chore(deps): update secrecy 0.8.0 -> 0.10.3

alexpovel · alexpovel · commit b2aa4d7f8581 · 2024-10-11T11:32:04.000+02:00
I diffed the actual crates.io contents via ```bash curl -L https://crates.io/api/v1/crates/secrecy/${VERSION}/download | tar -xf - ``` with `VERSION` as `0.8.0` and `0.10.3`, then diffing via git. It revealed nothing suspicious, with changes as claimed per their CHANGELOG.md. 0.10.0 had some breaking changes. `Secret<T>` is no longer a thing, instead there's `SecretBox<T>`. It turned out secrecy usage in bors is limited, and private keys are fed as PEM-encoded `String`s. For this, there's `SecretString`, which is just an alias for `SecretBox<str>`. Accepting it and converting to bytes in `create_github_client` simplifies code at the call sites a bit.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -44,7 +44,7 @@ http = "1.1.0"
 sha2 = "0.10"
 hmac = "0.12"
 hex = "0.4"
-secrecy = "0.8"
+secrecy = "0.10.3"
 
 # Database
 sqlx = { version = "0.8.1", features = ["runtime-tokio", "tls-rustls", "postgres", "chrono"] }
diff --git a/src/bin/bors.rs b/src/bin/bors.rs
@@ -86,7 +86,7 @@ fn try_main(opts: Opts) -> anyhow::Result<()> {
         let client = create_github_client(
             opts.app_id.into(),
             "https://api.github.com".to_string(),
-            opts.private_key.into_bytes().into(),
+            opts.private_key.into(),
         )?;
         let repos = RepositoryLoader::new(client.clone())
             .load_repositories(&team_api)
diff --git a/src/github/api/mod.rs b/src/github/api/mod.rs
@@ -5,7 +5,7 @@ use anyhow::Context;
 use arc_swap::ArcSwap;
 use octocrab::models::{App, AppId, InstallationRepositories, Repository};
 use octocrab::Octocrab;
-use secrecy::{ExposeSecret, SecretVec};
+use secrecy::{ExposeSecret, SecretString};
 
 use client::GithubRepositoryClient;
 
@@ -23,9 +23,9 @@ fn base_github_html_url() -> &'static str {
 pub fn create_github_client(
     app_id: AppId,
     github_url: String,
-    private_key: SecretVec<u8>,
+    private_key: SecretString,
 ) -> anyhow::Result<Octocrab> {
-    let key = jsonwebtoken::EncodingKey::from_rsa_pem(private_key.expose_secret().as_ref())
+    let key = jsonwebtoken::EncodingKey::from_rsa_pem(private_key.expose_secret().as_bytes())
         .context("Could not encode private key")?;
 
     Octocrab::builder()
diff --git a/src/github/webhook.rs b/src/github/webhook.rs
@@ -35,7 +35,7 @@ impl WebhookSecret {
     }
 
     pub fn expose(&self) -> &str {
-        self.0.expose_secret().as_str()
+        self.0.expose_secret()
     }
 }
 
diff --git a/src/tests/mocks/github.rs b/src/tests/mocks/github.rs
@@ -85,7 +85,7 @@ impl GitHubMockServer {
         create_github_client(
             default_app_id().into(),
             self.mock_server.uri(),
-            GITHUB_MOCK_PRIVATE_KEY.as_bytes().to_vec().into(),
+            GITHUB_MOCK_PRIVATE_KEY.into(),
         )
         .unwrap()
     }

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ impl WebhookSecret {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`pub fn expose(&self) -> &str {`
`38`		`- self.0.expose_secret().as_str()`
	`38`	`+ self.0.expose_secret()`
`39`	`39`	`}`
`40`	`40`	`}`
`41`	`41`
Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ impl GitHubMockServer {`
`85`	`85`	`create_github_client(`
`86`	`86`	`default_app_id().into(),`
`87`	`87`	`self.mock_server.uri(),`
`88`		`- GITHUB_MOCK_PRIVATE_KEY.as_bytes().to_vec().into(),`
	`88`	`+ GITHUB_MOCK_PRIVATE_KEY.into(),`
`89`	`89`	`)`
`90`	`90`	`.unwrap()`
`91`	`91`	`}`