Remove deprecated third argument to BCrypt::Engine.hash_secret#145
Open
harelsafra wants to merge 1 commit into
Open
Remove deprecated third argument to BCrypt::Engine.hash_secret#145harelsafra wants to merge 1 commit into
harelsafra wants to merge 1 commit into
Conversation
The cost factor (10) is already encoded in the static SALT
('$2a$10$...'), so passing :cost => 10 as the third argument to
hash_secret is redundant and ignored. bcrypt >= 3.1.19 emits a
deprecation warning for this argument:
[DEPRECATION] Passing the third argument to
`BCrypt::Engine.hash_secret` is deprecated.
Verified the produced hash is byte-for-byte identical with and
without the argument. Fixes aerospike-community#140.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #140.
Problem
LoginCommand.hash_passwordcalls:Since bcrypt
3.1.19, passing a third argument tohash_secretemits:The warning fires on every client/cluster initialization (see the stack trace in #140).
Fix
The cost factor is already encoded in the static
SALT($2a$10$...→ cost 10), so the explicit:cost => 10argument is redundant and ignored by bcrypt. This PR removes it.Verification
The produced hash is byte-for-byte identical with and without the argument:
So authentication behavior is unchanged; only the deprecation warning is silenced.
🤖 Generated with Claude Code