The workspace Cargo.toml has a reference to zeroize set to 1.7:
zeroize = { version = "1.7", default-features = false }
And the solana-zk-token-sdk's Cargo.toml uses a workspace reference to pull in the zeroize dependency:
zeroize = { workspace = true, features = ["zeroize_derive"] }
However, the solana-zk-token-sdk that is published still has the dependency on zeroize set to 1.3 which causes version conflicts when attempting to integrate solana crates into projects with more recent versions of many popular crates.
This will be done when v2.1 is published, which should be within the next few days. The updated dependency won't be backported to v2.0, per the backport guidelines.
Problem
The workspace
Cargo.toml
has a reference tozeroize
set to 1.7:zeroize = { version = "1.7", default-features = false }
And the
solana-zk-token-sdk
'sCargo.toml
uses a workspace reference to pull in thezeroize
dependency:zeroize = { workspace = true, features = ["zeroize_derive"] }
However, the
solana-zk-token-sdk
that is published still has the dependency onzeroize
set to 1.3 which causes version conflicts when attempting to integrate solana crates into projects with more recent versions of many popular crates.Reference https://crates.io/crates/solana-zk-token-sdk/2.0.14/dependencies
Proposed Solution
Publish solana-zk-token-sdk with the zeroize dependency set to the workspace designation (currently 1.7).