[PR #371] [MERGED] Update base64 requirement from 0.13.0 to 0.20.0 #419

New issue

Closed

opened 2026-02-27 20:24:39 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 20:24:39 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/ramsayleung/rspotify/pull/371
Author: @dependabot[bot]
Created: 12/12/2022
Status: ✅ Merged
Merged: 12/29/2022
Merged by: @marioortizmanero

Base: master ← Head: dependabot/cargo/base64-0.20.0

---

📝 Commits (2)

• 2fcc04d Update base64 requirement from 0.13.0 to 0.20.0
• 5d348dc No need to use custom encoder

📊 Changes

2 files changed (+2 additions, -2 deletions)

View changed files

📝 Cargo.toml (+1 -1)
📝 src/auth_code_pkce.rs (+1 -1)

📄 Description

Updates the requirements on base64 to permit the latest version.

Changelog

Sourced from base64's changelog.

0.20.0

Breaking changes

• Update MSRV to 1.57.0
• Decoding can now either ignore padding, require correct padding, or require no padding. The default is to require correct padding.
  • The NO_PAD config now requires that padding be absent when decoding.

0.20.0-alpha.1

Breaking changes

• Extended the Config concept into the Engine abstraction, allowing the user to pick different encoding / decoding implementations.
  • What was formerly the only algorithm is now the FastPortable engine, so named because it's portable (works on any CPU) and relatively fast.
  • This opens the door to a portable constant-time implementation (#153, presumably ConstantTimePortable?) for security-sensitive applications that need side-channel resistance, and CPU-specific SIMD implementations for more speed.
  • Standard base64 per the RFC is available via DEFAULT_ENGINE. To use different alphabets or other settings (padding, etc), create your own engine instance.
• CharacterSet is now Alphabet (per the RFC), and allows creating custom alphabets. The corresponding tables that were previously code-generated are now built dynamically.
• Since there are already multiple breaking changes, various functions are renamed to be more consistent and discoverable.
• MSRV is now 1.47.0 to allow various things to use const fn.
• DecoderReader now owns its inner reader, and can expose it via into_inner(). For symmetry, EncoderWriter can do the same with its writer.
• encoded_len is now public so you can size encode buffers precisely.

0.13.1

• More precise decode buffer sizing, avoiding unnecessary allocation in decode_config.

0.13.0

• Config methods are const
• Added EncoderStringWriter to allow encoding directly to a String
• EncoderWriter now owns its delegate writer rather than keeping a reference to it (though refs still work)
  • As a consequence, it is now possible to extract the delegate writer from an EncoderWriter via finish(), which returns Result<W> instead of Result<()>. If you were calling finish() explicitly, you will now need to use let _ = foo.finish() instead of just foo.finish() to avoid a warning about the unused value.
• When decoding input that has both an invalid length and an invalid symbol as the last byte, InvalidByte will be emitted instead of InvalidLength to make the problem more obvious.

0.12.2

• Add BinHex alphabet

0.12.1

• Add Bcrypt alphabet

0.12.0

• A Read implementation (DecoderReader) to let users transparently decoded data from a b64 input source
• IMAP's modified b64 alphabet
• Relaxed type restrictions to just AsRef<[ut8]> for main encode*/decode* functions
• A minor performance improvement in encoding

0.11.0

• Minimum rust version 1.34.0

... (truncated)

Commits

• 9fcde48 v0.20.0
• 68919ae Merge pull request #202 from marshallpierce/mp/edition-2021
• f58f441 Also updated fuzzers
• d86e8c8 Update to edition 2021
• 766fbc9 Merge pull request #198 from marshallpierce/mp/invalid-padding
• 250323c More fuzzer fixes
• bcbc669 Minor cleanup
• 604a3ca fix fuzzers
• 0996b81 Merge branch 'master' into mp/invalid-padding
• 442a809 Merge pull request #197 from marshallpierce/mp/update-msrv
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ramsayleung/rspotify/pull/371 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 12/12/2022 **Status:** ✅ Merged **Merged:** 12/29/2022 **Merged by:** [@marioortizmanero](https://github.com/marioortizmanero) **Base:** `master` ← **Head:** `dependabot/cargo/base64-0.20.0` --- ### 📝 Commits (2) - [`2fcc04d`](https://github.com/ramsayleung/rspotify/commit/2fcc04db57708825ec8cc7f4563fd49ea8391bad) Update base64 requirement from 0.13.0 to 0.20.0 - [`5d348dc`](https://github.com/ramsayleung/rspotify/commit/5d348dcc2a355e63b18cb83a8eeaf7179ef99805) No need to use custom encoder ### 📊 Changes **2 files changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.toml` (+1 -1) 📝 `src/auth_code_pkce.rs` (+1 -1) </details> ### 📄 Description Updates the requirements on [base64](https://github.com/marshallpierce/rust-base64) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's changelog</a>.</em></p> <blockquote> <h1>0.20.0</h1> <h3>Breaking changes</h3> <ul> <li>Update MSRV to 1.57.0</li> <li>Decoding can now either ignore padding, require correct padding, or require no padding. The default is to require correct padding. <ul> <li>The <code>NO_PAD</code> config now requires that padding be absent when decoding.</li> </ul> </li> </ul> <h2>0.20.0-alpha.1</h2> <h3>Breaking changes</h3> <ul> <li>Extended the <code>Config</code> concept into the <code>Engine</code> abstraction, allowing the user to pick different encoding / decoding implementations. <ul> <li>What was formerly the only algorithm is now the <code>FastPortable</code> engine, so named because it's portable (works on any CPU) and relatively fast.</li> <li>This opens the door to a portable constant-time implementation (<a href="https://github-redirect.dependabot.com/marshallpierce/rust-base64/pull/153">#153</a>, presumably <code>ConstantTimePortable</code>?) for security-sensitive applications that need side-channel resistance, and CPU-specific SIMD implementations for more speed.</li> <li>Standard base64 per the RFC is available via <code>DEFAULT_ENGINE</code>. To use different alphabets or other settings (padding, etc), create your own engine instance.</li> </ul> </li> <li><code>CharacterSet</code> is now <code>Alphabet</code> (per the RFC), and allows creating custom alphabets. The corresponding tables that were previously code-generated are now built dynamically.</li> <li>Since there are already multiple breaking changes, various functions are renamed to be more consistent and discoverable.</li> <li>MSRV is now 1.47.0 to allow various things to use <code>const fn</code>.</li> <li><code>DecoderReader</code> now owns its inner reader, and can expose it via <code>into_inner()</code>. For symmetry, <code>EncoderWriter</code> can do the same with its writer.</li> <li><code>encoded_len</code> is now public so you can size encode buffers precisely.</li> </ul> <h1>0.13.1</h1> <ul> <li>More precise decode buffer sizing, avoiding unnecessary allocation in <code>decode_config</code>.</li> </ul> <h1>0.13.0</h1> <ul> <li>Config methods are const</li> <li>Added <code>EncoderStringWriter</code> to allow encoding directly to a String</li> <li><code>EncoderWriter</code> now owns its delegate writer rather than keeping a reference to it (though refs still work) <ul> <li>As a consequence, it is now possible to extract the delegate writer from an <code>EncoderWriter</code> via <code>finish()</code>, which returns <code>Result&lt;W&gt;</code> instead of <code>Result&lt;()&gt;</code>. If you were calling <code>finish()</code> explicitly, you will now need to use <code>let _ = foo.finish()</code> instead of just <code>foo.finish()</code> to avoid a warning about the unused value.</li> </ul> </li> <li>When decoding input that has both an invalid length and an invalid symbol as the last byte, <code>InvalidByte</code> will be emitted instead of <code>InvalidLength</code> to make the problem more obvious.</li> </ul> <h1>0.12.2</h1> <ul> <li>Add <code>BinHex</code> alphabet</li> </ul> <h1>0.12.1</h1> <ul> <li>Add <code>Bcrypt</code> alphabet</li> </ul> <h1>0.12.0</h1> <ul> <li>A <code>Read</code> implementation (<code>DecoderReader</code>) to let users transparently decoded data from a b64 input source</li> <li>IMAP's modified b64 alphabet</li> <li>Relaxed type restrictions to just <code>AsRef&lt;[ut8]&gt;</code> for main <code>encode*</code>/<code>decode*</code> functions</li> <li>A minor performance improvement in encoding</li> </ul> <h1>0.11.0</h1> <ul> <li>Minimum rust version 1.34.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/marshallpierce/rust-base64/commit/9fcde482cd6aace0716c82b6472398d737c5b4d5"><code>9fcde48</code></a> v0.20.0</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/68919aed8133f4b25707873ad0385cb2d7ff755b"><code>68919ae</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/marshallpierce/rust-base64/issues/202">#202</a> from marshallpierce/mp/edition-2021</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/f58f44168920b008d14de437b39a87d0f520f1d6"><code>f58f441</code></a> Also updated fuzzers</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/d86e8c86830d42f11d1cc5083cab9a00759fda17"><code>d86e8c8</code></a> Update to edition 2021</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/766fbc979f3ebe77ee257116addec658e48639c7"><code>766fbc9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/marshallpierce/rust-base64/issues/198">#198</a> from marshallpierce/mp/invalid-padding</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/250323c852814320bf2261573c85111ff9b05499"><code>250323c</code></a> More fuzzer fixes</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/bcbc6699ccfe1efc8f3e1f9a6bb67d8e15d9dd79"><code>bcbc669</code></a> Minor cleanup</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/604a3caeb580d3148821d2f94a4df1ef725d29ec"><code>604a3ca</code></a> fix fuzzers</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/0996b813912369dd38f85f9d4966193b8089d511"><code>0996b81</code></a> Merge branch 'master' into mp/invalid-padding</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/442a8097d58a81eddb943c30f106386dda9b84dc"><code>442a809</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/marshallpierce/rust-base64/issues/197">#197</a> from marshallpierce/mp/update-msrv</li> <li>Additional commits viewable in <a href="https://github.com/marshallpierce/rust-base64/compare/v0.13.0...v0.20.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 20:24:39 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-27 20:24:45 +03:00

[PR #420] [MERGED] Fix pkce #443

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ramsay/upgrade-0.16.1

dependabot/cargo/sha2-0.11.0

ramsay/upgrade-to-v0.16

ramsay/deprecate-removed-renamed-field

ramsay/migrate-to-new-endpoint

ramsay/deprecate-removed-endpoints

dependabot/cargo/strum-0.28.0

dependabot/cargo/reqwest-middleware-0.5.1

dependabot/cargo/reqwest-0.13.1

ramsay/upgrade-to-0.15.3

ramsay/upgrade-to-0.15.2

dependabot/cargo/ureq-3.1.2

ramsay/upgrade-dependencies

ramsay/upgrade-to-0.15.1

ramsay/fix-malformed-json

ramsay/upgrade-to-v0.15.0

ramsay/allow-enum-unknown-variant

ramsay/upgrade-to-0.14

ramsay/add_tcplistern_for_callback

ramsay/fix-clippy-error

ramsay/update-doc

ramsay/fix-endless-sequence

ramsay/publish-crate-workflow-test

ramsay/fix-pkce-refresh-token

ramsay/pkce_auth_refresh_token

ramsay_add_test_for_collectionyourepisodes

better-webapp

ramsay_fix_token_expired

percent-search

refresh_token_rwlock

ramsay_convert_result_inside_endpoint

streaming

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.0

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.0

v0.11.7

v0.11.6

v0.10.0

v0.11.5

v0.11.5.0

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.11.5.1

v0.9

v0.9-alpha

Labels

Clear labels   

Stale

  

bug

  

discussion

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

Stale

bug

discussion

enhancement

good first issue

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/rspotify#419

No description provided.