chore: downgrade lockfiles to match orchard v0.11.0#14
Merged
Conversation
Byte-identical to the upstream zcash/orchard v0.11.0 tag lockfile (tag commit 0a71893). The fork's lockfile had drifted to 3 crates (halo2_proofs 0.3.0 -> 0.3.2, zcash_note_encryption 0.4.0 -> 0.4.1, zeroize 1.6.0 -> 1.8.1) with no reason to be bumped. All orchard tests pass with the reset lockfile. Co-Authored-By: Claude <noreply@anthropic.com>
Addresses Sean's P4 concern: "tons of dependencies are bumped in the orchard voting-circuits crates (via the lockfile) that had no reason to be bumped/locked to where they were." Downgraded every crate where possible to match orchard v0.11.0's exact versions. All 125 voting-circuits tests pass with the downgraded lockfile. ## Remaining drift (6 crates, all legitimately blocked) Three apparent-downgrades where the current version is OLDER than upstream v0.11.0. Upstream forced these upward via dev-graph deps (plotters, image, font-kit, etc.) that voting-circuits doesn't include. Attempting to force them up is blocked by our own deps: - bitflags 2.4.0 -> 1.3.2 (blocked by criterion -> clap ^3.1 chain) - hashbrown 0.14.0 -> 0.12.3 (blocked by criterion -> clap -> indexmap) - spin 0.9.8 -> 0.5.2 (blocked by lazy_static ^0.5.0 strict requirement) Three collapsed-version cases where upstream had multiple major versions coexisting via different transitive paths and voting-circuits consolidated to one: - half: upstream had 1.8.2 AND 2.2.1; we have only 1.8.2 - regex-syntax: upstream had 0.6.29 AND 0.7.5; we have only 0.7.5 - syn: upstream had 1.0.109 AND 2.0.31; we have only 2.0.31 Matching these would require adding unneeded transitive deps back. Co-Authored-By: Claude <noreply@anthropic.com>
czarcas7ic
added a commit
to valargroup/zcash_voting
that referenced
this pull request
Apr 11, 2026
Propagates the lockfile downgrade from valargroup/voting-circuits#14 (merged) down to librustvoting. Pulls in the new voting-circuits + orchard revs (ecca2f0) and runs cargo update --precise to push transitive versions back to what orchard v0.11.0 relies on. ## Reduction - Before: 131 crates drifted from orchard v0.11.0 - After: 69 crates remain drifted 62 crates successfully downgraded. The remaining 69 are blocked by librustvoting's non-orchard dependency graph: - arti crates pull rand 0.9 (orchard and all Zcash crypto use rand 0.8) - zcash_primitives 0.26.1 pins prerelease RustCrypto (sha2, block-buffer, etc.) - criterion dev-dep pulls newer serde_derive/clap - tonic/reqwest dep chains pull newer futures/hashbrown All 116 librustvoting workspace tests pass with the downgraded lockfile. Addresses Sean's P4 concern: "i'm fearing that a lot of these ended up cascading into your librustzcash changes (the lockfiles are controlling only for the parent)". Co-Authored-By: Claude <noreply@anthropic.com>
4 tasks
czarcas7ic
added a commit
to valargroup/zcash-swift-wallet-sdk
that referenced
this pull request
Apr 11, 2026
Propagates the lockfile downgrade from valargroup/voting-circuits#14 (merged) down to the iOS SDK shielded-vote branch. Pulls in the new voting-circuits + orchard revs (ecca2f0) and runs cargo update --precise across multiple passes to push transitive versions back to what orchard v0.11.0 relies on. ## Reduction - Before: 176 crates drifted from orchard v0.11.0 - After: 104 crates remain drifted 72 crates successfully downgraded. The remaining 104 are blocked by the iOS SDK's non-orchard dependency graph: - arti crates pull rand 0.9 (orchard and all Zcash crypto use rand 0.8) - zcash_primitives 0.26.1 pins prerelease RustCrypto (sha2 0.11.0-pre.4, block-buffer 0.11.0-rc.3, crypto-common 0.2.0-rc.1, bip32 0.6.0-pre.1) - tonic/reqwest/hyper dep chains pull newer futures/hashbrown/h2 - clap 4.x required by CLI tooling - tokio 1.51 required by the FFI async layer cargo build --release passes with the downgraded lockfile. Addresses Sean's P4 concern: "some of them definitely got inherited by sdk/circuits (which I also downgraded and backed out and cleaned up locally with some success)". Co-Authored-By: Claude <noreply@anthropic.com>
4 tasks
greg0x
pushed a commit
to valargroup/zcash-swift-wallet-sdk
that referenced
this pull request
Apr 13, 2026
Propagates the lockfile downgrade from valargroup/voting-circuits#14 (merged) down to the iOS SDK shielded-vote branch. Pulls in the new voting-circuits + orchard revs (ecca2f0) and runs cargo update --precise across multiple passes to push transitive versions back to what orchard v0.11.0 relies on. ## Reduction - Before: 176 crates drifted from orchard v0.11.0 - After: 104 crates remain drifted 72 crates successfully downgraded. The remaining 104 are blocked by the iOS SDK's non-orchard dependency graph: - arti crates pull rand 0.9 (orchard and all Zcash crypto use rand 0.8) - zcash_primitives 0.26.1 pins prerelease RustCrypto (sha2 0.11.0-pre.4, block-buffer 0.11.0-rc.3, crypto-common 0.2.0-rc.1, bip32 0.6.0-pre.1) - tonic/reqwest/hyper dep chains pull newer futures/hashbrown/h2 - clap 4.x required by CLI tooling - tokio 1.51 required by the FFI async layer cargo build --release passes with the downgraded lockfile. Addresses Sean's P4 concern: "some of them definitely got inherited by sdk/circuits (which I also downgraded and backed out and cleaned up locally with some success)". Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
orchard/Cargo.lock: reset byte-for-byte to the upstreamzcash/orchardv0.11.0 tag lockfile (tag commit0a71893). The fork's lockfile had drifted on 3 crates with no reason to be bumped.voting-circuits/Cargo.lock: downgraded every crate where possible to match orchard v0.11.0's exact versions, usingcargo update --precise.Verification
cd orchard && cargo test --all-features— passescd voting-circuits && cargo test --all-features— all 125 tests pass (121 unit + 4 integration, 3 row_budget ignored)diff -q orchard/Cargo.lock <upstream-v0.11.0>/Cargo.lock— byte-identicalRemaining drift (6 crates, all legitimately blocked)
Three apparent-downgrades where the current version is OLDER than upstream v0.11.0. Upstream forced these upward via dev-graph deps (plotters, image, font-kit, etc.) that voting-circuits doesn't include. Attempting to force them up is blocked by our own deps:
bitflagscriterion → clap ^3.1 → indexmaphashbrowncriterion → clap → indexmapspinlazy_static = "^0.5.0"strictThree collapsed-version cases where upstream had multiple major versions coexisting via different transitive paths and voting-circuits consolidated to one:
halfregex-syntaxsynMatching these would require adding unneeded transitive deps back, which would bloat the binary.
Context
Addresses Sean's P4 concern (direct quote):
Test plan
cd orchard && cargo test --all-featurespassescd voting-circuits && cargo test --all-features— 125 tests passorchard/Cargo.lockbyte-identical to upstream v0.11.0