updates from main and ci

2026-05-22 07:59:29 +00:00 · 2026-05-21 14:22:09 -04:00 · 2026-05-21 14:22:09 -04:00 · fa569dab41
commit fa569dab41
parent cf0ef6f3b8
27 changed files with 2 additions and 9 deletions
--- a/.deny.toml
+++ b/.deny.toml
@ -16,7 +16,6 @@ ignore = [
  { id = "RUSTSEC-2026-0097", reason = "`rand` v0.8.5 is present transitively from logos crates, modification may break integration" },
  { id = "RUSTSEC-2026-0118", reason = "`hickory-proto` v0.25.0-alpha.5 is present transitively from logos crates, modification may break integration" },
  { id = "RUSTSEC-2026-0119", reason = "`hickory-proto` v0.25.0-alpha.5 is present transitively from logos crates, modification may break integration" },
-  { id = "RUSTSEC-2026-0145", reason = "`astral-tokio-tar` v0.6.1 is pulled transitively via testcontainers (integration_tests dev/test path); waiting on upstream fix" },
 ]
 yanked = "deny"
 unused-ignored-advisory = "deny"
--- a/artifacts/program_methods/authenticated_transfer.bin
+++ b/artifacts/program_methods/authenticated_transfer.bin
--- a/artifacts/program_methods/faucet.bin
+++ b/artifacts/program_methods/faucet.bin
--- a/artifacts/program_methods/pinata.bin
+++ b/artifacts/program_methods/pinata.bin
--- a/artifacts/program_methods/pinata_token.bin
+++ b/artifacts/program_methods/pinata_token.bin
--- a/artifacts/program_methods/privacy_preserving_circuit.bin
+++ b/artifacts/program_methods/privacy_preserving_circuit.bin
--- a/artifacts/program_methods/vault.bin
+++ b/artifacts/program_methods/vault.bin
--- a/artifacts/test_program_methods/auth_asserting_noop.bin
+++ b/artifacts/test_program_methods/auth_asserting_noop.bin
--- a/artifacts/test_program_methods/auth_transfer_proxy.bin
+++ b/artifacts/test_program_methods/auth_transfer_proxy.bin
--- a/artifacts/test_program_methods/changer_claimer.bin
+++ b/artifacts/test_program_methods/changer_claimer.bin
--- a/artifacts/test_program_methods/clock_chain_caller.bin
+++ b/artifacts/test_program_methods/clock_chain_caller.bin
--- a/artifacts/test_program_methods/data_changer.bin
+++ b/artifacts/test_program_methods/data_changer.bin
--- a/artifacts/test_program_methods/extra_output.bin
+++ b/artifacts/test_program_methods/extra_output.bin
--- a/artifacts/test_program_methods/faucet_chain_caller.bin
+++ b/artifacts/test_program_methods/faucet_chain_caller.bin
--- a/artifacts/test_program_methods/malicious_caller_program_id.bin
+++ b/artifacts/test_program_methods/malicious_caller_program_id.bin
--- a/artifacts/test_program_methods/malicious_injector.bin
+++ b/artifacts/test_program_methods/malicious_injector.bin
--- a/artifacts/test_program_methods/malicious_launderer.bin
+++ b/artifacts/test_program_methods/malicious_launderer.bin
--- a/artifacts/test_program_methods/malicious_self_program_id.bin
+++ b/artifacts/test_program_methods/malicious_self_program_id.bin
--- a/artifacts/test_program_methods/noop.bin
+++ b/artifacts/test_program_methods/noop.bin
--- a/artifacts/test_program_methods/pda_claimer.bin
+++ b/artifacts/test_program_methods/pda_claimer.bin
--- a/artifacts/test_program_methods/pda_fund_spend_proxy.bin
+++ b/artifacts/test_program_methods/pda_fund_spend_proxy.bin
--- a/artifacts/test_program_methods/private_pda_delegator.bin
+++ b/artifacts/test_program_methods/private_pda_delegator.bin
--- a/artifacts/test_program_methods/time_locked_transfer.bin
+++ b/artifacts/test_program_methods/time_locked_transfer.bin
--- a/artifacts/test_program_methods/two_pda_claimer.bin
+++ b/artifacts/test_program_methods/two_pda_claimer.bin
--- a/artifacts/test_program_methods/validity_window.bin
+++ b/artifacts/test_program_methods/validity_window.bin
--- a/artifacts/test_program_methods/validity_window_chain_caller.bin
+++ b/artifacts/test_program_methods/validity_window_chain_caller.bin
--- a/nssa/src/validated_state_diff.rs
+++ b/nssa/src/validated_state_diff.rs
@ -523,7 +523,6 @@ mod tests {
        use nssa_core::{
            Commitment, InputAccountIdentity, SharedSecretKey,
            account::{Account, AccountWithMetadata},
-            encryption::EphemeralPublicKey,
        };

        use crate::{
@ -550,9 +549,7 @@ mod tests {
        // Attacker controls a private account.
        let attacker_keys = test_private_account_keys_1();
        let attacker_id = AccountId::for_regular_private_account(&attacker_keys.npk(), 0);
-        let attacker_esk = [12_u8; 32];
-        let attacker_ssk = SharedSecretKey::new(attacker_esk, &attacker_keys.vpk());
-        let attacker_epk = EphemeralPublicKey::from_scalar(attacker_esk);
+        let (attacker_ssk, attacker_epk) = SharedSecretKey::encapsulate(&attacker_keys.vpk());

        let victim_id = AccountId::new([20_u8; 32]);
        let recipient_id = AccountId::new([42_u8; 32]);
@ -674,7 +671,6 @@ mod tests {
        use nssa_core::{
            Commitment, InputAccountIdentity, SharedSecretKey,
            account::{Account, AccountWithMetadata},
-            encryption::EphemeralPublicKey,
        };

        use crate::{
@ -704,9 +700,7 @@ mod tests {
        // Attacker controls a private account.
        let attacker_keys = test_private_account_keys_1();
        let attacker_id = AccountId::for_regular_private_account(&attacker_keys.npk(), 0);
-        let attacker_esk = [12_u8; 32];
-        let attacker_ssk = SharedSecretKey::new(attacker_esk, &attacker_keys.vpk());
-        let attacker_epk = EphemeralPublicKey::from_scalar(attacker_esk);
+        let (attacker_ssk, attacker_epk) = SharedSecretKey::encapsulate(&attacker_keys.vpk());

        // Victim is a private account — not registered in public chain state.
        let victim_keys = test_private_account_keys_2();