Skip to content

Commit 5debceb

Browse files
committed
Prepare hashavatar-api 0.9.0
1 parent f1ac673 commit 5debceb

7 files changed

Lines changed: 153 additions & 59 deletions

File tree

Cargo.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "hashavatar-api"
3-
version = "0.8.0"
3+
version = "0.9.0"
44
edition = "2024"
55
rust-version = "1.95"
66
description = "Public avatar API and landing page for hashavatar"
@@ -12,7 +12,7 @@ documentation = "https://github.com/valkyoth/hashavatar-api"
1212
[dependencies]
1313
aws-config = { version = "1.8.16", default-features = false, features = ["rt-tokio"] }
1414
aws-sdk-s3 = { version = "1.131.0", default-features = false, features = ["rt-tokio", "sigv4a"] }
15-
hashavatar = { version = "0.8.0", features = ["blake3", "xxh3"] }
15+
hashavatar = { version = "0.9.0", features = ["blake3", "xxh3"] }
1616
image = { version = "0.25.10", default-features = false, features = ["png"] }
1717
axum = { version = "0.8.9", default-features = false, features = ["http1", "tokio", "query", "json"] }
1818
getrandom = { version = "0.4.2", default-features = false }

Cargo.toml.split-template

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "hashavatar-api"
3-
version = "0.8.0"
3+
version = "0.9.0"
44
edition = "2024"
55
rust-version = "1.95"
66
description = "Public avatar API and landing page for hashavatar"
@@ -10,7 +10,7 @@ homepage = "https://github.com/valkyoth/hashavatar-api"
1010
documentation = "https://github.com/valkyoth/hashavatar-api"
1111

1212
[dependencies]
13-
hashavatar = { version = "0.8.0", features = ["blake3", "xxh3"] }
13+
hashavatar = { version = "0.9.0", features = ["blake3", "xxh3"] }
1414
axum = { version = "0.8.9", default-features = false, features = ["http1", "tokio", "query", "json"] }
1515
getrandom = { version = "0.4.2", default-features = false }
1616
ipnet = { version = "2.12.0", default-features = false }

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ audit, SBOM, reproducibility, smoke, and GitHub CodeQL default setup checks.
1111

1212
## Current Status
1313

14-
The current service version is `0.8.0`.
14+
The current service version is `0.9.0`.
1515

1616
Implemented now:
1717

@@ -25,7 +25,7 @@ Implemented now:
2525
- Namespace-aware tenant and style-version parameters.
2626
- Selectable identity hash algorithms: `SHA-512`, `BLAKE3`, and `XXH3`.
2727
- `WebP`, `PNG`, `JPEG`, `GIF`, and `SVG` responses.
28-
- Avatar families from `hashavatar 0.8.0`: `cat`, `dog`, `robot`, `fox`,
28+
- Avatar families from `hashavatar 0.9.0`: `cat`, `dog`, `robot`, `fox`,
2929
`alien`, `monster`, `ghost`, `slime`, `bird`, `wizard`, `skull`, `paws`,
3030
`planet`, `rocket`, `mushroom`, `cactus`, `frog`, `panda`, `cupcake`,
3131
`pizza`, `icecream`, `octopus`, and `knight`.
@@ -55,7 +55,7 @@ Intentionally external:
5555
| Area | Status |
5656
| --- | --- |
5757
| Service license | `EUPL-1.2` |
58-
| Renderer crate | `hashavatar 0.8.0` |
58+
| Renderer crate | `hashavatar 0.9.0` |
5959
| MSRV | Rust `1.95.0` |
6060
| Runtime container | Wolfi |
6161
| HTTP framework | `axum` |

SECURITY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
## Supported Versions
44

5-
Security fixes are expected for the latest published `0.8.x` release.
5+
Security fixes are expected for the latest published `0.9.x` release.
66

77
## Reporting a Vulnerability
88

scripts/validate-security-invariants.sh

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ grep -q 'INTERNAL_ERROR_MESSAGE' src/main.rs \
2424
|| fail "generic internal error message constant is missing"
2525
grep -q 'fn add_security_headers' src/main.rs \
2626
|| fail "security header middleware is missing"
27+
grep -q 'fn secure_rng_failure' src/main.rs \
28+
|| fail "CSP nonce RNG failure must fail closed"
29+
if grep -q 'CSP_NONCE_FALLBACK_COUNTER' src/main.rs \
30+
|| grep -q 'falling back to deterministic CSP nonce entropy' src/main.rs; then
31+
fail "CSP nonce generation must not use deterministic fallback entropy"
32+
fi
2733
grep -q 'MAX_ID_BYTES' src/main.rs \
2834
|| fail "identity byte limit is missing"
2935
grep -q 'MAX_NAMESPACE_COMPONENT_BYTES' src/main.rs \
@@ -49,6 +55,8 @@ fi
4955

5056
grep -q 'rate_limiter_bounds_unique_attacker_keys' src/main.rs \
5157
|| fail "rate limiter memory bound regression test is missing"
58+
grep -q 'rate_limit_key_is_route_and_ip_scoped' src/main.rs \
59+
|| fail "rate limiter route/IP scoping regression test is missing"
5260
grep -q 'client_ip_ignores_forwarded_headers_from_untrusted_peers' src/main.rs \
5361
|| fail "forwarded-header spoofing regression test is missing"
5462
grep -q 'internal_error_does_not_expose_details' src/main.rs \
@@ -65,6 +73,8 @@ grep -q 'escape_html_attribute_handles_single_quotes' src/main.rs \
6573
|| fail "attribute escaping regression test is missing"
6674
grep -q 'etag_uses_full_sha256_digest' src/main.rs \
6775
|| fail "full ETag digest regression test is missing"
76+
grep -q 'metrics_generation_duration_saturates_at_u64_max' src/main.rs \
77+
|| fail "metrics duration saturation regression test is missing"
6878

6979
if [ -e .github/workflows/codeql.yml ] || [ -e .github/codeql/codeql-config.yml ]; then
7080
fail "CodeQL default setup is enabled in GitHub; remove repo-level advanced CodeQL configuration"

0 commit comments

Comments
 (0)