Skip to content

Commit a803a10

Browse files
authored
fix(deps): update cargo minor/patch updates (#1595)
Bumps the Cargo minor/patch updates from #1593 and fixes the code break the version-only bump left behind: | Package | Update | |---|---| | chrono | `0.4.44` → `0.4.45` (patch) | | prost | `0.14.3` → `0.14.4` (patch) | | sha2 | `0.10` → `0.11` (minor) | ## Why a new PR #1593 (Renovate) bumped only the manifest/lockfile. `sha2` 0.11 pulls in `digest` 0.11, whose `finalize()` now returns a `hybrid_array::Array` that no longer implements `LowerHex` — so the `format!("{:x}", …)` digest formatting in `self_update` no longer compiles, and every CI job on #1593 fails. This PR adds a small `hex_encode` helper over the digest bytes and uses it at all four call sites, so the bump actually builds and passes. ## Verification - `cargo build -p mergify-cli` ✅ - `cargo test -p mergify-cli` (self_update tests) ✅ - `cargo clippy --all-targets --workspace -- -D warnings` ✅ - `cargo fmt --check` ✅ Closes #1593. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
1 parent 06f90e3 commit a803a10

3 files changed

Lines changed: 51 additions & 34 deletions

File tree

Cargo.lock

Lines changed: 34 additions & 29 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/mergify-cli/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ mergify-stack = { path = "../mergify-stack" }
3333
# can't-rename-over-a-running-exe dance cross-platform.
3434
reqwest = { version = "0.13", default-features = false, features = ["rustls", "json"] }
3535
self-replace = "1"
36-
sha2 = "0.10"
36+
sha2 = "0.11"
3737
tempfile = "3"
3838
# Backs the `_internal dump-cli-schema` generator (serializing the
3939
# clap command tree) and the Python-migration helpers (`_internal

crates/mergify-cli/src/self_update.rs

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,18 @@ async fn download_text(client: &reqwest::Client, url: &str) -> Result<String, Cl
203203
.map_err(|e| CliError::Generic(format!("non-UTF8 body from {url}: {e}")))
204204
}
205205

206+
/// Render digest bytes as a lowercase hex string. `sha2` 0.11 returns
207+
/// a `hybrid_array::Array` from `finalize()` that no longer implements
208+
/// `LowerHex`, so we format the bytes ourselves.
209+
fn hex_encode(bytes: &[u8]) -> String {
210+
use std::fmt::Write;
211+
let mut s = String::with_capacity(bytes.len() * 2);
212+
for b in bytes {
213+
let _ = write!(s, "{b:02x}");
214+
}
215+
s
216+
}
217+
206218
/// Verify the downloaded archive's SHA256 against the entry for
207219
/// `asset_name` in `SHA256SUMS`. Mirrors `install.sh` exactly: the
208220
/// line must split as `<hash> <name>` on whitespace where the
@@ -237,7 +249,7 @@ fn verify_checksum(archive: &[u8], asset_name: &str, sums: &str) -> Result<(), C
237249
}
238250
let mut hasher = Sha256::new();
239251
hasher.update(archive);
240-
let actual = format!("{:x}", hasher.finalize());
252+
let actual = hex_encode(&hasher.finalize());
241253
if actual.eq_ignore_ascii_case(expected) {
242254
Ok(())
243255
} else {
@@ -351,7 +363,7 @@ mod tests {
351363
let archive = fixture_archive();
352364
let mut h = Sha256::new();
353365
h.update(&archive);
354-
let hash = format!("{:x}", h.finalize());
366+
let hash = hex_encode(&h.finalize());
355367
let sums = format!("{hash} mergify-x86_64-unknown-linux-gnu.tar.gz\n");
356368
verify_checksum(&archive, "mergify-x86_64-unknown-linux-gnu.tar.gz", &sums).unwrap();
357369
}
@@ -385,7 +397,7 @@ mod tests {
385397
let archive = fixture_archive();
386398
let mut h = Sha256::new();
387399
h.update(&archive);
388-
let hash = format!("{:x}", h.finalize());
400+
let hash = hex_encode(&h.finalize());
389401
let sums = format!("{hash} mergify-x86_64-pc-windows-msvc.zip\n");
390402
let err = verify_checksum(&archive, "msvc.zip", &sums).unwrap_err();
391403
assert!(
@@ -404,7 +416,7 @@ mod tests {
404416
let archive = fixture_archive();
405417
let mut h = Sha256::new();
406418
h.update(&archive);
407-
let hash = format!("{:x}", h.finalize());
419+
let hash = hex_encode(&h.finalize());
408420
let sums = format!("{hash} mergify-x86_64-unknown-linux-gnu.tar.gz extra\n");
409421
let err = verify_checksum(&archive, "mergify-x86_64-unknown-linux-gnu.tar.gz", &sums)
410422
.unwrap_err();

0 commit comments

Comments
 (0)