chore(deps): bump sha2 0.10 → 0.11

[qhkm]

Summary

sha2 0.11 migrated `digest` to v0.11 which switched `finalize()` output from `GenericArray` (impls `LowerHex`) to `hybrid-array::Array` (does not impl `LowerHex`). Three call sites used `format!("{:x}", hasher.finalize())` and broke the build.

Switched all three to `hex::encode(hasher.finalize())` (we already pull the `hex` crate directly). Identical lowercase-hex output, no behavior change.

Sites

• `src/cache/response_cache.rs:75` — response cache key
• `src/security/pairing.rs:351` — token hashing for pairing
• `src/cli/update.rs:172` — binary integrity verification

Validation

• `cargo check --release` ✅
• `cargo clippy --release -- -D warnings` ✅
• `cargo nextest run --lib` → 3435 passed
• `cargo update -p sha2` → 0.11.0, also pulls digest 0.11.2 + hybrid-array 0.4.11

Closes #517.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated cryptographic library dependency to a newer version for enhanced compatibility and security improvements.
  • Refactored internal hash formatting implementation across caching, verification, and security components for improved code consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 297559a8-7aca-4b1b-87e4-9ecc5577bcc5

📥 Commits

Reviewing files that changed from the base of the PR and between 1aa1a4e and d2179c1.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• Cargo.toml
• src/cache/response_cache.rs
• src/cli/update.rs
• src/security/pairing.rs

---

📝 Walkthrough

Walkthrough

The project upgraded the sha2 crate dependency from version 0.10 to 0.11 and refactored digest-to-hexadecimal conversion across three modules from format!("{:x}", ...) to hex::encode(...) for consistency and compatibility with the updated dependency.

Changes

Cohort / File(s)	Summary
Dependency Upgrade Cargo.toml	Bumped sha2 from 0.10 to 0.11.
Digest Encoding Refactor src/cache/response_cache.rs, src/cli/update.rs, src/security/pairing.rs	Replaced format!("{:x}", digest) with hex::encode(digest) for SHA-256 hex string generation; no logic flow changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Poem

🐰 A sha2 bump brings versions bright and new,
With hex::encode, our hashes shine through,
Three little tweaks, all of a kind,
Repetitive, simple—no knots to unwind,
Cryptographic updates, hop hop—we're done! 🥕✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping the sha2 dependency from version 0.10 to 0.11, which aligns with the core objective of this PR.
Linked Issues check	✅ Passed	The PR successfully addresses issue #517 by upgrading sha2 from 0.10.9 to 0.11.0 and fixing all three affected call sites to work with the new digest type.
Out of Scope Changes check	✅ Passed	All changes are directly related to the sha2 dependency upgrade; the three file modifications fix compatibility issues caused by the digest type change in sha2 0.11.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/sha2-0.11

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}