eliott/servo
1
0
Fork 0
mirror of https://github.com/servo/servo synced 2026-04-25 17:15:48 +02:00
Code Issues Packages Projects Releases Wiki Activity
55,248 Commits 148 Branches 8 Tags
9fd7477cbb9fd2cf945a7e7bdd4e5f5468b99adc
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
dependabot[bot] 9fd7477cbb build: bump pyopenssl from 25.3.0 to 26.0.0 (#43321) 
Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to
26.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.0 (2026-03-15)</h2>
<p>Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Dropped support for Python 3.7.</li>
<li>The minimum <code>cryptography</code> version is now 46.0.0.</li>
</ul>
<p>Deprecations:
^^^^^^^^^^^^^</p>
<p>Changes:
^^^^^^^^</p>
<ul>
<li>Added support for using aws-lc instead of OpenSSL.</li>
<li>Properly raise an error if a DTLS cookie callback returned a cookie
longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this
would result in a buffer-overflow. Credit to <strong>dark_haxor</strong>
for reporting the issue. <strong>CVE-2026-27459</strong></li>
<li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to
determine which group name was negotiated.</li>
<li><code>Context.set_tlsext_servername_callback</code> now handles
exceptions raised in the callback by calling <code>sys.excepthook</code>
and returning a fatal TLS alert. Previously, exceptions were silently
swallowed and the handshake would proceed as if the callback had
succeeded. Credit to <strong>Leury Castillo</strong> for reporting this
issue. <strong>CVE-2026-27448</strong></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="358cbf29c4"><code>358cbf2</code></a>
Prepare for 26.0.0 release (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1487">#1487</a>)</li>
<li><a
href="a8d28e7069"><code>a8d28e7</code></a>
Bump actions/cache from 4 to 5 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1486">#1486</a>)</li>
<li><a
href="6fefff0556"><code>6fefff0</code></a>
Add aws-lc compatibility to tests and CI (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1476">#1476</a>)</li>
<li><a
href="a739f9661d"><code>a739f96</code></a>
Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1485">#1485</a>)</li>
<li><a
href="8b4c66b1b5"><code>8b4c66b</code></a>
Bump actions/upload-artifact in /.github/actions/upload-coverage (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1484">#1484</a>)</li>
<li><a
href="02a5c78435"><code>02a5c78</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1483">#1483</a>)</li>
<li><a
href="d9733878d6"><code>d973387</code></a>
Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1482">#1482</a>)</li>
<li><a
href="57f09bb4bb"><code>57f09bb</code></a>
Fix buffer overflow in DTLS cookie generation callback (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1479">#1479</a>)</li>
<li><a
href="d41a814759"><code>d41a814</code></a>
Handle exceptions in set_tlsext_servername_callback callbacks (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1478">#1478</a>)</li>
<li><a
href="7b29beba77"><code>7b29beb</code></a>
Fix not using a cryptography wheel on uv (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1475">#1475</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl&package-manager=uv&previous-version=25.3.0&new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-16 17:00:11 +00:00
.cargo
Move various reflector types and traits to script_bindings (#35279)
2025-02-04 06:58:08 +00:00
.config
Upload junit report of unit-tests in CI (#39897)
2025-11-17 15:07:56 +00:00
.devcontainer
devcontainer: Use new prebuilt devcontainer image. (#43139)
2026-03-11 17:27:32 +00:00
.github
ci: Bump ci-runners to f0b81b9 and upgrade remaining deprecated Actions (#43244)
2026-03-14 02:08:56 +00:00
.vscode
use ruff rather than flake8 for python code linting (#37045)
2025-05-24 14:19:47 +00:00
components
script: ML-KEM/ML-DSA PKCS8 keys in non-seed-only formats (#43315)
2026-03-16 14:02:33 +00:00
docs
deps: Merge the servo/media repository (#42369)
2026-02-06 17:00:03 +00:00
etc
ohos: Add script to run blink perf tests on device (#42509)
2026-03-13 10:18:37 +00:00
ports/servoshell
Version releases with the workspace version (#43263)
2026-03-16 16:44:36 +00:00
python
Version releases with the workspace version (#43263)
2026-03-16 16:44:36 +00:00
resources
devtools: Implement initial support for showing scope variables (#43232)
2026-03-16 13:02:09 +00:00
support
ci: Update WiX files and Windows workflow to reflect ServoShell name (#43104)
2026-03-09 08:17:56 +00:00
tests
script: Support constructing FontFaces from ArrayBuffers (#43281)
2026-03-15 22:13:56 +00:00
third_party
blurmac: Disable publishing (#43264)
2026-03-14 10:05:32 +00:00
.clippy.toml
deny.toml: Clarify time-rs CVE. (#43148)
2026-03-11 09:42:41 +00:00
.gitattributes
git: Mark tests/blink_perf_tests as linguist-vendored (#39036)
2025-08-30 13:11:32 +00:00
.gitignore
Add codesigning script for macOS (#42912)
2026-03-06 03:43:20 +00:00
.mailmap
Update Tetsuharu OHZEKI's entry in mailmap
2019-11-15 00:46:45 +09:00
.python-version
Set python version to 3.11 (#34707)
2024-12-19 18:42:36 +00:00
about.toml
Add servo:license (#40319)
2025-11-13 08:48:01 +00:00
Cargo.lock
Version releases with the workspace version (#43263)
2026-03-16 16:44:36 +00:00
Cargo.toml
Version releases with the workspace version (#43263)
2026-03-16 16:44:36 +00:00
CODE_OF_CONDUCT.md
Clarify the Code of Conduct (closes servo/servo.org#164) (#32835)
2024-07-23 09:12:03 +00:00
CONTRIBUTING.md
Update contributing guide URL. (#41192)
2025-12-11 07:50:34 +00:00
deny.toml
Update wayland crates. (#43299)
2026-03-16 03:30:36 +00:00
LICENSE
Update MPL license to https (part 1)
2018-11-19 14:46:43 +01:00
LICENSE_WHATWG_SPECS
Add license for WHATWG specifications in code (#36282)
2025-04-03 04:33:06 +00:00
mach
mach: use uv run --frozen (#42169)
2026-02-03 12:43:04 +00:00
mach.bat
mach: Force the use of arm64 Python when running with Windows on arm64 (#42371)
2026-02-06 02:58:37 +00:00
mach.ps1
mach: Force the use of arm64 Python when running with Windows on arm64 (#42371)
2026-02-06 02:58:37 +00:00
PULL_REQUEST_TEMPLATE.md
Use a simpler GitHub pull request template (#36203)
2025-03-30 10:14:13 +00:00
pyproject.toml
Move ply and WebIDL into script_bindings (#43180)
2026-03-12 05:44:46 +00:00
README.md
doc: Refer to the correct links in the Servo Book (#41110)
2025-12-06 23:42:35 +00:00
rust-toolchain.toml
Bump rust version to 1.92.0 (#42661)
2026-02-16 18:58:15 +00:00
rustfmt.toml
Update rustfmt to the 2024 style edition (#35764)
2025-03-03 11:26:53 +00:00
SECURITY.md
Reword our security policy (#42953)
2026-03-02 13:37:59 +00:00
servo-tidy.toml
Move ply and WebIDL into script_bindings (#43180)
2026-03-12 05:44:46 +00:00
servobuild.example
Fix DBus warning when running mach (#37818)
2025-07-02 23:17:01 +00:00
shell.nix
Rename libservo to servo (#43141)
2026-03-10 20:55:14 +00:00
taplo.toml
Format toml files (#30112)
2023-08-17 15:07:43 +00:00
uv.lock
build: bump pyopenssl from 25.3.0 to 26.0.0 (#43321)
2026-03-16 17:00:11 +00:00

README.md

The Servo Parallel Browser Engine Project

Servo is a prototype web browser engine written in the Rust language. It is currently developed on 64-bit macOS, 64-bit Linux, 64-bit Windows, 64-bit OpenHarmony, and Android.

Servo welcomes contribution from everyone. Check out:

Coordination of Servo development happens:

Getting started

For more detailed build instructions, see the Servo Book under Getting the Code and Building Servo.

macOS

  • Download and install Xcode and brew.
  • Install uv: curl -LsSf https://astral.sh/uv/install.sh | sh
  • Install rustup: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: ./mach bootstrap
  • Build servoshell: ./mach build

Linux

  • Install curl:
    • Arch: sudo pacman -S --needed curl
    • Debian, Ubuntu: sudo apt install curl
    • Fedora: sudo dnf install curl
    • Gentoo: sudo emerge net-misc/curl
  • Install uv: curl -LsSf https://astral.sh/uv/install.sh | sh
  • Install rustup: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: ./mach bootstrap
  • Build servoshell: ./mach build

Windows

  • Download uv, choco, and rustup
    • Be sure to select Quick install via the Visual Studio Community installer
  • In the Visual Studio Installer, ensure the following components are installed:
    • Windows 10/11 SDK (anything >= 10.0.19041.0) (Microsoft.VisualStudio.Component.Windows{10, 11}SDK.{>=19041})
    • MSVC v143 - VS 2022 C++ x64/x86 build tools (Latest) (Microsoft.VisualStudio.Component.VC.Tools.x86.x64)
    • C++ ATL for latest v143 build tools (x86 & x64) (Microsoft.VisualStudio.Component.VC.ATL)
  • Restart your shell to make sure cargo is available
  • Install the other dependencies: .\mach bootstrap
  • Build servoshell: .\mach build

Android

  • Ensure that the following environment variables are set:
    • ANDROID_SDK_ROOT
    • ANDROID_NDK_ROOT: $ANDROID_SDK_ROOT/ndk/28.2.13676358/ ANDROID_SDK_ROOT can be any directory (such as ~/android-sdk). All of the Android build dependencies will be installed there.
  • Install the latest version of the Android command-line tools to $ANDROID_SDK_ROOT/cmdline-tools/latest.
  • Run the following command to install the necessary components: 
    sudo $ANDROID_SDK_ROOT/cmdline-tools/latest/bin/sdkmanager --install \
 "build-tools;34.0.0" \
 "emulator" \
 "ndk;28.2.13676358" \
 "platform-tools" \
 "platforms;android-33" \
 "system-images;android-33;google_apis;x86_64"
  • Follow the instructions above for the platform you are building on

OpenHarmony

  • Follow the instructions above for the platform you are building on to prepare the environment.
  • Depending on the target distribution (e.g. HarmonyOS NEXT vs pure OpenHarmony) the build configuration will differ slightly.
  • Ensure that the following environment variables are set
    • DEVECO_SDK_HOME (Required when targeting HarmonyOS NEXT)
    • OHOS_BASE_SDK_HOME (Required when targeting OpenHarmony)
    • OHOS_SDK_NATIVE (e.g. ${DEVECO_SDK_HOME}/default/openharmony/native or ${OHOS_BASE_SDK_HOME}/${API_VERSION}/native)
    • SERVO_OHOS_SIGNING_CONFIG: Path to json file containing a valid signing configuration for the demo app.
  • Review the detailed instructions at [Building for OpenHarmony].
  • The target distribution can be modified by passing --flavor=<default|harmonyos> to mach <build|package|install>.
Reference in New Issue View Git Blame Copy Permalink
Description
Mirrored from GitHub
Readme MPL-2.0 2.2 GiB
Languages
Rust 87.7%
Python 6%
WebIDL 3.1%
HTML 2%
JavaScript 0.5%
Other 0.5%