bump: version 0.2.3 → 0.3.0 [skip ci]

CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v0.3.0 (2026-02-02)
+
+### Fix
+
+- Upgraded AWS dependencies to address CWE-20
+- A critical security flaw was discovered that essentially had all local secrets be encrypted with an all-zero key
+- Addressed XNonce::from_slice deprecation warning
+- Secrets are now stored exactly as passed without newlines stripped
+
 ## v0.2.3 (2025-10-14)
 
 ### Refactor

Cargo.lock

@@ -1637,7 +1637,7 @@ checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
 
 [[package]]
 name = "gman"
-version = "0.2.3"
+version = "0.3.0"
 dependencies = [
  "anyhow",
  "argon2",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "gman"
-version = "0.2.3"
+version = "0.3.0"
 edition = "2024"
 authors = ["Alex Clarke <alex.j.tusa@gmail.com>"]
 description = "Universal command line secret management and injection tool"

tests/bin/cli_tests.rs

@@ -1,3 +1,8 @@
+//! CLI integration tests that execute the gman binary.
+//!
+//! These tests are skipped when cross-compiling because the compiled binary
+//! cannot be executed on a different architecture (e.g., ARM64 binary on x86_64 host).
+
 use assert_cmd::prelude::*;
 use predicates::prelude::*;
 use std::fs;
@@ -11,6 +16,16 @@ fn gman_bin() -> PathBuf {
     PathBuf::from(env!("CARGO_BIN_EXE_gman"))
 }
 
+/// Check if the gman binary can be executed on this system.
+/// Returns false when cross-compiling (e.g., ARM64 binary on x86_64 host).
+fn can_execute_binary() -> bool {
+    Command::new(gman_bin())
+        .arg("--version")
+        .output()
+        .map(|o| o.status.success())
+        .unwrap_or(false)
+}
+
 fn setup_env() -> (TempDir, PathBuf, PathBuf) {
     let td = tempfile::tempdir().expect("tempdir");
     let cfg_home = td.path().join("config");
@@ -65,6 +80,11 @@ fn create_password_file(path: &Path, content: &[u8]) {
 #[test]
 #[cfg(unix)]
 fn cli_config_no_changes() {
+    if !can_execute_binary() {
+        eprintln!("Skipping test: cannot execute cross-compiled binary");
+        return;
+    }
+
     let (td, xdg_cfg, xdg_cache) = setup_env();
     let pw_file = td.path().join("pw.txt");
     create_password_file(&pw_file, b"pw\n");
@@ -90,6 +110,11 @@ fn cli_config_no_changes() {
 #[test]
 #[cfg(unix)]
 fn cli_config_updates_and_persists() {
+    if !can_execute_binary() {
+        eprintln!("Skipping test: cannot execute cross-compiled binary");
+        return;
+    }
+
     let (td, xdg_cfg, xdg_cache) = setup_env();
     let pw_file = td.path().join("pw.txt");
     create_password_file(&pw_file, b"pw\n");
@@ -132,6 +157,11 @@ exit 0
 
 #[test]
 fn cli_shows_help() {
+    if !can_execute_binary() {
+        eprintln!("Skipping test: cannot execute cross-compiled binary");
+        return;
+    }
+
     let (_td, cfg, cache) = setup_env();
     let mut cmd = Command::new(gman_bin());
     cmd.env("XDG_CACHE_HOME", &cache)
@@ -144,6 +174,11 @@ fn cli_shows_help() {
 
 #[test]
 fn cli_add_get_list_update_delete_roundtrip() {
+    if !can_execute_binary() {
+        eprintln!("Skipping test: cannot execute cross-compiled binary");
+        return;
+    }
+
     let (td, xdg_cfg, xdg_cache) = setup_env();
     let pw_file = td.path().join("pw.txt");
     create_password_file(&pw_file, b"testpw\n");
@@ -230,6 +265,11 @@ fn cli_add_get_list_update_delete_roundtrip() {
 
 #[test]
 fn cli_wrap_dry_run_env_injection() {
+    if !can_execute_binary() {
+        eprintln!("Skipping test: cannot execute cross-compiled binary");
+        return;
+    }
+
     let (td, xdg_cfg, xdg_cache) = setup_env();
     let pw_file = td.path().join("pw.txt");
     create_password_file(&pw_file, b"pw\n");