Zeroize 1.4.0 breaks compilations on < rust 1.51

[Cashmaney]

Hey,

The change to zeroize 1.4.0 here breaks builds for anyone using an older Rust version. Any chance to pin zeroize to 1.3.0 to maintain compatibility?

[isislovecruft]

Added in x25519-dalek v1.2.0 but I reserve the right to change/update it between minor versions of x25519-dalek.

[str4d]

Pinning zeroize = "=1.3" was an invalid resolution to this issue, which was in fact not a problem with x25519-dalek.

The previously-expressed zeroize = "1" dependency allowed downstream users to use whatever zeroize version they needed for their MSRV requirements. All that needed to be done for MSRV compatibility was to not have a zeroize = "1.4" dependency.

The current zeroize = "=1.3" pin instead breaks compilation for newer-MSRV users who have zeroize 1.4 elsewhere in their dependency tree (see #89), preventing upgrades to x25519-dalek 1.2.0.

The correct place to pin zeroize = "<1.4" for older MSRV support would be in @Cashmaney's Cargo.toml (or concretely in a Cargo.lock).

[elichai]

This turned that problem into a new one, for example combining x25519-dalek with chacha20poly1305 you get:

error: failed to select a version for `zeroize`.
    ... required by package `chacha20poly1305 v0.10.1`
    ... which satisfies dependency `chacha20poly1305 = "^0.10.1"` of package `sodot-mpc-infra v0.1.0 (/tmp/cargo-outdatednhNPPE)`
versions that meet the requirements `^1.5` are: 1.5.7, 1.5.6, 1.5.5, 1.5.4, 1.5.3

all possible versions conflict with previously selected packages.

  previously selected package `zeroize v1.3.0`
    ... which satisfies dependency `zeroize = "=1.3"` of package `x25519-dalek v1.2.0`
    ... which satisfies dependency `x25519-dalek = "^1.2.0"` of package `sodot-mpc-infra v0.1.0 (/tmp/cargo-outdatednhNPPE)`

failed to select a version for `zeroize` which could resolve this conflict

[tarcieri]

@elichai check the release/2.0 branch which unpins it to 1

@rozbb we should really merge release/2.0 into main so people stop filing issues about this