From d2b40aa7d5d1755462f83c710ad7e658656f5454 Mon Sep 17 00:00:00 2001 From: "dobby-yivi-agent[bot]" <275734547+dobby-yivi-agent[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 22:17:15 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20bump=20pg-core=200.5=20=E2=86=92=200.6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps pg-core requirement from 0.5.0 to 0.6.0 (resolves 0.5.10 → 0.6.0 in the lockfile) in both [dependencies] and [dev-dependencies]. Upstream 0.6.0 (encryption4all/postguard pg-core-v0.6.0) bundles a ciphertext bounds-check security fix and migrates from bincode 1.3.3 to bincode-next 3.0.0-rc.13, which clears RUSTSEC-2025-0141 in the transitive graph. No cryptify source changes required; the public API surface used by this crate (Parameters, VerifyingKey, Unsealer, UnsealerStreamConfig, Sealer, SealerStreamConfig, TestSetup) is unchanged. Closes #155 --- Cargo.lock | 36 ++++++++++++++++++++++++++++++------ Cargo.toml | 4 ++-- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 914c816..303b8bb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -236,12 +236,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "383d29d513d8764dcdc42ea295d979eb99c3c9f00607b3692cf68a431f7dca72" [[package]] -name = "bincode" -version = "1.3.3" +name = "bincode-next" +version = "3.0.0-rc.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "f23e7ee604dc1e468bc8c3003464a69e3e538ad6560051fe691978a69cfba970" dependencies = [ + "pastey", + "rapidhash", "serde", + "unty-next", ] [[package]] @@ -1824,6 +1827,12 @@ dependencies = [ "windows-link", ] +[[package]] +name = "pastey" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5a797f0e07bdf071d15742978fc3128ec6c22891c31a3a931513263904c982a" + [[package]] name = "pear" version = "0.2.9" @@ -1855,14 +1864,14 @@ checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" [[package]] name = "pg-core" -version = "0.5.10" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c4d538eda0ae961d100ba8ddf549197eb401bac7d24c14a1ba7aa5aeadae30b" +checksum = "3584c71fad10504b77266241a19e4fac9e5662029939b9da0bd7bdc54e601168" dependencies = [ "aead", "aes-gcm", "base64ct", - "bincode", + "bincode-next", "futures", "ibe", "ibs", @@ -2153,6 +2162,15 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "63b8176103e19a2643978565ca18b50549f6101881c443590420e4dc998a3c69" +[[package]] +name = "rapidhash" +version = "4.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e48930979c155e2f33aa36ab3119b5ee81332beb6482199a8ecd6029b80b59" +dependencies = [ + "rustversion", +] + [[package]] name = "redox_syscall" version = "0.5.18" @@ -3307,6 +3325,12 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "unty-next" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fa66022bbd1ab992fad72bdedcfd07a0023b6f5ecc83d50121e39e3a3caed41" + [[package]] name = "url" version = "2.5.8" diff --git a/Cargo.toml b/Cargo.toml index 53f36bb..91fa570 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,13 +30,13 @@ uuid = { version = "1.18.1", features = ["v4"] } url = "2.5.7" tokio-util = { version = "0.7.17", features = ["compat"] } -pg-core = { version = "0.5.0", features = ["rust", "stream"] } +pg-core = { version = "0.6.0", features = ["rust", "stream"] } minreq = { version = "2.14.1", features = ["json-using-serde", "https-native"]} [dev-dependencies] # Enables `pg_core::test::TestSetup` for building real verifying keys and # sealing fixtures in the integration test harness. No effect on release builds. -pg-core = { version = "0.5.0", features = ["rust", "stream", "test"] } +pg-core = { version = "0.6.0", features = ["rust", "stream", "test"] } futures = "0.3" # pg-core's Sealer/TestSetup use rand 0.8 APIs; the rest of the crate uses # rand 0.9. Pin an 0.8 rand explicitly in dev-deps so test code can hand