-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zeroize: 1.5 compatibility tracking ticket #723
Comments
We've received a number of complaints about `zeroize` compatibility (see RustCrypto/utils#723), which was exacerbated by #884 which bumped the `zeroize` version within a minor version series. I had hoped the cargo resolver would've been able to select an older compatible version of zeroize in these cases, but I've gotten a lot of reports that isn't happening. This release reverts #884 in hopes of supporting a wider range of `zeroize` versions for now. It's technically breaking in the event anyone is actually depending on `ZeroizeOnDrop` marker traits on these types, but it seems we've already broken things for current users and that's the much higher impact issue.
The conflict between `elliptic_curves` and `crypto_box` got temporarily patched. For context, see: - RustCrypto/nacl-compat#33 (comment) - RustCrypto/utils#723
Fixes #269 The conflict between `elliptic_curves` and `crypto_box` got temporarily patched. For context, see: - RustCrypto/nacl-compat#33 (comment) - RustCrypto/utils#723
Can’t projects that rely on a specific MSRV set an appropriate version of IMO, it seems reasonable to ask downstream projects that rely on an MSRV to explicitly specify versions of transitive dependencies that allow that MSRV. Or has a decision been made otherwise? |
Yes. Alternatively we can also just bump MSRV.
We tried the pinning approach but it has this bad downside of unintentionally restricting what are otherwise valid combinations of versions. Really I think the best approach is to just bump MSRV across the board so it's no longer an issue. |
Fixes #269 The conflict between `elliptic_curves` and `crypto_box` got temporarily patched. For context, see: - RustCrypto/nacl-compat#33 (comment) - RustCrypto/utils#723 Apparently ethers:master has been broken for about a week
This is becoming a problem with RSA needing |
If you see any lingering crates that have I agree this is preventing valid combinations of crates from working and we should try to get past it at this point. |
We've cut the following prereleases which unpin
If you're encountering problems with any other crates, let us know. |
Is there an ETA for |
I can cut a prerelease which will fix the |
|
|
It does look like Perhaps open an issue on https://github.com/dignifiedquire/num-bigint/issues ? |
Ah sure, I just wanted to note that the above unpinning in |
This should be resolved now. Please leave a comment if there are any remaining incompatibilities. |
Several of our crates lock
zeroize
to <1.4 to prevent MSRV breakages, aszeroize
bumped MSRV to 1.51 in order to leverage const generics.This has caused several compatibility problems when trying to add new features to
zeroize
, namelyZeroizeOnDrop
which was added in v1.5. This means crates that use these new features are incompatible with crates that lock to oldzeroize
versions, even though they are otherwise code compatible on newer versions of Rust.This is a tracking issue for these problems and getting the rest of our crates upgraded so there are no longer compatibility issues.
The text was updated successfully, but these errors were encountered: