From e342831c2793d1ed1541471feef5629b0522229d Mon Sep 17 00:00:00 2001 From: Peter Tripp Date: Wed, 22 Apr 2026 12:31:29 -0400 Subject: [PATCH 1/2] Update dependencies (2026-04-22) Renovate had some dependencies it couldn't do on it's own and was slow to rebase others. | crate | old | new | | --------- | ---------------- | ---------------- | | toml | 1.0.7+spec-1.1.0 | 1.1.2+spec-1.1.0 | | rand_core | 0.6 | 0.10.1 | | rand | 0.8.5 | 0.10.1 | | sha2 | 0.10.9 | 0.11.0 | | hyper | 1.8.1 | 1.9.0 | | uuid | 1.22.0 | 1.23.1 | | tokio | 1.50.0 | 1.52.1 | --- Cargo.lock | 198 +++++++++++++++++++++++++++++------------ Cargo.toml | 12 +-- v-api/Cargo.toml | 2 +- v-api/src/authn/key.rs | 4 +- v-api/src/authn/mod.rs | 4 +- v-api/src/util.rs | 2 +- 6 files changed, 154 insertions(+), 68 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7b499c46..b6daf0b0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -198,6 +198,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + [[package]] name = "bumpalo" version = "3.20.2" @@ -247,6 +256,17 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" +[[package]] +name = "chacha20" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "rand_core 0.10.1", +] + [[package]] name = "chrono" version = "0.4.44" @@ -330,6 +350,12 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + [[package]] name = "cookie" version = "0.18.1" @@ -375,6 +401,15 @@ dependencies = [ "libc", ] +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + [[package]] name = "crc32c" version = "0.6.8" @@ -430,6 +465,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + [[package]] name = "curve25519-dalek" version = "4.1.3" @@ -437,9 +481,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.2.17", "curve25519-dalek-derive", - "digest", + "digest 0.10.7", "fiat-crypto", "rustc_version 0.4.1", "subtle", @@ -538,7 +582,7 @@ version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ - "const-oid", + "const-oid 0.9.6", "pem-rfc7468", "zeroize", ] @@ -610,12 +654,23 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", - "const-oid", - "crypto-common", + "block-buffer 0.10.4", + "const-oid 0.9.6", + "crypto-common 0.1.6", "subtle", ] +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer 0.12.0", + "const-oid 0.10.2", + "crypto-common 0.2.1", +] + [[package]] name = "displaydoc" version = "0.2.5" @@ -685,7 +740,7 @@ dependencies = [ "tokio", "tokio-rustls 0.25.0", "tokio-util", - "toml 1.0.7+spec-1.1.0", + "toml 1.1.2+spec-1.1.0", "uuid", "version_check", "waitgroup", @@ -743,7 +798,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", - "digest", + "digest 0.10.7", "elliptic-curve", "rfc6979", "signature", @@ -769,7 +824,7 @@ dependencies = [ "curve25519-dalek", "ed25519", "serde", - "sha2", + "sha2 0.10.9", "subtle", "zeroize", ] @@ -788,7 +843,7 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", - "digest", + "digest 0.10.7", "ff", "generic-array", "group", @@ -1041,6 +1096,7 @@ dependencies = [ "cfg-if", "libc", "r-efi 6.0.0", + "rand_core 0.10.1", "wasip2", "wasip3", ] @@ -1171,7 +1227,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -1241,11 +1297,20 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "hybrid-array" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" -version = "1.8.1" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11" +checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca" dependencies = [ "atomic-waker", "bytes", @@ -1258,7 +1323,6 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "pin-utils", "smallvec", "tokio", "want", @@ -1536,7 +1600,7 @@ dependencies = [ "rsa", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "signature", "simple_asn1", ] @@ -1652,9 +1716,9 @@ dependencies = [ [[package]] name = "mio" -version = "1.1.1" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" dependencies = [ "libc", "wasi", @@ -1820,7 +1884,7 @@ dependencies = [ "serde", "serde_json", "serde_path_to_error", - "sha2", + "sha2 0.10.9", "thiserror 1.0.69", "url", ] @@ -1873,7 +1937,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -1885,7 +1949,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -1971,12 +2035,6 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" -[[package]] -name = "pin-utils" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" - [[package]] name = "pkcs1" version = "0.7.5" @@ -2207,6 +2265,17 @@ dependencies = [ "rand_core 0.9.5", ] +[[package]] +name = "rand" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207" +dependencies = [ + "chacha20", + "getrandom 0.4.2", + "rand_core 0.10.1", +] + [[package]] name = "rand_chacha" version = "0.3.1" @@ -2245,6 +2314,12 @@ dependencies = [ "getrandom 0.3.4", ] +[[package]] +name = "rand_core" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b8176103e19a2643978565ca18b50549f6101881c443590420e4dc998a3c69" + [[package]] name = "redox_syscall" version = "0.5.18" @@ -2405,15 +2480,15 @@ version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d" dependencies = [ - "const-oid", - "digest", + "const-oid 0.9.6", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-traits", "pkcs1", "pkcs8", "rand_core 0.6.4", - "sha2", + "sha2 0.10.9", "signature", "spki", "subtle", @@ -2757,9 +2832,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "1.0.4" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776" +checksum = "6662b5879511e06e8999a8a235d848113e942c9124f211511b16466ee2995f26" dependencies = [ "serde_core", ] @@ -2826,8 +2901,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", - "cpufeatures", - "digest", + "cpufeatures 0.2.17", + "digest 0.10.7", ] [[package]] @@ -2837,8 +2912,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", - "cpufeatures", - "digest", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", ] [[package]] @@ -2872,7 +2958,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ - "digest", + "digest 0.10.7", "rand_core 0.6.4", ] @@ -3234,9 +3320,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.50.0" +version = "1.52.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" dependencies = [ "bytes", "libc", @@ -3251,9 +3337,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "2.6.1" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496" dependencies = [ "proc-macro2", "quote", @@ -3309,14 +3395,14 @@ dependencies = [ [[package]] name = "toml" -version = "1.0.7+spec-1.1.0" +version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd28d57d8a6f6e458bc0b8784f8fdcc4b99a437936056fa122cb234f18656a96" +checksum = "81f3d15e84cbcd896376e6730314d59fb5a87f31e4b038454184435cd57defee" dependencies = [ "indexmap 2.13.0", "serde_core", "serde_spanned", - "toml_datetime 1.0.1+spec-1.1.0", + "toml_datetime 1.1.1+spec-1.1.0", "toml_parser", "toml_writer", "winnow 1.0.0", @@ -3333,27 +3419,27 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "1.0.1+spec-1.1.0" +version = "1.1.1+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b320e741db58cac564e26c607d3cc1fdc4a88fd36c879568c07856ed83ff3e9" +checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7" dependencies = [ "serde_core", ] [[package]] name = "toml_parser" -version = "1.0.10+spec-1.1.0" +version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7df25b4befd31c4816df190124375d5a20c6b6921e2cad937316de3fccd63420" +checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" dependencies = [ "winnow 1.0.0", ] [[package]] name = "toml_writer" -version = "1.0.7+spec-1.1.0" +version = "1.1.1+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f17aaa1c6e3dc22b1da4b6bba97d066e354c7945cac2f7852d4e4e7ca7a6b56d" +checksum = "756daf9b1013ebe47a8776667b466417e2d4c5679d441c26230efd9ef78692db" [[package]] name = "tower" @@ -3514,9 +3600,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.22.0" +version = "1.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a68d3c8f01c0cfa54a75291d83601161799e4a89a39e0929f4b0354d88757a37" +checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" dependencies = [ "getrandom 0.4.2", "js-sys", @@ -3550,8 +3636,8 @@ dependencies = [ "oauth2-reqwest", "partial-struct", "percent-encoding", - "rand 0.8.5", - "rand_core 0.6.4", + "rand 0.10.1", + "rand_core 0.10.1", "reqwest 0.13.2", "rsa", "schemars 0.8.22", @@ -3559,13 +3645,13 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", - "sha2", + "sha2 0.11.0", "slog", "steno", "tap", "thiserror 2.0.18", "tokio", - "toml 1.0.7+spec-1.1.0", + "toml 1.1.2+spec-1.1.0", "tracing", "tracing-subscriber", "url", @@ -3592,7 +3678,7 @@ dependencies = [ "serde", "tempfile", "thiserror 2.0.18", - "toml 1.0.7+spec-1.1.0", + "toml 1.1.2+spec-1.1.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 2a4ef141..5c1bc2db 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,7 +28,7 @@ heck = "0.5.0" hex = "0.4.3" http = "1" http-body-util = "0.1.3" -hyper = "1.8.1" +hyper = "1.9.0" jsonwebtoken = { version = "10.2", features = ["rust_crypto"] } mockall = "0.14.0" newtype-uuid = { version = "1.3.2", features = ["schemars08", "serde", "v4"] } @@ -38,8 +38,8 @@ partial-struct = { git = "https://github.com/oxidecomputer/partial-struct" } percent-encoding = "2.3.2" proc-macro2 = "1" quote = "1" -rand = "0.8.5" -rand_core = "0.6" +rand = "0.10.1" +rand_core = "0.10.1" regex = "1.12.3" reqwest = { version = "0.13", default-features = false, features = ["json", "stream"] } rsa = "0.9.10" @@ -49,18 +49,18 @@ semver = "1.0.27" serde = "1.0.228" serde_json = "1" serde_urlencoded = "0.7.1" -sha2 = "0.10.9" +sha2 = "0.11.0" slog = "2.8.2" steno = { git = "https://github.com/oxidecomputer/steno" } syn = "2" tap = "1.0.1" tempfile = "3" thiserror = "2" -tokio = "1.50.0" +tokio = "1.52.1" toml = "1" tracing = "0.1.44" tracing-subscriber = "0.3.23" url = "2.5.8" -uuid = "1.22.0" +uuid = "1.23.1" valuable = "0.1.1" yup-oauth2 = "12.1.2" diff --git a/v-api/Cargo.toml b/v-api/Cargo.toml index 2883acb1..81583595 100644 --- a/v-api/Cargo.toml +++ b/v-api/Cargo.toml @@ -31,7 +31,7 @@ newtype-uuid = { workspace = true } partial-struct = { workspace = true } percent-encoding = { workspace = true } rand = { workspace = true, features = ["std"] } -rand_core = { workspace = true, features = ["std"] } +rand_core = { workspace = true } reqwest = { workspace = true } rsa = { workspace = true, features = ["sha2"] } schemars = { workspace = true, features = ["chrono"] } diff --git a/v-api/src/authn/key.rs b/v-api/src/authn/key.rs index b2f30956..8bd0eb78 100644 --- a/v-api/src/authn/key.rs +++ b/v-api/src/authn/key.rs @@ -3,7 +3,7 @@ // file, You can obtain one at https://mozilla.org/MPL/2.0/. use hex::FromHexError; -use rand::{rngs::OsRng, RngCore}; +use rand::Rng as _; use secrecy::{ExposeSecret, SecretSlice, SecretString}; use thiserror::Error; use uuid::Uuid; @@ -35,7 +35,7 @@ impl RawKey { pub fn generate(id: &Uuid) -> Self { // Generate random data to extend the token id with let mut token_raw = [0; N]; - OsRng.fill_bytes(&mut token_raw); + rand::rng().fill_bytes(&mut token_raw); let mut clear = id.as_bytes().to_vec(); clear.append(&mut token_raw.to_vec()); diff --git a/v-api/src/authn/mod.rs b/v-api/src/authn/mod.rs index ee4b6ac2..4a7f6a74 100644 --- a/v-api/src/authn/mod.rs +++ b/v-api/src/authn/mod.rs @@ -17,7 +17,7 @@ use rsa::{ signature::{RandomizedSigner, SignatureEncoding, Verifier as RsaVerifier}, }; use serde::{Deserialize, Serialize}; -use sha2::{Digest, Sha256}; +use rsa::sha2::{Digest, Sha256}; use std::fmt::Debug; use thiserror::Error; use v_api_param::ParamResolutionError; @@ -244,7 +244,7 @@ impl Signer { match &self.key { SignerKey::Local(local) => { tracing::trace!("Signing message"); - let mut rng = rand::thread_rng(); + let mut rng = rsa::rand_core::OsRng; let signature = local.signing_key.sign_with_rng(&mut rng, message).to_vec(); Ok(signature) diff --git a/v-api/src/util.rs b/v-api/src/util.rs index 4dfcafdb..681411e5 100644 --- a/v-api/src/util.rs +++ b/v-api/src/util.rs @@ -269,7 +269,7 @@ pub mod tests { } pub fn mock_key(kid: &str) -> MockKey { - let mut rng = rand::thread_rng(); + let mut rng = rsa::rand_core::OsRng; let bits = 2048; let priv_key = RsaPrivateKey::new(&mut rng, bits).expect("Failed to generate a key"); let pub_key = RsaPublicKey::from(&priv_key); From e21cd0a72c494c4d007262b7d1bcef3437d77d0f Mon Sep 17 00:00:00 2001 From: Peter Tripp Date: Wed, 22 Apr 2026 12:32:21 -0400 Subject: [PATCH 2/2] Cargo fmt --- v-api/src/authn/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v-api/src/authn/mod.rs b/v-api/src/authn/mod.rs index 4a7f6a74..4ce69c96 100644 --- a/v-api/src/authn/mod.rs +++ b/v-api/src/authn/mod.rs @@ -11,13 +11,13 @@ use google_cloudkms1::{ api::AsymmetricSignRequest, hyper_rustls::HttpsConnector, hyper_util::client::legacy::connect::HttpConnector, CloudKMS, }; +use rsa::sha2::{Digest, Sha256}; use rsa::{ pkcs1v15::Signature, pkcs1v15::{SigningKey, VerifyingKey}, signature::{RandomizedSigner, SignatureEncoding, Verifier as RsaVerifier}, }; use serde::{Deserialize, Serialize}; -use rsa::sha2::{Digest, Sha256}; use std::fmt::Debug; use thiserror::Error; use v_api_param::ParamResolutionError;