[version]: Allow `zeroize` version 1.5.0

dalek-cryptography / x25519-dalek

X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

BSD 3-Clause "New" or "Revised" License

326 stars 132 forks source link

[version]: Allow `zeroize` version 1.5.0 #105

Closed appetrosyan closed 1 year ago

appetrosyan commented 1 year ago

Motivation

Currently cryptographic libraries are held back by the pinned dependency on zeroize. Given that tests don't fail (either unit tests in this repo, or hyperledger/ursa), I took the liberty of unpinning the dependency in a compatible fashion.

Drawbacks

If some subtle change in the behaviour of zeroize was introduced, and it wasn't caught by tests in Hyperledger/ursa, it might be non-trivial to find.

appetrosyan commented 1 year ago

Applied suggestion. Would you be kind enough to approve the workflow?

tarcieri commented 1 year ago

Oh sorry, there’s a release/2.0 branch where this change has already been applied: https://github.com/dalek-cryptography/x25519-dalek/blob/release/2.0/Cargo.toml