-
Notifications
You must be signed in to change notification settings - Fork 41
Zeroize version 0.10.1 is no longer on crates.io #24
Comments
Hi,
Thanks for noticing this. I regret that the crate has been yanked. The
entire Rust ecosystem is built largely upon dozens of small contributions
of various people. These people make decisions which sometimes can not be
explained by common sense.
In our case there is another key dependency , *curv* , which also depends
on *zeroize* 0.10.1. The crate has been upgraded a lot since I started to
use it in 2020, and the changes are not backward compatible. The latest
update of *curv* accommodates *zeroize* 1.3.0, as the response to yanking
event obviously. But I can't switch to this version of *curv* as this will
ruin the entire API and a great deal of code will have to be rewritten in
my lib. So I think of some quick solution instead.
I think of cloning the old 0.10.1 code and using a git-style reference to
it. It may take some time though.
I will keep you posted,
Best regards
Oleg
…On Sat, Jul 17, 2021 at 1:31 AM sandeepmukh ***@***.***> wrote:
Title pretty much says it all, but it looks like the authors of Zeroize
removed the version that this library requires. Is there a fix for this?
Here's the error I'm getting when trying to build:
$ cargo build
Updating crates.io index
Updating git repository `https://github.com/RustMania/rust-paillier` <https://github.com/RustMania/rust-paillier>
Updating git repository `https://github.com/vnermolaev/trace.git` <https://github.com/vnermolaev/trace.git>
error: failed to select a version for the requirement `zeroize = "^0.10.1"`
candidate versions found which didn't match: 1.3.0, 1.2.0, 1.1.1, ...
location searched: crates.io index
required by package `ecdsa-mpc v0.3.0 (/Users/sandeepmukherjee/Documents/projects/threshold-signatures)`
I've tried manually updating the Cargo.toml file but got a bit tangled up
in the dependency tree.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#24>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJA357KV55BAJR5KXBSGURDTYC6NRANCNFSM5AQNV6MA>
.
|
Oops accidentally closed the issue. |
Hi, I'm from ZenGo team maintaining both |
Hello, ZenGo team! I seem having some time finally for this issue, while being away from the job. |
Hi! I was actually able to get the library to work doing just that. Its pretty simple as both of the ZenGo libraries can be upgraded to version “1” of zeroize without breaking. I just edited their |
We're currently releasing major update for the library that improves elliptic curve and bigint interfaces — v0.8.0-rc1 is already available, check out new elliptic curves interface. Once work on bigint is finished, v0.8.0 will be published. You can already start migrating to v0.8.0-rc1 to match new elliptic curves interface. In a nutshell — in the version you depend on, there are One major challenge you might have is that serialization format has been changed for points and scalars (and therefore for anything else in the library). So if you need to deserialize points/scalar/anything else from older I can help you with any issues during migration — reach me via email denis@zengo.com or telegram @dsurv |
As a quick fix — I've released curv v0.2.8 with updated zeroize dependency. As @sandeepmukh pointed out — it required only modifying Cargo.toml. |
The dependencies are updated. Thank you very much for your help with curv! |
Title pretty much says it all, but it looks like the authors of Zeroize removed the version that this library requires. Is there a fix for this?
Here's the error I'm getting when trying to build:
I've tried manually updating the Cargo.toml file but got a bit tangled up in the dependency tree.
EDIT: It can be compiled using local versions of curv and rust-paillier that are all upgraded to version "1" of zeroize. I haven't tested out anything besides its compilation.
The text was updated successfully, but these errors were encountered: