deps: update digest requirement from 0.10 to 0.11#15
Conversation
|
Refreshing CI and auto-merge workflow after repository automation updates. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Updates the requirements on [digest](https://github.com/RustCrypto/traits) to permit the latest version. - [Commits](RustCrypto/traits@digest-v0.10.0...digest-v0.11.2) --- updated-dependencies: - dependency-name: digest dependency-version: 0.11.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/cargo/digest-0.11
branch
from
f57e6ab to
e547faf
Compare
📝 WalkthroughWalkthroughUpdated the optional dependency Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Cargo.toml`:
- Line 82: The tls feature currently enables digest = "0.11" while also enabling
rsa-support, but rsa 0.9.8 depends on digest ^0.10.5, causing an unresolved
Cargo version conflict; fix by either pinning the digest dependency to a 0.10
series (e.g., change digest = { version = "0.11", optional = true } to digest =
{ version = "0.10", optional = true }) so it matches rsa's requirement, or
remove "rsa-support" from the "tls" feature definition so tls no longer
activates the rsa-dependent path (adjust the "tls" feature entry accordingly).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| p384 = { version = "0.13", default-features = false, features = ["ecdh", "ecdsa", "std", "pkcs8", "pem"], optional = true } | ||
| ecdsa = { version = "0.16", default-features = false, features = ["signing", "verifying", "std", "der"], optional = true } | ||
| digest = { version = "0.10", optional = true } | ||
| digest = { version = "0.11", optional = true } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Changed dependency =="
rg -n '^\s*digest\s*=\s*\{.*version\s*=\s*"[0-9]+\.[0-9]+' Cargo.toml
echo
echo "== Related crypto deps that may pin digest 0.10 transitively =="
rg -n '^\s*(sha2|rsa|hmac|hkdf)\s*=' Cargo.toml
echo
echo "== Source sites that combine sha2 and digest traits =="
rg -n -C3 'sha2::Digest|digest::FixedOutputReset|hmac::digest::Output' src
echo
echo "== If Cargo.lock exists, list resolved digest versions =="
if [ -f Cargo.lock ]; then
awk '
$0 ~ /^\[\[package\]\]$/ {name=""; ver=""}
$0 ~ /^name = "digest"$/ {name="digest"}
$0 ~ /^version = "/ && name=="digest" {print $0}
' Cargo.lock
else
echo "Cargo.lock not present in repository context."
fiRepository: Carabryx/crabgraph
Length of output: 3182
🌐 Web query:
sha2 0.10.9 digest version requirements RustCrypto
💡 Result:
sha2 0.10.9 (RustCrypto) depends on digest = "0.10.7" (also as a dev-dependency), i.e. Cargo will accept digest >= 0.10.7 and < 0.11.0. [1] [2]
🌐 Web query:
digest 0.10 vs 0.11 breaking changes RustCrypto
💡 Result:
Major breaking changes when upgrading digest 0.10 → 0.11 (RustCrypto traits):
generic-arrayreplaced withhybrid-array(affectsOutput/array types you get fromfinalize(), etc.). [1]- MSRV + edition bump: crate moved to Rust 2024 edition and MSRV is now 1.85. [1]
digest::core_apirenamed todigest::block_api(update imports/feature gates accordingly). [1]- Wrapper/type renames & removals:
CtVariableCoreWrapper→CtOutWrapper, andCtOutWrapperno longer has an OID type parameter. [1]- Removed:
CoreWrapper,RtVariableCoreWrapper,XofReaderCoreWrapper. [1]
- MAC API removals: removed
Mac::new,Mac::new_from_slice, andMac::generate_key. [1] - IO impls removed:
io::Write/io::Readimpls removed; usedigest_io::IoWrapperinstead. [1] - Trait removal: removed
VariableOutputtrait. [1] - Constant-time / deps changes:
subtlereplaced withctutils. [1]- Removed
subtle::ConstantTimeEqimpl forCtOutput(butPartialEq/Eqremain constant-time per changelog note). [1]
- Re-export moved:
crypto-commonre-export moved todigest::common. [1]
Source: digest crate CHANGELOG.md for 0.11.0. [1]
🌐 Web query:
rsa 0.9.8 hmac 0.12.1 hkdf 0.12.4 digest version compatibility
💡 Result:
For the RustCrypto crates you listed, the shared digest-crate compatibility is:
rsa 0.9.8depends ondigest ^0.10.5(i.e.,0.10.5 .. <0.11.0). [1]hmac 0.12.1depends ondigest ^0.10.3(i.e.,0.10.3 .. <0.11.0). [2]hkdf 0.12.4depends onhmac 0.12.1(and therefore ondigest 0.10.xviahmac). [3]
So, rsa 0.9.8 + hmac 0.12.1 + hkdf 0.12.4 are mutually compatible as long as you use digest 0.10.x (e.g., digest 0.10.7). They are not compatible with digest 0.11.x without upgrading the crates that require digest <0.11. [1][2]
Sources:
[1] rsa 0.9.8 dependencies on Deps.rs (shows digest ^0.10.5) (deps.rs)
[2] hmac 0.12.1 dependencies on Deps.rs (shows digest ^0.10.3) (deps.rs)
[3] hkdf 0.12.4 Cargo.toml on Docs.rs (shows dependency on hmac 0.12.1) (docs.rs)
Citations:
- 1: https://deps.rs/crate/rsa/0.9.8
- 2: https://deps.rs/crate/hmac/0.12.1
- 3: https://docs.rs/crate/hkdf/0.12.4/source/Cargo.toml
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Feature definitions in Cargo.toml =="
rg -A 10 '^\[features\]' Cargo.toml
echo
echo "== TLS feature definition (what it enables) =="
rg -n 'tls\s*=' Cargo.toml
echo
echo "== Check if digest feature exists and its definition =="
rg -n '^\s*digest\s*=' Cargo.toml | grep -v 'dependencies\|version'
echo
echo "== Inspect RSA feature definition =="
rg -n 'rsa-support\|rsa' Cargo.toml | head -20Repository: Carabryx/crabgraph
Length of output: 780
tls feature will fail to build due to incompatible digest versions
The tls feature (line 121) enables both dep:digest (0.11) and rsa-support, but rsa 0.9.8 requires digest ^0.10.5 (< 0.11). This creates an unresolvable version conflict that Cargo cannot satisfy. Users enabling tls will encounter a build failure.
Either keep digest on 0.10 until the RustCrypto stack is upgraded together, or remove rsa-support from the tls feature definition.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@Cargo.toml` at line 82, The tls feature currently enables digest = "0.11"
while also enabling rsa-support, but rsa 0.9.8 depends on digest ^0.10.5,
causing an unresolved Cargo version conflict; fix by either pinning the digest
dependency to a 0.10 series (e.g., change digest = { version = "0.11", optional
= true } to digest = { version = "0.10", optional = true }) so it matches rsa's
requirement, or remove "rsa-support" from the "tls" feature definition so tls no
longer activates the rsa-dependent path (adjust the "tls" feature entry
accordingly).
1 participant
Updates the requirements on digest to permit the latest version.
Commits
2465f98digest: bump version to v0.11.2 (#2343)a87b567Releasedigestv0.11.2 (#2342)84476d3digest: removeClonefromMacTraits(#2341)6954eabelliptic-curve v0.14.0-rc.29 (#2340)a250cbdelliptic-curve: bumpsec1to v0.8 (#2339)01b44a6password-hash v0.6.0 (#2338)866ef69password-hash: addError::RngFailure(#2337)4c2365ebuild(deps): bump the all-deps group with 4 updates (#2335)ae7d4bepassword-hash: rustdoc fixups (#2336)35e0e9apassword-hash: removeMcfHashertrait (#2334)Summary by CodeRabbit