From 2d2f2f55d8e4fb6a208593f74c9a4e802c0a9813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:04:32 +0000 Subject: [PATCH 1/2] chore(deps): bump rust-argon2 from 2.1.0 to 3.0.0 --- updated-dependencies: - dependency-name: rust-argon2 dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Cargo.lock | 31 +++++++++++++++++++------------ Cargo.toml | 2 +- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 534f79e..4a3aaf7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -150,12 +150,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "base64" -version = "0.21.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" - [[package]] name = "base64" version = "0.22.1" @@ -188,7 +182,7 @@ checksum = "06e903a20b159e944f91ec8499fe1e55651480c541ea0a584f5d967c49ad9d99" dependencies = [ "arrayref", "arrayvec", - "constant_time_eq", + "constant_time_eq 0.3.1", ] [[package]] @@ -387,6 +381,12 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6" +[[package]] +name = "constant_time_eq" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b" + [[package]] name = "convert_case" version = "0.7.1" @@ -427,7 +427,7 @@ name = "cotp" version = "1.9.6" dependencies = [ "aes-gcm", - "base64 0.22.1", + "base64", "chacha20poly1305", "clap", "color-eyre", @@ -465,6 +465,12 @@ dependencies = [ "libc", ] +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + [[package]] name = "crossterm" version = "0.28.1" @@ -1533,13 +1539,14 @@ dependencies = [ [[package]] name = "rust-argon2" -version = "2.1.0" +version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d9848531d60c9cbbcf9d166c885316c24bc0e2a9d3eba0956bb6cbbd79bc6e8" +checksum = "8ae76b7506744d254fd0eb2c0ff5c5d108201ccbb083111ac04a44eeda105680" dependencies = [ - "base64 0.21.7", + "base64", "blake2b_simd", - "constant_time_eq", + "constant_time_eq 0.4.2", + "crossbeam-utils", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 0119a20..dc6a9bb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,7 +40,7 @@ sha1 = "0.10.6" sha2 = "0.10.9" chacha20poly1305 = "0.10.1" getrandom = "0.3.3" -rust-argon2 = "2.1.0" +rust-argon2 = "3.0.0" scrypt = "0.11.0" aes-gcm = "0.10.3" hex = "0.4.3" From 87ec8b3cccd5452000de1c7f3ba2d339ff575961 Mon Sep 17 00:00:00 2001 From: replydev Date: Sun, 20 Jul 2025 22:27:12 +0200 Subject: [PATCH 2/2] chore: fix breaking change on rust argon-2 dependency --- src/crypto/cryptography.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/crypto/cryptography.rs b/src/crypto/cryptography.rs index f48217d..b425c79 100644 --- a/src/crypto/cryptography.rs +++ b/src/crypto/cryptography.rs @@ -1,4 +1,4 @@ -use argon2::{Config, Variant, Version}; +use argon2::{Config, ThreadMode, Variant, Version}; use chacha20poly1305::aead::Aead; use chacha20poly1305::{Key, KeyInit, XChaCha20Poly1305, XNonce}; use color_eyre::eyre::{ErrReport, eyre}; @@ -18,6 +18,7 @@ const KEY_DERIVATION_CONFIG: Config = Config { secret: &[], ad: &[], hash_length: XCHACHA20_POLY1305_KEY_LENGTH as u32, + thread_mode: ThreadMode::Sequential, }; pub fn argon_derive_key(password_bytes: &[u8], salt: &[u8]) -> color_eyre::Result> {