chore(deps): bump sha2 from 0.10.9 to 0.11.0#349
chore(deps): bump sha2 from 0.10.9 to 0.11.0#349dependabot[bot] wants to merge 3 commits intomainfrom
Conversation
Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.10.9 to 0.11.0. - [Commits](RustCrypto/hashes@sha2-v0.10.9...sha2-v0.11.0) --- updated-dependencies: - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
There was a problem hiding this comment.
Pull request overview
This PR updates the Rust workspace’s cryptographic hashing dependency by bumping sha2 from 0.10.x to 0.11.x, along with the resulting Cargo.lock resolution updates.
Changes:
- Bump
sha2workspace dependency from0.10to0.11. - Update
Cargo.lockto include the newsha2(and itsdigest/crypto-common/cpufeatures) dependency graph.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| Cargo.toml | Updates the workspace sha2 version requirement to 0.11. |
| Cargo.lock | Updates resolved dependency versions, adding sha2 0.11.0 and digest 0.11.x alongside existing digest 0.10.x users. |
Cargo.toml
Outdated
| anyhow = "1.0" | ||
| base64 = "0.22" | ||
| sha2 = "0.10" | ||
| sha2 = "0.11" |
There was a problem hiding this comment.
Bumping sha2 to 0.11 pulls in digest 0.11, but this workspace still uses pbkdf2 0.12 / hmac 0.12 which depend on digest 0.10 (see Cargo.lock). pluresdb-sea calls pbkdf2_hmac::<sha2::Sha256>(...), which will fail to compile when Sha256 comes from sha2 0.11 due to the digest trait version mismatch. Either keep sha2 on 0.10 for now, or bump pbkdf2/hmac (and any other digest-0.10 users) to versions compatible with digest 0.11, or use dependency renaming to keep a sha2 0.10 instance specifically for PBKDF2 use.
| sha2 = "0.11" | |
| sha2 = "0.10" |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps sha2 from 0.10.9 to 0.11.0.
Commits
ffe0939Release sha2 0.11.0 (#806)8991b65Use the standard order of the[package]section fields (#807)3d2bc57sha2: refactor backends (#802)faa55fbsha3: bumpkeccakto v0.2 (#803)d3e6489sha3 v0.11.0-rc.9 (#801)bbf6f51sha2: tweak backend docs (#800)155dbbfsha3: add default value for theDSgeneric parameter onTurboShake128/256...ed514f2Use published version ofkeccakv0.2 (#799)702bcd8Migrate to closure-basedkeccak(#796)827c043sha3 v0.11.0-rc.8 (#794)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)