chore: update dependencies#390
Merged
Merged
Conversation
Bump RustCrypto crates, rand, strum, and arbitrary to current versions and adapt to their API changes. - aes 0.8 -> 0.9, cbc 0.1 -> 0.2 (cipher 0.5 trait/method renames) - hmac 0.12 -> 0.13, pbkdf2 0.12 -> 0.13, scrypt 0.11 -> 0.12, sha2 0.10 -> 0.11 (digest 0.11) - strum 0.27 -> 0.28 - rand 0.9 -> 0.10: OsRng -> SysRng, TryRngCore -> TryRng; wasm getrandom 0.3 -> 0.4 - arbitrary 0.4 -> 1 with lifetime annotations; libfuzzer-sys 0.3 -> 0.4 - getrandom_v02 feature list reduced to ["js"], dropping the redundant wasm-bindgen entry and fixing cargo outdated resolution ShareV1 gets a hand-written Arbitrary impl that builds the share from raw bytes, since blahaj::Share only implements arbitrary 0.4 and cannot be derived under 1.x. getrandom_v02 (0.2) and rand_08 (0.8) are kept because the rand_core 0.6 line (dalek crates, chacha20poly1305, rand 0.8) still requires them. arbitrary is gated behind the fuzz feature so none of these changes affect production crypto. Verified: native test suite (125 tests, including conformity), wasm32 build, wasm-pack browser tests in Firefox, and a 15s fuzz run of join_shares (371k executions, no crashes).
Lock the scrypt_simple output and $rscrypt$ format with a golden vector, plus determinism and distinct-input checks. The golden value was verified byte-identical against scrypt 0.11 (the pre-bump version), confirming the 0.11 -> 0.12 update does not change derived output.
Drop the determinism and distinct-input tests: scrypt is a pure function and the golden vector already pins a concrete deterministic value and exercises the full password/salt pipeline, so they added no real coverage.
mmorrissette-devolutions
requested a review
from Sébastien Duquette (sduquette-devolutions)
Sébastien Duquette (sduquette-devolutions)
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates RustCrypto crates (aes, cbc, hmac, pbkdf2, scrypt, sha2), strum, rand (0.9 -> 0.10), getrandom (wasm 0.3 -> 0.4), and arbitrary (0.4 -> 1, fuzz only) to current versions, adapting to their API changes.
Verified: native tests (125 pass, incl. conformity), wasm32 build, wasm-pack Firefox tests, and a 15s join_shares fuzz run (371k execs, no crashes).