chore(deps): update rust crate secrecy to 0.10
All checks were successful
Rust / build (map[name:stable]) (push) Successful in 7m51s
Rust / build (map[name:nightly]) (push) Successful in 12m40s
Release Please / Release-plz (push) Successful in 1m41s

This commit is contained in:
Renovate Bot 2024-09-17 23:16:32 +00:00 committed by Paul Campbell
parent 7bd6347dd8
commit 6a0e0580dc
9 changed files with 38 additions and 28 deletions

19
Cargo.lock generated
View file

@ -1121,7 +1121,7 @@ dependencies = [
"ratatui", "ratatui",
"regex", "regex",
"rstest", "rstest",
"secrecy", "secrecy 0.10.3",
"sendmail", "sendmail",
"serde_json", "serde_json",
"standardwebhooks", "standardwebhooks",
@ -1154,7 +1154,7 @@ dependencies = [
"pike", "pike",
"pretty_assertions", "pretty_assertions",
"rand", "rand",
"secrecy", "secrecy 0.10.3",
"serde", "serde",
"serde_json", "serde_json",
"take-until", "take-until",
@ -1175,7 +1175,7 @@ dependencies = [
"git-next-core", "git-next-core",
"kxio", "kxio",
"rand", "rand",
"secrecy", "secrecy 0.10.3",
"serde", "serde",
"serde_json", "serde_json",
"tokio", "tokio",
@ -1195,7 +1195,7 @@ dependencies = [
"hmac", "hmac",
"kxio", "kxio",
"rand", "rand",
"secrecy", "secrecy 0.10.3",
"serde", "serde",
"serde_json", "serde_json",
"sha2", "sha2",
@ -2611,7 +2611,7 @@ dependencies = [
"http 1.1.0", "http 1.1.0",
"path-clean", "path-clean",
"reqwest", "reqwest",
"secrecy", "secrecy 0.8.0",
"serde", "serde",
"serde-xml-rs", "serde-xml-rs",
"serde_json", "serde_json",
@ -3683,6 +3683,15 @@ dependencies = [
"zeroize", "zeroize",
] ]
[[package]]
name = "secrecy"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a"
dependencies = [
"zeroize",
]
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "2.11.1" version = "2.11.1"

View file

@ -68,7 +68,7 @@ serde_json = "1.0"
toml = "0.8" toml = "0.8"
# Secrets and Password # Secrets and Password
secrecy = "0.8" secrecy = "0.10"
# Conventional Commit check # Conventional Commit check
git-conventional = "0.12" git-conventional = "0.12"

View file

@ -6,7 +6,7 @@ use git_next_core::{
ApiToken, ForgeType, GitDir, Hostname, RepoBranches, RepoConfig, RepoConfigSource, RepoPath, ApiToken, ForgeType, GitDir, Hostname, RepoBranches, RepoConfig, RepoConfigSource, RepoPath,
StoragePathType, User, StoragePathType, User,
}; };
use secrecy::Secret; use secrecy::SecretString;
type Result<T> = std::result::Result<T, Box<dyn std::error::Error>>; type Result<T> = std::result::Result<T, Box<dyn std::error::Error>>;
@ -59,7 +59,7 @@ fn repo_details_find_default_push_remote_finds_correct_remote() -> Result<()> {
repo_details.forge = repo_details repo_details.forge = repo_details
.forge .forge
.with_user(User::new("git".to_string())) .with_user(User::new("git".to_string()))
.with_token(ApiToken::new(Secret::new(String::new()))) .with_token(ApiToken::new(SecretString::from(String::new())))
.with_hostname(Hostname::new("git.kemitix.net")); .with_hostname(Hostname::new("git.kemitix.net"));
repo_details.repo_path = RepoPath::new("kemitix/git-next".to_string()); repo_details.repo_path = RepoPath::new("kemitix/git-next".to_string());
let Ok(open_repository) = git::repository::factory::real().open(&repo_details) else { let Ok(open_repository) = git::repository::factory::real().open(&repo_details) else {
@ -95,7 +95,7 @@ fn gitdir_validate_should_pass_a_valid_git_repo() -> Result<()> {
repo_details.forge = repo_details repo_details.forge = repo_details
.forge .forge
.with_user(User::new("git".to_string())) .with_user(User::new("git".to_string()))
.with_token(ApiToken::new(Secret::new(String::new()))) .with_token(ApiToken::new(SecretString::from(String::new())))
.with_hostname(Hostname::new("git.kemitix.net")); .with_hostname(Hostname::new("git.kemitix.net"));
tracing::debug!("opening..."); tracing::debug!("opening...");
let Ok(repository) = git::repository::factory::real().open(&repo_details) else { let Ok(repository) = git::repository::factory::real().open(&repo_details) else {
@ -129,7 +129,7 @@ fn gitdir_validate_should_fail_a_git_repo_with_wrong_remote() {
repo_details.forge = repo_details repo_details.forge = repo_details
.forge .forge
.with_user(User::new("git".to_string())) .with_user(User::new("git".to_string()))
.with_token(ApiToken::new(Secret::new(String::new()))) .with_token(ApiToken::new(SecretString::from(String::new())))
.with_hostname(Hostname::new("git.kemitix.net")); .with_hostname(Hostname::new("git.kemitix.net"));
let Ok(repository) = git::repository::factory::real().open(&repo_details) else { let Ok(repository) = git::repository::factory::real().open(&repo_details) else {
// .git directory may not be present on dev environment // .git directory may not be present on dev environment

View file

@ -2,10 +2,10 @@
/// `ForgeJo`: <https://{hostname}/user/settings/applications> /// `ForgeJo`: <https://{hostname}/user/settings/applications>
/// `Github`: <https://github.com/settings/tokens> /// `Github`: <https://github.com/settings/tokens>
#[derive(Clone, Debug, derive_more::Constructor)] #[derive(Clone, Debug, derive_more::Constructor)]
pub struct ApiToken(secrecy::Secret<String>); pub struct ApiToken(secrecy::SecretString);
/// The API Token is in effect a password, so it must be explicitly exposed to access its value /// The API Token is in effect a password, so it must be explicitly exposed to access its value
impl secrecy::ExposeSecret<String> for ApiToken { impl secrecy::ExposeSecret<str> for ApiToken {
fn expose_secret(&self) -> &String { fn expose_secret(&self) -> &str {
self.0.expose_secret() self.0.expose_secret()
} }
} }

View file

@ -10,7 +10,7 @@ use std::{
use derive_more::{Constructor, Display}; use derive_more::{Constructor, Display};
use kxio::fs::FileSystem; use kxio::fs::FileSystem;
use secrecy::Secret; use secrecy::SecretString;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tracing::info; use tracing::info;
@ -242,8 +242,11 @@ impl Shout {
self.webhook.clone().map(|x| x.url) self.webhook.clone().map(|x| x.url)
} }
pub fn webhook_secret(&self) -> Option<Secret<String>> { pub fn webhook_secret(&self) -> Option<SecretString> {
self.webhook.clone().map(|x| x.secret).map(Secret::new) self.webhook
.clone()
.map(|x| x.secret)
.map(SecretString::from)
} }
#[must_use] #[must_use]
@ -278,8 +281,8 @@ impl OutboundWebhook {
self.url.as_ref() self.url.as_ref()
} }
#[must_use] #[must_use]
pub fn secret(&self) -> Secret<String> { pub fn secret(&self) -> SecretString {
Secret::new(self.secret.clone()) SecretString::from(self.secret.clone())
} }
} }

View file

@ -539,7 +539,7 @@ mod server {
let shout_webhook_url = shout.webhook_url().unwrap_or_default(); let shout_webhook_url = shout.webhook_url().unwrap_or_default();
let shout_webhook_secret = shout let shout_webhook_secret = shout
.webhook_secret() .webhook_secret()
.map(|secret| secret.expose_secret().clone()) .map(|secret| secret.expose_secret().to_string())
.unwrap_or_default(); .unwrap_or_default();
let_assert!(Some(shout_email) = shout.email()); let_assert!(Some(shout_email) = shout.email());
let shout_email_from = shout_email.from(); let shout_email_from = shout_email.from();

View file

@ -11,7 +11,7 @@ use crate::{
use std::sync::{Arc, RwLock}; use std::sync::{Arc, RwLock};
use secrecy::{ExposeSecret, Secret}; use secrecy::{ExposeSecret, SecretString};
use tracing::instrument; use tracing::instrument;
/// The derived information about a repo, used to interact with it /// The derived information about a repo, used to interact with it
@ -53,7 +53,7 @@ impl RepoDetails {
), ),
} }
} }
pub(crate) fn origin(&self) -> secrecy::Secret<String> { pub(crate) fn origin(&self) -> secrecy::SecretString {
let repo_details = self; let repo_details = self;
let user = &repo_details.forge.user(); let user = &repo_details.forge.user();
let hostname = &repo_details.forge.hostname(); let hostname = &repo_details.forge.hostname();
@ -78,7 +78,7 @@ impl RepoDetails {
} }
// url is a secret as it contains auth token // url is a secret as it contains auth token
pub(crate) fn url(&self) -> Secret<String> { pub(crate) fn url(&self) -> SecretString {
let user = self.forge.user(); let user = self.forge.user();
let token = self.forge.token().expose_secret(); let token = self.forge.token().expose_secret();
let auth_delim = if token.is_empty() { "" } else { ":" }; let auth_delim = if token.is_empty() { "" } else { ":" };

View file

@ -60,10 +60,8 @@ impl RepositoryFactory for RealRepositoryFactory {
fn git_clone(&self, repo_details: &RepoDetails) -> Result<Box<dyn OpenRepositoryLike>> { fn git_clone(&self, repo_details: &RepoDetails) -> Result<Box<dyn OpenRepositoryLike>> {
tracing::info!("creating"); tracing::info!("creating");
let (gix_repo, _outcome) = gix::prepare_clone_bare( let (gix_repo, _outcome) =
repo_details.origin().expose_secret().as_str(), gix::prepare_clone_bare(repo_details.origin().expose_secret(), &*repo_details.gitdir)?
&*repo_details.gitdir,
)?
.fetch_only(gix::progress::Discard, &AtomicBool::new(false))?; .fetch_only(gix::progress::Discard, &AtomicBool::new(false))?;
tracing::info!("created"); tracing::info!("created");
let repo = RealOpenRepository::new( let repo = RealOpenRepository::new(

View file

@ -112,7 +112,7 @@ impl super::OpenRepositoryLike for RealOpenRepository {
} }
}; };
// INFO: never log the command as it contains the API token within the 'origin' // INFO: never log the command as it contains the API token within the 'origin'
let command: secrecy::Secret<String> = format!( let command: secrecy::SecretString = format!(
"/usr/bin/git push {} {to_commit}:{branch_name} {force}", "/usr/bin/git push {} {to_commit}:{branch_name} {force}",
origin.expose_secret() origin.expose_secret()
) )