Breaking Dependency pem-rfc7468 for MSRV (Minimum Supported Rust Version)
#116
Comments
|
There is no current release of https://docs.rs/crate/pem-rfc7468/0.2.3/source/Cargo.toml In the git repository, the edition has been bumped to I'm guessing this might be due to the If that's the source of the problem, I can cut another The best way to determine this is actually the problem is to try pinning the base64ct = "=1.1.1"Note that these kinds of MSRV breakages are an ongoing pain point in Rust which will hopefully eventually be addressed by MSRV-dependent dependency resolution. |
|
Oh yes, foolish me. That was the package causing the main error and I got so caught up following it up the dependency tree that I forgot to include it in the issue lol. Pinning it has worked for me, so that does seem to be the root cause of the issue. |
This commit adds a changelog entry about `pem-rfc7468` v0.2.4, which was released to address RustCrypto/RSA#116. The release is identical to v0.2.3, but with `base64ct` restricted to `<1.2` in order to prevent MSRV-related breakages. Since `master` is already on `pem-rfc7468` v0.3.0-pre which is also a 2021 edition crate, those changes are not actually included in this commit, but rather just the changelog entry.
|
I released https://github.com/RustCrypto/formats/pull/193/files Let me know if that fixes the issue. |
This commit adds a changelog entry about `pem-rfc7468` v0.2.4, which was released to address RustCrypto/RSA#116. The release is identical to v0.2.3, but with `base64ct` restricted to `<1.2` in order to prevent MSRV-related breakages. Since `master` is already on `pem-rfc7468` v0.3.0-pre which is also a 2021 edition crate, those changes are not actually included in this commit, but rather just the changelog entry.
|
Works like a charm, thanks! |
Hey guys!
Just wondering, it appears the
pkcs8dependency of this package is importing another dependency (pem-rfc7468) that is dependent onedition="2021", breaking the MRV statement in the README.md and on crates.io. Not sure how big of an issue this is, but I know there are some projects that still use Rust 1.51 with this package that are now blocked from updating torsav0.5.0, which is causing some issues becausersa0.4 still conflicts with RUSTSEC-2020-0159, causing all sorts of security audit issues, etc.I looks like
pem-rfc7468is an optional dependency ofpkcs8, but thersacrate still depends on it.Just wondering if this is mistake or if ya'll are moving your MSRV or if this is just a mistake?
Thanks!
The text was updated successfully, but these errors were encountered: