From 9f0cde6a6b8b87abd46725fc1f987012e4cedd97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 10:55:05 +0000 Subject: [PATCH 1/2] chore(deps): bump hmac from 0.12.1 to 0.13.0 Bumps [hmac](https://github.com/RustCrypto/MACs) from 0.12.1 to 0.13.0. - [Commits](https://github.com/RustCrypto/MACs/compare/hmac-v0.12.1...hmac-v0.13.0) --- updated-dependencies: - dependency-name: hmac dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Cargo.lock | 82 +++++++++++++++++++++++++++++++++++----- gitlab-runner/Cargo.toml | 2 +- 2 files changed, 73 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cad791b..7f7d2c9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -154,6 +154,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + [[package]] name = "bumpalo" version = "3.20.2" @@ -222,7 +231,7 @@ version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ - "crypto-common", + "crypto-common 0.1.7", "inout", ] @@ -275,6 +284,12 @@ dependencies = [ "cc", ] +[[package]] +name = "cmov" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de0758edba32d61d1fd9f4d69491b47604b91ee2f7e6b33de7e54ca4ebe55dc3" + [[package]] name = "colorchoice" version = "1.0.5" @@ -360,6 +375,24 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "ctutils" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1005a6d4446f5120ef475ad3d2af2b30c49c2c9c6904258e3bb30219bebed5e4" +dependencies = [ + "cmov", +] + [[package]] name = "darling" version = "0.20.11" @@ -465,11 +498,22 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", - "crypto-common", + "block-buffer 0.10.4", + "crypto-common 0.1.7", "subtle", ] +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer 0.12.0", + "crypto-common 0.2.1", + "ctutils", +] + [[package]] name = "displaydoc" version = "0.2.5" @@ -722,7 +766,7 @@ dependencies = [ "futures", "gitlab-runner-mock", "glob", - "hmac", + "hmac 0.13.0", "parking_lot", "pin-project", "rand 0.10.0", @@ -814,7 +858,16 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", +] + +[[package]] +name = "hmac" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" +dependencies = [ + "digest 0.11.2", ] [[package]] @@ -862,6 +915,15 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "hybrid-array" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8655f91cd07f2b9d0c24137bd650fe69617773435ee5ec83022377777ce65ef1" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" version = "1.8.1" @@ -1371,8 +1433,8 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "digest", - "hmac", + "digest 0.10.7", + "hmac 0.12.1", ] [[package]] @@ -1891,7 +1953,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures 0.2.17", - "digest", + "digest 0.10.7", ] [[package]] @@ -1902,7 +1964,7 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", "cpufeatures 0.2.17", - "digest", + "digest 0.10.7", ] [[package]] @@ -3124,7 +3186,7 @@ dependencies = [ "deflate64", "flate2", "getrandom 0.4.2", - "hmac", + "hmac 0.12.1", "indexmap", "lzma-rust2", "memchr", diff --git a/gitlab-runner/Cargo.toml b/gitlab-runner/Cargo.toml index d054ad5..bec109d 100644 --- a/gitlab-runner/Cargo.toml +++ b/gitlab-runner/Cargo.toml @@ -32,7 +32,7 @@ tracing-subscriber = "0.3.23" tracing = "0.1.44" doc-comment = "0.3.4" sha2 = "0.10.9" -hmac = "0.12.1" +hmac = "0.13.0" rand = "0.10.0" tokio-util = { version = "0.7.18", features = [ "io" ] } tokio-retry2 = { version = "0.9.1", features = ["jitter"] } From c65848cdfdfe01d9026840984c1364d8844f354a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 31 Mar 2026 05:18:40 +0000 Subject: [PATCH 2/2] chore(deps): bump sha2 from 0.10.9 to 0.11.0 and fix hmac API usage Agent-Logs-Url: https://github.com/collabora/gitlab-runner-rs/sessions/6bf44633-0c1d-4ec4-9598-897a659ac4b9 Co-authored-by: sjoerdsimons <22603932+sjoerdsimons@users.noreply.github.com> --- Cargo.lock | 22 ++++++++++++++++++++-- gitlab-runner/Cargo.toml | 2 +- gitlab-runner/src/lib.rs | 1 + 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7f7d2c9..23650e3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -306,6 +306,12 @@ dependencies = [ "memchr", ] +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + [[package]] name = "constant_time_eq" version = "0.4.2" @@ -510,6 +516,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" dependencies = [ "block-buffer 0.12.0", + "const-oid", "crypto-common 0.2.1", "ctutils", ] @@ -773,7 +780,7 @@ dependencies = [ "reqwest", "serde", "serde_json", - "sha2", + "sha2 0.11.0", "tempfile", "thiserror 2.0.18", "tokio", @@ -1280,7 +1287,7 @@ version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47bb1e988e6fb779cf720ad431242d3f03167c1b3f2b1aae7f1a94b2495b36ae" dependencies = [ - "sha2", + "sha2 0.10.9", ] [[package]] @@ -1967,6 +1974,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + [[package]] name = "sharded-slab" version = "0.1.7" diff --git a/gitlab-runner/Cargo.toml b/gitlab-runner/Cargo.toml index bec109d..e2aee60 100644 --- a/gitlab-runner/Cargo.toml +++ b/gitlab-runner/Cargo.toml @@ -31,7 +31,7 @@ parking_lot = "0.12.5" tracing-subscriber = "0.3.23" tracing = "0.1.44" doc-comment = "0.3.4" -sha2 = "0.10.9" +sha2 = "0.11.0" hmac = "0.13.0" rand = "0.10.0" tokio-util = { version = "0.7.18", features = [ "io" ] } diff --git a/gitlab-runner/src/lib.rs b/gitlab-runner/src/lib.rs index d82211a..d98f04b 100644 --- a/gitlab-runner/src/lib.rs +++ b/gitlab-runner/src/lib.rs @@ -9,6 +9,7 @@ use crate::run::Run; pub mod job; use client::ClientMetadata; use hmac::Hmac; +use hmac::KeyInit; use hmac::Mac; use job::{Job, JobLog}; pub mod uploader;