Skip to content

deps(deps): bump the crypto-stack group with 4 updates#41

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/crypto-stack-2239c804f5
Closed

deps(deps): bump the crypto-stack group with 4 updates#41
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/crypto-stack-2239c804f5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the crypto-stack group with 4 updates: blake3, aes, cipher and sha2.

Updates blake3 from 1.8.3 to 1.8.5

Release notes

Sourced from blake3's releases.

1.8.5

version 1.8.5

Changes since 1.8.4:

  • Forcibly disable LTO when compiling C intrinsics from the Rust build. This fixes a build break on Arch Linux ARM: BLAKE3-team/BLAKE3#550

1.8.4

version 1.8.4

Changes since 1.8.3:

  • Updated the digest dependency from v0.10 to v0.11. THIS IS A POTENTIALLY BREAKING CHANGE for callers using the traits-preview Cargo feature. But this is not considered a breaking change for the blake3 crate itself; see the docs for traits-preview.
  • Performance for WASM SIMD targets is improved by ~20% when the wasm32_simd feature is enabled. Contributed by @​lamb356.
Commits
  • 93a431c version 1.8.5
  • 299b1e2 fix LTO builds by disabling LTO
  • 6a45fee add LTO builds to CI
  • 15e83a5 c: Use correct SIMD flags when compiling with Clang-Cl (#549)
  • 2e3727d cargo fmt everywhere
  • b97a24f version 1.8.4
  • 0ebe469 update to new rustcrypto trait releases
  • d4b005a wasm32_simd: use i8x16_shuffle for rot8 and rot16
  • 6eebbbd fix a struct size mismatch in tests
  • fb1411e c: use SIZE_MAX instead of -1 for size_t sentinels, add <stdint.h>
  • See full diff in compare view

Updates aes from 0.8.4 to 0.9.0

Commits

Updates cipher from 0.4.4 to 0.5.1

Commits

Updates sha2 from 0.10.9 to 0.11.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the crypto-stack group with 4 updates: [blake3](https://github.com/BLAKE3-team/BLAKE3), [aes](https://github.com/RustCrypto/block-ciphers), [cipher](https://github.com/RustCrypto/traits) and [sha2](https://github.com/RustCrypto/hashes).


Updates `blake3` from 1.8.3 to 1.8.5
- [Release notes](https://github.com/BLAKE3-team/BLAKE3/releases)
- [Commits](BLAKE3-team/BLAKE3@1.8.3...1.8.5)

Updates `aes` from 0.8.4 to 0.9.0
- [Commits](RustCrypto/block-ciphers@aes-v0.8.4...aes-v0.9.0)

Updates `cipher` from 0.4.4 to 0.5.1
- [Commits](RustCrypto/traits@cipher-v0.4.4...cipher-v0.5.1)

Updates `sha2` from 0.10.9 to 0.11.0
- [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0)

---
updated-dependencies:
- dependency-name: blake3
  dependency-version: 1.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crypto-stack
- dependency-name: aes
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crypto-stack
- dependency-name: cipher
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crypto-stack
- dependency-name: sha2
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crypto-stack
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from saworbit as a code owner April 27, 2026 03:12
@github-actions github-actions Bot added the build label Apr 27, 2026
@augmentcode

augmentcode Bot commented Apr 27, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: This PR updates the workspace crypto dependency set via a Dependabot group bump.

Changes:

  • Upgraded blake3 from 1.8.3 → 1.8.5
  • Upgraded aes from 0.8.4 → 0.9.0 (major)
  • Upgraded cipher from 0.4.4 → 0.5.1 (major)
  • Upgraded sha2 from 0.10.9 → 0.11.0 (major)

Technical Notes: The major bumps (aes/cipher/sha2) may require ecosystem version alignment (e.g., shared trait crates like cipher/digest) to keep the encryption + KDF modules compiling and behaving consistently.

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 2 suggestions posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

Comment thread Cargo.toml
aes = { version = "=0.8.4" } # 2025-11-03 sw: AES-NI optimized, matches Phase3 design
cipher = { version = "=0.4.4" } # 2025-11-03 sw: trait glue for AES/Poly1305 stack
aes = { version = "=0.9.0" } # 2025-11-03 sw: AES-NI optimized, matches Phase3 design
cipher = { version = "=0.5.1" } # 2025-11-03 sw: trait glue for AES/Poly1305 stack

@augmentcode augmentcode Bot Apr 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cipher was bumped across a major version; please double-check crates/encryption/src/xts.rs (Xts128::<Aes256> + KeyInit) is still using the same cipher trait version that xts-mode is built against. If xts-mode and aes end up pulling different cipher major versions, Aes256 may no longer satisfy xts-mode’s trait bounds and break encryption/decryption.

Severity: high

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

Comment thread Cargo.toml
subtle = { version = "=2.6.1" } # 2025-11-03 sw: constant-time comparisons for key/tweak handling
hmac = { version = "=0.12.1" } # 2025-11-04 sw: HKDF based on HMAC-SHA256 for key derivation
sha2 = { version = "=0.10.9" } # 2025-11-04 sw: Hash core for HKDF extractor
sha2 = { version = "=0.11.0" } # 2025-11-04 sw: Hash core for HKDF extractor

@augmentcode augmentcode Bot Apr 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumping sha2 to 0.11 likely moves it onto the digest 0.11 trait stack, while hmac remains pinned to 0.12.1; please verify Hmac<Sha256> in crates/encryption/src/keymanager.rs still typechecks with a single digest version. A digest major-version split in the dependency graph commonly causes hard-to-diagnose trait/type incompatibilities in KDF codepaths.

Severity: high

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

This PR has merge conflicts. Please rebase on the latest main.

@dependabot @github

dependabot Bot commented on behalf of github May 7, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 7, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/crypto-stack-2239c804f5 branch May 7, 2026 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants