 100644 --- a/deny.toml +++ b/deny.toml @@ -64,7 +64,6 @@ skip = [ { name = "indexmap", version = "1.9.3" }, # schemars depends on this old version { name = "hashbrown", version = "0.12.3" }, # schemars -> indexmap depends on this old version { name = "hashbrown", version = "0.14.5" }, # a few crates depend on this old version - { name = "socket2", version = "0.5.10" }, # a few crates depend on socket2 0.5 # a few dependencies depend on the 1.x version of thiserror { name = "thiserror", version = "1.0.69" }, { name = "thiserror-impl", version = "1.0.69" },