Skip to content

fix(deps): revert hmac to 0.12 to repair broken build#9

Closed
YellowSnnowmann wants to merge 1 commit into
tinyhumansai:mainfrom
YellowSnnowmann:fix/hmac-crypto-stack
Closed

fix(deps): revert hmac to 0.12 to repair broken build#9
YellowSnnowmann wants to merge 1 commit into
tinyhumansai:mainfrom
YellowSnnowmann:fix/hmac-crypto-stack

Conversation

@YellowSnnowmann

Copy link
Copy Markdown

Summary

The dependabot bump of hmac from 0.12.1 to 0.13.0 (PR #4) left main red.
hmac 0.13 depends on digest 0.11, but the hash crates in this workspace are
still on the digest 0.10 line (sha2 0.10, sha1 0.10), so Hmac<Sha256> /
Hmac<Sha1> no longer satisfy their trait bounds, and every call site still
uses the 0.12 new_from_slice API. The build failed at relay/auth.rs,
providers/linq.rs, and providers/yuanbao/{sign,cos}.rs; CI on the current
main HEAD is failing.

This reverts hmac to 0.12 — the version the code was written against — and
prunes the orphaned hmac 0.13.0 entry from the lockfile. Moving the whole SHA
stack onto digest 0.11 (hmac 0.13 + sha2 0.11 + sha1 0.11) is a larger,
coordinated bump left for a follow-up.

API Or Behavior Changes

None. Dependency-only change; no public API or runtime behavior is affected.

Tests

Run locally with cargo +1.96.1 (1.96 is required by libsqlite3-sys 0.38):

  • cargo fmt --check
  • cargo clippy --all-targets -- -D warnings
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo build --all-targets
  • cargo build --all-targets --all-features
  • cargo test (943 passed)
  • cargo test --all-features

Documentation

No docs needed — the change is a dependency revert. The broader migration
current-state has been refreshed separately (see the migration remaining-work
plan doc, landing in its own PR).

The dependabot bump to hmac 0.13 (PR tinyhumansai#4) requires digest 0.11, but the
sha2/sha1 hashes remain on 0.10 (digest 0.10), so Hmac<Sha256>/Hmac<Sha1>
no longer satisfy their trait bounds and every call site still uses the
0.12 new_from_slice API. This left main red (CI failure on the current
HEAD) and unbuildable at relay/auth.rs, providers/linq.rs, and
providers/yuanbao/{sign,cos}.rs.

Revert to hmac 0.12 to match the hash stack the code targets and prune the
orphaned 0.13 entry from the lockfile. Moving the whole SHA stack to
digest 0.11 is left as a separate coordinated bump.
@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cdd55ec0-1a80-4f56-abc6-0ee7acb4880d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands.

@YellowSnnowmann

Copy link
Copy Markdown
Author

Superseded by the combined finishing-slices PR (all five commits, G0 first). Closing in favor of that one per reviewer preference to review the batch together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant