Can't update rustls for OTEL

Question

Can't update rustls for OTEL

Closed this issue 15 days ago · 1 comments

For some reason we can't update the version of rustls to fix a vulnerability.

dependabot tried and failed.

Trying myself (with version 0.23.19) I get the following error

cargo build --release --manifest-path src/otel/Cargo.toml
    Updating crates.io index
error: failed to select a version for `rustls-pki-types`.
    ... required by package `rustls v0.23.19`
    ... which satisfies dependency `rustls = "^0.23.4"` (locked to 0.23.19) of package `reqwest v0.12.8`
    ... which satisfies dependency `reqwest = "^0.12.7"` (locked to 0.12.8) of package `otel v0.1.0 (/home/andrew/src/unit/src/otel)`
versions that meet the requirements `^1.10` are: 1.10.0

all possible versions conflict with previously selected packages.

  previously selected package `rustls-pki-types v1.9.0`
    ... which satisfies dependency `rustls-pki-types = "^1.1.0"` (locked to 1.9.0) of package `reqwest v0.12.8`
    ... which satisfies dependency `reqwest = "^0.12.7"` (locked to 0.12.8) of package `otel v0.1.0 (/home/andrew/src/unit/src/otel)`

failed to select a version for `rustls-pki-types` which could resolve this conflict
make: *** [build/Makefile:2168: src/otel/target/release/libotel.a] Error 101

@avahahn Any idea?

Cc: @callahad

Answer 1 · 2024-12-05T12:58:17.000Z

As @callahad suggested, bumping the version of rustls-pki-types fixes things

diff --git ./src/otel/Cargo.lock ./src/otel/Cargo.lock
index c1a0e439..464bf44a 100644
--- ./src/otel/Cargo.lock
+++ ./src/otel/Cargo.lock
@@ -1387,9 +1387,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.13"
+version = "0.23.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8"
+checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1"
 dependencies = [
  "once_cell",
  "ring",
@@ -1423,9 +1423,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.9.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e696e35370c65c9c541198af4543ccd580cf17fc25d8e05c5a242b202488c55"
+checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
 
 [[package]]
 name = "rustls-webpki"