search

web3infra-foundation / mega

Mega is an unofficial open source implementation of Google Piper.
https://gitmega.dev
Apache License 2.0
168 stars 31 forks source link

Update russh-keys requirement from 0.44.0 to 0.45.0 #513

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Updates the requirements on russh-keys to permit the latest version.

Release notes

Sourced from russh-keys's releases.

v0.44.0

Breaking changes

OpenSSL-free RSA

  • This release adds a default pure-Rust RSA implementation, meaning that you can disable the openssl feature to reduce your app size and improve portability and build speed.
  • RSA is now enabled by default in Preferred::DEFAULT when the openssl feature is disabled.

Preferred algorithms config changes - 77cc2f7

  • The fields specifying cipher algorithms in Preferred are now Cow<&'static, [Name]> instead of &'static [Name], allowing you to dynamically construct the lists. If you're using custom algorithm lists, you'll need to update your code:
  config.preferred = Preferred {
-   kex: &[CURVE25519],
+   kex: Cow::Borrowed(&[CURVE25519]),
    ..<_>::default()
  }
  • The type of Preferred::compression items is now russh::compression::Name instead of String.
  • All Name structs now implement TryFrom<&'static str> which will validate that the named algorithm is actually implemented in the library.
  • There are now companion algorithm lists to choose from dynamically: russh_keys::key::ALL_KEY_TYPES, russh::kex::ALL_KEX_ALGORITHMS, russh::cipher::ALL_CIPHERS, russh::compression::ALL_COMPRESSION_ALGORITHMS and russh::mac::ALL_MAC_ALGORITHMS.

Incorrect Ed25519 PKCS#8 key saving

  • Up to v0.43, russh-keys has generated incorrect key format when saving Ed25519 keys in PKCS#8 format. This is fixed in v0.44 but by default, v0.44 will fail to parse keys generated in v0.43.
  • To allow v0.44 to parse these keys, enable the legacy-ed25519-pkcs8-parser feature of the russh-keys crate.

Other changes

  • 3bfd99f: ecdh-sha2-nistp{256,384,521} kex support (#282) (Michael Gleason) #282
  • 800969b: Implement -cbc ciphers. (#297) (Pierre Barre) #297
  • 1eaadfb: Add support for glob pattern matching in Host directives (#306) (Adam Chappell) #306
  • 88196a7: allow converting ChannelId into u32

Fixes

  • 643be05: Fix block ciphers + HMAC_SHA1_ETM (#298) (Pierre Barre) #298
  • 2bfe426: Fix hardcoded public key auth negotiation (#294) (Tom König) #294
  • 9cce48c: Allow ssh-rsa keys to be used for rsa-sha2-* auth (#290) (Ana Gelez) #290
  • Fix a segmentation fault (#288) #288 (Ana Gelez)
  • 9e1ed09: Overachiever host key checking (#302) (Jean-Baptiste Skutnik) #302
  • 3f4646a: removed use of unstable Option::inspect
  • f2d94c0: fixed Eugeny/warpgate#996 - prevent offering of unparseable public keys from ending the session
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
vercel[bot] commented 2 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
mega ✅ Ready (Inspect) Visit Preview 💬 Add feedback Aug 15, 2024 7:19pm
dependabot[bot] commented 2 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.