From 7803147c2caa8e4dd478f8db177bf16518912242 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Apr 2026 14:14:33 +0000
Subject: [PATCH 1/2] build(deps): bump sha2 from 0.10.9 to 0.11.0

Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.10.9 to 0.11.0.
- [Commits](https://github.com/RustCrypto/hashes/compare/sha2-v0.10.9...sha2-v0.11.0)

---
updated-dependencies:
- dependency-name: sha2
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock                  | 58 ++++++++++++++++++++++++++++++++-----
 bin/all-o-stasis/Cargo.toml |  2 +-
 2 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 9463039..2161c47 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -281,6 +281,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "block-buffer"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be"
+dependencies = [
+ "hybrid-array",
+]
+
 [[package]]
 name = "built"
 version = "0.8.0"
@@ -368,6 +377,12 @@ version = "0.4.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75984efb6ed102a0d42db99afb6c1948f0380d1d91808d5529916e6c08b49d8d"
 
+[[package]]
+name = "const-oid"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
+
 [[package]]
 name = "convert_case"
 version = "0.8.0"
@@ -451,6 +466,15 @@ dependencies = [
  "typenum",
 ]
 
+[[package]]
+name = "crypto-common"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710"
+dependencies = [
+ "hybrid-array",
+]
+
 [[package]]
 name = "data-encoding"
 version = "2.10.0"
@@ -483,8 +507,19 @@ version = "0.10.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
- "block-buffer",
- "crypto-common",
+ "block-buffer 0.10.4",
+ "crypto-common 0.1.7",
+]
+
+[[package]]
+name = "digest"
+version = "0.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c"
+dependencies = [
+ "block-buffer 0.12.0",
+ "const-oid",
+ "crypto-common 0.2.1",
 ]
 
 [[package]]
@@ -931,6 +966,15 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
+[[package]]
+name = "hybrid-array"
+version = "0.4.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214"
+dependencies = [
+ "typenum",
+]
+
 [[package]]
 name = "hyper"
 version = "1.9.0"
@@ -2240,18 +2284,18 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
  "cfg-if",
  "cpufeatures 0.2.17",
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
 name = "sha2"
-version = "0.10.9"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4"
 dependencies = [
  "cfg-if",
- "cpufeatures 0.2.17",
- "digest",
+ "cpufeatures 0.3.0",
+ "digest 0.11.2",
 ]
 
 [[package]]
diff --git a/bin/all-o-stasis/Cargo.toml b/bin/all-o-stasis/Cargo.toml
index e583c42..5d3134e 100644
--- a/bin/all-o-stasis/Cargo.toml
+++ b/bin/all-o-stasis/Cargo.toml
@@ -16,7 +16,7 @@ rand = "0.10.0"
 reqwest = { version = "0.12", features = ["blocking", "json"] }
 serde = { version = "1.0.189", features = ["derive"] }
 serde_json = "1.0.117"
-sha2 = "0.10.8"
+sha2 = "0.11.0"
 tokio = { version = "1.33.0", features = ["full", "macros", "rt-multi-thread"] }
 tower-http = { version = "0.6", features = ["cors"] }
 tracing = "0.1.39"

From a3be14d0addbf8e9ab2ad718f34bf8f5ac033e46 Mon Sep 17 00:00:00 2001
From: Yves Ineichen <iff@yvesineichen.com>
Date: Wed, 8 Apr 2026 16:23:38 +0200
Subject: [PATCH 2/2] sha: add hex for encoding

---
 Cargo.lock                                | 1 +
 bin/all-o-stasis/Cargo.toml               | 1 +
 bin/all-o-stasis/src/routes/collection.rs | 3 ++-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2161c47..e2fffc5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -28,6 +28,7 @@ dependencies = [
  "cookie",
  "firestore",
  "futures",
+ "hex",
  "otp",
  "rand 0.10.0",
  "reqwest",
diff --git a/bin/all-o-stasis/Cargo.toml b/bin/all-o-stasis/Cargo.toml
index 5d3134e..977d02e 100644
--- a/bin/all-o-stasis/Cargo.toml
+++ b/bin/all-o-stasis/Cargo.toml
@@ -16,6 +16,7 @@ rand = "0.10.0"
 reqwest = { version = "0.12", features = ["blocking", "json"] }
 serde = { version = "1.0.189", features = ["derive"] }
 serde_json = "1.0.117"
+hex = "0.4"
 sha2 = "0.11.0"
 tokio = { version = "1.33.0", features = ["full", "macros", "rt-multi-thread"] }
 tower-http = { version = "0.6", features = ["cors"] }
diff --git a/bin/all-o-stasis/src/routes/collection.rs b/bin/all-o-stasis/src/routes/collection.rs
index a0e0924..b9abd33 100644
--- a/bin/all-o-stasis/src/routes/collection.rs
+++ b/bin/all-o-stasis/src/routes/collection.rs
@@ -55,7 +55,8 @@ async fn public_profile(
 
     let mut hashed_email = Sha256::new();
     hashed_email.update(account.email.trim());
-    let avatar = format!("https://gravatar.com/avatar/{:x}", hashed_email.finalize());
+    let sha = hashed_email.finalize();
+    let avatar = format!("https://gravatar.com/avatar/{}", hex::encode(sha));
 
     Ok(Json(PublicProfile {
         name,