navicore/anz
1
0
Fork 0
Code Issues 2 Pull requests Releases 23 Packages 1 Activity Actions

Update Rust crate rpassword to v7 #26

Merged
navicore merged 1 commit from renovate/rpassword-7.x into main 2026-05-25 12:42:56 +00:00
Conversation 0 Commits 1 Files changed 2 +95 -33
navicore commented 2026-05-25 08:02:22 +00:00
Owner
Copy link

This PR contains the following updates:

Package Type Update Change
rpassword dependencies major 57

Release Notes

conradkleinespel/rpassword (rpassword)

v7.5.3

Compare Source

Fixes compile errors with Rust 1.85. Thanks @​nwalfield for reporting in #​130.

Backwards compatible. No breaking change.

v7.5.2

Compare Source

Fixes a Unicode parsing bug which could lead to unwarranted panic (6c19a1e).

Backwards compatible. No breaking change.

v7.5.1

Compare Source

This release fixes a cross-platform compilation issue that appeared in v.7.5.0 (60ee071).

Thanks @​aharpervc for bringing this to my attention in #​126.

Backwards compatible. No breaking change.

v7.5.0

Compare Source

This release comes with lots of stuff. It should be fully backward compatible.

New features

  • Support for masking or partially masking a password as it's being typed. Thank you, @​chipsenkbeil, for your contribution.
  • New API. The documentation has been vastly improved to support this, see https://docs.rs/rpassword/. To sum up, you can now call read_password_with_config(config) and there is a ConfigBuilder that allows you to configure how passwords should be read. This makes the library much more flexible and means new options will be added without breaking existing code.

Fixes

  • Fix for CVE-2025-64170 which affects rpassword on versions v7.4.0 and below. Thank you, @​squell and @​DevLaTron, for reporting this.
  • Better support for multibyte characters and more reliable handling of control characters and terminal escape sequences. Thank you again, @​chipsenkbeil, for your contribution.

Deprecations

  • _from_bufread functions have been deprecated. You are encouraged to migrate to _with_config functions. See UPGRADE.md as well as the documentation which has examples that you can most likely drop into your code without other changes.

Misc

  • Update of the windows-sys dependency.
  • Update Rust edition from 2018 to 2024.
  • Better cross-platform testing, through more unit tests and a CI that runs Linux, Windows and Wasm.

Feedback is very much welcome.

v7.4.0

Compare Source

Changes and updates in this release:

I've noticed after publishing the release that the size of the crate on crates.io went from 7KiB to 121KiB. That's due to the addition of an image in the README.md, which I did not anticipate would be distributed to everyone. The fix (7c30111) will be included in the next release.

No functionality changes in this release. It is backwards compatible.

v7.3.1

Compare Source

This release updates the README.md, so the latest version appears on crates.io.

No functionality changes in this release. It is backwards compatible.

v7.3.0

Compare Source

The winapi package has been replaced with the windows-sys package developed by Microsoft. Thanks for your help, @​messense!

No functionality changes in this release. It is backwards compatible.

v7.2.0

Compare Source

This release completely removes the dependency on serde. It adds a new dependency rtoolbox which are utility functions I use in multiple projects. This change is meant to improve supply chain security. I don't own serde but I do own rtoolbox. Code for rtoolbox is available here: https://github.com/conradkleinespel/rtoolbox.

No functionality changes in this release. It is backwards compatible.

v7.1.0

Compare Source

This release includes a fix from @​LSchallot which allows users to hit Ctrl-U to remove the password and start from scratch, similar to when you hit Ctrl-U in your terminal to clear the line.

It also specifies a minimum Rust version in Cargo.toml.

v7.0.0

Compare Source

This release contains a potentially breaking change in that it removes the dependency on serde. But in most cases you should not need to change any of your code. Thanks @​BlackHoleFox for the help.

Thanks also @​NovaliX-Dev for fixing a bug on Windows, see 3858917.

You will need at least Rust 1.60 to use this new release.

v6.0.1

Compare Source

No code changes. Updated docs so they display correctly on sites such as https://docs.rs/rpassword and https://crates.io/crates/rpassword.

v6.0.0

Compare Source

This release contains breaking changes.

Notable changes:

  • API changes to be more flexible and more generic;
  • move to Rust 2018 edition;
  • WASM/WASI support, thanks @​john-sharratt.

The API has changed from:

pub fn read_password() -> Result<String>
pub fn read_password_from_tty(prompt: Option<&str>) -> ::std::io::Result<String>
pub fn read_password_with_reader<T: BufRead>(source: Option<&mut T>) -> Result<String>

pub fn prompt_password_stdout(prompt: &str) -> std::io::Result<String>
pub fn prompt_password_stderr(prompt: &str) -> std::io::Result<String>

To:

pub fn read_password_from_bufread(reader: &mut impl BufRead) -> std::io::Result<String>
pub fn read_password() -> std::io::Result<String>

pub fn prompt_password_from_bufread(reader: &mut impl BufRead, writer: &mut impl Write, prompt: impl ToString) -> std::io::Result<String>
pub fn prompt_password(prompt: impl ToString) -> std::io::Result<String>

By default, reading and writing is done from/to the TTY instead of stdin/stdout. This is more reliable for most cases. If you need to read or write from/to a different place, the function versions with from_bufread allow you to pass anything you'd like.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 08:00 AM and 09:59 AM, only on Monday and Thursday (* 8-9 * * 1,4)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [rpassword](https://github.com/conradkleinespel/rpassword) | dependencies | major | `5` → `7` | --- ### Release Notes <details> <summary>conradkleinespel/rpassword (rpassword)</summary> ### [`v7.5.3`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.5.3) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.5.2...v7.5.3) Fixes compile errors with Rust 1.85. Thanks [@&#8203;nwalfield](https://github.com/nwalfield) for reporting in [#&#8203;130](https://github.com/conradkleinespel/rpassword/issues/130). Backwards compatible. No breaking change. ### [`v7.5.2`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.5.2) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.5.1...v7.5.2) Fixes a Unicode parsing bug which could lead to unwarranted panic ([`6c19a1e`](https://github.com/conradkleinespel/rpassword/commit/6c19a1e3160f2a52d3a0b433b5e62bbdeead4391)). Backwards compatible. No breaking change. ### [`v7.5.1`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.5.1) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.5.0...v7.5.1) This release fixes a cross-platform compilation issue that appeared in v.7.5.0 ([`60ee071`](https://github.com/conradkleinespel/rpassword/commit/60ee07189580c6e4ca2dc6c89990634ab50f0b0e)). Thanks [@&#8203;aharpervc](https://github.com/aharpervc) for bringing this to my attention in [#&#8203;126](https://github.com/conradkleinespel/rpassword/pull/126). Backwards compatible. No breaking change. ### [`v7.5.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.5.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.4.0...v7.5.0) This release comes with lots of stuff. It should be fully backward compatible. #### New features - Support for masking or partially masking a password as it's being typed. Thank you, [@&#8203;chipsenkbeil](https://github.com/chipsenkbeil), for your contribution. - New API. The documentation has been vastly improved to support this, see <https://docs.rs/rpassword/>. To sum up, you can now call `read_password_with_config(config)` and there is a `ConfigBuilder` that allows you to configure how passwords should be read. This makes the library much more flexible and means new options will be added without breaking existing code. #### Fixes - Fix for CVE-2025-64170 which affects `rpassword` on versions v7.4.0 and below. Thank you, [@&#8203;squell](https://github.com/squell) and [@&#8203;DevLaTron](https://github.com/DevLaTron), for reporting this. - Better support for multibyte characters and more reliable handling of control characters and terminal escape sequences. Thank you again, [@&#8203;chipsenkbeil](https://github.com/chipsenkbeil), for your contribution. #### Deprecations - `_from_bufread` functions have been deprecated. You are encouraged to migrate to `_with_config` functions. See [UPGRADE.md](https://github.com/conradkleinespel/rpassword/blob/main/UPGRADE.md) as well as the [documentation which has examples](https://docs.rs/rpassword/latest/rpassword/fn.read_password_from_bufread.html) that you can most likely drop into your code without other changes. #### Misc - Update of the `windows-sys` dependency. - Update Rust edition from 2018 to 2024. - Better cross-platform testing, through more unit tests and a CI that runs Linux, Windows and Wasm. Feedback is very much welcome. ### [`v7.4.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.4.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.3.1...v7.4.0) Changes and updates in this release: - Updates `windows-sys` from `0.52` to `0.59`, see [`cb2244a`](https://github.com/conradkleinespel/rpassword/commit/cb2244aba3e6b4358cf489e61c8e35c564e31952); - Improves Chinese character handling, the commit is in the `rtoolbox` crate (<https://github.com/conradkleinespel/rtoolbox>). Thank you [@&#8203;Jordan-Haidee](https://github.com/Jordan-Haidee) for providing a fix in [#&#8203;97](https://github.com/conradkleinespel/rpassword/issues/97). I've noticed after publishing the release that the size of the crate on crates.io went from `7KiB` to `121KiB`. That's due to the addition of an image in the `README.md`, which I did not anticipate would be distributed to everyone. The fix ([`7c30111`](https://github.com/conradkleinespel/rpassword/commit/7c30111dda0242967bd5ac494fbf3089d3d74dc6)) will be included in the next release. No functionality changes in this release. It is backwards compatible. ### [`v7.3.1`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.3.1) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.3.0...v7.3.1) This release updates the `README.md`, so the latest version appears on crates.io. No functionality changes in this release. It is backwards compatible. ### [`v7.3.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.3.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.2.0...v7.3.0) The `winapi` package has been replaced with the `windows-sys` package developed by Microsoft. Thanks for your help, [@&#8203;messense](https://github.com/messense)! No functionality changes in this release. It is backwards compatible. ### [`v7.2.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.2.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.1.0...v7.2.0) This release completely removes the dependency on `serde`. It adds a new dependency `rtoolbox` which are utility functions I use in multiple projects. This change is meant to improve supply chain security. I don't own `serde` but I do own` rtoolbox`. Code for `rtoolbox` is available here: <https://github.com/conradkleinespel/rtoolbox>. No functionality changes in this release. It is backwards compatible. ### [`v7.1.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.1.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v7.0.0...v7.1.0) This release includes a fix from [@&#8203;LSchallot](https://github.com/LSchallot) which allows users to hit Ctrl-U to remove the password and start from scratch, similar to when you hit Ctrl-U in your terminal to clear the line. It also specifies a minimum Rust version in `Cargo.toml`. ### [`v7.0.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v7.0.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v6.0.1...v7.0.0) This release contains a potentially breaking change in that it removes the dependency on `serde`. But **in most cases you should not need to change any of your code**. Thanks [@&#8203;BlackHoleFox](https://github.com/BlackHoleFox) for the help. Thanks also [@&#8203;NovaliX-Dev](https://github.com/NovaliX-Dev) for fixing a bug on Windows, see [`3858917`](https://github.com/conradkleinespel/rpassword/commit/38589177d2014c70e04cd93d178ab098333fa742). You will need at least Rust 1.60 to use this new release. ### [`v6.0.1`](https://github.com/conradkleinespel/rpassword/releases/tag/v6.0.1) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v6.0.0...v6.0.1) No code changes. Updated docs so they display correctly on sites such as <https://docs.rs/rpassword> and <https://crates.io/crates/rpassword>. ### [`v6.0.0`](https://github.com/conradkleinespel/rpassword/releases/tag/v6.0.0) [Compare Source](https://github.com/conradkleinespel/rpassword/compare/v5.0.1...v6.0.0) **This release contains breaking changes.** Notable changes: - API changes to be more flexible and more generic; - move to Rust 2018 edition; - WASM/WASI support, thanks [@&#8203;john-sharratt](https://github.com/john-sharratt). *** The API has changed from: ``` pub fn read_password() -> Result<String> pub fn read_password_from_tty(prompt: Option<&str>) -> ::std::io::Result<String> pub fn read_password_with_reader<T: BufRead>(source: Option<&mut T>) -> Result<String> pub fn prompt_password_stdout(prompt: &str) -> std::io::Result<String> pub fn prompt_password_stderr(prompt: &str) -> std::io::Result<String> ``` To: ``` pub fn read_password_from_bufread(reader: &mut impl BufRead) -> std::io::Result<String> pub fn read_password() -> std::io::Result<String> pub fn prompt_password_from_bufread(reader: &mut impl BufRead, writer: &mut impl Write, prompt: impl ToString) -> std::io::Result<String> pub fn prompt_password(prompt: impl ToString) -> std::io::Result<String> ``` By default, reading and writing is done from/to the TTY instead of stdin/stdout. This is more reliable for most cases. If you need to read or write from/to a different place, the function versions with `from_bufread` allow you to pass anything you'd like. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Between 08:00 AM and 09:59 AM, only on Monday and Thursday (`* 8-9 * * 1,4`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSIsInJ1c3QiXX0=-->
Update Rust crate rpassword to v7
All checks were successful
CI / ci (pull_request) Successful in 3m30s
Details
0172539abe
navicore deleted branch renovate/rpassword-7.x 2026-05-25 12:42:56 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
rust
Pull requests that update rust code

  
wontfix
This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
rust
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
navicore/anz!26
No description provided.