Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): Upgrade to ed25519-zebra 4.0.0 #6881

Merged
merged 4 commits into from
Jun 9, 2023
Merged

build(deps): Upgrade to ed25519-zebra 4.0.0 #6881

merged 4 commits into from
Jun 9, 2023

Conversation

dconnolly
Copy link
Contributor

@dconnolly dconnolly commented Jun 8, 2023
edited
Loading

Motivation

Aligns with other dependencies that also rely on curve25519-dalek 4.0.0+

Solution

  • Upgrade zebra-chain
  • Upgrade tower-batch dev dependencies
  • Remove curve25519-dalek denial in deny.toml
  • Update Cargo.lock via cargo update

Confirmed via cargo tree --duplicates that we have no curve25519-dalek duplicate versions.

Review

Reviewer Checklist

  • Will the PR name make sense to users?
    • Does it need extra CHANGELOG info? (new features, breaking changes, large changes)
  • Are the PR labels correct?
  • Does the code do what the ticket and PR says?
    • Does it change concurrent code, unsafe code, or consensus rules?
  • How do you know it works? Does it have tests?

@dconnolly dconnolly added A-dependencies Area: Dependency file updates A-rust Area: Updates to Rust code P-High 🔥 A-cryptography Area: Cryptography related labels Jun 8, 2023
@dconnolly dconnolly requested review from a team as code owners June 8, 2023 20:34
@dconnolly dconnolly requested review from upbqdn and removed request for a team June 8, 2023 20:34
@github-actions github-actions bot added the C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG label Jun 8, 2023
@dconnolly dconnolly changed the title build: Upgrade to ed5519-zebra 4.0.0 build(deps): Upgrade to ed5519-zebra 4.0.0 Jun 8, 2023
@teor2345 teor2345 removed the request for review from a team June 8, 2023 21:09
teor2345
teor2345 suggested changes Jun 8, 2023
View reviewed changes
Copy link
Contributor

@teor2345 teor2345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is failing due to a duplicate hashbrown dependency.

The command-line for checking for duplicate dependencies is:

cargo deny check bans

We can add this to #6859 if you'd like instead.

@teor2345 teor2345 changed the title build(deps): Upgrade to ed5519-zebra 4.0.0 build(deps): Upgrade to ed25519-zebra 4.0.0 Jun 8, 2023
@teor2345 teor2345 mentioned this pull request Jun 8, 2023
Merged
3 tasks
@dconnolly
Copy link
Contributor Author

This is failing due to a duplicate hashbrown dependency.

The command-line for checking for duplicate dependencies is:

cargo deny check bans

We can add this to #6859 if you'd like instead.

Ah I think I updated the deny.toml just as you replied about that 😁

@dconnolly dconnolly requested a review from teor2345 June 8, 2023 21:15
teor2345
teor2345 reviewed Jun 8, 2023
View reviewed changes
deny.toml Show resolved Hide resolved
teor2345
teor2345 reviewed Jun 8, 2023
View reviewed changes
deny.toml Show resolved Hide resolved
teor2345
teor2345 previously approved these changes Jun 8, 2023
View reviewed changes
@teor2345
Copy link
Contributor

teor2345 commented Jun 8, 2023

Ah I think I updated the deny.toml just as you replied about that

It might be nice to have a "bless" script, because it would always get the crates and versions right. The tricky part would be when it creates over-broad exceptions. I guess we could just add exceptions for each duplicate crate directly.

dconnolly
dconnolly commented Jun 8, 2023
View reviewed changes
deny.toml Outdated Show resolved Hide resolved
teor2345
teor2345 reviewed Jun 8, 2023
View reviewed changes
deny.toml Show resolved Hide resolved
@dconnolly
Copy link
Contributor Author

dconnolly commented Jun 8, 2023
edited
Loading

oop github is being weird for me so i'll put this at the top level,

@teor2345 This is interesting, I ran the command from CI which uses --all-features and it pinned on 0.13.2 and only because of ed25519-zebra and metrics-exporter-prometheus; I do see the other crates and other hashbrown version with just cargo deny check bans; is the one in CI incorrect?

image

@codecov
Copy link

codecov bot commented Jun 8, 2023

Codecov Report

Merging #6881 (8c289cd) into main (9959a6c) will decrease coverage by 0.15%.
The diff coverage is n/a.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6881      +/-   ##
==========================================
- Coverage   77.72%   77.58%   -0.15%     
==========================================
  Files         310      310              
  Lines       41416    41416              
==========================================
- Hits        32192    32134      -58     
- Misses       9224     9282      +58

@teor2345
Copy link
Contributor

teor2345 commented Jun 9, 2023

I ran the command from CI which uses --all-features and it pinned on 0.13.2 and only because of ed25519-zebra and metrics-exporter-prometheus; I do see the other crates and other hashbrown version with just cargo deny check bans; is the one in CI incorrect?

CI runs both commands in a matrix, and both of them must pass. (With and without --all-features.)

mergify bot added a commit that referenced this pull request Jun 9, 2023
@mergify
Merge of #6881
41ac2c0
@mergify mergify bot mentioned this pull request Jun 9, 2023
Closed
mergify bot added a commit that referenced this pull request Jun 9, 2023
@mergify
Merge of #6881
1e01be7
@mergify mergify bot mentioned this pull request Jun 9, 2023
Closed
mergify bot added a commit that referenced this pull request Jun 9, 2023
@mergify
Merge of #6881
9ddea0a
@mergify mergify bot mentioned this pull request Jun 9, 2023
Closed
@mergify mergify bot merged commit 954ff2e into main Jun 9, 2023
@mergify mergify bot deleted the upgrade-ed25519-zebra branch June 9, 2023 10:04
@dconnolly
Copy link
Contributor Author

I ran the command from CI which uses --all-features and it pinned on 0.13.2 and only because of ed25519-zebra and metrics-exporter-prometheus; I do see the other crates and other hashbrown version with just cargo deny check bans; is the one in CI incorrect?

CI runs both commands in a matrix, and both of them must pass. (With and without --all-features.)

Ah I missed that, thanks!

dconnolly added a commit that referenced this pull request Jun 12, 2023
@dconnolly @teor2345
build(deps): Upgrade to ed25519-zebra 4.0.0 (#6881)
9a31a44 
* build: Upgrade to ed5519-zebra 4.0.0

* skip-tree hashbrown =0.13.2 because ed25519-zebra is 0.14.0 and a dep of metrics-exporter-prometheus is 0.13.2

* Use correct versions in deny.toml

* Oops turns out we need both exceptions

---------

Co-authored-by: teor <teor@riseup.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teor2345 teor2345 teor2345 approved these changes

@upbqdn upbqdn Awaiting requested review from upbqdn upbqdn was automatically assigned from ZcashFoundation/network-reviewers

Assignees
No one assigned
Labels
A-cryptography Area: Cryptography related A-dependencies Area: Dependency file updates A-rust Area: Updates to Rust code C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dconnolly @teor2345