-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pin ed25519-dalek
for v22 Core release
#1422
Comments
@dmkozh which version did we want to pin to? 2.1.1? |
I don't recall the exact version, but I suppose the latest one should work. Basically as long as cargo-deny doesn't complain we should be good. |
Why do we need to repin? The lock file already pins the core build. And @graydon added a check to ensure that the env repo and core repos use the same version in the lock file so that tests run in both repos using the same version. The unpinning was intended to be permanent. |
Closing this since we will be using stellar/stellar-core#4278 to track how to handle dependencies. We may go with the submodule approach in stellar/stellar-core#4456 |
We temporarily unpin the dalek version in order to unblock the downstream deps from updating to non-vulnerable version. We should pin this back after Core is updated to use new env for p22 or after v22 release (depending on whether unpinning works with prev+curr env build).
The text was updated successfully, but these errors were encountered: