chore(deps): drop weak dependencies due to cargo bug (#862)

DDtKey · web-flow · commit 8a6af68ed52b · 2025-10-27T17:07:54.000-05:00
For now we're going to drop weak deps for russh (`russh?/ring` and `russh?/aws-lc-rs`) as there is a known bug with Cargo which pulls it to the Cargo.lock and may trigger cargo-audit for example (e.g known `rsa` vulnerability). See details in [this comment](#851 (comment)) With this change, we simply require `russh/ring` for `host-port-exposure` feature. As a workaround, users who needs host-exposure feature with aws-lc-rs can add russh to their deps and add it explicitly in their project. However it may require to install the CryptoProvider.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,10 +31,8 @@ jobs:
       - uses: taiki-e/install-action@v2
         with:
           tool: cargo-hack
-      - name: Build (without host-port-exposure)
-        run: cargo hack build --feature-powerset --depth 2 --keep-going --exclude-features host-port-exposure
-      - name: Build (host-port-exposure with TLS backend)
-        run: cargo hack build --feature-powerset --depth 2 --keep-going --include-features host-port-exposure,ring,aws-lc-rs --at-least-one-of ring,aws-lc-rs
+      - name: Build
+        run: cargo hack build --feature-powerset --depth 2 --clean-per-run
 
   test:
     name: Test
@@ -68,10 +66,8 @@ jobs:
       - uses: taiki-e/install-action@v2
         with:
           tool: cargo-hack
-      - name: Tests (without host-port-exposure)
-        run: cargo hack test --feature-powerset --depth 2 --clean-per-run --partition ${{ matrix.partition }} --exclude-features host-port-exposure
-      - name: Tests (host-port-exposure with TLS backend)
-        run: cargo hack test --feature-powerset --depth 2 --clean-per-run --partition ${{ matrix.partition }} --include-features host-port-exposure,ring,aws-lc-rs --at-least-one-of ring,aws-lc-rs
+      - name: Tests
+        run: cargo hack test --feature-powerset --depth 2 --clean-per-run --partition ${{ matrix.partition }}
 
   fmt:
     name: Rustfmt check
diff --git a/testcontainers/Cargo.toml b/testcontainers/Cargo.toml
@@ -49,8 +49,8 @@ url = { version = "2", features = ["serde"] }
 
 [features]
 default = ["ring"]
-ring = ["bollard/ssl", "russh?/ring"]
-aws-lc-rs = ["bollard/aws-lc-rs", "russh?/aws-lc-rs"]
+ring = ["bollard/ssl"]
+aws-lc-rs = ["bollard/aws-lc-rs"]
 ssl = ["bollard/ssl_providerless"]
 blocking = []
 watchdog = ["signal-hook", "conquer-once"]
@@ -59,7 +59,7 @@ http_wait_plain = ["reqwest"]
 properties-config = ["serde-java-properties"]
 reusable-containers = []
 device-requests = []
-host-port-exposure = ["dep:russh"]
+host-port-exposure = ["dep:russh", "russh/ring"]
 
 [dev-dependencies]
 anyhow = "1.0.86"
