fix(deps): revert hmac to 0.12 to repair broken build#9
Closed
YellowSnnowmann wants to merge 1 commit into
Closed
Conversation
The dependabot bump to hmac 0.13 (PR tinyhumansai#4) requires digest 0.11, but the sha2/sha1 hashes remain on 0.10 (digest 0.10), so Hmac<Sha256>/Hmac<Sha1> no longer satisfy their trait bounds and every call site still uses the 0.12 new_from_slice API. This left main red (CI failure on the current HEAD) and unbuildable at relay/auth.rs, providers/linq.rs, and providers/yuanbao/{sign,cos}.rs. Revert to hmac 0.12 to match the hash stack the code targets and prune the orphaned 0.13 entry from the lockfile. Moving the whole SHA stack to digest 0.11 is left as a separate coordinated bump.
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Comment |
Author
|
Superseded by the combined finishing-slices PR (all five commits, G0 first). Closing in favor of that one per reviewer preference to review the batch together. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The dependabot bump of
hmacfrom 0.12.1 to 0.13.0 (PR #4) leftmainred.hmac 0.13depends ondigest 0.11, but the hash crates in this workspace arestill on the
digest 0.10line (sha2 0.10,sha1 0.10), soHmac<Sha256>/Hmac<Sha1>no longer satisfy their trait bounds, and every call site stilluses the 0.12
new_from_sliceAPI. The build failed atrelay/auth.rs,providers/linq.rs, andproviders/yuanbao/{sign,cos}.rs; CI on the currentmainHEAD is failing.This reverts
hmacto0.12— the version the code was written against — andprunes the orphaned
hmac 0.13.0entry from the lockfile. Moving the whole SHAstack onto
digest 0.11(hmac 0.13+sha2 0.11+sha1 0.11) is a larger,coordinated bump left for a follow-up.
API Or Behavior Changes
None. Dependency-only change; no public API or runtime behavior is affected.
Tests
Run locally with
cargo +1.96.1(1.96 is required bylibsqlite3-sys 0.38):cargo fmt --checkcargo clippy --all-targets -- -D warningscargo clippy --all-targets --all-features -- -D warningscargo build --all-targetscargo build --all-targets --all-featurescargo test(943 passed)cargo test --all-featuresDocumentation
No docs needed — the change is a dependency revert. The broader migration
current-state has been refreshed separately (see the migration remaining-work
plan doc, landing in its own PR).