Cargo: update ring 0.17.8 -> 0.17.14

[cpu]

Updates the Cargo.lock for *ring* to clear RUSTSEC-2025-0009

I don't believe it to be an issue that affects rustls-ffi in practice because:

1. ring is optional, and not the default crypto provider
2. there's no exposed API surface that would lead to ring::aead::quic usage
3. for ring::aead::{AES_128_GCM, AES_256_GCM}, the TLS protocol limits prevent the volume of data required to hit the panic

[cpu]

I can't see why Dependabot skipped this one 🤔 That might be worth some further debugging.

[djc]

Perhaps we should have a cargo-deny run here, too?

[cpu]

Perhaps we should have a cargo-deny run here, too?

I'm onboard. I think ~only webpki has that today. Probably worth looking at both rustls/rustls and this repo.

[kpcyrd]

FWIW, this is what I use to invoke cargo-deny, takes about 24s in total.

You're very welcome to copy/use/adapt this.

  deny:
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/checkout@v4
      with:
        persist-credentials: false
    - name: Run cargo deny
      run: |
        docker run --rm -v "$PWD:/src" -w /src alpine:edge sh -c '
        set -e
        apk add cargo cargo-deny
        exec cargo deny check
        '

[djc]

I usually use the first-party GitHub Action.