fix(deps): update dependency com.google.crypto.tink:tink-android to v1.13.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.google.crypto.tink:tink-android	1.7.0 -> 1.13.0

---

Release Notes

tink-crypto/tink-java (com.google.crypto.tink:tink-android)

v1.13.0: Tink Java 1.13.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.13.0

To get started using Tink, see the setup guide.

What's new?

Bugs fixed:

• JwkSetConverter now encodes RSA public keys without leading zero, as
  required by RFC 7518.

Performance improvements:

• Encrypted keysets produced with BinaryKeysetWriter or TinkProtoKeysetFormat
  are now smaller, because the unused keyset info metadata is not written
  anymore. JsonKeysetWriter and TinkJsonProtoKeysetFormat still output this
  metadata.
• Tink now uses the JCE implementation of ChaCha20Poly1305 if available. This
  makes encryption with ChaCha20Poly1305 and XChaCha20Poly1305 about 2-3 times
  faster.
• AES-GCM is now about 20% faster.

API changes:

• For Android: Support for SDK 19 has been removed.
• Removed PrimitiveSet and Registry.registerPrimitiveWrapper from the
  public API. While these were in the public API, they have changed semantics
  in the past and will change more in the future. Code using either
  PrimitiveSet or Registry.registerPrimitiveWrapper will not work after
  upcoming changes. Instead of breaking users silently, we prefer to break
  during compilation. If affected, please file an issue on
  github.com/tink-crypto/tink-java/.
• For keyset that contain JWT keys, JwtSignatureConfig.register() or
  JwtMacConfig.register() now need to be called before the keyset is parsed.
  If not, calling keysetHandle.getPrimitive(...) will fail with an error
  message: "Unable to get primitive interface
  com.google.crypto.tink.jwt.JwtPublicKeySign for key of type ..." or "Unable
  to get primitive interface com.google.crypto.tink.jwt.JwtPublicKeyVerify for
  key of type ...".
• Removed the constructors of HmacKeyManager and HmacPrfKeyManager from the
  public API. These were never intended to be public, and we expect that
  nobody used either of them.
• Removed the constructors of
  com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt and
  com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt from the public
  API. These took as argument a EciesAeadHkdfDemHelper object whose only
  implementation was private to Tink. We are hence confident that this is
  unused.
• Removed test-only AndroidKeystoreKmsClient.setKeyStore. This function didn't
  work as expected, as in some places, still the real KeyStore was used. If you
  need to test your code with a fake KeyStore instance, it is preferable to
  inject fake security provider using Security.addProvider, see
  FakeAndroidKeystoreProvider.java as an example for such a provider.
• Added methods in the class LegacyKeysetSerialization. Users do not need to
  consider this. This will be used later for automatic migrations.
• Introduced ConfigurationFips140v2. Users who do not want to restrict the
  whole binary to FIPS-only but still want to use FIPS-compliant primitives at
  specific call sites can use
  keysetHandle.GetPrimitive(ConfigurationFips140v2.get(), ExamplePrimitive.class).
• Introduced ConfigurationV0 containing Tink's recommended primitives.
  Usage: keysetHandle.GetPrimitive(ConfigurationV0.get(), ExamplePrimitive.class).

Dependencies changes:

• Upgraded:
  • com.google.protobuf:protobuf => 3.25.1.

Future work

To see what we're working towards, check our project roadmap.

Getting started

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.13.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.13.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "5.3"
RULES_JVM_EXTERNAL_SHA ="d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/%s/rules_jvm_external-%s.tar.gz" % (RULES_JVM_EXTERNAL_TAG, RULES_JVM_EXTERNAL_TAG)
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.13.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.13.0.zip"],
    strip_prefix = "tink-java-1.13.0",
    sha256 = ...
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.12.0: Tink Java 1.12.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.12.0

To get started using Tink, see the setup guide.

What's new?

Bugs fixed:

• On Android, API version 29 and older, AES-GCM-SIV: Due to a bug in Android,
  Tink previously uses an AES-GCM cipher for AES-GCM-SIV keys. Now, Tink will
  throw an exception on encrypt/decrypt calls (issue).

API changes:

• Disabled registration of custom key managers for primitives other than
  Aead, DeterministicAead, StreamingAead, HybridEncrypt, HybridDecrypt, Mac, PublicKeySign, PublicKeyVerify. To the best of our knowledge there is no
  user using this mechanism for any other class (which would be fairly
  exotic).
• The parser used in JwkSetConverter.toPublicKeysetHandle has been changed and
  now rejects duplicate map keys.
• Removed PrivilegedRegistry. This was never intended to be public, and to
  the best of our knowledge there is no user of this class outside of Tink.
• Removed Registry methods which triggered a TypeParameterUnusedInFormals
  error prone warnings. Using these is a bug, and the methods were deprecated
  in October 2018. See
  https://errorprone.info/bugpattern/TypeParameterUnusedInFormals for
  information about this warning.
• Removed AesCtrKeyManager. This was never intended to be public, and to the
  best of our knowledge there are no users of this class outside Tink.
• Remove KMS related constants from the TestUtil class.
• Added Primitive creation functions to subtle API:
  • AesGcmHkdfStreaming::create.
  • AesCtrHmacStreaming::create.
  • EncryptThenAuthenticate::create for AesCtrHmacAeadKey.
  • ChaCha20Poly1305::create.
  • XChaCha20Poly1305::create.
  • AesGcmSiv::create.
  • AesEaxJce::create.
  • EcdsaSignJce::create, EcdsaVerifyJce::create.
  • RsaSsaPkcsSignJce::create, RsaSsaPkcsVerifyJce::create.
  • RsaSsaPssSignJce::create, RsaSsaPssVerifyJce::create.
  • Ed25519Sign::create, Ed25519Verify::create.

Dependencies changes:

• Upgraded:
  • com.google.protobuf:protobuf => 3.24.3.
  • com.google.errorprone:error-prone-annotations => 2.22.0
  • com.google.http-client:google-http-client => 2.22.0
  • rules_jvm_external => 5.3
• Removed:
  • com.google.auto:auto-common:1.2.1
  • com.google.auto.service:auto-service:1.0.1
  • com.google.auto.service:auto-service-annotations:1.0.1

Future work

To see what we're working towards, check our project roadmap.

Getting started

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.12.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.12.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "5.3"
RULES_JVM_EXTERNAL_SHA ="d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/%s/rules_jvm_external-%s.tar.gz" % (RULES_JVM_EXTERNAL_TAG, RULES_JVM_EXTERNAL_TAG)
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.12.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.12.0.zip"],
    strip_prefix = "tink-java-1.12.0",
    sha256 = "c5f79c4f51e55d5c7bbd52c0b17fc8eeedf36d74a231e134882f9c4a74c3fbb1",
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.11.0: Tink Java 1.11.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.11.0

To get started using Tink, see the setup guide.

What's new?

The complete list of changes since 1.10.0 can be found here.

• Added new key/parameter classes for all remaining keys: Ecies, JwtRsaSsaPkcs1, JwtRsaSsapss, LegacyKmsAead, LegacyKmsEnvelopeAead.
• Key IDs of newly generated keys can now be negative (commit).
• Added APIs:
  • KmsEnvelopeAead.create (commit)
  • HkdfStreamingPrf::create(HkdfPrfKey key) (commit)
• Removed AeadKeyTemplates.createKmsAeadKeyTemplate (commit)
• Made InputStreamDecrypter.read() InputStream compliant (issue, commit).

Future work

To see what we're working towards, check our project roadmap.

Getting started

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.11.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.11.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.11.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/releases/download/v1.11.0/tink-java-1.11.0.zip"],
    strip_prefix = "tink-java-1.11.0",
    sha256 = "2bd264c2f0c474c77e2d1e04c627398e963b7a6d0164cfb743ab60a59ab998bd",
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.10.0: Tink Java 1.10.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.10.0

What is new?

The complete list of changes since 1.9.0 can be found here.

New Features:

• Added Key Derivation
• KeysetHandle#equalsKeyset can now be used to compare keysets
• Added Key classes: JwtEcdsaPrivateKey, JwtEcdsaPublicKey, RsaSsaPssPrivateKey, RsaSsaPssPublicKey.
• Added RawJwt.getJsonPayload.
• Restrict KMS Envelope AEAD DEK key type to only Tink AEAD key types.
• Use Conscrypt as source of randomness if possible.

Potentially breaking changes:

While we aim to be backwards compatible in minor releases, we removed some APIs that were not meant to be public and/or that we are confident are not widely used. If you are impacted by any of these, please file an issue.

• Removed PrivilegedRegistry.parseKeyData -- this was never meant to be in the public API.

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.10.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.10.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.10.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.10.0.zip"],
    strip_prefix = "tink-java-1.10.0",
    sha256 = ...
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

v1.9.0: Tink Java 1.9.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.9.0

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.9.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.9.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.9.0",

##### ... other dependencies ...
    ],
    repositories = [
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

• https://github.com/tink-crypto/tink-java-awskms
• https://github.com/tink-crypto/tink-java-gcpkms

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.9.0.zip"],
    strip_prefix = "tink-java-1.9.0",
    sha256 = "9735df7992df73d1518661ac6cf8918fa4693673adaaf0bdee253c24c521c832",
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

##### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

The complete list of changes since 1.8.0 can be found here.

• Removed deprecation of some APIs
• Minor refactorings/code improvements
• Added new key/parameter interfaces for StreamingAead, DeterministicAead, HmacPrf and JwtMac
• Added new key/parameter/serialization classes:
  • AesGcmHkdfStreaming
  • AesCtrHmacAead
  • AesCtrHmacStreaming
  • AesCmacPrf
  • Ed25519
  • RsaSsaPkcs1
  • AesSiv
  • JwtHmac
• Add Refaster (https://errorprone.info/docs/refaster) templates to easily migrate away from deprecated APIs
• Improved performance of AesGcmSiv (commit)
• Fixed Maven dependency issues:
  • https://github.com/tink-crypto/tink-java/issues/4: Removed androidx.annotations from com.google.crypto.tink:tink (commit); as a result, com.google.crypto.tink:tink has only dependencies from Maven Central.
  • https://github.com/tink-crypto/tink-java/issues/7: Add missing dependencies to com.google.crypto.tink:tink-android’s POM file (commit).
• Upgraded dependencies:
  • com.google.code.gson:gson:2.10.1
  • com.google.errorprone:error_prone_annotations:2.18
  • com.google.http-client:google-http-client:1.43.1
  • com.google.http-client:google-http-client-gson:1.43.1
  • joda-time:joda-time:2.12.5
  • junit:junit:4.13.2
  • androidx.annotation:annotation:1.5.0

To see what we're working towards, check our project roadmap.

v1.8.0: Tink Java 1.8.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.8.0

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.8.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.8.0'
}

Bazel:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

load("@​rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@​rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@​rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.8.0",

### ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Alternatively, one can build Tink from source, and include it with http_archive:

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

load("@​tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@​tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

WARNING: When building from source users that require KMS extensions as well must now explicitly include them, since they are published in separate repositories:

• https://github.com/tink-crypto/tink-java-awskms
• https://github.com/tink-crypto/tink-java-gcpkms

For example, to use tink-java-gcpkms your WORKSPACE file becomes as follows (analogously for tink-java-awskms):

http_archive(
    name = "com_github_tink_crypto_tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/refs/tags/v1.8.0.zip"],
    strip_prefix = "tink-java-1.8.0",
    sha256 = "cff458ea60897f7a5edc91d1eb9c58c650c2fd3206d94672f29c950b94398a49"
)

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/archive/refs/tags/v<SOME_RELEASE>.zip"],
    strip_prefix = "tink-java-gcpkms-<SOME_RELEASE>",
    sha256 = ...
)

load("@&#8203;tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@&#8203;tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

load("@&#8203;tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

### ...

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS +
      TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + # ... other dependencies ...
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Dependencies to targets in //src/main/java/com/google/crypto/tink/integration/gcpkms now are located in @tink_java_gcpkms.

What's new

This is the first release from https://github.com/tink-crypto/tink-java.

The complete list of changes since 1.7.0 can be found here.

• Changed the tink-java POM file as follows:
  • Added missing dependency on androidx.annotation.annotation.
  • Only direct dependencies are listed.
  • Updated SCM details to point to github.com/tink-crypto/tink-java.
• Upgraded to Bazel 6.0.
• The ChunkedMac primitive can now be used, available implementations are AesCmac and Hmac.
• Added new API to read and write keysets: TinkProtoKeysetFormat and TinkJsonProtoKeysetFormat.
• JSON parsing now rejects duplicated map entries.
  • See this and this commits.
• Fixed two race conditions in com.google.crypto.tink.integration.android. Also improved the exceptions raised.
• ECDSA keys are now serialized using fixed size byte arrays.
• Tink will prefer Conscrypt as a JCE provider for ECDSA if available.
• Changes to PrimitiveSet API. Please note that the use of this class is discouraged and should be omitted when possible.
  • For the relevant changes see commit.
• (Only relevant if you use or maintain a custom Wrapper class) Registering a wrapper in Registry now requires that the object being registered is always the same. See examples here and here.
• Upgraded dependencies:
  • Protobuf to X.21.9 443baab.
  • com.google.errorprone:error_prone_annotations to 2.16.
  • google.http-client:google-http-client to 1.42.3.
  • com.google.api-client:google-api-client to 2.2.0.
  • com.google.code.gson:gson to 2.10.

To see what we're working towards, check our project roadmap.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.