Skip to content

Update sha3 requirement from 0.8 to 0.11#24

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/sha3-0.11
Closed

Update sha3 requirement from 0.8 to 0.11#24
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/sha3-0.11

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 25, 2026
edited
Loading

Updates the requirements on sha3 to permit the latest version.

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 25, 2026

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions github-actions Bot enabled auto-merge (squash) April 25, 2026 21:20
@dependabot
Update sha3 requirement from 0.8 to 0.11
cc0f8ad 
Updates the requirements on [sha3](https://github.com/RustCrypto/hashes) to permit the latest version.
- [Commits](RustCrypto/hashes@groestl-v0.8.0...sha3-v0.10.9)

---
updated-dependencies:
- dependency-name: sha3
  dependency-version: 0.10.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/sha3-0.11 branch from fd6fb46 to cc0f8ad Compare April 25, 2026 21:22
@skansal-rome skansal-rome mentioned this pull request Apr 27, 2026
Merged
4 tasks
skansal-rome added a commit that referenced this pull request Apr 27, 2026
@skansal-rome @claude
chore: drop unused sha3 dep (supersedes #24) (#25)
cf94278 
The sha3 crate has been declared in both Cargo.toml files since the
upstream SputnikVM fork, but is not actually used: SHA3 opcode handling
in runtime/src/eval/system.rs delegates to Handler::keccak256_h256(),
not sha3::Keccak256. The crate is not re-exported by lib.rs, and
grepping rome-evm-private/rome-sdk/rome-apps confirms no downstream
consumer pulls it through the evm crate.

Dropping the dep cleanly resolves dependabot #24 (sha3 0.8 → 0.11),
which fails because sha3 0.10+ removed the `std` feature flag that
both Cargo.toml files reference under their `std` feature.

Verified:
- RUSTFLAGS=-Aunexpected_cfgs cargo build --release — succeeds
- RUSTFLAGS=-Aunexpected_cfgs cargo clippy — clean
- RUSTFLAGS=-Aunexpected_cfgs cargo test — 0 tests (none defined)
- rome-evm-private/rome-sdk/rome-apps grep — no direct sha3 imports
  through the evm crate, so no downstream rebuild needed

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@skansal-rome
Copy link
Copy Markdown
Contributor

skansal-rome commented Apr 27, 2026

Superseded by #25, which removed the unused sha3 dep entirely instead of bumping it (the crate has been dead code in this fork since SputnikVM days; SHA3 opcode handling delegates to Handler::keccak256_h256()).

🤖 This response was generated by Claude Code.

auto-merge was automatically disabled April 27, 2026 20:42

Pull request was closed

@skansal-rome skansal-rome deleted the dependabot/cargo/sha3-0.11 branch April 27, 2026 20:42
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 27, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skansal-rome