Skip to content

Commit

Permalink
zeroize: Allow versions newer than 1.3 for aes-gcm-siv (solana-labs…
Browse files Browse the repository at this point in the history 
…#33618)

`aes-gcm-siv` v0.10.3 has a constraints on maximum `zeroize` version,
set to be 1.3 or below.

At the same time, `cargo` does not want to construct a dependency graph
with duplicate instances of a crate, when the first non-zero version of
those instances are the same.  That is, it refuses to build a workspace
with both 1.3 and 1.4 versions of `zeroize`.

`zeroize` is actually backward compatible, and `aes-gcm-siv` restriction
is overly pessimistic.  This package lifted this restriction in a newer
versions, but we still depend on older versions and can not immediately
update.

In order to be able to use a version of `zeroize` newer than 1.3 we need
to remove a similar restriction from `curve25519-dalek` as well.
  • Loading branch information
@ilya-bobyr @Yiwen-Gao
ilya-bobyr authored and Yiwen-Gao committed Dec 12, 2023
1 parent e0fcdbb commit 4c8226d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
3 changes: 1 addition & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,7 @@ wasm-bindgen = "0.2"
winapi = "0.3.8"
winreg = "0.10"
x509-parser = "0.14.0"
# See "zeroize versioning issues" below if you are updating this version.
zeroize = { version = "1.3", default-features = false }
zstd = "0.11.2"

Expand Down

0 comments on commit 4c8226d

Please sign in to comment.