Update curve25519-dalek requirement from =4.0.0-rc.1 to =4.0.0-rc.2

[dependabot[bot]]

Updates the requirements on curve25519-dalek to permit the latest version.

Changelog

Sourced from curve25519-dalek's changelog.

Changelog

Entries are listed in reverse chronological order per undeprecated major series.

4.x series

4.0.0

Breaking changes

• Update the MSRV from 1.41 to 1.60
• Provide SemVer policy
• Make digest an optional feature
• Make rand_core an optional feature
• Remove std feature flag
• Remove nightly feature flag
• Automatic serial backend selection between u32 and u64 over the default u32
• Backend selection is now via cfg(curve25519_dalek_backend) over additive features.
• Provide override to select u32 or u64 backend via cfg(curve25519_dalek_bits)
• Replace methods Scalar::{zero, one} with constants Scalar::{ZERO, ONE}
• Deprecate EdwardsPoint::hash_from_bytes and rename it EdwardsPoint::nonspec_map_to_curve
• Require including a new trait, use curve25519_dalek::traits::BasepointTable whenever using EdwardsBasepointTable or RistrettoBasepointTable
• Scalar::from_canonical_bytes now returns CtOption
• Scalar::is_canonical now returns Choice

Other changes

• Add precomputed-tables feature
• Update Maintenance Policies for SemVer
• Migrate documentation to docs.rs hosted
• Fix backend documentation generation
• Fix panic when Ristretto::double_and_compress_batch receives the identity point
• Remove byteorder dependency
• Update the criterion dependency to 0.4.0
• Include README.md into crate Documentation
• Update the rand_core dependency version and the rand dev-dependency version.
• Relax the zeroize dependency to ^1
• Update the edition from 2015 to 2021

3.x series

3.2.0

• Add support for getting the identity element for the Montgomery form of curve25519, which is useful in certain protocols for checking contributory behaviour in derivation of shared secrets.

... (truncated)

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[daxpedda]

Depends on https://github.com/facebook/voprf/pull/108.

[kevinlewi]

Addressed in #322

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.