-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade zeroize dep #8
Comments
We've been waiting for upstream to release curve25519-dalek 4.0, which updates a bunch of dependencies: dalek-cryptography/curve25519-dalek#405. If that doesn't happen soon though maybe we can take this; the original reason for pinning it (again, upstream) was a disagreement about whether MSRV breaks should be semver breaks, and upstream has given up on that. |
(This finally happened!) |
@jrose-signal apologies for the confusion. I see the zeroize requirement is still there, and I also see there was a revert commit https://github.com/signalapp/curve25519-dalek/commits/lizard2 in here. Shall I re-open this issue? Or am I doing it wrong? Still getting an error when trying to depend on the latest presage:
|
We're on the You can see curve25519-dalek is no longer the problem because of the listing of "requirements |
Apologies, doing this helped:
|
I can't upgrade some of my project's deps due to curve25519-dalek requiring zeroize < 1.4. Is it possible to support later versions of zeroize?
The text was updated successfully, but these errors were encountered: