build(deps): bump aws-lc-rs from 1.16.2 to 1.16.3

[dependabot]

Bumps aws-lc-rs from 1.16.2 to 1.16.3.

Release notes

Sourced from aws-lc-rs's releases.

aws-lc-rs v1.16.3

What's Changed

• Key length validation in UnboundCipherKey::new() now enforced at runtime by @​justsmth in aws/aws-lc-rs#1092
  • The documented error on key length mismatch was never actually checked. Streaming cipher constructors also relied on debug_assert_eq! which gets stripped in release builds — these are now runtime checks.
• Support MSAN and TSAN sanitizer builds via AWS_LC_SYS_SANITIZER environment variable by @​justsmth in aws/aws-lc-rs#1100
  • Accepts asan, msan, or tsan. The existing asan feature flag continues to work.

Build Improvements

• Follow symlinks when classifying include directory entries by @​cmtm in aws/aws-lc-rs#1071
  • Fixes builds under Bazel (and other build systems) where source files in CARGO_MANIFEST_DIR are symlinks into a content-addressable store.
• Improve clang-cl discovery for Windows ARM64 builds by @​justsmth in aws/aws-lc-rs#1060
  • The build script now discovers clang-cl inside Visual Studio installations rather than requiring it on PATH.
• Fix Windows ARM64 FIPS build: pass correct architecture to vcvarsall.bat by @​justsmth in aws/aws-lc-rs#1075
• Strip LTO flags from CFLAGS for FIPS builds by @​skmcgrail in aws/aws-lc-rs#1087
  • Build environments like RPM mock chroots (e.g. AL2023) that export -flto=auto in CFLAGS would break the FIPS delocator pipeline.
• MSVC: Fix builtin swap intrinsic check to avoid link-time failures by @​walter-zeromatter in aws/aws-lc-rs#1086
• MSVC: Add jitterentropy src subdirectory to include search path by @​walter-zeromatter in aws/aws-lc-rs#1085
• MSVC: Use 8.3 short paths on Windows to avoid MAX_PATH limits by @​walter-zeromatter in aws/aws-lc-rs#1081

Issues Being Closed

• Clarify that build needs to run from VS Developer shell for Windows builds -- aws/aws-lc-rs#1056
• Add MSAN (MemorySanitizer) support, matching existing ASAN support -- aws/aws-lc-rs#1077
• aws-lc-sys fails to compile on iOS arm64 with Clang 15.0.7: undeclared ioctl in urandom.c -- aws/aws-lc-rs#1068

Other Merged PRs

• Prepare aws-lc-sys v0.39.1 by @​justsmth in aws/aws-lc-rs#1080
• Bump aws-lc-fips-sys to v0.13.14 by @​skmcgrail in aws/aws-lc-rs#1088
• CI: Harden artifact workflows and update action versions by @​justsmth in aws/aws-lc-rs#1091
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1096
• Bump actions/setup-go from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1095
• Bump codecov/codecov-action from 4 to 6 by @​dependabot[bot] in aws/aws-lc-rs#1094
• Prepare aws-lc-rs v1.16.3 by @​justsmth in aws/aws-lc-rs#1098
• Prepare aws-lc-sys v0.40.0 by @​justsmth in aws/aws-lc-rs#1099

New Contributors

• @​cmtm made their first contribution in aws/aws-lc-rs#1071
• @​walter-zeromatter made their first contribution in aws/aws-lc-rs#1086

Full Changelog: aws/aws-lc-rs@v1.16.2...v1.16.3

Commits

• f75bae5 Support MSAN and TSAN sanitizer builds via environment variable (#1100)
• 64677e8 Improve clang-cl discovery for Windows ARM64 builds (#1060)
• e2e3e15 Prepare aws-lc-sys v0.40.0 (#1099)
• e0ec100 Prepare aws-lc-rs v1.16.3 (#1098)
• 46ed951 MSVC Fix: use 8.3 short paths on Windows to avoid MAX_PATH limits in building...
• 27c4cca Add jitterentropy src subdirectory to include search path (#1085)
• 6b30158 MSVC Fix: Improve bad intrinsic check on msvc (#1086)
• 5a3f9ca Bump codecov/codecov-action from 4 to 6 (#1094)
• 6a7b379 Bump actions/setup-go from 4 to 6 (#1095)
• f7cb890 Bump actions/checkout from 4 to 6 (#1096)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)