This is an automated email from the ASF dual-hosted git repository.
liurenjie1024 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg-rust.git
The following commit(s) were added to refs/heads/main by this push:
new 2820d47a5 chore(deps): fix audit check and disable inherited aws sdk
default features (#2274)
2820d47a5 is described below
commit 2820d47a549b38c56a453788ff5bff3296003eb2
Author: maybe-vibe <[email protected]>
AuthorDate: Mon Mar 23 10:54:04 2026 +0800
chore(deps): fix audit check and disable inherited aws sdk default features
(#2274)
## Which issue does this PR close?
- Fix the audit check by updating `aws-lc-sys` and `rustls-webpki`.
- Avoid pulling both the legacy `rustls` / Hyper 0.14 stack and the
newer `default-https-client` stack through inherited AWS SDK defaults.
([AWS SDK
announcement](https://github.com/awslabs/aws-sdk-rust/discussions/1257))
## What changes are included in this PR?
- Bump to `aws-lc-sys>=0.39.0` and `rustls-webpki>=0.103.10` to pass
security audit.
- Disable inherited AWS SDK default features for `aws-sdk-glue` and
`aws-sdk-s3tables`
- Explicitly enable `default-https-client` and `rt-tokio`
- Bump the minimum `aws-sdk-glue` version to `1.85`, the first version
that provides `default-https-client`
## Are these changes tested?
---------
Co-authored-by: blackmwk <[email protected]>
---
Cargo.lock | 172 ++++++++++++-------------------------------------------------
Cargo.toml | 4 +-
2 files changed, 35 insertions(+), 141 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 39812b010..83c28aa51 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -546,9 +546,9 @@ dependencies = [
[[package]]
name = "aws-lc-rs"
-version = "1.16.1"
+version = "1.16.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "94bffc006df10ac2a68c83692d734a465f8ee6c5b384d8545a636f81d858f4bf"
+checksum = "a054912289d18629dc78375ba2c3726a3afe3ff71b4edba9dedfca0e3446d1fc"
dependencies = [
"aws-lc-sys",
"zeroize",
@@ -556,9 +556,9 @@ dependencies = [
[[package]]
name = "aws-lc-sys"
-version = "0.38.0"
+version = "0.39.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "4321e568ed89bb5a7d291a7f37997c2c0df89809d7b6d12062c81ddb54aa782e"
+checksum = "1fa7e52a4c5c547c741610a2c6f123f3881e409b714cd27e6798ef020c514f0a"
dependencies = [
"cc",
"cmake",
@@ -775,23 +775,17 @@ dependencies = [
"aws-smithy-async",
"aws-smithy-runtime-api",
"aws-smithy-types",
- "h2 0.3.27",
- "h2 0.4.13",
- "http 0.2.12",
+ "h2",
"http 1.4.0",
- "http-body 0.4.6",
- "hyper 0.14.32",
- "hyper 1.8.1",
- "hyper-rustls 0.24.2",
- "hyper-rustls 0.27.7",
+ "hyper",
+ "hyper-rustls",
"hyper-util",
"pin-project-lite",
- "rustls 0.21.12",
- "rustls 0.23.37",
+ "rustls",
"rustls-native-certs",
"rustls-pki-types",
"tokio",
- "tokio-rustls 0.26.4",
+ "tokio-rustls",
"tower",
"tracing",
]
@@ -2571,7 +2565,7 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
dependencies = [
"libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -2934,25 +2928,6 @@ dependencies = [
"wasm-bindgen",
]
-[[package]]
-name = "h2"
-version = "0.3.27"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "0beca50380b1fc32983fc1cb4587bfa4bb9e78fc259aad4a0032d2080309222d"
-dependencies = [
- "bytes",
- "fnv",
- "futures-core",
- "futures-sink",
- "futures-util",
- "http 0.2.12",
- "indexmap 2.13.0",
- "slab",
- "tokio",
- "tokio-util",
- "tracing",
-]
-
[[package]]
name = "h2"
version = "0.4.13"
@@ -3151,30 +3126,6 @@ version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424"
-[[package]]
-name = "hyper"
-version = "0.14.32"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7"
-dependencies = [
- "bytes",
- "futures-channel",
- "futures-core",
- "futures-util",
- "h2 0.3.27",
- "http 0.2.12",
- "http-body 0.4.6",
- "httparse",
- "httpdate",
- "itoa",
- "pin-project-lite",
- "socket2 0.5.10",
- "tokio",
- "tower-service",
- "tracing",
- "want",
-]
-
[[package]]
name = "hyper"
version = "1.8.1"
@@ -3185,7 +3136,7 @@ dependencies = [
"bytes",
"futures-channel",
"futures-core",
- "h2 0.4.13",
+ "h2",
"http 1.4.0",
"http-body 1.0.1",
"httparse",
@@ -3198,21 +3149,6 @@ dependencies = [
"want",
]
-[[package]]
-name = "hyper-rustls"
-version = "0.24.2"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
-dependencies = [
- "futures-util",
- "http 0.2.12",
- "hyper 0.14.32",
- "log",
- "rustls 0.21.12",
- "tokio",
- "tokio-rustls 0.24.1",
-]
-
[[package]]
name = "hyper-rustls"
version = "0.27.7"
@@ -3220,13 +3156,13 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58"
dependencies = [
"http 1.4.0",
- "hyper 1.8.1",
+ "hyper",
"hyper-util",
- "rustls 0.23.37",
+ "rustls",
"rustls-native-certs",
"rustls-pki-types",
"tokio",
- "tokio-rustls 0.26.4",
+ "tokio-rustls",
"tower-service",
"webpki-roots 1.0.6",
]
@@ -3243,7 +3179,7 @@ dependencies = [
"futures-util",
"http 1.4.0",
"http-body 1.0.1",
- "hyper 1.8.1",
+ "hyper",
"ipnet",
"libc",
"percent-encoding",
@@ -3811,7 +3747,7 @@ dependencies = [
"portable-atomic",
"portable-atomic-util",
"serde_core",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -4205,7 +4141,7 @@ dependencies = [
"http 1.4.0",
"http-body 1.0.1",
"http-body-util",
- "hyper 1.8.1",
+ "hyper",
"hyper-util",
"log",
"pin-project-lite",
@@ -4459,7 +4395,7 @@ dependencies = [
"http 1.4.0",
"http-body-util",
"humantime",
- "hyper 1.8.1",
+ "hyper",
"itertools 0.14.0",
"md-5",
"parking_lot",
@@ -5077,7 +5013,7 @@ dependencies = [
"quinn-proto",
"quinn-udp",
"rustc-hash",
- "rustls 0.23.37",
+ "rustls",
"socket2 0.5.10",
"thiserror 2.0.18",
"tokio",
@@ -5097,7 +5033,7 @@ dependencies = [
"rand 0.9.2",
"ring",
"rustc-hash",
- "rustls 0.23.37",
+ "rustls",
"rustls-pki-types",
"slab",
"thiserror 2.0.18",
@@ -5383,19 +5319,19 @@ dependencies = [
"bytes",
"futures-core",
"futures-util",
- "h2 0.4.13",
+ "h2",
"http 1.4.0",
"http-body 1.0.1",
"http-body-util",
- "hyper 1.8.1",
- "hyper-rustls 0.27.7",
+ "hyper",
+ "hyper-rustls",
"hyper-util",
"js-sys",
"log",
"percent-encoding",
"pin-project-lite",
"quinn",
- "rustls 0.23.37",
+ "rustls",
"rustls-native-certs",
"rustls-pki-types",
"serde",
@@ -5403,7 +5339,7 @@ dependencies = [
"serde_urlencoded",
"sync_wrapper",
"tokio",
- "tokio-rustls 0.26.4",
+ "tokio-rustls",
"tokio-util",
"tower",
"tower-http",
@@ -5557,19 +5493,7 @@ dependencies = [
"errno",
"libc",
"linux-raw-sys",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "rustls"
-version = "0.21.12"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki 0.101.7",
- "sct",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -5582,7 +5506,7 @@ dependencies = [
"once_cell",
"ring",
"rustls-pki-types",
- "rustls-webpki 0.103.9",
+ "rustls-webpki",
"subtle",
"zeroize",
]
@@ -5620,19 +5544,9 @@ dependencies = [
[[package]]
name = "rustls-webpki"
-version = "0.101.7"
+version = "0.103.10"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
-name = "rustls-webpki"
-version = "0.103.9"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53"
+checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
dependencies = [
"aws-lc-rs",
"ring",
@@ -5766,16 +5680,6 @@ dependencies = [
"sha2",
]
-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
[[package]]
name = "security-framework"
version = "3.7.0"
@@ -6250,7 +6154,7 @@ dependencies = [
"memchr",
"once_cell",
"percent-encoding",
- "rustls 0.23.37",
+ "rustls",
"serde",
"serde_json",
"sha2",
@@ -6543,10 +6447,10 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
dependencies = [
"fastrand",
- "getrandom 0.3.4",
+ "getrandom 0.4.1",
"once_cell",
"rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
]
[[package]]
@@ -6708,23 +6612,13 @@ dependencies = [
"syn",
]
-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls 0.21.12",
- "tokio",
-]
-
[[package]]
name = "tokio-rustls"
version = "0.26.4"
source = "registry+https://github.com/rust-lang/crates.io-index";
checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
dependencies = [
- "rustls 0.23.37",
+ "rustls",
"tokio",
]
diff --git a/Cargo.toml b/Cargo.toml
index 6a361ecbd..eee1e6dc7 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -54,8 +54,8 @@ arrow-string = "57.1"
as-any = "0.3.2"
async-trait = "0.1.89"
aws-config = "1.8.7"
-aws-sdk-glue = "1.39"
-aws-sdk-s3tables = "1.28.0"
+aws-sdk-glue = { version = "1.85", default-features = false, features =
["default-https-client", "rt-tokio"] }
+aws-sdk-s3tables = { version = "1.28", default-features = false, features =
["default-https-client", "rt-tokio"] }
backon = "1.5.1"
base64 = "0.22.1"
bimap = "0.6"
