Update dependency com.google.crypto.tink:tink to v1.11.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.google.crypto.tink:tink	1.7.0 -> 1.11.0

---

Release Notes

tink-crypto/tink-java (com.google.crypto.tink:tink)

v1.11.0: Tink Java 1.11.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.11.0

To get started using Tink, see the setup guide.

What's new?

The complete list of changes since 1.10.0 can be found here.

• Added new key/parameter classes for all remaining keys: Ecies, JwtRsaSsaPkcs1, JwtRsaSsapss, LegacyKmsAead, LegacyKmsEnvelopeAead.
• Key IDs of newly generated keys can now be negative (commit).
• Added APIs:
  • KmsEnvelopeAead.create (commit)
  • HkdfStreamingPrf::create(HkdfPrfKey key) (commit)
• Removed AeadKeyTemplates.createKmsAeadKeyTemplate (commit)
• Made InputStreamDecrypter.read() InputStream compliant (issue, commit).

Future work

To see what we're working towards, check our project roadmap.

Getting started

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.11.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.11.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.11.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/releases/download/v1.11.0/tink-java-1.11.0.zip"],
    strip_prefix = "tink-java-1.11.0",
    sha256 = "2bd264c2f0c474c77e2d1e04c627398e963b7a6d0164cfb743ab60a59ab998bd",
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.10.0: Tink Java 1.10.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.10.0

What is new?

The complete list of changes since 1.9.0 can be found here.

New Features:

• Added Key Derivation
• KeysetHandle#equalsKeyset can now be used to compare keysets
• Added Key classes: JwtEcdsaPrivateKey, JwtEcdsaPublicKey, RsaSsaPssPrivateKey, RsaSsaPssPublicKey.
• Added RawJwt.getJsonPayload.
• Restrict KMS Envelope AEAD DEK key type to only Tink AEAD key types.
• Use Conscrypt as source of randomness if possible.

Potentially breaking changes:

While we aim to be backwards compatible in minor releases, we removed some APIs that were not meant to be public and/or that we are confident are not widely used. If you are impacted by any of these, please file an issue.

• Removed PrivilegedRegistry.parseKeyData -- this was never meant to be in the public API.

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.10.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.10.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.10.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.10.0.zip"],
    strip_prefix = "tink-java-1.10.0",
    sha256 = ...
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.9.0: Tink Java 1.9.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.9.0

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.9.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.9.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.9.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

• https://github.com/tink-crypto/tink-java-awskms
• https://github.com/tink-crypto/tink-java-gcpkms

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

The complete list of changes since 1.8.0 can be found here.

• Removed deprecation of some APIs
• Minor refactorings/code improvements
• Added new key/parameter interfaces for StreamingAead, DeterministicAead, HmacPrf and JwtMac
• Added new key/parameter/serialization classes:
  • AesGcmHkdfStreaming
  • AesCtrHmacAead
  • AesCtrHmacStreaming
  • AesCmacPrf
  • Ed25519
  • RsaSsaPkcs1
  • AesSiv
  • JwtHmac
• Add Refaster (https://errorprone.info/docs/refaster) templates to easily migrate away from deprecated APIs
• Improved performance of AesGcmSiv (commit)
• Fixed Maven dependency issues:
  • https://github.com/tink-crypto/tink-java/issues/4: Removed androidx.annotations from com.google.crypto.tink:tink (commit); as a result, com.google.crypto.tink:tink has only dependencies from Maven Central.
  • https://github.com/tink-crypto/tink-java/issues/7: Add missing dependencies to com.google.crypto.tink:tink-android’s POM file (commit).
• Upgraded dependencies:
  • com.google.code.gson:gson:2.10.1
  • com.google.errorprone:error_prone_annotations:2.18
  • com.google.http-client:google-http-client:1.43.1
  • com.google.http-client:google-http-client-gson:1.43.1
  • joda-time:joda-time:2.12.5
  • junit:junit:4.13.2
  • androidx.annotation:annotation:1.5.0

To see what we're working towards, check our project roadmap.

v1.8.0: Tink Java 1.8.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.8.0

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.8.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.8.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.8.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

• https://github.com/tink-crypto/tink-java-awskms
• https://github.com/tink-crypto/tink-java-gcpkms

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

This is the first release from https://github.com/tink-crypto/tink-java.

The complete list of changes since 1.7.0 can be found here.

• Changed the tink-java POM file as follows:
  • Added missing dependency on androidx.annotation.annotation.
  • Only direct dependencies are listed.
  • Updated SCM details to point to github.com/tink-crypto/tink-java.
• Upgraded to Bazel 6.0.
• The ChunkedMac primitive can now be used, available implementations are AesCmac and Hmac.
• Added new API to read and write keysets: TinkProtoKeysetFormat and TinkJsonProtoKeysetFormat.
• JSON parsing now rejects duplicated map entries.
  • See this and this commits.
• Fixed two race conditions in com.google.crypto.tink.integration.android. Also improved the exceptions raised.
• ECDSA keys are now serialized using fixed size byte arrays.
• Tink will prefer Conscrypt as a JCE provider for ECDSA if available.
• Changes to PrimitiveSet API. Please note that the use of this class is discouraged and should be omitted when possible.
  • For the relevant changes see commit.
• (Only relevant if you use or maintain a custom Wrapper class) Registering a wrapper in Registry now requires that the object being registered is always the same. See examples here and here.
• Upgraded dependencies:
  • Protobuf to X.21.9 443baab.
  • com.google.errorprone:error_prone_annotations to 2.16.
  • google.http-client:google-http-client to 1.42.3.
  • com.google.api-client:google-api-client to 2.2.0.
  • com.google.code.gson:gson to 2.10.

To see what we're working towards, check our project roadmap.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.