Skip to content

chore(deps): aws version bumps & disable legacy rustls clients#174

Open
beanow-at-crabnebula wants to merge 3 commits intoelastio:masterfrom
crabnebula-dev:beanow/disable-legacy-rustls
Open

chore(deps): aws version bumps & disable legacy rustls clients#174
beanow-at-crabnebula wants to merge 3 commits intoelastio:masterfrom
crabnebula-dev:beanow/disable-legacy-rustls

Conversation

@beanow-at-crabnebula
Copy link
Copy Markdown

@beanow-at-crabnebula beanow-at-crabnebula commented Mar 23, 2026

By default the AWS SDK will depend on legacy crates and match GHSA-pwjx-qhcg-rvj4

This announcement suggests disabling default features to stop compiling the legacy client.
awslabs/aws-sdk-rust#1257

Additionally, to compile without errors/warning on Rust 1.86.0+ includes a type inference fix and explicit lifetime.

See also:

@beanow-at-crabnebula
chore(deps): minimal version bump & disable legacy rustls clients
810b59e 
This PR updates the AWS SDK so that only the new default HTTPS client is used. This removes the legacy client dependencies such as hyper 0.14. rustls-webpki 0.101.7 is also removed which addresses a security vulnerability.

See also:
- awslabs/aws-sdk-rust#1257
- smithy-lang/smithy-rs#4576 (comment)
@beanow-at-crabnebula
chore: fix rust 1.86.0 type inference
9cc688e
@beanow-at-crabnebula
chore: compiler warning from 1.86.0
5f93c08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beanow-at-crabnebula