chore: linting

package.json

@@ -95,7 +95,7 @@
       "path-to-regexp@>=8.0.0 <8.4.0": ">=8.4.0"
     }
   },
-  "packageManager": "pnpm@10.30.1",
+  "packageManager": "pnpm@10.33.0",
   "lint-staged": {
     "**/*.{js,jsx,ts,tsx,json,css}": [
       "biome check --fix"

src-tauri/Cargo.lock

@@ -497,7 +497,7 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "serde_urlencoded",
- "sha1 0.10.6",
+ "sha1",
  "sync_wrapper",
  "tokio",
  "tokio-tungstenite 0.28.0",
@@ -1816,19 +1816,18 @@ dependencies = [
  "objc2",
  "objc2-app-kit",
  "once_cell",
- "pbkdf2",
  "playwright",
  "quick-xml 0.39.2",
  "rand 0.10.0",
  "regex-lite",
  "reqwest 0.13.2",
  "resvg",
+ "ring",
  "rusqlite",
  "serde",
  "serde_json",
  "serde_yaml",
  "serial_test",
- "sha1 0.11.0",
  "sha2 0.11.0",
  "smoltcp",
  "sys-locale",
@@ -6221,17 +6220,6 @@ dependencies = [
  "digest 0.10.7",
 ]
 
-[[package]]
-name = "sha1"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aacc4cc499359472b4abe1bf11d0b12e688af9a805fa5e3016f9a386dc2d0214"
-dependencies = [
- "cfg-if",
- "cpufeatures 0.3.0",
- "digest 0.11.2",
-]
-
 [[package]]
 name = "sha2"
 version = "0.10.9"
@@ -7698,7 +7686,7 @@ dependencies = [
  "httparse",
  "log",
  "rand 0.9.2",
- "sha1 0.10.6",
+ "sha1",
  "thiserror 2.0.18",
  "utf-8",
 ]
@@ -7716,7 +7704,7 @@ dependencies = [
  "log",
  "native-tls",
  "rand 0.9.2",
- "sha1 0.10.6",
+ "sha1",
  "thiserror 2.0.18",
 ]
 
@@ -9305,7 +9293,7 @@ dependencies = [
  "lzma-rs",
  "memchr",
  "pbkdf2",
- "sha1 0.10.6",
+ "sha1",
  "thiserror 2.0.18",
  "time",
  "xz2",

src-tauri/Cargo.toml

@@ -83,8 +83,7 @@ argon2 = "0.5"
 aes-gcm = "0.10"
 aes = "0.9"
 cbc = "0.2"
-pbkdf2 = "0.12"
-sha1 = "0.11"
+ring = "0.17"
 sha2 = "0.11"
 hyper = { version = "1.8", features = ["full"] }
 hyper-util = { version = "0.1", features = ["full"] }

src-tauri/src/cookie_manager.rs

@@ -12,8 +12,10 @@ use tauri::AppHandle;
 /// so no encryption path is needed here — Chromium reads plaintext when
 /// `encrypted_value` is empty, regardless of what other cookies store.
 pub mod chrome_decrypt {
-  use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit};
+  use aes::cipher::{block_padding::Pkcs7, BlockModeDecrypt, KeyIvInit};
+  use ring::pbkdf2;
   use sha2::{Digest, Sha256};
+  use std::num::NonZeroU32;
   use std::path::Path;
 
   type Aes128CbcDec = cbc::Decryptor<aes::Aes128>;
@@ -35,7 +37,16 @@ pub mod chrome_decrypt {
 
   fn derive_key(password: &[u8]) -> [u8; KEY_LEN] {
     let mut key = [0u8; KEY_LEN];
-    pbkdf2::pbkdf2_hmac::<sha1::Sha1>(password, SALT, PBKDF2_ITERATIONS, &mut key);
+    // Using ring::pbkdf2 instead of the `pbkdf2` crate to avoid digest
+    // version conflicts between sha1 0.11 (digest 0.11) and pbkdf2 0.12
+    // (digest 0.10). ring's implementation is self-contained.
+    pbkdf2::derive(
+      pbkdf2::PBKDF2_HMAC_SHA1,
+      NonZeroU32::new(PBKDF2_ITERATIONS).expect("iterations must be non-zero"),
+      SALT,
+      password,
+      &mut key,
+    );
     key
   }
 
@@ -88,7 +99,7 @@ pub mod chrome_decrypt {
 
     let mut buf = ciphertext.to_vec();
     let decrypted = Aes128CbcDec::new(key.into(), &IV.into())
-      .decrypt_padded_mut::<Pkcs7>(&mut buf)
+      .decrypt_padded::<Pkcs7>(&mut buf)
       .ok()?;
 
     // Strip the SHA-256(host_key) integrity prefix if present. Older cookies