diff --git a/Cargo.lock b/Cargo.lock index 32398cfc..17320423 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -48,20 +48,7 @@ dependencies = [ "cipher 0.5.1", "cpubits", "cpufeatures 0.3.0", -] - -[[package]] -name = "aes-gcm" -version = "0.10.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" -dependencies = [ - "aead 0.5.2", - "aes 0.8.4", - "cipher 0.4.4", - "ctr 0.9.2", - "ghash 0.5.1", - "subtle", + "zeroize", ] [[package]] @@ -74,8 +61,9 @@ dependencies = [ "aes 0.9.0", "cipher 0.5.1", "ctr 0.10.0", - "ghash 0.6.0", + "ghash", "subtle", + "zeroize", ] [[package]] @@ -233,9 +221,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" dependencies = [ "base64ct", - "blake2", + "blake2 0.10.6", "cpufeatures 0.2.17", - "password-hash", + "password-hash 0.5.0", +] + +[[package]] +name = "argon2" +version = "0.6.0-rc.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7af50940b73bf4e16c15c448a2b121c63f2d68e3e54b6a8731673cb4aa0cdff5" +dependencies = [ + "base64ct", + "blake2 0.11.0-rc.6", + "cpufeatures 0.3.0", + "password-hash 0.6.1", ] [[package]] @@ -471,13 +471,13 @@ checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" [[package]] name = "bcrypt-pbkdf" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2" +checksum = "144e573728da132683b9488acd528274c790e07fc06ff81ee29f9d8f8b1041e0" dependencies = [ "blowfish", - "pbkdf2 0.12.2", - "sha2 0.10.9", + "pbkdf2", + "sha2 0.11.0", ] [[package]] @@ -516,6 +516,15 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "blake2" +version = "0.11.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "061f1a09225e328e1ffbb378d2d49923c0ca5fee19fb5ac1cc9c1e9d52b93690" +dependencies = [ + "digest 0.11.3", +] + [[package]] name = "blit-alacritty" version = "0.35.0" @@ -676,9 +685,9 @@ dependencies = [ "crypto_box", "ed25519-dalek 2.2.0", "futures-util", - "hmac 0.13.0", + "hmac", "md-5", - "pbkdf2 0.13.0", + "pbkdf2", "rand 0.10.1", "reqwest", "rustls", @@ -698,7 +707,7 @@ dependencies = [ name = "blit-webserver" version = "0.35.0" dependencies = [ - "argon2", + "argon2 0.5.3", "axum", "blit-fonts", "brotli", @@ -725,15 +734,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" dependencies = [ "hybrid-array", -] - -[[package]] -name = "block-padding" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" -dependencies = [ - "generic-array 0.14.7", + "zeroize", ] [[package]] @@ -747,12 +748,12 @@ dependencies = [ [[package]] name = "blowfish" -version = "0.9.1" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" +checksum = "62ce3946557b35e71d1bbe07ec385073ce9eda05043f95de134eb578fcf1a298" dependencies = [ "byteorder", - "cipher 0.4.4", + "cipher 0.5.1", ] [[package]] @@ -820,15 +821,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "cbc" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" -dependencies = [ - "cipher 0.4.4", -] - [[package]] name = "cbc" version = "0.2.0" @@ -880,17 +872,6 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" -[[package]] -name = "chacha20" -version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" -dependencies = [ - "cfg-if", - "cipher 0.4.4", - "cpufeatures 0.2.17", -] - [[package]] name = "chacha20" version = "0.10.0" @@ -898,8 +879,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" dependencies = [ "cfg-if", + "cipher 0.5.1", "cpufeatures 0.3.0", "rand_core 0.10.1", + "zeroize", ] [[package]] @@ -935,6 +918,7 @@ dependencies = [ "block-buffer 0.12.0", "crypto-common 0.2.1", "inout 0.2.2", + "zeroize", ] [[package]] @@ -1139,9 +1123,9 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "crypto-bigint" -version = "0.7.0-rc.28" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96dacf199529fb801ae62a9aafdc01b189e9504c0d1ee1512a4c16bcd8666a93" +checksum = "1a52aa3fcda4e6302a9f48734f234d35d4721b96f8fe07d073f07ce9df4f0271" dependencies = [ "cpubits", "ctutils", @@ -1178,12 +1162,11 @@ dependencies = [ [[package]] name = "crypto-primes" -version = "0.7.0-pre.9" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6081ce8b60c0e533e2bba42771b94eb6149052115f4179744d5779883dc98583" +checksum = "3633a51a39c69ebbaa4feaa694bd83d241e4093901c84a0963b19d9bb3f0cf8f" dependencies = [ "crypto-bigint", - "libm", "rand_core 0.10.1", ] @@ -1210,7 +1193,7 @@ dependencies = [ "aead 0.5.2", "cipher 0.4.4", "generic-array 0.14.7", - "poly1305", + "poly1305 0.8.0", "salsa20 0.10.2", "subtle", "zeroize", @@ -1268,12 +1251,12 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "5.0.0-pre.6" +version = "5.0.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "335f1947f241137a14106b6f5acc5918a5ede29c9d71d3f2cb1678d5075d9fc3" +checksum = "4f359e08ca85e7bd759e1fd933ff2bccd81864c60a8fba0e259c7f822b0924bf" dependencies = [ "cfg-if", - "cpufeatures 0.2.17", + "cpufeatures 0.3.0", "curve25519-dalek-derive", "digest 0.11.3", "fiat-crypto 0.3.0", @@ -1368,6 +1351,15 @@ dependencies = [ "powerfmt", ] +[[package]] +name = "des" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "916a94e407b54f9034d71dd748234cd1e516ced6284009906ae246f177eafe5a" +dependencies = [ + "cipher 0.5.1", +] + [[package]] name = "digest" version = "0.10.7" @@ -1442,16 +1434,16 @@ checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "ecdsa" -version = "0.17.0-rc.16" +version = "0.17.0-rc.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91bbdd377139884fafcad8dc43a760a3e1e681aa26db910257fa6535b70e1829" +checksum = "54fb064faabbee66e1fc8e5c5a9458d4269dc2d8b638fe86a425adb2510d1a96" dependencies = [ "der 0.8.0", "digest 0.11.3", "elliptic-curve", "rfc6979", "signature 3.0.0", - "spki 0.8.0-rc.4", + "spki 0.8.0", "zeroize", ] @@ -1467,11 +1459,11 @@ dependencies = [ [[package]] name = "ed25519" -version = "3.0.0-rc.4" +version = "3.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6e914c7c52decb085cea910552e24c63ac019e3ab8bf001ff736da9a9d9d890" +checksum = "29fcf32e6c73d1079f83ab4d782de2d81620346a5f38c6237a86a22f8368980a" dependencies = [ - "pkcs8 0.11.0-rc.11", + "pkcs8 0.11.0", "signature 3.0.0", ] @@ -1492,12 +1484,12 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "3.0.0-pre.6" +version = "3.0.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "053618a4c3d3bc24f188aa660ae75a46eeab74ef07fb415c61431e5e7cd4749b" +checksum = "b011170fe4f04665565b4110afef66774fe9ffff278f3eb5b81cc73d26e27d60" dependencies = [ - "curve25519-dalek 5.0.0-pre.6", - "ed25519 3.0.0-rc.4", + "curve25519-dalek 5.0.0-rc.0", + "ed25519 3.0.0", "rand_core 0.10.1", "serde", "sha2 0.11.0", @@ -1514,22 +1506,22 @@ checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "elliptic-curve" -version = "0.14.0-rc.28" +version = "0.14.0-rc.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bde7860544606d222fd6bd6d9f9a0773321bf78072a637e1d560a058c0031978" +checksum = "102d3643d30dd8b559613c5cced68317199597fffb278cdc88daa2ef7fafc935" dependencies = [ "base16ct 1.0.0", "crypto-bigint", "crypto-common 0.2.1", "digest 0.11.3", + "ff", + "group", "hkdf", "hybrid-array", "once_cell", "pem-rfc7468 1.0.0", - "pkcs8 0.11.0-rc.11", + "pkcs8 0.11.0", "rand_core 0.10.1", - "rustcrypto-ff", - "rustcrypto-group", "sec1 0.8.1", "subtle", "zeroize", @@ -1610,6 +1602,16 @@ dependencies = [ "simd-adler32", ] +[[package]] +name = "ff" +version = "0.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1f686ab92a9fb0eaf188f6c6c87b89490baa6fdb0db4544ba4dc47f7942489f" +dependencies = [ + "rand_core 0.10.1", + "subtle", +] + [[package]] name = "fiat-crypto" version = "0.2.9" @@ -1818,30 +1820,33 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" dependencies = [ "cfg-if", + "js-sys", "libc", "r-efi 6.0.0", "rand_core 0.10.1", "wasip2", "wasip3", + "wasm-bindgen", ] [[package]] name = "ghash" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +checksum = "2eecf2d5dc9b66b732b97707a0210906b1d30523eb773193ab777c0c84b3e8d5" dependencies = [ - "opaque-debug", - "polyval 0.6.2", + "polyval", ] [[package]] -name = "ghash" -version = "0.6.0" +name = "group" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eecf2d5dc9b66b732b97707a0210906b1d30523eb773193ab777c0c84b3e8d5" +checksum = "7fd1a1c7a5206c5b7a3f5a0d7ccd3ff85d0c8f5133d62a02680255b0004af5f4" dependencies = [ - "polyval 0.7.1", + "ff", + "rand_core 0.10.1", + "subtle", ] [[package]] @@ -1889,16 +1894,7 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4aaa26c720c68b866f2c96ef5c1264b3e6f473fe5d4ce61cd44bbe913e553018" dependencies = [ - "hmac 0.13.0", -] - -[[package]] -name = "hmac" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" -dependencies = [ - "digest 0.10.7", + "hmac", ] [[package]] @@ -2212,7 +2208,6 @@ version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" dependencies = [ - "block-padding 0.3.3", "generic-array 0.14.7", ] @@ -2222,39 +2217,10 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" dependencies = [ - "block-padding 0.4.2", + "block-padding", "hybrid-array", ] -[[package]] -name = "internal-russh-forked-ssh-key" -version = "0.6.18+upstream-0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25f8a978272e3cbdf4768f7363eb1c8e1e6ba63c52a3ed05e29e222da4aec7cb" -dependencies = [ - "argon2", - "bcrypt-pbkdf", - "crypto-bigint", - "ecdsa", - "ed25519-dalek 3.0.0-pre.6", - "hex", - "hmac 0.13.0", - "num-bigint-dig", - "p256", - "p384", - "p521", - "rand_core 0.10.1", - "rsa", - "sec1 0.8.1", - "sha1 0.11.0", - "sha2 0.11.0", - "signature 3.0.0", - "ssh-cipher", - "ssh-encoding", - "subtle", - "zeroize", -] - [[package]] name = "internal-russh-num-bigint" version = "0.5.0" @@ -2429,9 +2395,6 @@ name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" -dependencies = [ - "spin", -] [[package]] name = "leb128fmt" @@ -2546,9 +2509,9 @@ dependencies = [ [[package]] name = "md5" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771" +checksum = "ae960838283323069879657ca3de837e9f7bbb4c7bf6ea7f1b290d5e9476d2e0" [[package]] name = "memchr" @@ -2601,13 +2564,14 @@ dependencies = [ [[package]] name = "ml-kem" -version = "0.3.0-rc.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8198b5db27ac9773534c371751a59dc18aec8b80aa141e69abfdd1dec2e3f78c" +checksum = "5e15f3e5b957493873e396a66914e83e616b6afe335cdef7efe5c6e1216aba66" dependencies = [ "hybrid-array", "kem", "module-lattice", + "pkcs8 0.11.0", "rand_core 0.10.1", "sha3", ] @@ -2721,22 +2685,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-bigint-dig" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7" -dependencies = [ - "lazy_static", - "libm", - "num-integer", - "num-iter", - "num-traits", - "rand 0.8.6", - "serde", - "smallvec", -] - [[package]] name = "num-conv" version = "0.2.1" @@ -2763,17 +2711,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-iter" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - [[package]] name = "num-rational" version = "0.4.2" @@ -2859,9 +2796,9 @@ dependencies = [ [[package]] name = "p256" -version = "0.14.0-rc.7" +version = "0.14.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "018bfbb86e05fd70a83e985921241035ee09fcd369c4a2c3680b389a01d2ad28" +checksum = "41adc63effe99d48837a8cc0e6d7a77e32ae6a07f6000df466178dbc2193093e" dependencies = [ "ecdsa", "elliptic-curve", @@ -2872,9 +2809,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.14.0-rc.7" +version = "0.14.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c91df688211f5957dbe2ab599dcbcaade8d6d3cdc15c5b350d350d7d07ce423" +checksum = "9bd5333afa5ae0347f39e6a0f2c9c155da431583fd71fe5555bd0521b4ccaf02" dependencies = [ "ecdsa", "elliptic-curve", @@ -2886,9 +2823,9 @@ dependencies = [ [[package]] name = "p521" -version = "0.14.0-rc.7" +version = "0.14.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de6cd9451de522549d36cc78a1b45a699a3d55a872e8ea0c8f0318e502d99e2c" +checksum = "a3a5297f53dc16d35909060ba3032cff7867e8809f01e273ff325579d5f0ceae" dependencies = [ "base16ct 1.0.0", "ecdsa", @@ -2951,6 +2888,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "password-hash" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aab41826031698d6ffcd9cff78ef56ef998e39dc7e5067cdfebe373842d4723b" +dependencies = [ + "phc", +] + [[package]] name = "paste" version = "1.0.15" @@ -2963,16 +2909,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec" -[[package]] -name = "pbkdf2" -version = "0.12.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" -dependencies = [ - "digest 0.10.7", - "hmac 0.12.1", -] - [[package]] name = "pbkdf2" version = "0.13.0" @@ -2980,7 +2916,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "112d82ceb8c5bf524d9af484d4e4970c9fd5a0cc15ba14ad93dccd28873b0629" dependencies = [ "digest 0.11.3", - "hmac 0.13.0", + "hmac", ] [[package]] @@ -3017,6 +2953,16 @@ version = "2.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" +[[package]] +name = "phc" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44dc769b75f93afdddd8c7fa12d685292ddeff1e66f7f0f3a234cf1818afe892" +dependencies = [ + "base64ct", + "ctutils", +] + [[package]] name = "pin-project-lite" version = "0.2.17" @@ -3041,24 +2987,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" dependencies = [ "der 0.8.0", - "spki 0.8.0-rc.4", + "spki 0.8.0", ] [[package]] name = "pkcs5" -version = "0.8.0-rc.13" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5a777c6e26664bc9504b3ce3f6133f8f20d9071f130a4f9fcbd3186959d8dd6" +checksum = "279a91971a1d8eb1260a30938eae3be9cb67b472dffecb222fbbbe2fd2dc1453" dependencies = [ "aes 0.9.0", - "aes-gcm 0.11.0-rc.3", - "cbc 0.2.0", + "cbc", "der 0.8.0", - "pbkdf2 0.13.0", + "pbkdf2", "rand_core 0.10.1", "scrypt", "sha2 0.11.0", - "spki 0.8.0-rc.4", + "spki 0.8.0", ] [[package]] @@ -3073,14 +3018,14 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.11.0-rc.11" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12922b6296c06eb741b02d7b5161e3aaa22864af38dfa025a1a3ba3f68c84577" +checksum = "451913da69c775a56034ea8d9003d27ee8948e12443eae7c038ba100a4f21cb7" dependencies = [ "der 0.8.0", "pkcs5", "rand_core 0.10.1", - "spki 0.8.0-rc.4", + "spki 0.8.0", ] [[package]] @@ -3128,15 +3073,14 @@ dependencies = [ ] [[package]] -name = "polyval" -version = "0.6.2" +name = "poly1305" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +checksum = "a00baa632505d05512f48a963e16051c54fda9a95cc9acea1a4e3c90991c4a2e" dependencies = [ - "cfg-if", - "cpufeatures 0.2.17", - "opaque-debug", - "universal-hash 0.5.1", + "cpufeatures 0.3.0", + "universal-hash 0.6.1", + "zeroize", ] [[package]] @@ -3186,23 +3130,23 @@ dependencies = [ [[package]] name = "primefield" -version = "0.14.0-rc.7" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93401c13cc7ff24684571cfca9d3cf9ebabfaf3d4b7b9963ade41ec54da196b5" +checksum = "c555a6e4eb7d4e158fcb028c835c3b8642206ddc279b5c6b202ef9a8bdb592f4" dependencies = [ "crypto-bigint", "crypto-common 0.2.1", + "ff", "rand_core 0.10.1", - "rustcrypto-ff", "subtle", "zeroize", ] [[package]] name = "primeorder" -version = "0.14.0-rc.7" +version = "0.14.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0c5c8a39bcd764bfedf456e8d55e115fe86dda3e0f555371849f2a41cbc9706" +checksum = "7d2793f22b9b6fd11ef3ac1d59bf003c2573593e4968702341605c2748fd90bf" dependencies = [ "elliptic-curve", ] @@ -3356,7 +3300,7 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207" dependencies = [ - "chacha20 0.10.0", + "chacha20", "getrandom 0.4.2", "rand_core 0.10.1", ] @@ -3591,7 +3535,7 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5236ce872cac07e0fb3969b0cbf468c7d2f37d432f1b627dcb7b8d34563fb0c3" dependencies = [ - "hmac 0.13.0", + "hmac", "subtle", ] @@ -3626,64 +3570,56 @@ checksum = "323c417e1d9665a65b263ec744ba09030cfb277e9daa0b018a4ab62e57bc8189" [[package]] name = "rsa" -version = "0.10.0-rc.16" +version = "0.10.0-rc.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fb9fd8c1edd9e6a2693623baf0fe77ff05ce022a5d7746900ffc38a15c233de" +checksum = "30b2aa4ba0d89f73d1e332df05be0eeab8840351c36ca5654341dfdb57bb3caf" dependencies = [ "const-oid 0.10.2", "crypto-bigint", "crypto-primes", "digest 0.11.3", "pkcs1", - "pkcs8 0.11.0-rc.11", + "pkcs8 0.11.0", "rand_core 0.10.1", "sha2 0.11.0", "signature 3.0.0", - "spki 0.8.0-rc.4", + "spki 0.8.0", "zeroize", ] [[package]] name = "russh" -version = "0.60.3" +version = "0.61.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "324b92f459d3e42da294e14e8eb150d2215fcfb7c966838bc1127cd68bc05a0d" +checksum = "bbf893f64684e58da8a68d56a5e84d1cf0440226274c515770fe267707a7d0b0" dependencies = [ - "aead 0.6.0-rc.10", - "aes 0.8.4", "aes 0.9.0", - "aes-gcm 0.11.0-rc.3", "aws-lc-rs", "bitflags", - "block-padding 0.3.3", + "block-padding", "byteorder", "bytes", - "cbc 0.1.2", - "cbc 0.2.0", + "cbc", "cipher 0.5.1", "crypto-bigint", "ctr 0.10.0", - "ctr 0.9.2", - "curve25519-dalek 5.0.0-pre.6", + "curve25519-dalek 5.0.0-rc.0", "data-encoding", "delegate", "der 0.8.0", - "digest 0.10.7", + "digest 0.11.3", "ecdsa", - "ed25519-dalek 3.0.0-pre.6", + "ed25519-dalek 3.0.0-rc.0", "elliptic-curve", "enum_dispatch", "flate2", "futures", "generic-array 1.4.1", - "getrandom 0.2.17", - "ghash 0.6.0", + "getrandom 0.4.2", + "ghash", "hex-literal", - "hkdf", - "hmac 0.12.1", - "hmac 0.13.0", - "inout 0.1.4", - "internal-russh-forked-ssh-key", + "hmac", + "inout 0.2.2", "internal-russh-num-bigint", "keccak", "log", @@ -3695,12 +3631,11 @@ dependencies = [ "p384", "p521", "pageant", - "pbkdf2 0.12.2", - "pbkdf2 0.13.0", + "pbkdf2", "pkcs1", "pkcs5", - "pkcs8 0.11.0-rc.11", - "polyval 0.7.1", + "pkcs8 0.11.0", + "polyval", "rand 0.10.1", "rand_core 0.10.1", "rsa", @@ -3709,14 +3644,13 @@ dependencies = [ "salsa20 0.11.0", "scrypt", "sec1 0.8.1", - "sha1 0.10.6", "sha1 0.11.0", - "sha2 0.10.9", "sha2 0.11.0", "sha3", "signature 3.0.0", - "spki 0.8.0-rc.4", + "spki 0.8.0", "ssh-encoding", + "ssh-key", "subtle", "thiserror 2.0.18", "tokio", @@ -3727,9 +3661,9 @@ dependencies = [ [[package]] name = "russh-cryptovec" -version = "0.60.3" +version = "0.61.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37cb4d0360bdd8935392a306d8b5edb539cc455b30e8bf13dd213a0cf7879b40" +checksum = "443f6bbcfacb34a1aab2b12b99bf08e0c63abdc5a0db261901365df9d57fff51" dependencies = [ "log", "nix", @@ -3764,27 +3698,6 @@ dependencies = [ "semver", ] -[[package]] -name = "rustcrypto-ff" -version = "0.14.0-rc.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd2a8adb347447693cd2ba0d218c4b66c62da9b0a5672b17b981e4291ec65ff6" -dependencies = [ - "rand_core 0.10.1", - "subtle", -] - -[[package]] -name = "rustcrypto-group" -version = "0.14.0-rc.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "369f9b61aa45933c062c9f6b5c3c50ab710687eca83dd3802653b140b43f85ed" -dependencies = [ - "rand_core 0.10.1", - "rustcrypto-ff", - "subtle", -] - [[package]] name = "rusticata-macros" version = "4.1.0" @@ -3975,7 +3888,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d87af57419b594aa23fa95f09f0e06d80d84ba01c26148c43844cad6ff4485f0" dependencies = [ "cfg-if", - "pbkdf2 0.13.0", + "pbkdf2", "salsa20 0.11.0", "sha2 0.11.0", ] @@ -4279,12 +4192,6 @@ dependencies = [ "windows-sys 0.61.2", ] -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "spki" version = "0.7.3" @@ -4297,9 +4204,9 @@ dependencies = [ [[package]] name = "spki" -version = "0.8.0-rc.4" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" +checksum = "1d9efca8738c78ee9484207732f728b1ef517bbb1833d6fc0879ca898a522f6f" dependencies = [ "base64ct", "der 0.8.0", @@ -4307,31 +4214,63 @@ dependencies = [ [[package]] name = "ssh-cipher" -version = "0.2.0" +version = "0.3.0-rc.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "caac132742f0d33c3af65bfcde7f6aa8f62f0e991d80db99149eb9d44708784f" +checksum = "10db6f219196a8528f9ec904d9d45cdad692d65b0e57e72be4dedd1c5fddce36" dependencies = [ - "aes 0.8.4", - "aes-gcm 0.10.3", - "cbc 0.1.2", - "chacha20 0.9.1", - "cipher 0.4.4", - "ctr 0.9.2", - "poly1305", + "aead 0.6.0-rc.10", + "aes 0.9.0", + "aes-gcm", + "cbc", + "chacha20", + "cipher 0.5.1", + "ctr 0.10.0", + "ctutils", + "des", + "poly1305 0.9.0", "ssh-encoding", - "subtle", + "zeroize", ] [[package]] name = "ssh-encoding" -version = "0.2.0" +version = "0.3.0-rc.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb9242b9ef4108a78e8cd1a2c98e193ef372437f8c22be363075233321dd4a15" +checksum = "7abf34aa716da5d5b4c496936d042ea282ab392092cd68a72ef6a8863ff8c96a" dependencies = [ "base64ct", "bytes", - "pem-rfc7468 0.7.0", - "sha2 0.10.9", + "crypto-bigint", + "ctutils", + "digest 0.11.3", + "pem-rfc7468 1.0.0", + "zeroize", +] + +[[package]] +name = "ssh-key" +version = "0.7.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45735ce3dea95690e4a9e414c4cfde7f79835063c3dcd35881df85a84118e74b" +dependencies = [ + "argon2 0.6.0-rc.8", + "bcrypt-pbkdf", + "ctutils", + "ed25519-dalek 3.0.0-rc.0", + "hex", + "hmac", + "p256", + "p384", + "p521", + "rand_core 0.10.1", + "rsa", + "sec1 0.8.1", + "sha1 0.11.0", + "sha2 0.11.0", + "signature 3.0.0", + "ssh-cipher", + "ssh-encoding", + "zeroize", ] [[package]] diff --git a/crates/ssh/Cargo.toml b/crates/ssh/Cargo.toml index a123acab..ed51bf09 100644 --- a/crates/ssh/Cargo.toml +++ b/crates/ssh/Cargo.toml @@ -8,7 +8,7 @@ repository.workspace = true homepage.workspace = true [dependencies] -russh = "0.60" +russh = "0.61" tokio = { version = "1", features = ["net", "io-util", "sync"] } thiserror = "2" log = "0.4" diff --git a/js/pnpm-lock.yaml b/js/pnpm-lock.yaml index a9428dcc..3a626f03 100644 --- a/js/pnpm-lock.yaml +++ b/js/pnpm-lock.yaml @@ -10,6 +10,7 @@ overrides: vite@<8.0.16: '>=8.0.16 <9' esbuild: '>=0.28.1' undici: ^7.28.0 + js-yaml: '>=4.2.0 <5' importers: @@ -23,7 +24,7 @@ importers: devDependencies: '@blit-sh/browser': specifier: file:../../crates/browser/pkg - version: file:../crates/browser/pkg + version: blit-browser@file:../crates/browser/pkg '@types/bun': specifier: ^1.3.14 version: 1.3.14 @@ -47,7 +48,7 @@ importers: devDependencies: '@blit-sh/browser': specifier: file:../../crates/browser/pkg - version: file:../crates/browser/pkg + version: blit-browser@file:../crates/browser/pkg '@blit-sh/core': specifier: workspace:* version: link:../core @@ -83,7 +84,7 @@ importers: devDependencies: '@blit-sh/browser': specifier: file:../../crates/browser/pkg - version: file:../crates/browser/pkg + version: blit-browser@file:../crates/browser/pkg '@blit-sh/core': specifier: workspace:* version: link:../core @@ -123,7 +124,7 @@ importers: devDependencies: '@blit-sh/browser': specifier: file:../../crates/browser/pkg - version: file:../crates/browser/pkg + version: blit-browser@file:../crates/browser/pkg typescript: specifier: ^6.0.3 version: 6.0.3 @@ -163,7 +164,7 @@ importers: version: 0.9.9(prettier@3.8.3)(typescript@6.0.3) '@blit-sh/browser': specifier: file:../../crates/browser/pkg - version: file:../crates/browser/pkg + version: blit-browser@file:../crates/browser/pkg '@tailwindcss/vite': specifier: ^4.3.0 version: 4.3.0(vite@8.0.16(@types/node@25.8.0)(esbuild@0.28.1)(jiti@2.7.0)(yaml@2.9.0)) @@ -337,9 +338,6 @@ packages: resolution: {integrity: sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==} engines: {node: '>=18'} - '@blit-sh/browser@file:../crates/browser/pkg': - resolution: {directory: ../crates/browser/pkg, type: directory} - '@bramus/specificity@2.4.2': resolution: {integrity: sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==} hasBin: true @@ -1386,6 +1384,9 @@ packages: bidi-js@1.0.3: resolution: {integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==} + blit-browser@file:../crates/browser/pkg: + resolution: {directory: ../crates/browser/pkg, type: directory} + boolbase@1.0.0: resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==} @@ -1794,8 +1795,8 @@ packages: js-tokens@4.0.0: resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} - js-yaml@4.1.1: - resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==} + js-yaml@4.2.0: + resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==} hasBin: true jsdom@29.1.1: @@ -2906,7 +2907,7 @@ snapshots: dependencies: '@types/hast': 3.0.4 '@types/mdast': 4.0.4 - js-yaml: 4.1.1 + js-yaml: 4.2.0 picomatch: 4.0.4 retext-smartypants: 6.2.0 shiki: 4.0.2 @@ -3112,8 +3113,6 @@ snapshots: '@bcoe/v8-coverage@1.0.2': {} - '@blit-sh/browser@file:../crates/browser/pkg': {} - '@bramus/specificity@2.4.2': dependencies: css-tree: 3.2.1 @@ -3930,7 +3929,7 @@ snapshots: github-slugger: 2.0.0 html-escaper: 3.0.3 http-cache-semantics: 4.2.0 - js-yaml: 4.1.1 + js-yaml: 4.2.0 jsonc-parser: 3.3.1 magic-string: 0.30.21 magicast: 0.5.3 @@ -4022,6 +4021,8 @@ snapshots: dependencies: require-from-string: 2.0.2 + blit-browser@file:../crates/browser/pkg: {} + boolbase@1.0.0: {} braces@3.0.3: @@ -4447,7 +4448,7 @@ snapshots: js-tokens@4.0.0: {} - js-yaml@4.1.1: + js-yaml@4.2.0: dependencies: argparse: 2.0.1 diff --git a/js/pnpm-workspace.yaml b/js/pnpm-workspace.yaml index 9ebc4a1b..947b0962 100644 --- a/js/pnpm-workspace.yaml +++ b/js/pnpm-workspace.yaml @@ -20,6 +20,12 @@ overrides: # 7.x line — jsdom@29 imports `undici/lib/handler/wrap-handler.js`, # which only exists in undici 7 (the path moved in 8.x). undici: "^7.28.0" + # CVE-2026-53550: js-yaml <=4.1.1 (4.2.0 is the next patched release). + # Pulled in transitively via astro@6.4.8 / @astrojs/internal-helpers. + # 5.x dropped the default export, breaking Astro's + # `import yaml from 'js-yaml'` — pin to the 4.x line until Astro adopts + # the named-only API. + "js-yaml": ">=4.2.0 <5" onlyBuiltDependencies: - esbuild diff --git a/nix/packages.nix b/nix/packages.nix index c8978ae4..a3adf5a0 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -375,7 +375,7 @@ postPatch = setupBrowserPkgForDeps + '' cd js ''; - hash = "sha256-QJyFd4MRlwpnXcgPPSM2gWFEET2NraI29d2eKb724rg="; + hash = "sha256-OdDAEf61IKfbNKowlp4J5VDICuuHntEN/XzsH5wjZw0="; }; webAppDist = pkgs.stdenv.mkDerivation {