Require sha1collisiondetection 0.2.7 #179
Conversation
This fixes an misaligned pointer dereference with newer Rust versions.
Upstream issue:
https://gitlab.com/sequoia-pgp/sha1collisiondetection/-/issues/7
There was a problem hiding this comment.
Not sure I like that. It's typically the type of thing that would lead to duplicate dependencies for no reason when sequoia-openpgp start using 0.3.0.
I would probably prefer to just commit the Cargo.lock file, it used to not be recommended for libraries, but this has since changed: https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html
I think that would force a dependency update. It might cause some pain when pulling though.
| # sequoia-openpgp depends on sha1collisiondetection >= 0.2.3, but only 0.2.7 works with newer Rust versions. | ||
| # This can be removed once sequoia-openpgp is updated to a version > 1.16.1. | ||
| sha1collisiondetection = "0.2.7" |
There was a problem hiding this comment.
In that case why not bump the sequoia-openpgp version? It's already in the Cargo.toml at least.
|
It’s only a dev dependency, so a duplicate would not be a big issue. I also thought about adding a lockfile, but testing against the latest versions in the CI is more useful for me. I did not update sequioa-openpgp because it is not released yet. If you want to use Git dependency, that’s also fine for me. |
|
Oh right it's |
|
sequoia-openpg version 1.17 was released today What a timing. |
This fixes an misaligned pointer dereference with newer Rust versions. Upstream issue:
https://gitlab.com/sequoia-pgp/sha1collisiondetection/-/issues/7