Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Update ed25519-zebra requirement from 3.1 to 4.0 in /ucan-key-support #110

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): Update ed25519-zebra requirement from 3.1 to 4.0 in /ucan-key-support #110

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 12, 2023

Updates the requirements on ed25519-zebra to permit the latest version.

Release notes

Sourced from ed25519-zebra's releases.

ed25519-zebra 4.0.0

  • upgrade curve25519-dalek to 4.0.0-rc.2

  • clippy fixes

  • activate ed25519/pem only when needed

  • bump to 4.0.0; bump MSRV to 1.65; fix no_std support; test MSRV and no_std in CI

  • use rust-toolchain instead of TOML to work with (unmaitained) actions-rs/toolchain

Changelog

Sourced from ed25519-zebra's changelog.

4.0.0

  • Signature is now an alias for ed25519::Signature
    • impl From<Signature> for [u8; 64] no longer exists; use to_bytes() instead.
  • signature::{Signer, Verifier} is now implemented for SigningKeyandVerificationKey`.
  • Updates sha2 version to 0.10 and curve25519-dalek version to 4.0.0-rc.2.
  • Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410) #46 ZcashFoundation/ed25519-zebra#46
    • This is under the non-default pem and pkcs8 features

MSRV increased to 1.65.0.

3.1.0

3.0.0

2.2.0

  • Add PartialOrd, Ord implementations for VerificationKeyBytes. While the derived ordering is not cryptographically meaningful, deriving these traits is useful because it allows, e.g., using VerificationKeyBytes as the key to a BTreeMap (contributed by @​cloudhead).

2.1.2

  • Updates sha2 version to 0.9 and curve25519-dalek version to 3.

2.1.1

  • Add a missing multiplication by the cofactor in batch verification and test that individual and batch verification agree. This corrects an omission that should have been included in 2.0.0.

2.1.0

  • Implements Clone + Debug for batch::Item and provides batch::Item::verify_single to perform fallback verification in case of batch failure.

2.0.0

  • Implements ZIP 215, so that batched and individual verification agree on whether signatures are valid.

... (truncated)

Commits
  • cab0bcd Bump to 4.0.0; update curve25519-dalek (#82)
  • d08ae22 Update criterion requirement from 0.3 to 0.5 (#80)
  • 96b7b31 Update hashbrown requirement from 0.12.0 to 0.14.0 (#81)
  • 346f4cd Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410) ...
  • 7908590 Zeroize full signingkey (#73)
  • e8e58e3 fix documentation about batching
  • e47a986 Do not log SigningKey seed, prefix, s, as part of impl Debug (#70)
  • c079b0e update curve25519-dalek to 4.0.0-pre.5; sha2 to 0.10
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Update ed25519-zebra requirement in /ucan-key-support
82beaee 
Updates the requirements on [ed25519-zebra](https://github.com/ZcashFoundation/ed25519-zebra) to permit the latest version.
- [Release notes](https://github.com/ZcashFoundation/ed25519-zebra/releases)
- [Changelog](https://github.com/ZcashFoundation/ed25519-zebra/blob/main/CHANGELOG.md)
- [Commits](ZcashFoundation/ed25519-zebra@3.1.0...4.0.0)

---
updated-dependencies:
- dependency-name: ed25519-zebra
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from cdata and a team as code owners June 12, 2023 13:00
@dependabot dependabot bot added the chore Dependency Update label Jun 12, 2023
cdata
cdata approved these changes Jun 21, 2023
View reviewed changes
Copy link
Member

@cdata cdata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, bot

@jsantell jsantell mentioned this pull request Feb 7, 2024
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdata cdata cdata approved these changes

Assignees
No one assigned
Labels
chore Dependency Update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cdata