Bump age from 0.10.1 to 0.11.1 in the cargo group across 1 directory

[dependabot]

Bumps the cargo group with 1 update in the / directory: age.

Updates age from 0.10.1 to 0.11.1

Release notes

Sourced from age's releases.

rage v0.11.1

Security

Fixed a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin names are now required to only contain alphanumeric characters or the four special characters +-._. Thanks to ⬡-49016 for reporting this issue.

rage v0.11.0

rage

Added

• Partial French translation!

Fixed

• [Unix] Files can now be encrypted with rage --passphrase when piped over stdin, without requiring an explicit - argument as INPUT.

age

Added

• New streamlined APIs for use with a single recipient or identity and a small amount of data (that can fit entirely in memory):
  • age::encrypt
  • age::encrypt_and_armor
  • age::decrypt
• age::Decryptor::{decrypt, decrypt_async, is_scrypt}
• age::IdentityFile::to_recipients
• age::IdentityFile::with_callbacks
• age::IdentityFile::write_recipients_file
• age::IdentityFileConvertError
• age::NoCallbacks
• age::scrypt, providing recipient and identity types for passphrase-based encryption.
• Partial French translation!

Changed

• Migrated to i18n-embed 0.15, secrecy 0.10.
• age::Encryptor::with_recipients now takes recipients by reference instead of by value. This aligns it with age::Decryptor (which takes identities by reference), and also means that errors with recipients are reported earlier. This causes the following changes to the API:
  • Encryptor::with_recipients takes impl Iterator<Item = &'a dyn Recipient> instead of Vec<Box<dyn Recipient + Send>>.
  • Verification of recipients and generation of stanzas now happens in Encryptor::with_recipients instead of Encryptor::wrap_output and Encryptor::wrap_async_output.
  • Encryptor::with_recipients returns Result<Self, EncryptError> instead of Option<Self>, and Encryptor::{wrap_output, wrap_async_output} return io::Result<StreamWriter<W>> instead of Result<StreamWriter<W>, EncryptError>.
  • age::EncryptError has a new variant MissingRecipients, taking the place of the None that Encryptor::with_recipients could previously return.
• age::Decryptor is now an opaque struct instead of an enum with Recipients and Passphrase variants.
• age::IdentityFile now has a C: Callbacks generic parameter, which defaults to NoCallbacks.
• age::IdentityFile::into_identities now returns Result<Vec<Box<dyn crate::Identity>>, DecryptError> instead of Vec<IdentityFileEntry>.
• age::Recipient::wrap_file_key now returns (Vec<Stanza>, HashSet<String>): a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients.
• age::plugin::RecipientPluginV1 now supports the labels extension.

Fixed

• age::cli_common::read_identities once again correctly parses identity files that are a single line without a trailing newline. This broke in 0.10.0 due to an unrelated refactor.

Removed

• age::decryptor::PassphraseDecryptor (use age::Decryptor with age::scrypt::Identity instead).
• age::decryptor::RecipientsDecryptor (use age::Decryptor instead).
• age::IdentityFileEntry

age-plugin 0.6.0

Added

... (truncated)

Commits

• 0780882 Update changelog with GHSA for security vulnerability
• a82a76a v0.11.1
• 383b6f5 Replace the test NoCallbacks with the library version
• 741de97 Merge branch 'bugfix-0.10.1' into bugfix-0.11.1
• 1744661 Merge pull request #545 from str4d/release-0.11.0
• d35d442 v0.11.0
• e3a5c5f Update user handles in readmes
• 25e0503 fuzz: Fix targets
• 597f1aa Merge pull request #544 from str4d/pre-release-changes
• ae5a392 Provide a better error on invalid filename or missing directory
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.