-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outdated version of zeroize forced in aes-gcm-siv #377
Comments
It's a hack to preserve the current MSRV. I agree it's less than ideal. Unfortunately Rust does not provide other mechanisms to select MSRV-compatible packages yet. |
Ah I see, thanks. |
We should definitely bump MSRV soon. Now that the 2021 edition is out, it would probably be good to bump all of our crates. One of the many things the 2021 edition helps with is having a |
It's not, but we consider bumping MSRV being a breaking change. Regarding |
Thanks for the detailed explanation :) Are PRs to bump the version of |
For something like an edition bump, it'd be nice to do in a coordinated manner across crates/repos |
Since this issue is still open, how about bumping |
@fjarri it's going to be a giant pain, since we need to do coordinated bumps of all of the dependencies, likely starting with Is Cargo not able to resolve the dependencies such that |
|
FYI: I've opened a tracking issue for |
I've released Please see #410 for additional upgrades needed for a final release. |
Currently the version of
zeroize
is required to be< 1.4
which conflicts with the latest version of secrecy, which needszeroice
to be>= 1.4
.Is there a reason why
zeroize
is explicitly needed in that version, or can it be updated?The text was updated successfully, but these errors were encountered: