picky-rs icon indicating copy to clipboard operation
picky-rs copied to clipboard
verified publisher icon Devolutions

build(deps): bump the patch group across 1 directory with 9 updates

Open dependabot[bot] opened this issue 2 months ago • 1 comments

Bumps the patch group with 9 updates in the / directory:

Package From To
crypto-bigint 0.7.0-rc.8 0.7.0-rc.10
block-padding 0.4.0-rc.4 0.4.1
block-buffer 0.11.0-rc.5 0.11.0
password-hash 0.6.0-rc.1 0.6.0-rc.2
pem-rfc7468 1.0.0-rc.3 1.0.0
elliptic-curve 0.14.0-rc.15 0.14.0-rc.16
pkcs8 0.11.0-rc.7 0.11.0-rc.8
rfc6979 0.5.0-rc.1 0.5.0-rc.2
crypto-primes 0.7.0-pre.3 0.7.0-pre.4

Updates crypto-bigint from 0.7.0-rc.8 to 0.7.0-rc.10

Commits

Updates block-padding from 0.4.0-rc.4 to 0.4.1

Commits

Updates block-buffer from 0.11.0-rc.5 to 0.11.0

Commits

Updates password-hash from 0.6.0-rc.1 to 0.6.0-rc.2

Commits

Updates pem-rfc7468 from 1.0.0-rc.3 to 1.0.0

Commits

Updates elliptic-curve from 0.14.0-rc.15 to 0.14.0-rc.16

Commits
  • b604e17 elliptic-curve v0.14.0-rc.16 (#2045)
  • b79f84d digest: tweak CollisionResistance docs (#2044)
  • 06e4e1a Update Cargo.lock (#2039)
  • 0a3871f build(deps): bump crate-ci/typos from 1.38.0 to 1.38.1 (#2040)
  • dd8e4ce elliptic-curve: use base16ct::mixed in FromStr impl for ScalarValue (#2...
  • c6ab1b1 Derive Default for enums (#2035)
  • 8a76ab7 chore(deps): bump block-padding from 0.4.0-rc.4 to 0.4.1 (#2032)
  • 8d36026 build(deps): bump crate-ci/typos from 1.36.3 to 1.38.0 (#2034)
  • c1047be build(deps): bump crate-ci/typos from 1.36.2 to 1.36.3 (#2031)
  • 4fb20b5 build(deps): bump hybrid-array from 0.4.4 to 0.4.5 in the all-deps group (#2030)
  • Additional commits viewable in compare view

Updates pkcs8 from 0.11.0-rc.7 to 0.11.0-rc.8

Commits
  • e031c36 pkcs8 v0.11.0-rc.8 (#2089)
  • 490993a pkcs5 v0.8.0-rc.9 (#2087)
  • 507f79b chore(deps): bump the all-deps group across 1 directory with 19 updates (#2088)
  • ef0c838 der: docs: rename variable encoder -> writer and improve example (#2078)
  • d5b06c5 Bump rand_core to v0.10.0-rc-2 (#2086)
  • a152ff1 base64ct, base32ct: proptests for decoder equivalence with base32/64 (#2085)
  • f4c5e14 base32ct: avoid panics when decoding inputs; enforce lengths (#2084)
  • a551024 chore(deps): bump crate-ci/typos from 1.38.1 to 1.39.0 (#2082)
  • 19aa61b der: track reader error position in ObjectIdentifier::decode_value (#2080)
  • 5755d9b der: track reader error position in GeneralizedTime::decode_value (#2079)
  • Additional commits viewable in compare view

Updates rfc6979 from 0.5.0-rc.1 to 0.5.0-rc.2

Commits

Updates crypto-primes from 0.7.0-pre.3 to 0.7.0-pre.4

Changelog

Sourced from crypto-primes's changelog.

[0.7.0-pre.4] - 2025-11-06

Changed

  • Bumped rand_core to 0.10.0-rc.2 and crypto-bigint to 0.7.0-pre.10. (#95)

#95: entropyxyz/crypto-primes#95

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Nov 17 '25 15:11 dependabot[bot]

⚠️ Warning: This PR updates crypto-primes from 0.7.0-pre.3 to 0.7.0-pre.4, which introduces trait compatibility issues.

Problem

crypto-primes 0.7.0-pre.4 has breaking changes in trait bounds (added ?Sized requirement) that cause compilation failures when used with picky-krb.

Error example:

error[E0277]: the trait bound `R: crypto_bigint::rand_core::RngCore` is not satisfied
   --> crypto-primes-0.7.0-pre.4/src/hazmat/miller_rabin.rs:132:36
    |
132 |         let random = T::random_mod(rng, &range_nonzero)
    |                                    ^^^ the trait `Sized` is not implemented for `R`

Impact

This blocks usage of sspi 0.18.3 with published picky versions, which blocks IronRDP updates (see Devolutions/IronRDP#1029).

Recommendation

Consider holding this PR until:

  1. crypto-primes pre.4 issues are resolved, OR
  2. A workaround is identified

Alternatively: Pin to crypto-primes = "=0.7.0-pre.3" instead of pre.4 until the trait issues are resolved.

Context

Currently investigating dependency chain for IronRDP integration. Tested multiple combinations and pre.4 consistently fails where pre.3 works.

Related: Devolutions/picky-rs#437 (picky-krb 0.12.0 release request)

glamberson avatar Nov 18 '25 14:11 glamberson