From 8cdea673bce0de3237869a03a65a4757d5284693 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 10:10:16 +0000 Subject: [PATCH 1/3] chore(deps): bump the rust-dependencies group with 2 updates Updates the requirements on [rand](https://github.com/rust-random/rand) and [russh](https://github.com/warp-tech/russh) to permit the latest version. Updates `rand` to 0.10.0 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand/compare/0.8.0...0.10.0) Updates `russh` to 0.60.0 - [Release notes](https://github.com/warp-tech/russh/releases) - [Commits](https://github.com/warp-tech/russh/compare/v0.52.0...v0.60.0) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.0 dependency-type: direct:production dependency-group: rust-dependencies - dependency-name: russh dependency-version: 0.60.0 dependency-type: direct:production dependency-group: rust-dependencies ... Signed-off-by: dependabot[bot] --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e9e9656d..c5225906 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -67,7 +67,7 @@ sha2 = "0.11" # Ed25519 signing (bot-auth request signing) ed25519-dalek = { version = "2", features = ["rand_core"] } -rand = "0.8" +rand = "0.10" # CLI clap = { version = "4", features = ["derive"] } @@ -92,7 +92,7 @@ tracing = "0.1" tower = { version = "0.5", features = ["util"] } # SSH client (for ssh/scp/sftp builtins) -russh = "0.52" +russh = "0.60" russh-keys = "0.49" # Serial test execution From bc79b02f276af4af93859dde97f5c5bf97accf72 Mon Sep 17 00:00:00 2001 From: Mykhailo Chalyi Date: Mon, 6 Apr 2026 08:06:18 -0500 Subject: [PATCH 2/3] fix(deps): update rand API for 0.10 compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rand 0.10 renamed RngCore→Rng and thread_rng()→rng(). --- crates/bashkit/src/network/bot_auth.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/bashkit/src/network/bot_auth.rs b/crates/bashkit/src/network/bot_auth.rs index e4ec9dee..87d82239 100644 --- a/crates/bashkit/src/network/bot_auth.rs +++ b/crates/bashkit/src/network/bot_auth.rs @@ -20,7 +20,7 @@ use base64::{Engine, engine::general_purpose::URL_SAFE_NO_PAD}; use ed25519_dalek::{Signer, SigningKey, VerifyingKey}; -use rand::RngCore; +use rand::Rng; use sha2::{Digest, Sha256}; use std::time::{SystemTime, UNIX_EPOCH}; @@ -183,7 +183,7 @@ fn jwk_thumbprint_ed25519(key: &VerifyingKey) -> String { /// Generate a cryptographically random nonce (32 bytes, base64url-encoded). fn generate_nonce() -> String { let mut bytes = [0u8; 32]; - rand::thread_rng().fill_bytes(&mut bytes); + rand::rng().fill_bytes(&mut bytes); URL_SAFE_NO_PAD.encode(bytes) } From 1ae08fe4f1944952446d08f6fa68ebafb467b6c2 Mon Sep 17 00:00:00 2001 From: Mykhailo Chalyi Date: Mon, 6 Apr 2026 10:22:48 -0500 Subject: [PATCH 3/3] chore(deps): add cargo-vet exemptions for rand 0.10 and russh 0.60 transitive deps --- supply-chain/config.toml | 288 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 288 insertions(+) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 96117815..37edc665 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -26,14 +26,26 @@ criteria = "safe-to-deploy" version = "0.5.2" criteria = "safe-to-deploy" +[[exemptions.aead]] +version = "0.6.0-rc.10" +criteria = "safe-to-deploy" + [[exemptions.aes]] version = "0.8.4" criteria = "safe-to-deploy" +[[exemptions.aes]] +version = "0.9.0-rc.4" +criteria = "safe-to-deploy" + [[exemptions.aes-gcm]] version = "0.10.3" criteria = "safe-to-deploy" +[[exemptions.aes-gcm]] +version = "0.11.0-rc.3" +criteria = "safe-to-deploy" + [[exemptions.ahash]] version = "0.8.12" criteria = "safe-to-deploy" @@ -122,6 +134,10 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" +[[exemptions.base16ct]] +version = "1.0.0" +criteria = "safe-to-deploy" + [[exemptions.base64]] version = "0.22.1" criteria = "safe-to-deploy" @@ -162,6 +178,10 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" +[[exemptions.block-padding]] +version = "0.4.2" +criteria = "safe-to-deploy" + [[exemptions.blowfish]] version = "0.9.1" criteria = "safe-to-deploy" @@ -202,6 +222,10 @@ criteria = "safe-to-deploy" version = "0.1.2" criteria = "safe-to-deploy" +[[exemptions.cbc]] +version = "0.2.0-rc.4" +criteria = "safe-to-deploy" + [[exemptions.cc]] version = "1.2.59" criteria = "safe-to-deploy" @@ -222,6 +246,10 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" +[[exemptions.chacha20]] +version = "0.10.0" +criteria = "safe-to-deploy" + [[exemptions.chrono]] version = "0.4.44" criteria = "safe-to-deploy" @@ -242,6 +270,10 @@ criteria = "safe-to-run" version = "0.4.4" criteria = "safe-to-deploy" +[[exemptions.cipher]] +version = "0.5.1" +criteria = "safe-to-deploy" + [[exemptions.clap]] version = "4.6.0" criteria = "safe-to-deploy" @@ -262,6 +294,10 @@ criteria = "safe-to-deploy" version = "0.1.58" criteria = "safe-to-deploy" +[[exemptions.cmov]] +version = "0.5.3" +criteria = "safe-to-deploy" + [[exemptions.cobs]] version = "0.3.0" criteria = "safe-to-deploy" @@ -314,6 +350,10 @@ criteria = "safe-to-deploy" version = "0.1.3" criteria = "safe-to-deploy" +[[exemptions.cpubits]] +version = "0.1.0" +criteria = "safe-to-deploy" + [[exemptions.cpufeatures]] version = "0.2.17" criteria = "safe-to-deploy" @@ -358,6 +398,10 @@ criteria = "safe-to-run" version = "0.5.5" criteria = "safe-to-deploy" +[[exemptions.crypto-bigint]] +version = "0.7.3" +criteria = "safe-to-deploy" + [[exemptions.crypto-common]] version = "0.1.7" criteria = "safe-to-deploy" @@ -366,6 +410,10 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" +[[exemptions.crypto-primes]] +version = "0.7.0" +criteria = "safe-to-deploy" + [[exemptions.ctor]] version = "0.8.0" criteria = "safe-to-deploy" @@ -378,10 +426,22 @@ criteria = "safe-to-deploy" version = "0.9.2" criteria = "safe-to-deploy" +[[exemptions.ctr]] +version = "0.10.0-rc.4" +criteria = "safe-to-deploy" + +[[exemptions.ctutils]] +version = "0.4.2" +criteria = "safe-to-deploy" + [[exemptions.curve25519-dalek]] version = "4.1.3" criteria = "safe-to-deploy" +[[exemptions.curve25519-dalek]] +version = "5.0.0-pre.6" +criteria = "safe-to-deploy" + [[exemptions.curve25519-dalek-derive]] version = "0.1.1" criteria = "safe-to-deploy" @@ -398,6 +458,10 @@ criteria = "safe-to-deploy" version = "0.7.10" criteria = "safe-to-deploy" +[[exemptions.der]] +version = "0.8.0" +criteria = "safe-to-deploy" + [[exemptions.derive-where]] version = "1.6.1" criteria = "safe-to-deploy" @@ -442,14 +506,26 @@ criteria = "safe-to-deploy" version = "0.16.9" criteria = "safe-to-deploy" +[[exemptions.ecdsa]] +version = "0.17.0-rc.16" +criteria = "safe-to-deploy" + [[exemptions.ed25519]] version = "2.2.3" criteria = "safe-to-deploy" +[[exemptions.ed25519]] +version = "3.0.0-rc.4" +criteria = "safe-to-deploy" + [[exemptions.ed25519-dalek]] version = "2.2.0" criteria = "safe-to-deploy" +[[exemptions.ed25519-dalek]] +version = "3.0.0-pre.6" +criteria = "safe-to-deploy" + [[exemptions.either]] version = "1.15.0" criteria = "safe-to-deploy" @@ -458,6 +534,10 @@ criteria = "safe-to-deploy" version = "0.13.8" criteria = "safe-to-deploy" +[[exemptions.elliptic-curve]] +version = "0.14.0-rc.29" +criteria = "safe-to-deploy" + [[exemptions.embedded-io]] version = "0.4.0" criteria = "safe-to-deploy" @@ -498,6 +578,10 @@ criteria = "safe-to-deploy" version = "0.2.9" criteria = "safe-to-deploy" +[[exemptions.fiat-crypto]] +version = "0.3.0" +criteria = "safe-to-deploy" + [[exemptions.find-msvc-tools]] version = "0.1.9" criteria = "safe-to-deploy" @@ -566,6 +650,10 @@ criteria = "safe-to-deploy" version = "0.14.7" criteria = "safe-to-deploy" +[[exemptions.generic-array]] +version = "1.3.5" +criteria = "safe-to-deploy" + [[exemptions.get-size-derive2]] version = "0.7.4" criteria = "safe-to-deploy" @@ -586,6 +674,10 @@ criteria = "safe-to-deploy" version = "0.3.4" criteria = "safe-to-deploy" +[[exemptions.getrandom]] +version = "0.4.2" +criteria = "safe-to-deploy" + [[exemptions.getrandom]] version = "0.4.2" criteria = "safe-to-run" @@ -594,6 +686,10 @@ criteria = "safe-to-run" version = "0.5.1" criteria = "safe-to-deploy" +[[exemptions.ghash]] +version = "0.6.0" +criteria = "safe-to-deploy" + [[exemptions.globset]] version = "0.4.18" criteria = "safe-to-deploy" @@ -634,6 +730,10 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" +[[exemptions.hex-literal]] +version = "1.1.0" +criteria = "safe-to-deploy" + [[exemptions.hifijson]] version = "0.5.0" criteria = "safe-to-deploy" @@ -642,10 +742,18 @@ criteria = "safe-to-deploy" version = "0.12.4" criteria = "safe-to-deploy" +[[exemptions.hkdf]] +version = "0.13.0" +criteria = "safe-to-deploy" + [[exemptions.hmac]] version = "0.12.1" criteria = "safe-to-deploy" +[[exemptions.hmac]] +version = "0.13.0" +criteria = "safe-to-deploy" + [[exemptions.home]] version = "0.5.12" criteria = "safe-to-deploy" @@ -738,6 +846,10 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-deploy" +[[exemptions.inout]] +version = "0.2.2" +criteria = "safe-to-deploy" + [[exemptions.insta]] version = "1.47.2" criteria = "safe-to-run" @@ -750,6 +862,14 @@ criteria = "safe-to-deploy" version = "0.6.10+upstream-0.6.7" criteria = "safe-to-deploy" +[[exemptions.internal-russh-forked-ssh-key]] +version = "0.6.18+upstream-0.6.7" +criteria = "safe-to-deploy" + +[[exemptions.internal-russh-num-bigint]] +version = "0.5.0" +criteria = "safe-to-deploy" + [[exemptions.interpolator]] version = "0.5.0" criteria = "safe-to-deploy" @@ -830,6 +950,14 @@ criteria = "safe-to-deploy" version = "0.3.94" criteria = "safe-to-deploy" +[[exemptions.keccak]] +version = "0.2.0" +criteria = "safe-to-deploy" + +[[exemptions.kem]] +version = "0.3.0" +criteria = "safe-to-deploy" + [[exemptions.lazy_static]] version = "1.5.0" criteria = "safe-to-deploy" @@ -902,6 +1030,14 @@ criteria = "safe-to-deploy" version = "1.2.0" criteria = "safe-to-deploy" +[[exemptions.ml-kem]] +version = "0.3.0-rc.2" +criteria = "safe-to-deploy" + +[[exemptions.module-lattice]] +version = "0.2.1" +criteria = "safe-to-deploy" + [[exemptions.nalgebra]] version = "0.33.3" criteria = "safe-to-deploy" @@ -930,6 +1066,10 @@ criteria = "safe-to-deploy" version = "0.29.0" criteria = "safe-to-deploy" +[[exemptions.nix]] +version = "0.31.2" +criteria = "safe-to-deploy" + [[exemptions.nohash-hasher]] version = "0.2.0" criteria = "safe-to-deploy" @@ -1058,14 +1198,26 @@ criteria = "safe-to-deploy" version = "0.13.2" criteria = "safe-to-deploy" +[[exemptions.p256]] +version = "0.14.0-rc.8" +criteria = "safe-to-deploy" + [[exemptions.p384]] version = "0.13.1" criteria = "safe-to-deploy" +[[exemptions.p384]] +version = "0.14.0-rc.8" +criteria = "safe-to-deploy" + [[exemptions.p521]] version = "0.13.3" criteria = "safe-to-deploy" +[[exemptions.p521]] +version = "0.14.0-rc.8" +criteria = "safe-to-deploy" + [[exemptions.page_size]] version = "0.6.0" criteria = "safe-to-run" @@ -1078,6 +1230,10 @@ criteria = "safe-to-deploy" version = "0.0.3" criteria = "safe-to-deploy" +[[exemptions.pageant]] +version = "0.2.0" +criteria = "safe-to-deploy" + [[exemptions.papergrid]] version = "0.17.0" criteria = "safe-to-deploy" @@ -1102,10 +1258,18 @@ criteria = "safe-to-deploy" version = "0.12.2" criteria = "safe-to-deploy" +[[exemptions.pbkdf2]] +version = "0.13.0-rc.10" +criteria = "safe-to-deploy" + [[exemptions.pem-rfc7468]] version = "0.7.0" criteria = "safe-to-deploy" +[[exemptions.pem-rfc7468]] +version = "1.0.0" +criteria = "safe-to-deploy" + [[exemptions.percent-encoding]] version = "2.3.2" criteria = "safe-to-deploy" @@ -1150,14 +1314,26 @@ criteria = "safe-to-deploy" version = "0.7.5" criteria = "safe-to-deploy" +[[exemptions.pkcs1]] +version = "0.8.0-rc.4" +criteria = "safe-to-deploy" + [[exemptions.pkcs5]] version = "0.7.1" criteria = "safe-to-deploy" +[[exemptions.pkcs5]] +version = "0.8.0-rc.13" +criteria = "safe-to-deploy" + [[exemptions.pkcs8]] version = "0.10.2" criteria = "safe-to-deploy" +[[exemptions.pkcs8]] +version = "0.11.0-rc.11" +criteria = "safe-to-deploy" + [[exemptions.plotters]] version = "0.3.7" criteria = "safe-to-run" @@ -1178,6 +1354,10 @@ criteria = "safe-to-deploy" version = "0.6.2" criteria = "safe-to-deploy" +[[exemptions.polyval]] +version = "0.7.1" +criteria = "safe-to-deploy" + [[exemptions.portable-atomic]] version = "1.13.1" criteria = "safe-to-deploy" @@ -1206,10 +1386,18 @@ criteria = "safe-to-run" version = "0.2.37" criteria = "safe-to-deploy" +[[exemptions.primefield]] +version = "0.14.0-rc.8" +criteria = "safe-to-deploy" + [[exemptions.primeorder]] version = "0.13.6" criteria = "safe-to-deploy" +[[exemptions.primeorder]] +version = "0.14.0-rc.8" +criteria = "safe-to-deploy" + [[exemptions.proc-macro-error-attr2]] version = "2.0.0" criteria = "safe-to-deploy" @@ -1254,6 +1442,10 @@ criteria = "safe-to-deploy" version = "0.28.3" criteria = "safe-to-deploy" +[[exemptions.python3-dll-a]] +version = "0.2.14" +criteria = "safe-to-deploy" + [[exemptions.python3-dll-a]] version = "0.2.15" criteria = "safe-to-deploy" @@ -1290,6 +1482,10 @@ criteria = "safe-to-deploy" version = "5.3.0" criteria = "safe-to-deploy" +[[exemptions.r-efi]] +version = "6.0.0" +criteria = "safe-to-deploy" + [[exemptions.r-efi]] version = "6.0.0" criteria = "safe-to-run" @@ -1302,6 +1498,10 @@ criteria = "safe-to-deploy" version = "0.9.2" criteria = "safe-to-deploy" +[[exemptions.rand]] +version = "0.10.0" +criteria = "safe-to-deploy" + [[exemptions.rand_chacha]] version = "0.3.1" criteria = "safe-to-deploy" @@ -1318,6 +1518,10 @@ criteria = "safe-to-deploy" version = "0.9.5" criteria = "safe-to-deploy" +[[exemptions.rand_core]] +version = "0.10.0" +criteria = "safe-to-deploy" + [[exemptions.rand_distr]] version = "0.4.3" criteria = "safe-to-deploy" @@ -1374,6 +1578,10 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" +[[exemptions.rfc6979]] +version = "0.5.0-rc.5" +criteria = "safe-to-deploy" + [[exemptions.ring]] version = "0.17.14" criteria = "safe-to-deploy" @@ -1382,10 +1590,18 @@ criteria = "safe-to-deploy" version = "0.9.10" criteria = "safe-to-deploy" +[[exemptions.rsa]] +version = "0.10.0-rc.17" +criteria = "safe-to-deploy" + [[exemptions.russh]] version = "0.52.1" criteria = "safe-to-deploy" +[[exemptions.russh]] +version = "0.60.0" +criteria = "safe-to-deploy" + [[exemptions.russh-cryptovec]] version = "0.48.0" criteria = "safe-to-deploy" @@ -1394,6 +1610,10 @@ criteria = "safe-to-deploy" version = "0.52.0" criteria = "safe-to-deploy" +[[exemptions.russh-cryptovec]] +version = "0.59.0" +criteria = "safe-to-deploy" + [[exemptions.russh-keys]] version = "0.49.2" criteria = "safe-to-deploy" @@ -1414,6 +1634,14 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" +[[exemptions.rustcrypto-ff]] +version = "0.14.0-rc.1" +criteria = "safe-to-deploy" + +[[exemptions.rustcrypto-group]] +version = "0.14.0-rc.1" +criteria = "safe-to-deploy" + [[exemptions.rustix]] version = "1.1.4" criteria = "safe-to-run" @@ -1462,6 +1690,10 @@ criteria = "safe-to-deploy" version = "0.10.2" criteria = "safe-to-deploy" +[[exemptions.salsa20]] +version = "0.11.0" +criteria = "safe-to-deploy" + [[exemptions.same-file]] version = "1.0.6" criteria = "safe-to-deploy" @@ -1490,6 +1722,10 @@ criteria = "safe-to-deploy" version = "0.11.0" criteria = "safe-to-deploy" +[[exemptions.scrypt]] +version = "0.12.0-rc.10" +criteria = "safe-to-deploy" + [[exemptions.sdd]] version = "3.0.10" criteria = "safe-to-run" @@ -1498,6 +1734,10 @@ criteria = "safe-to-run" version = "0.7.3" criteria = "safe-to-deploy" +[[exemptions.sec1]] +version = "0.8.1" +criteria = "safe-to-deploy" + [[exemptions.security-framework]] version = "3.7.0" criteria = "safe-to-deploy" @@ -1538,6 +1778,10 @@ criteria = "safe-to-deploy" version = "1.0.149" criteria = "safe-to-deploy" +[[exemptions.serdect]] +version = "0.4.2" +criteria = "safe-to-deploy" + [[exemptions.serial_test]] version = "3.4.0" criteria = "safe-to-run" @@ -1562,6 +1806,10 @@ criteria = "safe-to-deploy" version = "0.11.0" criteria = "safe-to-deploy" +[[exemptions.sha3]] +version = "0.11.0" +criteria = "safe-to-deploy" + [[exemptions.shlex]] version = "1.3.0" criteria = "safe-to-deploy" @@ -1574,6 +1822,10 @@ criteria = "safe-to-deploy" version = "2.2.0" criteria = "safe-to-deploy" +[[exemptions.signature]] +version = "3.0.0-rc.10" +criteria = "safe-to-deploy" + [[exemptions.simba]] version = "0.9.1" criteria = "safe-to-deploy" @@ -1614,6 +1866,10 @@ criteria = "safe-to-deploy" version = "0.7.3" criteria = "safe-to-deploy" +[[exemptions.spki]] +version = "0.8.0" +criteria = "safe-to-deploy" + [[exemptions.ssh-cipher]] version = "0.2.0" criteria = "safe-to-deploy" @@ -1830,6 +2086,14 @@ criteria = "safe-to-deploy" version = "0.5.1" criteria = "safe-to-deploy" +[[exemptions.universal-hash]] +version = "0.6.1" +criteria = "safe-to-deploy" + +[[exemptions.untrusted]] +version = "0.7.1" +criteria = "safe-to-deploy" + [[exemptions.untrusted]] version = "0.9.0" criteria = "safe-to-deploy" @@ -1874,6 +2138,10 @@ criteria = "safe-to-deploy" version = "1.0.2+wasi-0.2.9" criteria = "safe-to-deploy" +[[exemptions.wasip3]] +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +criteria = "safe-to-deploy" + [[exemptions.wasip3]] version = "0.4.0+wasi-0.3.0-rc-2026-01-06" criteria = "safe-to-run" @@ -1950,6 +2218,14 @@ criteria = "safe-to-deploy" version = "0.58.0" criteria = "safe-to-deploy" +[[exemptions.windows]] +version = "0.62.2" +criteria = "safe-to-deploy" + +[[exemptions.windows-collections]] +version = "0.3.2" +criteria = "safe-to-deploy" + [[exemptions.windows-core]] version = "0.58.0" criteria = "safe-to-deploy" @@ -1958,6 +2234,10 @@ criteria = "safe-to-deploy" version = "0.62.2" criteria = "safe-to-deploy" +[[exemptions.windows-future]] +version = "0.3.2" +criteria = "safe-to-deploy" + [[exemptions.windows-implement]] version = "0.58.0" criteria = "safe-to-deploy" @@ -1978,6 +2258,10 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" +[[exemptions.windows-numerics]] +version = "0.3.1" +criteria = "safe-to-deploy" + [[exemptions.windows-result]] version = "0.2.0" criteria = "safe-to-deploy" @@ -2022,6 +2306,10 @@ criteria = "safe-to-deploy" version = "0.53.5" criteria = "safe-to-deploy" +[[exemptions.windows-threading]] +version = "0.2.1" +criteria = "safe-to-deploy" + [[exemptions.windows_aarch64_gnullvm]] version = "0.42.2" criteria = "safe-to-deploy"