Skip to content

update: Upgrade all dependencies to latest versions#173

Merged
inureyes merged 2 commits intomainfrom
update/dependency-versions-2026-04
Apr 3, 2026
Merged

update: Upgrade all dependencies to latest versions#173
inureyes merged 2 commits intomainfrom
update/dependency-versions-2026-04

Conversation

@inureyes
Copy link
Copy Markdown
Member

@inureyes inureyes commented Apr 3, 2026

Summary

  • Upgrade 30+ crate dependencies to latest compatible versions
  • Sync bssh-russh fork with upstream russh 0.59.0 (from 0.56.0), gaining 21% throughput improvement and security patches
  • Migrate OpenTelemetry from 0.21 to 0.31 with full API rewrite
  • Adapt bssh code to russh 0.59 breaking API changes (CryptoVec → bytes::Bytes)

Key dependency upgrades

Package From To Notes
bssh-russh (fork) 0.56 0.59 CryptoVec→Bytes, ml-kem, security patches
opentelemetry 0.21 0.31 Full API rewrite
tokio 1.48 1.50
clap 4.5 4.6
nix 0.30 0.31
bcrypt 0.16 0.19
rustyline 17 18
ipnetwork 0.20 0.21

Test plan

  • cargo build passes
  • cargo clippy passes with no warnings
  • 1193/1196 unit tests pass (3 failures are pre-existing macOS Keychain permission tests)
  • Integration tests compile
  • Benchmarks compile

@inureyes
update: Upgrade all dependencies to latest versions
3867f3f 
- Upgrade 30+ crate dependencies to latest compatible versions
- Sync bssh-russh fork with upstream russh 0.59.0 (from 0.56.0)
  - 21% throughput improvement from CryptoVec → bytes::Bytes migration
  - RSA Marvin attack mitigation, ml-kem replacement, aws-lc-rs security patch
  - Certificate-based SSH agent authentication support
  - Re-apply PTY output batch processing patch on new codebase
- Migrate OpenTelemetry from 0.21 to 0.31
  - Rewrite otel.rs for new SdkLoggerProvider, Resource::builder, LogRecord API
- Adapt bssh code to russh 0.59 API changes
  - Handle::data/extended_data now takes impl Into<bytes::Bytes>
  - AgentIdentity comparison via public_key()
  - Add bytes crate as direct dependency
- Keep rand at 0.8 in main crate (ssh-key requires rand_core 0.6)
@inureyes inureyes added type:enhancement New feature or request status:ready Ready to be worked on priority:medium Medium priority issue labels Apr 3, 2026
@inureyes inureyes merged commit ec51a9a into main Apr 3, 2026
2 checks passed
@inureyes inureyes deleted the update/dependency-versions-2026-04 branch April 3, 2026 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

priority:medium Medium priority issue status:ready Ready to be worked on type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@inureyes