Update bcrypt to 3.1.18 (!97504) · Merge requests · GitLab.org / GitLab

Matthias Käppler requested to merge 369392-update-bcrypt into master Sep 09, 2022

What does this MR do and why?

I originally thought we'd need this for Ruby 3 compat, but I don't think we actually do; this issue reports a compilation error but we are not experiencing this, and that issue is unresolved for the user anyway so it wouldn't be resolved by any recent release.

However, since I already made the change I thought I'd put this in an MR anyway since maybe we want to remain up to date anyway.

Changes:

3.1.18 May 16 2022
  - Unlock GVL when calculating hashes and salts [GH #260]
  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]

3.1.17 Mar 14 2022
- Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
- Truncate secrets greater than 72 bytes in hash_secret [GH #255]
- Assorted test and doc improvements

https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG

These sound all fairly minor except for https://github.com/bcrypt-ruby/bcrypt-ruby/pull/255, which I am not sure how it may affect existing data.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #369392 (closed)

Update bcrypt to 3.1.18

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports