From 7ef3ff6873809b07bb2fccf35927b7f72598a03b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BF=97=E5=AE=87?= <hello@evanlinjin.me>
Date: Fri, 29 Nov 2024 12:42:36 +1100
Subject: [PATCH] chore: Enforce min `rustls` version to 0.23.19

`rustls` versions 0.23.18 and 0.23.19 contains fix for vulnerability
RUSTSEC-2024-0399. However, 0.23.18 bumps MSRV to 1.71. 0.23.19 reverts
MSRV back to 1.63.

We enforce min `rustls` version to 0.23.19 to make it easier to compile
on MSRV and ensure we include the RUSTSEC-2024-0399 fix.

Note that in CI, I decided to pin `rustls` dependency to 0.23.19
explicitly. This is because in future versions of `rustls`, the MSRV
will be changed to 1.71.
---
 .github/workflows/cont_integration.yml | 2 +-
 Cargo.toml                             | 2 +-
 README.md                              | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/cont_integration.yml b/.github/workflows/cont_integration.yml
index 0c5b0f6..a73b344 100644
--- a/.github/workflows/cont_integration.yml
+++ b/.github/workflows/cont_integration.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Pin dependencies for MSRV
         if: matrix.rust == '1.63.0'
         run: |
-          cargo update -p rustls --precise "0.23.17"
+          cargo update -p rustls --precise "0.23.19"
       - name: Test
         run: cargo test --verbose --all-features
       - name: Setup iptables for the timeout test
diff --git a/Cargo.toml b/Cargo.toml
index f3dd730..9e99657 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -26,7 +26,7 @@ serde_json = { version = "^1.0" }
 
 # Optional dependencies
 openssl = { version = "0.10", optional = true }
-rustls = { version = "0.23", optional = true, default-features = false }
+rustls = { version = "0.23.19", optional = true, default-features = false }
 webpki-roots = { version = "0.25", optional = true }
 
 byteorder = { version = "1.0", optional = true }
diff --git a/README.md b/README.md
index 0186486..3a1c2bc 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,6 @@ This library should compile with any combination of features with Rust 1.63.0.
 To build with the MSRV you will need to pin dependencies as follows:
 
 ```shell
-cargo update -p rustls --precise "0.23.17"
+cargo update -p rustls --precise "0.23.19"
 ```