updated dependencies

CHANGELOG.md

@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [v1.93.0]
 - **Access Map: added 21 new blast radius providers**, bringing the total to 39. New providers: Airtable, Algolia, Artifactory, Auth0, CircleCI, DigitalOcean, Fastly, HubSpot, IBM Cloud, Jira, MySQL, PayPal, Plaid, SendGrid, Sendinblue/Brevo, Shopify, Square, Stripe, Terraform Cloud, JFrog Xray, and Zendesk. Each provider maps leaked credentials to their effective identity, permissions, and exposed resources.
 - **Access Map: expanded provider depth** for existing integrations. AWS now enumerates SQS, SNS, RDS, ECR, and SSM Parameter Store in addition to the earlier core services; Azure Storage now maps Blob containers, File shares, and Queues from account keys; OpenAI now enumerates visible models, files, assistants, and fine-tuning jobs; Hugging Face now includes datasets and Spaces alongside models; Anthropic now surfaces visible organization API keys.
+- Folded in a set of safe dependency bumps from open maintenance PRs, including `strum`, `sysinfo`, `hmac`, `sha1`, `sha2`, `gitlab`, and `oci-client`, with small compatibility fixes in runtime hashing, system memory detection, and Azure signing code.
 - Added Mermaid architecture documentation in `docs/ARCHITECTURE.md`, covering the main Kingfisher components, command paths, and scan flow at a high level.
 - Expanded `docs/LIBRARY.md` with Mermaid diagrams showing the relationships and internal structure of `kingfisher-core`, `kingfisher-rules`, and `kingfisher-scanner`.
 

Cargo.toml

@@ -116,8 +116,8 @@ toon-format = { version = "0.4.4", default-features = false }
 lazy_static = "1.5.0"
 url = "2.5.7"
 include_dir = { version = "0.7", features = ["glob"] }
-strum = { version = "0.26", features = ["derive"] }
-sysinfo = "0.31.4"
+strum = { version = "0.28", features = ["derive"] }
+sysinfo = "0.38.4"
 webbrowser = "1.0.5"
 reqwest = { version = "0.12", default-features = false, features = [
     "json",
@@ -207,8 +207,8 @@ futures = "0.3.31"
 dashmap = "6.1.0"
 xxhash-rust = { version = "0.8.15", features = ["xxh3", "const_xxh3"] }
 serde_yaml = "0.9.34"
-hmac = "0.12.1"
-sha2 = "0.10.9"
+hmac = "0.13.0"
+sha2 = "0.11.0"
 strum_macros = "0.28.0"
 humantime = "2.3.0"
 path-dedot = "3.1.1"
@@ -220,7 +220,7 @@ predicates = "3.1.3"
 assert_cmd = "2.1.1"
 proptest = "1.9.0"
 color-backtrace = "0.7.2"
-gitlab = "0.1801.0"
+gitlab = "0.1810.0"
 mimalloc = {version = "0.1.48", features = ["override"]}
 thread_local = "1.1.9"
 bloomfilter = "3.0.1"
@@ -233,7 +233,7 @@ globset = "0.4.18"
 jsonwebtoken = { version = "10.2.0", features = ["aws-lc-rs"] }
 ipnet = "2.11.0"
 gouqi = { version = "0.20.0", features = ["async"] }
-oci-client = { version = "0.15", default-features = false, features = ["rustls-tls"] }
+oci-client = { version = "0.16", default-features = false, features = ["rustls-tls"] }
 walkdir = "2.5.0"
 p256 = "0.13.2"
 ed25519-dalek = { version = "2.2", features = ["pkcs8"] }
@@ -261,10 +261,10 @@ tokio-rustls = "0.26.4"
 h2 = "0.4.13"
 
 [target.'cfg(not(windows))'.dependencies]
-sha1 = { version = "0.10.6", features = ["asm"] }
+sha1 = "0.11.0"
 
 [target.'cfg(windows)'.dependencies]
-sha1 = "0.10.6"
+sha1 = "0.11.0"
 
 [dependencies.tikv-jemallocator]
 version = "0.6"

README.md

@@ -2,11 +2,18 @@
 
 <p align="center">
   <img src="docs/kingfisher_logo.png" alt="Kingfisher Logo" width="126" height="173" style="vertical-align: right;" />
-
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-601-2ea043.svg)](https://github.com/mongodb/kingfisher)<br>
-[![ghcr downloads](https://ghcr-badge.elias.eu.org/shield/mongodb/kingfisher/kingfisher)](https://github.com/mongodb/kingfisher/pkgs/container/kingfisher)<br>
-
+  <br>
+  <a href="https://opensource.org/licenses/Apache-2.0">
+    <img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License" />
+  </a>
+  <a href="https://github.com/mongodb/kingfisher">
+    <img src="https://img.shields.io/badge/Detection%20Rules-601-2ea043.svg" alt="Detection Rules" />
+  </a>
+  <br>
+  <a href="https://github.com/mongodb/kingfisher/pkgs/container/kingfisher">
+    <img src="https://ghcr-badge.elias.eu.org/shield/mongodb/kingfisher/kingfisher" alt="ghcr downloads" />
+  </a>
+  <br>
 
 Kingfisher is an open source secret scanner and **live secret validation** tool built in Rust.
 

src/access_map/azure.rs

@@ -1,7 +1,7 @@
 use anyhow::{anyhow, Context, Result};
 use base64::{engine::general_purpose::STANDARD as b64, Engine as _};
 use chrono::Utc;
-use hmac::{Hmac, Mac};
+use hmac::{Hmac, KeyInit, Mac};
 use quick_xml::{events::Event, Reader};
 use reqwest::{header::HeaderValue, Client};
 use serde_json::Value as JsonValue;

src/cli/global.rs

@@ -91,7 +91,7 @@ pub enum Command {
 pub static RAM_GB: Lazy<Option<f64>> = Lazy::new(|| {
     if sysinfo::IS_SUPPORTED_SYSTEM {
         let s = System::new_with_specifics(
-            RefreshKind::new().with_memory(MemoryRefreshKind::new().with_ram()),
+            RefreshKind::nothing().with_memory(MemoryRefreshKind::nothing().with_ram()),
         );
         Some(s.total_memory() as f64 / 1024.0 / 1024.0 / 1024.0)
     } else {

src/scanner/docker.rs

@@ -177,8 +177,15 @@ impl Docker {
         for p in layer_paths {
             let mut file = File::open(&p)?;
             let mut hasher = Sha256::new();
-            std::io::copy(&mut file, &mut hasher)?;
-            let digest = format!("{:x}", hasher.finalize());
+            let mut buf = [0_u8; 16 * 1024];
+            loop {
+                let read = file.read(&mut buf)?;
+                if read == 0 {
+                    break;
+                }
+                hasher.update(&buf[..read]);
+            }
+            let digest = hex::encode(hasher.finalize());
 
             let new_path = out_dir.join(format!("layer_{digest}.tar"));
             std::fs::rename(&p, &new_path)?;