Skip to content

Cargo update 2026 02 24#1692

Merged
Paintree merged 5 commits intomainfrom
cargo-update-2026-02-24
Mar 16, 2026
Merged

Cargo update 2026 02 24#1692
Paintree merged 5 commits intomainfrom
cargo-update-2026-02-24

Conversation

@sfraczek
Copy link
Copy Markdown
Contributor

@sfraczek sfraczek commented Feb 24, 2026
edited by Paintree
Loading

Problem

dependencies are outdated

Solution

  • cargo update
  • Direct dependency bumps:
    • if-addrs: 0.14 -> 0.15.0 (added new is_p2p mock field logic)
    • libloading: 0.8.9 -> 0.9.0
    • nix: 0.30.1 -> 0.31.1
    • proptest-derive: 0.7 -> 0.8.0
    • rustls-platform-verifier: 0.5 -> 0.6.2 (fixed TLS config initialization in derp)
    • windows: 0.61 -> 0.62.2
    • winreg: 0.50.0 -> 0.55.0
    • strum: 0.27 -> 0.28.0
  • rand ecosystem migration:
    • Migrated rand from 0.8.5 -> 0.10.0 across the entire workspace.
    • Aligned rand_core to 0.10.0 (with rand_core_compat bridging crates like crypto_box and x25519-dalek that still depend on 0.6).
    • Re-implemented a custom StepRng for tests since it was removed from the rand public API in 0.10.
    • Updated all API usages (thread_rng -> rng, gen -> random, gen_range -> random_range, OsRng -> SysRng, etc.).
  • Not updated the uniffi (0.28.3 -> 0.31.0) as I ran out of time.

☑️ Definition of Done checklist

  • Commit history is clean (requirements)
  • README.md is updated
  • Functionality is covered by unit or integration tests

@sfraczek sfraczek requested a review from a team as a code owner February 24, 2026 15:26
@sfraczek sfraczek force-pushed the cargo-update-2026-02-24 branch from d15870f to 8cb6f01 Compare February 24, 2026 16:38
@sfraczek sfraczek force-pushed the cargo-update-2026-02-24 branch from d18f666 to b827ada Compare February 24, 2026 20:01
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from 094e771 to b827ada Compare March 10, 2026 11:29
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from a59182a to b827ada Compare March 10, 2026 12:42
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from d95e94f to e50d543 Compare March 12, 2026 10:26
@tomaszklak
Copy link
Copy Markdown
Contributor

tomaszklak commented Mar 12, 2026

There is no need to have a separate commit for .unreleased changes (add unreleased note for cargo update). Please move that change into first/last commit.

gytsto
gytsto previously approved these changes Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gytsto gytsto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@tomaszklak
Copy link
Copy Markdown
Contributor

tomaszklak commented Mar 12, 2026

Please merge cargo update dependencies (2026-02-24) and cargo-update-2026-03-11 into one commit.

@tomaszklak
Copy link
Copy Markdown
Contributor

tomaszklak commented Mar 12, 2026

The commit 87867d1 is in the wrong place - it talks about fixes after dependency update but is before the said update (which means it doesn't compile).

@tomaszklak
Copy link
Copy Markdown
Contributor

tomaszklak commented Mar 12, 2026

Please remove reverse aws-lc-rs to latest working version from e50d543 description.

tomaszklak
tomaszklak reviewed Mar 12, 2026
View reviewed changes
Comment thread crates/telio-crypto/src/chachabox.rs
tomaszklak
tomaszklak reviewed Mar 12, 2026
View reviewed changes
Comment thread crates/telio-relay/src/derp/proto.rs Outdated
tomaszklak
tomaszklak reviewed Mar 12, 2026
View reviewed changes
Comment thread crates/telio-utils/src/test.rs
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from e50d543 to 3d439f5 Compare March 12, 2026 14:00
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from 3d439f5 to f393d89 Compare March 13, 2026 11:40
@tomaszklak
Copy link
Copy Markdown
Contributor

tomaszklak commented Mar 13, 2026

In 7c2a548 the commit message is inconsistent - it lists 2 dependencies by name and also cargo dependencies. Either list all direct dependencies updated in that commit (that would be better option) or none.

@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from f393d89 to bb4992e Compare March 13, 2026 12:30
tomaszklak
tomaszklak approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tomaszklak tomaszklak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

sfraczek and others added 5 commits March 16, 2026 12:34
@sfraczek @Paintree
cargo update dependencies
6856500 
update:
- if-addrs: 0.14 -> 0.15.0
- libloading: 0.8.9 -> 0.9.0
- nix: 0.30.1 -> 0.31.1
- proptest-derive: 0.7 -> 0.8.0
- rand_core: 0.6.4 -> 0.10.0
- rustls-platform-verifier: 0.5 -> 0.6.2
- strum: 0.27 -> 0.28.0
- windows: 0.61 -> 0.62.2
- winreg: 0.50.0 -> 0.55.0
@sfraczek @Paintree
fix TLS config initialization after platform verifier update
239a270 
- Handle the `Result` now returned by `ClientConfig::with_platform_verifier()`
  due to the breaking change in `rustls-platform-verifier` v0.6.0.
- Add a new `TlsError` variant to the `proto::Error` enum to allow
  automatic error conversion and propagation via the `?` operator in `http.rs`.

Motivation:
- The updated platform verifier now eagerly evaluates system certificates and
  can fail upon initialization. Propagating this error immediately prevents
  unexpected connection failures or panics later in the application lifecycle.
@sfraczek @Paintree
add is_p2p for if-addrs update
dd2d0e7
@sfraczek @Paintree
migrate rand 0.8.5 to 0.10.0 across the workspace
a9034b7 
Bump rand from 0.8.5 to 0.10.0 and align rand_core to 0.10.0
in the workspace Cargo.toml. This brings in improved RNG APIs,
better error handling via TryRng, and the renamed SysRng
(formerly OsRng).

Workspace dependency changes (Cargo.toml):
- rand: 0.8.5 -> 0.10.0
- rand_core: kept at 0.10.0 (already present)
- rand_core_compat 0.1.0 added with features rand_core_0_6 and
  rand_core_0_9 to bridge the gap between rand_core 0.10 and
  downstream crates (crypto_box, x25519-dalek) that still
  depend on rand_core 0.6. The adapter TryRng09 wraps a
  rand_core 0.9/0.10 RNG so it satisfies the rand_core 0.6
  CryptoRng + RngCore bounds those crates require.

Custom StepRng in telio-utils (crates/telio-utils/src/test.rs):
- rand 0.10 removed the public rand::rngs::mock::StepRng that
  was available in 0.8. A local StepRng is re-implemented as a
  simple arithmetic-sequence RNG implementing TryRng with
  Error = Infallible, which gives it a blanket RngCore impl.
  CryptoStepRng wraps it and implements TryCryptoRng so it can
  be used wherever CryptoRng is required in tests.

UnwrapErr(SysRng) in telio-pq (crates/telio-pq/src/proto.rs):
- rand 0.10 renamed OsRng to SysRng and made it fallible
  (TryRng). The pq handshake needs an infallible CryptoRng, so
  UnwrapErr(SysRng) is used to convert the fallible OS RNG
  into an infallible one that panics on error (acceptable here
  because OS RNG failure is unrecoverable).

rand_core_compat usage in telio-relay and telio-dns:
- telio-relay/src/derp/proto.rs: SalsaBox::generate_nonce
  requires a rand_core 0.6 CryptoRng. TryRng09(OsRng) wraps
  the new rand_core 0.9 OsRng to satisfy that bound. In the
  test path, nonce bytes are filled manually via rand::Rng to
  avoid the version mismatch entirely.
- telio-dns/tests/nameserver.rs: x25519-dalek StaticSecret
  ::random_from_rng expects rand_core 0.6 CryptoRng, so
  TryRng09(OsRng) is used as the adapter.

Nonce generation in telio-crypto (chachabox.rs):
- XChaCha20Poly1305::generate_nonce internally uses the aead
  crate which re-exports rand_core 0.6. To avoid passing a
  rand_core 0.10 RNG into a rand_core 0.6 interface, the
  nonce is now generated by filling a zeroed GenericArray with
  random bytes directly from the rand 0.10 CryptoRng.

API renames applied across 28 files:
- thread_rng() -> rng()
- .gen() -> .random()
- .gen_range() -> .random_range()
- rand::distributions -> rand::distr
- Standard -> StandardUniform
- SliceRandom -> IndexedRandom
- CryptoRng + RngCore -> CryptoRng (in rand 0.10 CryptoRng
  is a supertrait of Rng, so the extra bound is unnecessary)
- SeedableRng no longer needs explicit import (re-exported)
- StdRng::from_entropy() -> rand::make_rng()
- Uniform::new_inclusive now returns Result (added .expect())
- rand::prelude::* replaced with specific imports
@Paintree
merge CryptoStepRng into StepRing
1fa9a38
@Paintree Paintree force-pushed the cargo-update-2026-02-24 branch from bb4992e to 1fa9a38 Compare March 16, 2026 11:46
@Paintree Paintree added this pull request to the merge queue Mar 16, 2026
Merged via the queue into main with commit 2b00853 Mar 16, 2026
58 checks passed
@Paintree Paintree deleted the cargo-update-2026-02-24 branch March 16, 2026 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Paintree Paintree Paintree left review comments

@tomaszklak tomaszklak tomaszklak approved these changes

@gytsto gytsto gytsto left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sfraczek @tomaszklak @gytsto @Paintree @matislovas