Fix Pkcs11::new bug preventing PKCS#11 library loading and bump rust-version and update deps

[mematthias]

Update crates: cargo update and fix Clippy warnings

This pull request was originally intended to cover multiple changes, but it has now been split into several smaller parts for clarity and easier review.

This PR is focused solely on crate updates and cleanup:

• Re-ran cargo update to ensure dependencies are up to date
• Fixed all warnings reported by cargo clippy

Further related changes will follow in separate pull requests.

Old description

// # Summary
//
// This PR fixes a critical issue in `Pkcs11::new` that prevented my PKCS#11 library from being loaded correctly. The root cause was the use of `MaybeUninit::uninit()` in a context where zero-initialized or `null`-assigned variables were required. This has been resolved by using explicitly `null`-assigned variables instead.
//
// # Changes
//
// - Fixed bug in `Pkcs11::new` related to improper initialization, resolving library loading failure
// - Made the `basic.rs` test module compile again
// - Ran `cargo update` to bring dependencies up to date
// - Raised `rust-version` to `1.77` in `Cargo.toml`, as `mem::offset_of` is used and only available from that version onward

[Jakuje]

Thank you for the fix for this issue!

It would be good if you could provide the changes at least in separate commits (or ideally as separate PRs) . Now there is everything mixed up in one commit (that is missing the sing-off) and then there is a fixup commit reverting one of the changes. We are certainly interested in the fix, but I am not sure if we want to pull all the changes of dependencies.

Do you know why the CI still works on the rust 1.66 when the offset_of is used? Or is it only on some configurations?

[mematthias]

I've opened a new #291 PR that includes only the small change related to Pkcs11::new.
Unfortunately, I don't immediately know why offset_of works within the CI.
I've only tested this on Windows without performing any manual configuration.

[Jakuje]

Interesting, The CI runs only on Linux now. From what I see, it looks the the offset_of was there before 1.77, but was stabilized with 1.77. Is there some way to run (at least build of rust crate) in GH Actions CI on Windows? It might help to catch some differences.

[wiktor-k]

Is there some way to run (at least build of rust crate) in GH Actions CI on Windows? It might help to catch some differences.

I've worked on it at #276. Maybe it'd be good to merge it early to have at least a check if everything looks sane? 🤔

[hug-dev]

Thank you!! Looks good to me but we need to:

• decide if it's ok to bump the MRSV version. This mostly depends on where cryptoki is used: Ubuntu, Fedora, Microsoft, MacOS. We should have a look at what's the rustc version in the most common distribution
• investigate why the MRSV CI check does not work 😅

You might also need to rebase to latest main since I have now added the Windows build as required!

[hug-dev]

Thank you that's great!

[hug-dev]

Not related with your PR and you don't need to change anything here but this made me thinking that we could add a dependabot check in some nightly CI which could check that we use the latest dependencies, and update if not!

[wiktor-k]

Agreed. It took me quite a while to locate the actual change, even though I've seen it earlier 😅

Maybe it's best to split this into several smaller PRs and keep this one only about the fix? 🤔

(Sorry for putting you for even more work 🙇 )

[hug-dev]

@mematthias made a good job of splitting between different commit and there seems to be one just to address the bug, would that be enough 🕵️?

[wiktor-k]

That first commit is still kind-of packed: 860d945 and it includes stuff such as raising MRSV to 1.77 that has been done in another PR...

I just itches me to restructure these commits differently but... maybe it's just my OCD 😅

[Jakuje]

I think it should be just rebased (instead of doing the merge commits on the way.

[Jakuje]

The PR needs to be rebased (instead of including merge commits). Also the PR title needs adjustments to reflect the rust-version was really bumped in separate previous commit, otherwise it is super-confusing for any further reader.

[Jakuje]

for paste we have separate issue #279 where it is considered unmaintained (or feature complete -- depending on the point of view) and @hug-dev had a proposal to remove the dependency . Given that it is used only in one place and audit will show the issues with that, I would rather go with removing it than updating. @hug-dev can you open a PR with the proposed change in there to remove it?

[Jakuje]

I think it should be just rebased (instead of doing the merge commits on the way.