From aab7bb5a0021687c53c702ef9f8a5867d6d1d5b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 11:13:48 +0000 Subject: [PATCH 1/2] chore(deps): bump sha2 from 0.10.9 to 0.11.0 Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.10.9 to 0.11.0. - [Commits](https://github.com/RustCrypto/hashes/compare/sha2-v0.10.9...sha2-v0.11.0) --- updated-dependencies: - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Cargo.lock | 115 ++++++++++++++++++++++++++++---------- Cargo.toml | 2 +- crates/exousia/Cargo.toml | 2 +- 3 files changed, 87 insertions(+), 32 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7b6d3172..9d96325a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -477,7 +477,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -489,6 +489,15 @@ dependencies = [ "generic-array 0.14.7", ] +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + [[package]] name = "block-padding" version = "0.3.3" @@ -651,7 +660,7 @@ version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ - "crypto-common", + "crypto-common 0.1.7", "inout", ] @@ -788,6 +797,12 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + [[package]] name = "const_panic" version = "0.2.15" @@ -942,6 +957,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + [[package]] name = "crypto-hash" version = "0.3.4" @@ -963,7 +987,7 @@ dependencies = [ "cfg-if", "cpufeatures 0.2.17", "curve25519-dalek-derive", - "digest", + "digest 0.10.7", "fiat-crypto", "rustc_version", "subtle", @@ -1063,7 +1087,7 @@ version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ - "const-oid", + "const-oid 0.9.6", "pem-rfc7468", "zeroize", ] @@ -1084,12 +1108,23 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", - "const-oid", - "crypto-common", + "block-buffer 0.10.4", + "const-oid 0.9.6", + "crypto-common 0.1.7", "subtle", ] +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer 0.12.0", + "const-oid 0.10.2", + "crypto-common 0.2.1", +] + [[package]] name = "directories" version = "6.0.0" @@ -1163,7 +1198,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", - "digest", + "digest 0.10.7", "elliptic-curve", "rfc6979", "signature", @@ -1189,7 +1224,7 @@ dependencies = [ "curve25519-dalek", "ed25519", "serde", - "sha2", + "sha2 0.10.9", "subtle", "zeroize", ] @@ -1211,7 +1246,7 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", - "digest", + "digest 0.10.7", "ff", "generic-array 0.14.7", "group", @@ -1326,7 +1361,7 @@ dependencies = [ "rand_core 0.6.4", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "snafu", "sqlx", "tokio", @@ -1849,7 +1884,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -1927,6 +1962,15 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "hybrid-array" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8655f91cd07f2b9d0c24137bd650fe69617773435ee5ec83022377777ce65ef1" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" version = "1.8.1" @@ -2390,7 +2434,7 @@ dependencies = [ "rsa", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "signature", "simple_asn1", ] @@ -2798,7 +2842,7 @@ version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47bb1e988e6fb779cf720ad431242d3f03167c1b3f2b1aae7f1a94b2495b36ae" dependencies = [ - "sha2", + "sha2 0.10.9", ] [[package]] @@ -2832,7 +2876,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" dependencies = [ "cfg-if", - "digest", + "digest 0.10.7", ] [[package]] @@ -3334,7 +3378,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3346,7 +3390,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3432,7 +3476,7 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "digest", + "digest 0.10.7", "hmac", ] @@ -4048,8 +4092,8 @@ version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d" dependencies = [ - "const-oid", - "digest", + "const-oid 0.9.6", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-traits", @@ -4455,7 +4499,7 @@ dependencies = [ "js-sys", "lzma-rust2", "ppmd-rust", - "sha2", + "sha2 0.10.9", "wasm-bindgen", ] @@ -4467,7 +4511,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures 0.2.17", - "digest", + "digest 0.10.7", ] [[package]] @@ -4478,7 +4522,18 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", "cpufeatures 0.2.17", - "digest", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", ] [[package]] @@ -4512,7 +4567,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ - "digest", + "digest 0.10.7", "rand_core 0.6.4", ] @@ -4673,7 +4728,7 @@ dependencies = [ "percent-encoding", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "thiserror 2.0.18", "tokio", @@ -4710,7 +4765,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "sqlx-core", "sqlx-mysql", "sqlx-postgres", @@ -4732,7 +4787,7 @@ dependencies = [ "byteorder", "bytes", "crc", - "digest", + "digest 0.10.7", "dotenvy", "either", "futures-channel", @@ -4753,7 +4808,7 @@ dependencies = [ "rsa", "serde", "sha1", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", @@ -4790,7 +4845,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "smallvec", "sqlx-core", "stringprep", @@ -5097,7 +5152,7 @@ dependencies = [ "rustls", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "snafu", "sqlx", "tokio", diff --git a/Cargo.toml b/Cargo.toml index 6d1187d6..9e34a965 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -123,7 +123,7 @@ rcgen = { version = "0.13", features = ["pem"] } mdns-sd = "0.18" # ── Crypto utilities ────────────────────────────────────────────────────────── -sha2 = "0.10" +sha2 = "0.11" base64 = "0.22" rand_core = { version = "0.6", features = ["getrandom"] } diff --git a/crates/exousia/Cargo.toml b/crates/exousia/Cargo.toml index da644fc9..ebcaef17 100644 --- a/crates/exousia/Cargo.toml +++ b/crates/exousia/Cargo.toml @@ -18,7 +18,7 @@ uuid.workspace = true serde.workspace = true serde_json.workspace = true axum.workspace = true -sha2 = "0.10" +sha2 = "0.11" rand_core = { version = "0.6", features = ["getrandom"] } [dev-dependencies] From e76a7579504d8bad5cfcb91291517529ddb06b82 Mon Sep 17 00:00:00 2001 From: Cody Kickertz Date: Mon, 30 Mar 2026 11:07:43 -0500 Subject: [PATCH 2/2] fix: resolve CI failures for PR #134 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update rustls-webpki to 0.103.10 (RUSTSEC-2026-0049) and add cargo-deny skip entries for crypto crate duplicates introduced by the sha2 0.10→0.11 transition (block-buffer, const-oid, crypto-common, digest, sha2). Gate-Passed: kanon --- Cargo.lock | 4 ++-- deny.toml | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9d96325a..4ec4f6c4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4258,9 +4258,9 @@ checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f" [[package]] name = "rustls-webpki" -version = "0.103.9" +version = "0.103.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" +checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" dependencies = [ "ring", "rustls-pki-types", diff --git a/deny.toml b/deny.toml index aa11b5d0..a7684d0f 100644 --- a/deny.toml +++ b/deny.toml @@ -51,13 +51,29 @@ skip = [ { name = "quick-xml", version = "0.37" }, { name = "quick-xml", version = "0.39" }, + # block-buffer: digest 0.10 (transitive) uses 0.10.x; digest 0.11 (sha2 0.11) uses 0.12.x + { name = "block-buffer", version = "0.10" }, + { name = "block-buffer", version = "0.12" }, + # bitflags: kqueue-sys (via notify) requires 1.x; most of the ecosystem uses 2.x { name = "bitflags", version = "1" }, + # crypto-common: digest 0.10 (transitive) uses 0.1.x; digest 0.11 (sha2 0.11) uses 0.2.x + { name = "crypto-common", version = "0.1" }, + { name = "crypto-common", version = "0.2" }, + + # const-oid: der/pkcs crates (via jsonwebtoken) pin 0.9.x; sha2 0.11 transitively pulls 0.10.x + { name = "const-oid", version = "0.9" }, + { name = "const-oid", version = "0.10" }, + # cpufeatures: sha/aes crates pull 0.2.x; chacha20 (via rand 0.10) requires 0.3.x { name = "cpufeatures", version = "0.2" }, { name = "cpufeatures", version = "0.3" }, + # digest: argon2/jsonwebtoken/sqlx still on 0.10.x; sha2 0.11 pulls digest 0.11.x + { name = "digest", version = "0.10" }, + { name = "digest", version = "0.11" }, + # foldhash: hashbrown 0.15 (sqlx) pulls 0.1.x; hashbrown 0.16 (governor/indexmap) pulls 0.2.x { name = "foldhash", version = "0.1" }, { name = "foldhash", version = "0.2" }, @@ -98,6 +114,10 @@ skip = [ { name = "rand_core", version = "0.9" }, { name = "rand_core", version = "0.10" }, + # sha2: transitive deps (sqlx, jsonwebtoken, argon2) still on 0.10.x; direct dep bumped to 0.11.x + { name = "sha2", version = "0.10" }, + { name = "sha2", version = "0.11" }, + # thiserror/thiserror-impl: tokio-socks pins 1.x; most of the ecosystem has moved to 2.x { name = "thiserror", version = "1" }, { name = "thiserror-impl", version = "1" },