Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency com.google.crypto.tink:tink to v1.9.0 #8056

Conversation

renovate-bot
Copy link
Contributor

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.google.crypto.tink:tink 1.7.0 -> 1.9.0 age adoption passing confidence

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.


Release Notes

tink-crypto/tink-java

v1.9.0: Tink Java 1.9.0

Compare Source

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.9.0

To get started using Tink, see the setup guide.

Maven:
<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.9.0</version>
</dependency>
Gradle:
dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.9.0'
}
Bazel:
load("@&#8203;bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@&#8203;rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@&#8203;rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@&#8203;rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.9.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

The complete list of changes since 1.8.0 can be found here.

  • Removed deprecation of some APIs
  • Minor refactorings/code improvements
  • Added new key/parameter interfaces for StreamingAead, DeterministicAead, HmacPrf and JwtMac
  • Added new key/parameter/serialization classes:
    • AesGcmHkdfStreaming
    • AesCtrHmacAead
    • AesCtrHmacStreaming
    • AesCmacPrf
    • Ed25519
    • RsaSsaPkcs1
    • AesSiv
    • JwtHmac
  • Add Refaster (https://errorprone.info/docs/refaster) templates to easily migrate away from deprecated APIs
  • Improved performance of AesGcmSiv (commit)
  • Fixed Maven dependency issues:
  • Upgraded dependencies:
    • com.google.code.gson:gson:2.10.1
    • com.google.errorprone:error_prone_annotations:2.18
    • com.google.http-client:google-http-client:1.43.1
    • com.google.http-client:google-http-client-gson:1.43.1
    • joda-time:joda-time:2.12.5
    • junit:junit:4.13.2
    • androidx.annotation:annotation:1.5.0

To see what we're working towards, check our project roadmap.

v1.8.0: Tink Java 1.8.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.8.0

To get started using Tink, see the setup guide.

Maven:
<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.8.0</version>
</dependency>
Gradle:
dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.8.0'
}
Bazel:
load("@&#8203;bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@&#8203;rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@&#8203;rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@&#8203;rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.8.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

This is the first release from https://github.com/tink-crypto/tink-java.

The complete list of changes since 1.7.0 can be found here.

  • Changed the tink-java POM file as follows:
  • Upgraded to Bazel 6.0.
  • The ChunkedMac primitive can now be used, available implementations are AesCmac and Hmac.
  • Added new API to read and write keysets: TinkProtoKeysetFormat and TinkJsonProtoKeysetFormat.
  • JSON parsing now rejects duplicated map entries.
  • Fixed two race conditions in com.google.crypto.tink.integration.android. Also improved the exceptions raised.
  • ECDSA keys are now serialized using fixed size byte arrays.
  • Tink will prefer Conscrypt as a JCE provider for ECDSA if available.
  • Changes to PrimitiveSet API. Please note that the use of this class is discouraged and should be omitted when possible.
    • For the relevant changes see commit.
  • (Only relevant if you use or maintain a custom Wrapper class) Registering a wrapper in Registry now requires that the object being registered is always the same. See examples here and here.
  • Upgraded dependencies:
    • Protobuf to X.21.9 443baab.
    • com.google.errorprone:error_prone_annotations to 2.16.
    • google.http-client:google-http-client to 1.42.3.
    • com.google.api-client:google-api-client to 2.2.0.
    • com.google.code.gson:gson to 2.10.

To see what we're working towards, check our project roadmap.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot requested review from a team and yoshi-approver as code owners May 16, 2023 02:18
@renovate-bot renovate-bot requested a review from a team May 16, 2023 02:18
@renovate-bot renovate-bot requested a review from a team as a code owner May 16, 2023 02:18
@forking-renovate forking-renovate bot added the automerge Merge the pull request once unit tests and other checks pass. label May 16, 2023
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 16, 2023
@product-auto-label product-auto-label bot added the samples Issues that are directly related to samples. label May 16, 2023
@product-auto-label product-auto-label bot added the api: cloudsql Issues related to the Cloud SQL for MySQL API. label May 16, 2023
@yoshi-approver yoshi-approver added the automerge: exact Summon MOG for automerging, but approvals need to be against the latest commit label May 16, 2023
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 16, 2023
@gcf-merge-on-green gcf-merge-on-green bot merged commit 7367793 into GoogleCloudPlatform:main May 16, 2023
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge Merge the pull request once unit tests and other checks pass. label May 16, 2023
@renovate-bot renovate-bot deleted the renovate/com.google.crypto.tink-tink-1.x branch May 16, 2023 02:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: cloudsql Issues related to the Cloud SQL for MySQL API. automerge: exact Summon MOG for automerging, but approvals need to be against the latest commit samples Issues that are directly related to samples.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants