Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

bump ed25519-dalek to 2.0 #14776

Merged
merged 4 commits into from
Aug 21, 2023
Merged

bump ed25519-dalek to 2.0 #14776

merged 4 commits into from
Aug 21, 2023

Conversation

andresilva
Copy link
Contributor

@andresilva andresilva commented Aug 16, 2023
edited by skunert
Loading

https://rustsec.org/advisories/RUSTSEC-2022-0093

Can't merge until mcginty/snow#164 to remove cargo patch in this PR.

There is also ed25519-zebra "4.0" available, but can't update to it for the same reason as above. Zebra is unaffected by this issue though.

polkadot companion: paritytech/polkadot#7648
cumulus companion: paritytech/cumulus#3038

@andresilva andresilva added A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C3-medium PR touches the given topic and has a medium impact on builders. labels Aug 16, 2023
@andresilva
Copy link
Contributor Author

Should probably be burned-in to make sure nothing breaks.

@andresilva andresilva added the A1-needs_burnin Pull request needs to be tested on a live validator node before merge. DevOps is notified via matrix label Aug 16, 2023
@bkchr
Copy link
Member

bkchr commented Aug 16, 2023

Should probably be burned-in to make sure nothing breaks.

Can probably don while we wait for the snow release.

@andresilva
Copy link
Contributor Author

We'll still have ed25519-dalek 1.5 in our dependencies until libp2p/rust-libp2p#4327 is fixed (which is also blocked on snow).

@andresilva andresilva added the D5-nicetohaveaudit ⚠️ PR contains trivial changes to logic that should be properly reviewed. label Aug 16, 2023
@skunert
Copy link
Contributor

skunert commented Aug 21, 2023

Took the liberty to remove the snow patch here since 0.9.3 has been released in the meantime (and I am also needing the new version for a PR of mine).

@bkchr bkchr mentioned this pull request Aug 21, 2023
Closed
@ggwpez
Copy link
Member

ggwpez commented Aug 21, 2023

Can we merge this? Substrate master CI needs it.

@bkchr bkchr marked this pull request as ready for review August 21, 2023 13:08
This was referenced Aug 21, 2023
Merged
Merged
@skunert
Copy link
Contributor

skunert commented Aug 21, 2023

bot merge

@paritytech-processbot
Copy link

Waiting for commit status.

@paritytech-processbot paritytech-processbot bot merged commit 51695bb into master Aug 21, 2023
7 of 8 checks passed
@paritytech-processbot paritytech-processbot bot deleted the andre/bump-ed25519-dalek branch August 21, 2023 14:01
@JoshOrndorff JoshOrndorff mentioned this pull request Sep 26, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@skunert skunert skunert approved these changes

@bkchr bkchr bkchr approved these changes

@davxy davxy davxy approved these changes

Assignees
No one assigned
Labels
A0-please_review Pull request needs code review. A1-needs_burnin Pull request needs to be tested on a live validator node before merge. DevOps is notified via matrix B0-silent Changes should not be mentioned in any release notes C3-medium PR touches the given topic and has a medium impact on builders. D5-nicetohaveaudit ⚠️ PR contains trivial changes to logic that should be properly reviewed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andresilva @bkchr @skunert @ggwpez @davxy