Make aws-lc-rs include the bindgen feature when compiling for MSVC

[SleeplessOne1917]

This PR is due to a rabbit hole I fell down trying to address a severe issue brought up from running cargo-audit.

For the project I'm working on, this vulnerability comes up when running cargo-audit as just mentioned:

Crate:     rustls
Version:   0.20.9
Title:     `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
Date:      2024-04-19
ID:        RUSTSEC-2024-0336
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0336
Severity:  7.5 (high)
Solution:  Upgrade to >=0.23.5 OR >=0.22.4, <0.23.0 OR >=0.21.11, <0.22.0
Dependency tree:
rustls 0.20.9
└── tokio-rustls 0.23.4
    └── actix-tls 3.3.0
        ├── actix-web 4.5.1
        │   ├── tracing-actix-web 0.7.10
        │   │   ├── pict-rs 0.5.13
        │   │   │   └── lemmy_server 0.19.4-beta.6
        │   │   └── lemmy_server 0.19.4-beta.6
        │   ├── pict-rs 0.5.13
        │   ├── lemmy_utils 0.19.4-beta.6
        │   │   ├── lemmy_server 0.19.4-beta.6
        │   │   ├── lemmy_routes 0.19.4-beta.6
        │   │   │   └── lemmy_server 0.19.4-beta.6
        │   │   ├── lemmy_db_views_actor 0.19.4-beta.6
        │   │   │   ├── lemmy_routes 0.19.4-beta.6
        │   │   │   ├── lemmy_federate 0.19.4-beta.6
        │   │   │   │   └── lemmy_server 0.19.4-beta.6
        │   │   │   ├── lemmy_apub 0.19.4-beta.6
        │   │   │   │   ├── lemmy_server 0.19.4-beta.6
        │   │   │   │   └── lemmy_federate 0.19.4-beta.6
        │   │   │   ├── lemmy_api_crud 0.19.4-beta.6
        │   │   │   │   └── lemmy_server 0.19.4-beta.6
        │   │   │   ├── lemmy_api_common 0.19.4-beta.6
        │   │   │   │   ├── lemmy_server 0.19.4-beta.6
        │   │   │   │   ├── lemmy_routes 0.19.4-beta.6
        │   │   │   │   ├── lemmy_federate 0.19.4-beta.6
        │   │   │   │   ├── lemmy_apub 0.19.4-beta.6
        │   │   │   │   ├── lemmy_api_crud 0.19.4-beta.6
        │   │   │   │   └── lemmy_api 0.19.4-beta.6
        │   │   │   │       └── lemmy_server 0.19.4-beta.6
        │   │   │   └── lemmy_api 0.19.4-beta.6
        │   │   ├── lemmy_db_views 0.19.4-beta.6
        │   │   │   ├── lemmy_routes 0.19.4-beta.6
        │   │   │   ├── lemmy_db_perf 0.19.4-beta.6
        │   │   │   ├── lemmy_apub 0.19.4-beta.6
        │   │   │   ├── lemmy_api_crud 0.19.4-beta.6
        │   │   │   ├── lemmy_api_common 0.19.4-beta.6
        │   │   │   └── lemmy_api 0.19.4-beta.6
        │   │   ├── lemmy_db_schema 0.19.4-beta.6
        │   │   │   ├── lemmy_server 0.19.4-beta.6
        │   │   │   ├── lemmy_routes 0.19.4-beta.6
        │   │   │   ├── lemmy_federate 0.19.4-beta.6
        │   │   │   ├── lemmy_db_views_moderator 0.19.4-beta.6
        │   │   │   │   ├── lemmy_api_common 0.19.4-beta.6
        │   │   │   │   └── lemmy_api 0.19.4-beta.6
        │   │   │   ├── lemmy_db_views_actor 0.19.4-beta.6
        │   │   │   ├── lemmy_db_views 0.19.4-beta.6
        │   │   │   ├── lemmy_db_perf 0.19.4-beta.6
        │   │   │   ├── lemmy_apub 0.19.4-beta.6
        │   │   │   ├── lemmy_api_crud 0.19.4-beta.6
        │   │   │   ├── lemmy_api_common 0.19.4-beta.6
        │   │   │   └── lemmy_api 0.19.4-beta.6
        │   │   ├── lemmy_db_perf 0.19.4-beta.6
        │   │   ├── lemmy_apub 0.19.4-beta.6
        │   │   ├── lemmy_api_crud 0.19.4-beta.6
        │   │   ├── lemmy_api_common 0.19.4-beta.6
        │   │   └── lemmy_api 0.19.4-beta.6
        │   ├── lemmy_server 0.19.4-beta.6
        │   ├── lemmy_routes 0.19.4-beta.6
        │   ├── lemmy_db_views 0.19.4-beta.6
        │   ├── lemmy_apub 0.19.4-beta.6
        │   ├── lemmy_api_crud 0.19.4-beta.6
        │   ├── lemmy_api_common 0.19.4-beta.6
        │   ├── lemmy_api 0.19.4-beta.6
        │   ├── actix-web-prom 0.7.0
        │   │   └── lemmy_server 0.19.4-beta.6
        │   ├── actix-web-httpauth 0.8.1
        │   │   └── lemmy_api 0.19.4-beta.6
        │   ├── actix-multipart 0.6.1
        │   │   └── actix-form-data 0.7.0-beta.7
        │   │       └── pict-rs 0.5.13
        │   ├── actix-form-data 0.7.0-beta.7
        │   ├── actix-cors 0.6.5
        │   │   └── lemmy_server 0.19.4-beta.6
        │   └── activitypub_federation 0.5.5
        │       ├── lemmy_server 0.19.4-beta.6
        │       ├── lemmy_routes 0.19.4-beta.6
        │       ├── lemmy_federate 0.19.4-beta.6
        │       ├── lemmy_db_schema 0.19.4-beta.6
        │       ├── lemmy_apub 0.19.4-beta.6
        │       ├── lemmy_api_crud 0.19.4-beta.6
        │       ├── lemmy_api_common 0.19.4-beta.6
        │       └── lemmy_api 0.19.4-beta.6
        └── actix-http 3.6.0
            └── actix-web 4.5.1

I already updated my project's direct dependency in its Cargo.toml, but it still shows up as an indirect dependency. Further, the vulnerability seems to be coming from actix-web, which is a very widely used crate. After some investigation, I discovered that I would need to update actix-net before I could update actix-web, so I made this PR.

However, several of the CI builds for Windows msvc in that PR failed and gave me this error:

  thread 'main' panicked at /home/insomnia/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-sys-0.15.0/builder/main.rs:401:5:
  aws-lc-sys build failed. Please enable the 'bindgen' feature on aws-lc-rs or aws-lc-sys. For more information, see the aws-lc-rs User Guide: https://aws.github.io/aws-lc-rs/index.html

This was caused by an issue with tokio-rustls. It exposes rustls's awc-lc-rs feature as a feature of the same name, but I can't export the bindgen with it unless I add it as a separate dependency. This brings me to the change I made in this PR.

That is why I made the aws-lc-rs dependency include the bindgen feature when targeting msvc in this PR.

Currently the build fails when I run cargo check --target x86_64-pc-windows-msvc from the root of this repo. I'm unsure if that's because my changes are wrong or if it's because I'm compiling it on a Linux machine.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.49%. Comparing base (c46cf7e) to head (2117c46).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1935   +/-   ##
=======================================
  Coverage   95.49%   95.49%           
=======================================
  Files          86       86           
  Lines       18650    18650           
=======================================
  Hits        17810    17810           
  Misses        840      840           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ctz]

I don't think this is necessary, in a variety of ways:

• the aws-lc-rs -> sys bindgen feature relation is essentially private: it will be activated if there are no bundled bindings; nothing is gained from activating it externally
• the various version updates are semver compatible -- it is never required to tighten a Cargo.toml version spec from "1.6" to "1.7" (say), unless the code starts requiring API features introduced in 1.7. I'd suggest reviewing the book

[SleeplessOne1917]

I may have jumped the gun on this. In addition to what you said, I looked over the builds in the other PR I linked and it's not all build targeting msvc that are failing: only those using the minimum supported rust version are failing. I'll ask the maintainer of the linked repo if there's a better way to fix the builds - or if it even matters that those particular builds are failing at all.

[cpu]

I'm going to close this PR for now since it seems we're all in agreement that this won't be required in Rustls.