Hashavatar 1.1.0
hashavatar 1.1.0
1.1.0 is a minor release for hashavatar focused on dependency,
sanitization, tooling, source layout, and documentation freshness.
Dependency Updates
- Replaced direct
zeroizeusage with the nativesanitizationcrate API. - Added
sanitization1.2.2withallocsupport. - Added
sanitization-crypto-interop1.2.2so SHA-512 and optional BLAKE3
hashing use the crypto crates' own hasher-state cleanup hooks through the
sanitizationsister crate. - Removed direct
zeroizedependency usage and thesha2/blake3zeroize
feature hooks. - Updated the fuzz harness
libfuzzer-sysdependency to0.4.13. - Refreshed Cargo lockfiles with the latest compatible crate versions.
Sanitization
- Fixed-size digest and renderer seed copies now use
sanitization::Secret. - SHA-512 identity hashing and cache-key hashing now route through the
sanitization-crypto-interopSHA-512 helper. - The crate's direct
sha2dependency is now dev-only; production SHA-512
hashing reachessha2throughsanitization-crypto-interop. - Removed a redundant SHA-512 digest
Secretwrapper now that the interop
helper owns hasher-state cleanup and the caller already guards the returned
digest. - Optional BLAKE3 XOF output now uses the
sanitization-crypto-interopfill
helper with asanitization::Secretoutput buffer. - Optional XXH3 digest accumulation now uses a
sanitization::Secretguard for
the 64-byte accumulator. - Hash-preimage capacity checks now use release-mode assertions, so future
size-accounting drift cannot silently bypass temporary buffer cleanup. - Optional XXH3 chunk capacity and length checks are collapsed into one
release assertion per chunk. - Hash preimage vectors, encoded-output buffers, temporary JPEG RGB buffers,
and owned RGBA buffers are cleared throughsanitizationvolatile clearing
helpers. - Security controls now document the
sanitization-crypto-interopcleanup
boundary for SHA-512 and optional BLAKE3. cargo-denynow denies duplicate crate versions instead of only warning.
CI
- Updated pinned GitHub Actions:
actions/checkouttov7.0.0taiki-e/install-actiontov2.82.3
- Confirmed
Swatinem/rust-cacheremains current atv2.9.1.
Documentation
- Updated README installation snippets and compatibility wording to
1.1.0. - Updated the changelog for the
1.1.0release. - Split the former monolithic
src/lib.rsinto focused source files, including
per-avatar raster and SVG renderer files, without changing the public API. - Clarified that preimage-capacity assertions are active in all builds as an
intentional fail-secure sanitization guard. - Made starry-background seed rotation precedence explicit without changing the
generated visuals. - Hardened internal gradient color interpolation against future oversized
max_positioncallers. - Added consistent
identity()accessors to hashed dog and robot renderer
structs, matching the existing hashed cat renderer.
Compatibility
- No intentional avatar visual fingerprint changes.
- No public API removals.