honzasp
commented
2 years ago For other people who hit the same issue, a workaround is to use version 1.1 of this crate.
Closed A6GibKm closed 1 year ago
honzasp
commented
2 years ago For other people who hit the same issue, a workaround is to use version 1.1 of this crate.
jplatte
commented
2 years ago This has already been done on the release/2.0 branch, I don't think it makes sense to have another PR for the same thing on main, it seems very unlikely to be merged.
gferon
commented
1 year ago Is there a way we could get this merged in the 1.2.x branch with a new release on crates.io? As pointed out previously, this prevents building x25519-dalek with other crates that require a more recent version of zeroize and I guess the problem is only going to get worse over time.
jakehemmerle
commented
1 year ago Using the release/2.0 branch as a dep worked for me, but this still needs an update otherwise other crates can't depend on this.
tarcieri
commented
1 year ago Another breaking release of x25519-dalek relies on a forthcoming v4.0 release of curve25519-dalek: https://github.com/dalek-cryptography/curve25519-dalek/issues/405
That said the fix is already on the release branch, so as @jplatte noted earlier this PR is superfluous.
piegamesde
commented
1 year ago Can this please be backported to 1.2 nevertheless? The restriction is blocking me from updating security related dependencies. It's not only about having to wait for v2.0 being released, since that's semver-breaking I'll also have to wait until all intermediary dependencies using it have updated.
This is a pretty bad situation given that the only downside of the fix I can see is "bumps the MSRV" (correct me if I'm wrong).
Version =1.3 was set so the library builds on older rust versions. But this won't allow to build the library if some other dependency requires a newer version.
See https://gitlab.gnome.org/GNOME/fractal/-/issues/1016#note_1442659