nats.rs icon indicating copy to clipboard operation
nats.rs copied to clipboard

Published 20 hours ago verified publisher icon nats-io

Relax the zeroize dependency requirements

Open samsends opened this issue 2 years ago • 1 comments

Hey all I'm running into some dependency conflicts. I was wondering whether if it would be possible to relax the zeroize requirement from 1.4 to support more versioning! If not, do you have any suggestions on how to deal with the conflicting dep requirements? Thanks!


    Updating crates.io index
error: failed to select a version for `zeroize`.
    ... required by package `curve25519-dalek v3.2.1`
    ... which satisfies dependency `curve25519-dalek = "^3.2.1"` of package `solana-program v1.10.25`
    ... which satisfies dependency `solana-program = "=1.10.25"` of package `solana-address-lookup-table-program v1.10.25`
    ... which satisfies dependency `solana-address-lookup-table-program = "=1.10.25"` of package `solana-runtime v1.10.25`
    ... which satisfies dependency `solana-runtime = "=1.10.25"` of package `solana-transaction-status v1.10.25`
    ... which satisfies dependency `solana-transaction-status = "=1.10.25"` of package `solana-geyser-plugin-interface v1.10.25`
    ... which satisfies dependency `solana-geyser-plugin-interface = "^1.10.25"` of package `indexer v0.1.0 `
versions that meet the requirements `>=1, <1.4` are: 1.3.0, 1.2.0, 1.1.1, 1.1.0, 1.0.0

all possible versions conflict with previously selected packages.

  previously selected package `zeroize v1.4.0`
    ... which satisfies dependency `zeroize = "^1.4"` of package `signatory v0.23.1`
    ... which satisfies dependency `signatory = "^0.23"` of package `nkeys v0.2.0`
    ... which satisfies dependency `nkeys = "^0.2.0"` of package `nats v0.20.1`
    ... which satisfies dependency `nats = "^0.20.1"` of package `indexer v0.1.0`

failed to select a version for `zeroize` which could resolve this conflict

samsends avatar Jun 14 '22 02:06 samsends

Hey @samsends,

This is not a direct dependency of us, looked up all the indirects and there is nothing we can bump so not much we can do directly.

Problem is that signatory requires zero size 1.4 and curve25519-dalek specifies zerosize < 1.4.

Digging around a bit, found that they have an open issue for relaxing this (https://github.com/dalek-cryptography/curve25519-dalek/pull/386).

caspervonb avatar Jun 16 '22 20:06 caspervonb