Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the oo7 dependency from version 0.3 to 0.6 and adapts the code to use .as_ref() for accessing secrets, as the library now returns a Secret type. Feedback was provided regarding the use of String::from_utf8_lossy, noting that it could lead to incorrect passwords if the keyring secrets contain raw binary data that is not valid UTF-8.
| && let Some(item) = items.first() | ||
| && let Ok(pass) = item.secret().await { | ||
| final_password = Some(String::from_utf8_lossy(&pass).to_string()); | ||
| final_password = Some(String::from_utf8_lossy(pass.as_ref()).to_string()); |
There was a problem hiding this comment.
Updating to .as_ref() is required for compatibility with oo7 0.6. However, note that String::from_utf8_lossy will replace any invalid UTF-8 sequences with the replacement character (U+FFFD). While keyring secrets are typically UTF-8, if a secret contains raw binary data that isn't valid UTF-8, this conversion will result in an incorrect password being used for deployment.
1 participant
This pull request updates dependencies and improves how secrets are handled when converting them from bytes to strings. The main focus is on updating the
oo7crate and using.as_ref()for safer and more idiomatic handling of secret data.Dependency updates:
oo7dependency inCargo.tomlfrom version0.3to0.6to use the latest features and fixes.Secret handling improvements:
.as_ref()instead of referencing the variable directly. This makes the code more idiomatic and clearer when working with types that implementAsRef<[u8]>. [1] [2] [3]