deps(deps): bump the crypto-stack group with 4 updates#41
deps(deps): bump the crypto-stack group with 4 updates#41dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the crypto-stack group with 4 updates: [blake3](https://github.com/BLAKE3-team/BLAKE3), [aes](https://github.com/RustCrypto/block-ciphers), [cipher](https://github.com/RustCrypto/traits) and [sha2](https://github.com/RustCrypto/hashes). Updates `blake3` from 1.8.3 to 1.8.5 - [Release notes](https://github.com/BLAKE3-team/BLAKE3/releases) - [Commits](BLAKE3-team/BLAKE3@1.8.3...1.8.5) Updates `aes` from 0.8.4 to 0.9.0 - [Commits](RustCrypto/block-ciphers@aes-v0.8.4...aes-v0.9.0) Updates `cipher` from 0.4.4 to 0.5.1 - [Commits](RustCrypto/traits@cipher-v0.4.4...cipher-v0.5.1) Updates `sha2` from 0.10.9 to 0.11.0 - [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0) --- updated-dependencies: - dependency-name: blake3 dependency-version: 1.8.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: crypto-stack - dependency-name: aes dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto-stack - dependency-name: cipher dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto-stack - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crypto-stack ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
🤖 Augment PR SummarySummary: This PR updates the workspace crypto dependency set via a Dependabot group bump. Changes:
Technical Notes: The major bumps (aes/cipher/sha2) may require ecosystem version alignment (e.g., shared trait crates like 🤖 Was this summary useful? React with 👍 or 👎 |
| aes = { version = "=0.8.4" } # 2025-11-03 sw: AES-NI optimized, matches Phase3 design | ||
| cipher = { version = "=0.4.4" } # 2025-11-03 sw: trait glue for AES/Poly1305 stack | ||
| aes = { version = "=0.9.0" } # 2025-11-03 sw: AES-NI optimized, matches Phase3 design | ||
| cipher = { version = "=0.5.1" } # 2025-11-03 sw: trait glue for AES/Poly1305 stack |
There was a problem hiding this comment.
cipher was bumped across a major version; please double-check crates/encryption/src/xts.rs (Xts128::<Aes256> + KeyInit) is still using the same cipher trait version that xts-mode is built against. If xts-mode and aes end up pulling different cipher major versions, Aes256 may no longer satisfy xts-mode’s trait bounds and break encryption/decryption.
Severity: high
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
| subtle = { version = "=2.6.1" } # 2025-11-03 sw: constant-time comparisons for key/tweak handling | ||
| hmac = { version = "=0.12.1" } # 2025-11-04 sw: HKDF based on HMAC-SHA256 for key derivation | ||
| sha2 = { version = "=0.10.9" } # 2025-11-04 sw: Hash core for HKDF extractor | ||
| sha2 = { version = "=0.11.0" } # 2025-11-04 sw: Hash core for HKDF extractor |
There was a problem hiding this comment.
Bumping sha2 to 0.11 likely moves it onto the digest 0.11 trait stack, while hmac remains pinned to 0.12.1; please verify Hmac<Sha256> in crates/encryption/src/keymanager.rs still typechecks with a single digest version. A digest major-version split in the dependency graph commonly causes hard-to-diagnose trait/type incompatibilities in KDF codepaths.
Severity: high
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
|
This PR has merge conflicts. Please rebase on the latest |
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Bumps the crypto-stack group with 4 updates: blake3, aes, cipher and sha2.
Updates
blake3from 1.8.3 to 1.8.5Release notes
Sourced from blake3's releases.
Commits
93a431cversion 1.8.5299b1e2fix LTO builds by disabling LTO6a45feeadd LTO builds to CI15e83a5c: Use correct SIMD flags when compiling with Clang-Cl (#549)2e3727dcargo fmteverywhereb97a24fversion 1.8.40ebe469update to new rustcrypto trait releasesd4b005awasm32_simd: use i8x16_shuffle for rot8 and rot166eebbbdfix a struct size mismatch in testsfb1411ec: use SIZE_MAX instead of -1 for size_t sentinels, add <stdint.h>Updates
aesfrom 0.8.4 to 0.9.0Commits
001e740Adopt Trusted Publishing (#552)d908618Release aes v0.9.0 (#539)b612904aes: removezeroize_workstest (#551)042fa86Update Cargo.lock (#547)7290b2bci: use Dependabot to update Cargo.lock (#546)d1910c1ci: bump actions/checkout to v6 (#545)1120a51Bump Clippy to 1.94 and fixclippy::manual_rotate(#544)d52b5b6aes: remove weak key test entry from changelog (#543)6531730aes: replaceaes_compactconfiguration flag with `aes_backend_soft="compact...f102c4faes: consolidate backend configuration underaes_backend(#541)Updates
cipherfrom 0.4.4 to 0.5.1Commits
3044082crypto-common: removeBlockSizestrait (#2309)e42238delliptic-curve: enable and fix workspace-level lints (#2308)f239f73aead: remove lints fromlib.rs(#2307)7c11746build(deps): bump the all-deps group across 1 directory with 8 updates (#2305)d92139eaead: enable and fix workspace-level lints (#2306)593a0eadigest v0.11.0 (#2300)cb66cffelliptic-curve: bumpcrypto-bigintto v0.7.0-rc.27 (#2303)0d0fdbedigest: usedep:forblock-bufferandconst-oid(#2302)c1a51d4digest: replacesubtlewithctutils(#2301)5802c8fdigest v0.11.0-rc.12 (#2299)Updates
sha2from 0.10.9 to 0.11.0Commits
ffe0939Release sha2 0.11.0 (#806)8991b65Use the standard order of the[package]section fields (#807)3d2bc57sha2: refactor backends (#802)faa55fbsha3: bumpkeccakto v0.2 (#803)d3e6489sha3 v0.11.0-rc.9 (#801)bbf6f51sha2: tweak backend docs (#800)155dbbfsha3: add default value for theDSgeneric parameter onTurboShake128/256...ed514f2Use published version ofkeccakv0.2 (#799)702bcd8Migrate to closure-basedkeccak(#796)827c043sha3 v0.11.0-rc.8 (#794)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions