You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
session().login_with_encryption() (behind the encryption
cargo feature) — log in v3 with an RSA-encrypted password instead
of plaintext. Recommended for accounts holding real funds (live or
funded demo). Internally fetches the encryption key, encrypts the
password with PKCS#1 v1.5, and posts to /session with encryptedPassword=true.
README "Recommended for funded accounts" section pointing at the
new helper.
Fixed
Cargo.toml: corrected the repository URL to point at tibs245/trading-ig-rust. Added homepage and documentation
metadata fields, and configured [package.metadata.docs.rs] so
docs.rs builds with all features.
streaming::reconnect doc comment: fix broken intra-doc link to StreamingApi::connect_with.
streaming::events::MarketUpdate::from_raw doc comment: drop
intra-doc link to a private MARKET_FIELDS constant (was cargo doc -D warnings failure on Rust 1.95).
Two Duration::from_secs(60) call sites updated to Duration::from_mins(1) to satisfy Rust 1.95's new clippy::duration_suboptimal_units lint.
Security
RUSTSEC-2023-0071 (rsa crate Marvin timing side-channel on
PKCS#1 v1.5 decryption): acknowledged but not applicable to
this crate — we only ever encrypt with IG's public key, never
decrypt. An ignore is documented in deny.toml and in the cargo audit invocations of both CI workflows. See SECURITY.md
for the full rationale.
cargo deny is now wired into the weekly security workflow
(.github/workflows/audit.yml) — checks advisories, licenses,
banned crates, and source provenance.
cargo audit is also added to the pre-push git hook (skipped if
the binary isn't installed locally; CI runs it unconditionally).
