From 2b376202d027c8dec4f36dd4217ef5f5d5daa97a Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Sun, 19 Jan 2025 18:44:32 -0500
Subject: [PATCH] cleanup, remove permissions from workflows (#96)

---
 .github/workflows/ci.yml            |   2 +
 .github/workflows/release-stubs.yml |   2 +
 .github/workflows/release.yml       |   2 +
 Cargo.lock                          | 136 +++++++++++++++++++++++++---
 Cargo.toml                          |   4 +-
 pyproject.toml                      |   1 +
 src/lib.rs                          |  12 +--
 src/passphrase.rs                   |   6 +-
 src/plugin.rs                       |   2 +-
 src/ssh.rs                          |   2 +-
 src/x25519.rs                       |   2 +-
 11 files changed, 145 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8134112..45806bf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,8 @@ on:
       - main
   pull_request:
 
+permissions: {}
+
 jobs:
   lint:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release-stubs.yml b/.github/workflows/release-stubs.yml
index 6d39ed5..0ff0950 100644
--- a/.github/workflows/release-stubs.yml
+++ b/.github/workflows/release-stubs.yml
@@ -7,6 +7,8 @@ on:
         type: boolean
 name: release-stubs
 
+permissions: {}
+
 jobs:
   release-stubs:
     name: build pyrage-stubs
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2a18b26..085c49b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,8 @@ on:
 
 name: release
 
+permissions: {}
+
 jobs:
   release-linux:
     name: build Linux release dists
diff --git a/Cargo.lock b/Cargo.lock
index e1e8e74..a262090 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -182,12 +182,49 @@ dependencies = [
  "cipher",
 ]
 
+[[package]]
+name = "bytecount"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ce89b21cab1437276d2650d57e971f9d548a2d9037cc231abdc0562b97498ce"
+
 [[package]]
 name = "byteorder"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
+[[package]]
+name = "camino"
+version = "1.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b96ec4966b5813e2c0507c1f86115c8c5abaadc3980879c3424042a02fd1ad3"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "cargo-platform"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "cargo_metadata"
+version = "0.14.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4acbb09d9ee8e23699b9634375c72795d095bf268439da88562cf9b501f181fa"
+dependencies = [
+ "camino",
+ "cargo-platform",
+ "semver",
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "cbc"
 version = "0.1.2"
@@ -375,6 +412,15 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "error-chain"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc"
+dependencies = [
+ "version_check",
+]
+
 [[package]]
 name = "fastrand"
 version = "2.0.2"
@@ -471,6 +517,12 @@ dependencies = [
  "polyval",
 ]
 
+[[package]]
+name = "glob"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
+
 [[package]]
 name = "hashbrown"
 version = "0.14.3"
@@ -620,6 +672,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304"
 
+[[package]]
+name = "itoa"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -900,11 +958,22 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "pulldown-cmark"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57206b407293d2bcd3af849ce869d52068623f19e1b5ff8e8778e3309439682b"
+dependencies = [
+ "bitflags 2.5.0",
+ "memchr",
+ "unicase",
+]
+
 [[package]]
 name = "pyo3"
-version = "0.22.6"
+version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f402062616ab18202ae8319da13fa4279883a2b8a9d9f83f20dbade813ce1884"
+checksum = "57fe09249128b3173d092de9523eaa75136bf7ba85e0d69eca241c7939c933cc"
 dependencies = [
  "cfg-if",
  "indoc",
@@ -920,9 +989,9 @@ dependencies = [
 
 [[package]]
 name = "pyo3-build-config"
-version = "0.22.6"
+version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b14b5775b5ff446dd1056212d778012cbe8a0fbffd368029fd9e25b514479c38"
+checksum = "1cd3927b5a78757a0d71aa9dff669f903b1eb64b54142a9bd9f757f8fde65fd7"
 dependencies = [
  "once_cell",
  "target-lexicon",
@@ -930,9 +999,9 @@ dependencies = [
 
 [[package]]
 name = "pyo3-ffi"
-version = "0.22.6"
+version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ab5bcf04a2cdcbb50c7d6105de943f543f9ed92af55818fd17b660390fc8636"
+checksum = "dab6bb2102bd8f991e7749f130a70d05dd557613e39ed2deeee8e9ca0c4d548d"
 dependencies = [
  "libc",
  "pyo3-build-config",
@@ -940,18 +1009,19 @@ dependencies = [
 
 [[package]]
 name = "pyo3-file"
-version = "0.9.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "488563e2317157edd6e12c3ef23e10363bd079bf8630e3de719e368b4eb02a21"
+checksum = "3134dfe0d6458ea56d6c1cd4047c8894f331297aaf53eb9bf046ac7485dd469b"
 dependencies = [
  "pyo3",
+ "skeptic",
 ]
 
 [[package]]
 name = "pyo3-macros"
-version = "0.22.6"
+version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fd24d897903a9e6d80b968368a34e1525aeb719d568dba8b3d4bfa5dc67d453"
+checksum = "91871864b353fd5ffcb3f91f2f703a22a9797c91b9ab497b1acac7b07ae509c7"
 dependencies = [
  "proc-macro2",
  "pyo3-macros-backend",
@@ -961,9 +1031,9 @@ dependencies = [
 
 [[package]]
 name = "pyo3-macros-backend"
-version = "0.22.6"
+version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36c011a03ba1e50152b4b394b479826cad97e7a21eb52df179cd91ac411cbfbe"
+checksum = "43abc3b80bc20f3facd86cd3c60beed58c3e2aa26213f3cda368de39c60a27e4"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -1112,6 +1182,12 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "ryu"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
+
 [[package]]
 name = "salsa20"
 version = "0.10.2"
@@ -1176,6 +1252,9 @@ name = "semver"
 version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0"
+dependencies = [
+ "serde",
+]
 
 [[package]]
 name = "serde"
@@ -1197,6 +1276,18 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "serde_json"
+version = "1.0.137"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b"
+dependencies = [
+ "itoa",
+ "memchr",
+ "ryu",
+ "serde",
+]
+
 [[package]]
 name = "sha2"
 version = "0.10.8"
@@ -1218,6 +1309,21 @@ dependencies = [
  "rand_core",
 ]
 
+[[package]]
+name = "skeptic"
+version = "0.13.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16d23b015676c90a0f01c197bfdc786c20342c73a0afdda9025adb0bc42940a8"
+dependencies = [
+ "bytecount",
+ "cargo_metadata",
+ "error-chain",
+ "glob",
+ "pulldown-cmark",
+ "tempfile",
+ "walkdir",
+]
+
 [[package]]
 name = "smallvec"
 version = "1.11.2"
@@ -1354,6 +1460,12 @@ dependencies = [
  "tinystr",
 ]
 
+[[package]]
+name = "unicase"
+version = "2.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.12"
diff --git a/Cargo.toml b/Cargo.toml
index adcae10..306a14e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,10 +19,10 @@ crate-type = ["cdylib"]
 [dependencies]
 age-core = "0.11"
 age = { version = "0.11.1", features = ["ssh", "plugin"] }
-pyo3 = { version = "0.22.6", features = [
+pyo3 = { version = "0.23", features = [
     "extension-module",
     "abi3",
     "abi3-py39",
     "py-clone",
 ] }
-pyo3-file = "0.9.0"
+pyo3-file = "0.10.0"
diff --git a/pyproject.toml b/pyproject.toml
index dba0409..bb5bd3d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -9,3 +9,4 @@ classifiers = [
     "Operating System :: POSIX :: Linux",
 ]
 requires-python = ">=3.9"
+dynamic = ["version"]
diff --git a/src/lib.rs b/src/lib.rs
index acd9f21..4d3608a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -162,7 +162,7 @@ fn encrypt<'p>(
         .map_err(|e| EncryptError::new_err(e.to_string()))?;
 
     // TODO: Avoid this copy. Maybe PyBytes::new_with?
-    Ok(PyBytes::new_bound(py, &encrypted))
+    Ok(PyBytes::new(py, &encrypted))
 }
 
 #[pyfunction]
@@ -221,7 +221,7 @@ fn decrypt<'p>(
         .map_err(|e| DecryptError::new_err(e.to_string()))?;
 
     // TODO: Avoid this copy. Maybe PyBytes::new_with?
-    Ok(PyBytes::new_bound(py, &decrypted))
+    Ok(PyBytes::new(py, &decrypted))
 }
 
 #[pyfunction]
@@ -336,14 +336,14 @@ fn pyrage(py: Python, m: &Bound<'_, PyModule>) -> PyResult<()> {
     );
     m.add_submodule(&plugin)?;
 
-    m.add("IdentityError", py.get_type_bound::<IdentityError>())?;
-    m.add("RecipientError", py.get_type_bound::<RecipientError>())?;
+    m.add("IdentityError", py.get_type::<IdentityError>())?;
+    m.add("RecipientError", py.get_type::<RecipientError>())?;
 
-    m.add("EncryptError", py.get_type_bound::<EncryptError>())?;
+    m.add("EncryptError", py.get_type::<EncryptError>())?;
     m.add_wrapped(wrap_pyfunction!(encrypt))?;
     m.add_wrapped(wrap_pyfunction!(encrypt_file))?;
     m.add_wrapped(wrap_pyfunction!(encrypt_io))?;
-    m.add("DecryptError", py.get_type_bound::<DecryptError>())?;
+    m.add("DecryptError", py.get_type::<DecryptError>())?;
     m.add_wrapped(wrap_pyfunction!(decrypt))?;
     m.add_wrapped(wrap_pyfunction!(decrypt_file))?;
     m.add_wrapped(wrap_pyfunction!(decrypt_io))?;
diff --git a/src/passphrase.rs b/src/passphrase.rs
index c830938..5bed36e 100644
--- a/src/passphrase.rs
+++ b/src/passphrase.rs
@@ -22,7 +22,7 @@ fn encrypt<'p>(py: Python<'p>, plaintext: &[u8], passphrase: &str) -> PyResult<B
         .finish()
         .map_err(|e| EncryptError::new_err(e.to_string()))?;
 
-    Ok(PyBytes::new_bound(py, &encrypted))
+    Ok(PyBytes::new(py, &encrypted))
 }
 
 #[pyfunction]
@@ -40,11 +40,11 @@ fn decrypt<'p>(
         .read_to_end(&mut decrypted)
         .map_err(|e| DecryptError::new_err(e.to_string()))?;
 
-    Ok(PyBytes::new_bound(py, &decrypted))
+    Ok(PyBytes::new(py, &decrypted))
 }
 
 pub(crate) fn module(py: Python) -> PyResult<Bound<'_, PyModule>> {
-    let module = PyModule::new_bound(py, "passphrase")?;
+    let module = PyModule::new(py, "passphrase")?;
 
     module.add_wrapped(wrap_pyfunction!(encrypt))?;
     module.add_wrapped(wrap_pyfunction!(decrypt))?;
diff --git a/src/plugin.rs b/src/plugin.rs
index 56ecbc7..6524453 100644
--- a/src/plugin.rs
+++ b/src/plugin.rs
@@ -187,7 +187,7 @@ impl IdentityPluginV1 {
 }
 
 pub(crate) fn module(py: Python<'_>) -> PyResult<Bound<'_, PyModule>> {
-    let module = PyModule::new_bound(py, "plugin")?;
+    let module = PyModule::new(py, "plugin")?;
 
     module.add_class::<Recipient>()?;
     module.add_class::<Identity>()?;
diff --git a/src/ssh.rs b/src/ssh.rs
index fc1284f..af88427 100644
--- a/src/ssh.rs
+++ b/src/ssh.rs
@@ -44,7 +44,7 @@ impl Identity {
 }
 
 pub(crate) fn module(py: Python) -> PyResult<Bound<'_, PyModule>> {
-    let module = PyModule::new_bound(py, "ssh")?;
+    let module = PyModule::new(py, "ssh")?;
 
     module.add_class::<Recipient>()?;
     module.add_class::<Identity>()?;
diff --git a/src/x25519.rs b/src/x25519.rs
index 530577f..8386d19 100644
--- a/src/x25519.rs
+++ b/src/x25519.rs
@@ -52,7 +52,7 @@ impl Identity {
 }
 
 pub(crate) fn module(py: Python) -> PyResult<Bound<'_, PyModule>> {
-    let module = PyModule::new_bound(py, "x25519")?;
+    let module = PyModule::new(py, "x25519")?;
 
     module.add_class::<Recipient>()?;
     module.add_class::<Identity>()?;