Bump patch version of lambda-http #556

ysaito1001 · 2022-10-27T01:40:36Z

This PR updates the version of lambda-http to 0.7.1. The crate now depends on aws-lambda-events 0.7.2 or higher whereas it previously depended on that of ^0.7.

This crate currently does not compile against aws-lambda-events 0.7.0 or 0.7.1. In aws-lambda-events 0.7.0, the module query_map is private when it should be public for lambda-http to compile. Similarly, in aws-lambda-events 0.7.1, the trait bound QueryMap: FromStr is not satisfied so lambda-http does not compile either.

It has been discovered as part of this test failure in CI for smithy-lang/smithy-rs#1907. The test was running cargo minimal-versions check within the top-level rust-runtime workspace.

By submitting this pull request

I confirm that my contribution is made under the terms of the Apache 2.0 license.
I confirm that I've made a best effort attempt to update all relevant documentation.

This commit updates the version of `lambda-http` to 0.7.1. The crate now depends on `aws-lambda-events` 0.7.2 or higher whereas it previously depended on that of ^0.7. This crate currently does not compile against `aws-lambda-events` 0.7.0 or 0.7.1. In `aws-lambda-events` 0.7.0, the module `query_map` is private when it should be public for `lambda-http` to compile. Similarly, in `aws-lambda-events` 0.7.1, the trait bound `QueryMap: FromStr` is not satisfied so `lambda-http` does not compile either.

This commit updates the version of `lambda_http` from 0.7.0 to 0.7.1 in the crates within the top-level `rust-runtime` workspace. These updates are needed to solve the issue described in awslabs/aws-lambda-rust-runtime#556

* Avoid the chrono crate depending on the time crate This commit is in response to RUSTSEC-2020-0071 where there is a potential segfault in the time crate. The aws-smithy-types-convert crate now disables the default features of the chrono crate so that it will not depend on the time crate. * Depend on lambda_http without RUSTSEC-2020-0071 This commit updates the version of lambda_http used by aws-smithy-http-server and aws-smithy-http-server-python to 0.7.0. The prior version 0.6.0 of lambda_http used the chrono crate in a way that exposed a security issue described in RUSTSEC-2020-0071. By switching to 0.7.0 of lambda_http, those two crates do not exhibit vulnerabilities as reported by cargo audit. * Bump minor version of lambda_http in pokemon-service This commit updates the version of `lambda_http` used by `pokemon-service` from 0.6.0 to 0.7.0. This is in sync with the fact that both `aws-smithy-http-server` and `aws-smithy-http-server-python` now depend on 0.7.0 of `lambda_http`. Failing to do so would cause `pokemon-service` to fail to compile due to an error at `lambda_http::run(handler)` in the main function of the `pokemon-service-lambda` binary: the trait `Service<lambda_http::http::Request<lambda_http::Body>>` is not implemented for `LambdaHandler<aws_smithy_http_server::routing::Router>` * Depend on lambda-http 0.7.1 This commit updates the version of `lambda_http` from 0.7.0 to 0.7.1 in the crates within the top-level `rust-runtime` workspace. These updates are needed to solve the issue described in awslabs/aws-lambda-rust-runtime#556 * Update CHANGELOG.next.toml * Address #1907 Co-authored-by: Saito <awsaito@c889f3b5ddc4.ant.amazon.com> Co-authored-by: Zelda Hessler <zhessler@amazon.com>

* Avoid the chrono crate depending on the time crate This commit is in response to RUSTSEC-2020-0071 where there is a potential segfault in the time crate. The aws-smithy-types-convert crate now disables the default features of the chrono crate so that it will not depend on the time crate. * Depend on lambda_http without RUSTSEC-2020-0071 This commit updates the version of lambda_http used by aws-smithy-http-server and aws-smithy-http-server-python to 0.7.0. The prior version 0.6.0 of lambda_http used the chrono crate in a way that exposed a security issue described in RUSTSEC-2020-0071. By switching to 0.7.0 of lambda_http, those two crates do not exhibit vulnerabilities as reported by cargo audit. * Bump minor version of lambda_http in pokemon-service This commit updates the version of `lambda_http` used by `pokemon-service` from 0.6.0 to 0.7.0. This is in sync with the fact that both `aws-smithy-http-server` and `aws-smithy-http-server-python` now depend on 0.7.0 of `lambda_http`. Failing to do so would cause `pokemon-service` to fail to compile due to an error at `lambda_http::run(handler)` in the main function of the `pokemon-service-lambda` binary: the trait `Service<lambda_http::http::Request<lambda_http::Body>>` is not implemented for `LambdaHandler<aws_smithy_http_server::routing::Router>` * Depend on lambda-http 0.7.1 This commit updates the version of `lambda_http` from 0.7.0 to 0.7.1 in the crates within the top-level `rust-runtime` workspace. These updates are needed to solve the issue described in awslabs/aws-lambda-rust-runtime#556 * Update CHANGELOG.next.toml * Address smithy-lang/smithy-rs#1907 Co-authored-by: Saito <awsaito@c889f3b5ddc4.ant.amazon.com> Co-authored-by: Zelda Hessler <zhessler@amazon.com>

ysaito1001 mentioned this pull request Oct 27, 2022

Fix cargo audit issue on chrono smithy-lang/smithy-rs#1907

Merged

1 task

calavera approved these changes Oct 28, 2022

View reviewed changes

calavera merged commit 8010e4f into awslabs:main Oct 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump patch version of lambda-http #556

Bump patch version of lambda-http #556

ysaito1001 commented Oct 27, 2022 •

edited

Bump patch version of lambda-http #556

Bump patch version of lambda-http #556

Conversation

ysaito1001 commented Oct 27, 2022 • edited

ysaito1001 commented Oct 27, 2022 •

edited