Bug(deps) p521 crate requires ecdsa 16.8

[joshka]

Hey, doing a minimal versions check on another library, I stumbled on p521 not being able to compile against the stated dependencies.

p521 0.13.3 requires ecdsa 0.16.8 , but specifies 0.16.5

Error Details

error[E0432]: unresolved import `ecdsa_core::hazmat::sign_prehashed`
  --> /Users/joshka/.cargo/registry/src/index.crates.io-6f17d22bba15001f/p521-0.13.3/src/ecdsa.rs:48:30
   |
48 |         hazmat::{bits2field, sign_prehashed, SignPrimitive, VerifyPrimitive},
   |                              ^^^^^^^^^^^^^^ no `sign_prehashed` in `hazmat`

For more information about this error, try `rustc --explain E0432`.
error: could not compile `p521` (lib) due to 1 previous error

Change that introduces the sign_prehashed function https://github.com/RustCrypto/signatures/commit/d7557a62bc1bb43944d89778fcbb7d4c8b3c9118

[tarcieri]

Aah, we normally run a minimal-versions check but it seems this was missed for p521.

A fix would require a backport since master currently has the next prerelease versions, but I can get to it at some point.

[joshka]

I figured that might be the case seeing the -pre dep in the Cargo.toml. I wasn't sure quite what your release process would be for something like that.

The workaround for any consuming packages in the mean time (assuming they care about such things) is to just add ecdsa 0.16.8 as a dependency, so it's not a huge deal.

Aah, we normally run a minimal-versions check but it seems this was missed for p521.

Sounds like this might be worth adding to your CI.