Skip to content

chore(deps): bump ed25519-dalek from 1.0.1 to 2.1.1 in /gossipsub-interop/rust-libp2p #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 21 commits into
base: master
Choose a base branch
from
Open

chore(deps): bump ed25519-dalek from 1.0.1 to 2.1.1 in /gossipsub-interop/rust-libp2p #8

dependabot wants to merge 21 commits into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Oct 2, 2025

Bumps ed25519-dalek from 1.0.1 to 2.1.1.

Changelog

Sourced from ed25519-dalek's changelog.

2.1.1

  • Update the optional packed-simd dependency to rely on a newer, maintained version of the packed-simd-2 crate.

2.1.0

  • Make Scalar::from_bits a const fn, allowing its use in const contexts.

2.0.0

  • Fix a data modeling error in the serde feature pointed out by Trevor Perrin which caused points and scalars to be serialized with length fields rather than as fixed-size 32-byte arrays. This is a breaking change, but it fixes compatibility with serde-json and ensures that the serde-bincode encoding matches the conventional encoding for X/Ed25519.
  • Update rand_core to 0.5, allowing use with new rand versions.
  • Switch from clear_on_drop to zeroize (by Tony Arcieri).
  • Require subtle = ^2.2.1 and remove the note advising nightly Rust, which is no longer required as of that version of subtle. See the subtle changelog for more details.
  • Update README.md for 2.x series.
  • Remove the build.rs hack which loaded the entire crate into its own build.rs to generate constants, and keep the constants in the source code.

The only significant change is the data model change to the serde feature; besides the rand_core version bump, there are no other user-visible changes.

1.x series

1.2.4

  • Specify a semver bound for clear_on_drop rather than an exact version, addressing an issue where changes to inline assembly in rustc prevented clear_on_drop from working without an update.

1.2.3

  • Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually constructing unreduced Scalar values, as needed for X/Ed25519, and then performing scalar/scalar arithmetic could compute incorrect results.
  • Switch to upstream Rust intrinsics for the IFMA backend now that they exist in Rust and don't need to be defined locally.
  • Ensure that the NAF computation works correctly, even for parameters never used elsewhere in the codebase.
  • Minor refactoring to EdwardsPoint decompression.
  • Fix broken links in documentation.
  • Fix compilation on nightly broken due to changes to the #[doc(include)] path root (not quite correctly done in 1.2.2).

... (truncated)

Commits
  • 0f07443 Bump curve25519-dalek to 2.1.1.
  • bb889e4 Remove deprecated feature flags from .travis.yml.
  • d00d4a5 Fix CHANGELOG so that we can note backported patches.
  • e6d8afc Add link to Cargo.toml with explanation of packed_simd renaming
  • dd71df6 adjusted dependency entry like to pick up latest pick up the latest packed_si...
  • 6ffc8dd bumped packed_simd to 0.3.4. resolves #333
  • 3fc47ef Bump version to 2.1.0
  • f04b830 Merge branch 'master' into develop
  • e342f25 Merge pull request #325 from rubdos/const_fn_for_scalar_from_bits
  • 3a61a0b Make Scalar::from_bits a const fn.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

uink45 and others added 21 commits June 4, 2025 10:52
@uink45
Add c-libp2p
e1b96b7
@uink45
Add c-libp2p
e957f81
@uink45
Update Makefile
1bbaede
@uink45
update
d4d2877
@uink45
Update commit
2ae19a3
@uink45
Update Makefile
dde8820
@uink45
Update Makefile
0806cfc
@uink45
Update Makefile
448ef37
@uink45
Update Makefile
e814538
@uink45
Update Makefile
e07eeba
@uink45
Update Makefile
4264034
@uink45
Update Makefile
d888103
@uink45
Update Makefile
5634f50
@uink45
Update Makefile
108d117
@uink45
Update Makefile
c835349
@uink45
Update Makefile
65683af
@uink45
Update Makefile
cd6a178
@uink45
Update Makefile
e490bf6
@uink45
update;
80b6c98
@uink45
Merge remote-tracking branch 'upstream/master'
01e9693 
# Conflicts:
#	transport-interop/Makefile
@dependabot
chore(deps): bump ed25519-dalek in /gossipsub-interop/rust-libp2p
6254da2 
Bumps [ed25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) from 1.0.1 to 2.1.1.
- [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases)
- [Changelog](https://github.com/dalek-cryptography/curve25519-dalek/blob/2.1.1/CHANGELOG.md)
- [Commits](dalek-cryptography/curve25519-dalek@1.0.1...2.1.1)

---
updated-dependencies:
- dependency-name: ed25519-dalek
  dependency-version: 2.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@uink45