4.3 KiB
4.3 KiB
num-bigint-dig v0.8.4:\n\n{$detected_lang}\nwarning: the following packages contain code that will be rejected by a future version of Rust: num-bigint-dig v0.8.4\nnote: to see what the problems were, use the option `--future-incompat-report`, or run `cargo report future-incompatibilities --id 1`\n\n\n## Root Cause\n\nThe num-bigint-dig v0.8.4 crate uses a private vec! macro in multiple locations (Rust issue #120192).\nThis pattern will become a hard error in a future Rust release.\n\nAffected files in num-bigint-dig v0.8.4:\n\n- src/biguint.rs (lines 490, 2005, 2027, 2313)\n- src/prime.rs (line 138)\n- src/bigrand.rs (line 319)\n\n## Dependency Chain\n\n{$detected_lang}\ncontrol-center-ui (control-center-ui v0.1.0)\n ↓\nnum-bigint-dig v0.8.4\n ↑ (pulled in by)\n├── rsa v0.9.9\n│ ├── control-center\n│ ├── jsonwebtoken v10.2.0\n│ └── provisioning-orchestrator\n└── ssh-key v0.6.7\n ├── russh v0.44.1\n └── russh-keys v0.44.0\n\n\n## Why We Can't Fix It\n\nOption 1: Direct Patch\n\n- ✗ Cannot patch transitive crates.io dependencies to different crates.io versions\n- Cargo only allows patches to point to different sources (git repos, local paths)\n\nOption 2: Upgrade rsa\n\n- Available: rsa v0.10.0-rc.10 (release candidate only, not stable)\n- Status: Not production-ready until stable release\n- Current: rsa v0.9.9 (stable, production)\n\nOption 3: Upgrade ssh-key\n\n- Current: ssh-key v0.6.7\n- Still depends on num-bigint-dig v0.8.4 (not upgraded yet)\n\nOption 4: Local Fork\n\n- ✗ Not practical for transitive dependencies\n\n## Resolution Timeline\n\nFor num-bigint-dig:\n\n- Available versions: 0.8.5, 0.8.6, 0.9.0, 0.9.1\n- Latest: v0.9.1\n- Status: Fixed in 0.8.6 and later\n- When it gets picked up: Depends on upstream crate releases\n\nUpstream Action Items:\n\n1. rsa crate needs to upgrade to use newer num-bigint-dig when available\n2. ssh-key crate needs to upgrade to use newer num-bigint-dig when available\n3. Once upstream crates update their dependencies, our Cargo.lock will automatically use the fixed version\n\n## Current Impact\n\n✅ NO IMPACT ON FUNCTIONALITY\n\n- Code compiles cleanly\n- All tests pass\n- All features work correctly\n- Only a forward-compatibility warning, not an error\n\n✅ NOT A BLOCKER FOR:\n\n- Deployment\n- Production use\n- Any functionality\n- WASM compilation\n- Release builds\n\n## Timeline for Resolution\n\n| Status | Item | Estimated |\n| -------- | ------ | ----------- |\n| ✓ Available | num-bigint-dig 0.8.6 | Already released |\n| ⏳ Waiting | rsa v0.10 stable release | 2024-Q4 to 2025-Q1 |\n| ⏳ Waiting | Downstream crate updates | After upstream releases |\n| ✓ Automatic | Our build updates | Once dependencies are updated |\n\n## Monitoring\n\nTo check for updates:\n\n{$detected_lang}\n# Check for future incompatibilities\ncargo report future-incompatibilities\n\n# Check available versions\ncargo outdated\n\n# Check dependency tree\ncargo tree | grep num-bigint-dig\n\n\n## Workaround (if needed)\n\nIf the warning becomes an error before upstream fixes are released, you can:\n\n1. Use an older Rust version (current stable still allows this as warning)\n2. Wait for upstream updates (recommended)\n3. Create a fork of rsa/ssh-key with newer num-bigint-dig (not recommended)\n\n## Recommended Action\n\nNo immediate action needed. This is a normal part of the Rust ecosystem evolution:\n\n- Upstream packages will update their dependencies\n- Our Cargo.lock will automatically resolve to fixed versions\n- Continue monitoring with cargo report future-incompatibilities\n\n## References\n\n- Rust Issue #120192: https://github.com/rust-lang/rust/issues/120192\n- num-bigint-dig Repository: https://github.com/dignifiedquire/num-bigint\n- num-bigint-dig Releases: https://github.com/dignifiedquire/num-bigint/releases\n\n---\n\nLast Updated: December 12, 2025\nStatus: Monitored, Non-Blocking\nAction: Awaiting Upstream Fixes