search

ucan-wg / rs-ucan

Rust implementation of UCAN
Apache License 2.0
63 stars 15 forks source link

chore(deps): Update ed25519-zebra requirement from 3.1 to 4.0 in /ucan-key-support #110

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Updates the requirements on ed25519-zebra to permit the latest version.

Release notes

Sourced from ed25519-zebra's releases.

ed25519-zebra 4.0.0

  • upgrade curve25519-dalek to 4.0.0-rc.2

  • clippy fixes

  • activate ed25519/pem only when needed

  • bump to 4.0.0; bump MSRV to 1.65; fix no_std support; test MSRV and no_std in CI

  • use rust-toolchain instead of TOML to work with (unmaitained) actions-rs/toolchain

Changelog

Sourced from ed25519-zebra's changelog.

4.0.0

  • Signature is now an alias for ed25519::Signature
    • impl From<Signature> for [u8; 64] no longer exists; use to_bytes() instead.
  • signature::{Signer, Verifier} is now implemented for SigningKeyandVerificationKey`.
  • Updates sha2 version to 0.10 and curve25519-dalek version to 4.0.0-rc.2.
  • Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410) #46 ZcashFoundation/ed25519-zebra#46
    • This is under the non-default pem and pkcs8 features

MSRV increased to 1.65.0.

3.1.0

3.0.0

2.2.0

  • Add PartialOrd, Ord implementations for VerificationKeyBytes. While the derived ordering is not cryptographically meaningful, deriving these traits is useful because it allows, e.g., using VerificationKeyBytes as the key to a BTreeMap (contributed by @​cloudhead).

2.1.2

  • Updates sha2 version to 0.9 and curve25519-dalek version to 3.

2.1.1

  • Add a missing multiplication by the cofactor in batch verification and test that individual and batch verification agree. This corrects an omission that should have been included in 2.0.0.

2.1.0

  • Implements Clone + Debug for batch::Item and provides batch::Item::verify_single to perform fallback verification in case of batch failure.

2.0.0

  • Implements ZIP 215, so that batched and individual verification agree on whether signatures are valid.

... (truncated)

Commits
  • cab0bcd Bump to 4.0.0; update curve25519-dalek (#82)
  • d08ae22 Update criterion requirement from 0.3 to 0.5 (#80)
  • 96b7b31 Update hashbrown requirement from 0.12.0 to 0.14.0 (#81)
  • 346f4cd Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410) ...
  • 7908590 Zeroize full signingkey (#73)
  • e8e58e3 fix documentation about batching
  • e47a986 Do not log SigningKey seed, prefix, s, as part of impl Debug (#70)
  • c079b0e update curve25519-dalek to 4.0.0-pre.5; sha2 to 0.10
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)