Skip to content

fix: Upgrade rustls and ring#11659

Merged
anthonyshew merged 4 commits intomainfrom
rustls-ring-upgrade
Feb 3, 2026
Merged

fix: Upgrade rustls and ring#11659
anthonyshew merged 4 commits intomainfrom
rustls-ring-upgrade

Conversation

@anthonyshew
Copy link
Copy Markdown
Contributor

@anthonyshew anthonyshew commented Feb 2, 2026
edited
Loading

Summary

  • Upgrades rustls to 0.23.23 (fixes RUSTSEC-2024-0399)
  • Upgrades ring to 0.17.14 (fixes RUSTSEC-2025-0009)

These are transitive dependencies through reqwest/hyper-rustls.

CLOSES TURBO-5189
CLOSES TURBO-5190

@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Feb 2, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
examples-basic-web Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-designsystem-docs Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-gatsby-web Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-kitchensink-blog Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-nonmonorepo Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-svelte-web Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-tailwind-web Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
examples-vite-web Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
turbo-site Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm
turborepo-test-coverage Ready Ready Preview, Comment, Open in v0 Feb 3, 2026 6:05pm

@anthonyshew anthonyshew requested a review from a team as a code owner February 2, 2026 20:58
@anthonyshew anthonyshew requested review from tknickman and removed request for a team February 2, 2026 20:58
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Feb 3, 2026
edited
Loading

Congrats! CodSpeed is installed 🎉

🆕 4 new benchmarks were detected.

You will start to see performance impacts in the reports once the benchmarks are run from your default branch.

Detected benchmarks
Open in CodSpeed

@anthonyshew
Copy link
Copy Markdown
Contributor Author

anthonyshew commented Feb 3, 2026

Just noting that CDLA-Permissive-2.0 is okay for our software.

  1. It's for data, not code. webpki-roots contains Mozilla's root CA certificate data, not software.
  2. Highly permissive - Only requires including the license text when sharing the data
  3. No restrictions on "results" - Explictly states no restrictiosn on computational use of the data
  4. Linux foundation backed - Standard license for open data sharing

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Feb 3, 2026
edited
Loading

Coverage Report

Metric Coverage
Lines 75.97%
Functions 46.77%
Branches 0.00%

View full report

@anthonyshew
Copy link
Copy Markdown
Contributor Author

anthonyshew commented Feb 3, 2026
edited
Loading

Examples are being impacted by a sandbox issue, and not related to this PR. We can merge past these hanging.

@anthonyshew anthonyshew merged commit 076ef76 into main Feb 3, 2026
168 of 172 checks passed
@anthonyshew anthonyshew deleted the rustls-ring-upgrade branch February 3, 2026 18:33
@github-actions github-actions Bot mentioned this pull request Feb 3, 2026
Merged
github-actions Bot added a commit that referenced this pull request Feb 3, 2026
@github-actions @turbobot-temp
release(turborepo): 2.8.3-canary.4 (#11676)
0ff36fe 
## Release v2.8.3-canary.4

Versioned docs: https://v2-8-3-canary-4.turborepo.dev

### Changes

- fix: Upgrade openssl to 0.10.75 (#11660) (`ac22a298b4`)
- fix: Upgrade rustls and ring (#11659) (`076ef7681a`)
- release(turborepo): 2.8.3-canary.3 (#11675) (`5e012d02e6`)

Co-authored-by: Turbobot <turbobot@vercel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tknickman tknickman Awaiting requested review from tknickman tknickman is a code owner automatically assigned from vercel/turbo-oss

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anthonyshew