diff --git a/Cargo.lock b/Cargo.lock index 42ad17f65..a6825a4b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6980,7 +6980,7 @@ dependencies = [ "once_cell", "ring", "rustls-pki-types", - "rustls-webpki 0.103.10", + "rustls-webpki 0.103.13", "subtle", "zeroize", ] @@ -7028,9 +7028,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.10" +version = "0.103.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" dependencies = [ "aws-lc-rs", "ring", diff --git a/deny.toml b/deny.toml index a2542235d..85231f920 100644 --- a/deny.toml +++ b/deny.toml @@ -83,6 +83,12 @@ ignore = [ # https://rustsec.org/advisories/RUSTSEC-2026-0099 { id = "RUSTSEC-2026-0098", reason = "only affects rustls-webpki 0.101 from legacy aws-smithy/rustls 0.21 chain" }, { id = "RUSTSEC-2026-0099", reason = "only affects rustls-webpki 0.101 from legacy aws-smithy/rustls 0.21 chain" }, + + # rustls-webpki 0.101.7: reachable panic in CRL parsing. Same legacy + # rustls 0.21 chain from aws-smithy-http-client as above. The 0.103 line + # we actively use is upgraded to 0.103.13 which contains the fix. + # https://rustsec.org/advisories/RUSTSEC-2026-0104 + { id = "RUSTSEC-2026-0104", reason = "only affects rustls-webpki 0.101 from legacy aws-smithy/rustls 0.21 chain" }, ] # ---------------------------------------------------------------------------