Skip to content

Commit aea7607

Browse files
committed
fix(rust): align aws-lc-sys with aws-lc-rs to remove duplicate native crate
CI's 'no duplicate aws-lc native crate' check failed on the default build with: aws-lc-sys v0.41.0 └── aws-db-esdk (direct dependency) aws-lc-sys v0.42.0 └── aws-lc-rs v1.17.1 └── aws-db-esdk (transitive via aws-lc-rs/aws-sdk-*) Our Cargo.toml pinned the direct optional dep at aws-lc-sys = "0.41", while aws-lc-rs 1.17.1 (which we depend on, and which the AWS SDK crates pull in transitively) resolves aws-lc-sys 0.42. Cargo cannot unify across a semver-major boundary, so two copies of aws-lc-sys compile in the same build. Beyond the ~2x native C build cost, this is also a correctness/safety concern: the SDK's raw FFI path (aws_lc_sys_impl::*) binds to the version WE declare, while aws-lc-rs binds to the version it pulls in, so the raw path can drift onto a stale/vulnerable AWS-LC independently of aws-lc-rs. Bump the direct dep to aws-lc-sys = "0.42" so it unifies with the version aws-lc-rs resolves to. aws-lc-fips-sys is unchanged; the fips build was not flagged by the duplicate check.
1 parent 29206ac commit aea7607

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

DynamoDbEncryption/runtimes/rust/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ readme = "README.md"
1717
[dependencies]
1818
aws-config = "1.8.12"
1919
aws-lc-rs = {version = "1.17.0"}
20-
aws-lc-sys = { version = "0.41", optional = true }
20+
aws-lc-sys = { version = "0.42", optional = true }
2121
aws-lc-fips-sys = { version = "0.13.1", optional = true }
2222
aws-sdk-dynamodb = "1.103.0"
2323
aws-sdk-kms = "1.98.0"

0 commit comments

Comments
 (0)