Pin ed25519-dalek for v22 Core release
#1422
Assignees
Comments
|
@dmkozh which version did we want to pin to? 2.1.1? |
Closed
|
I don't recall the exact version, but I suppose the latest one should work. Basically as long as cargo-deny doesn't complain we should be good. |
|
Why do we need to repin? The lock file already pins the core build. And @graydon added a check to ensure that the env repo and core repos use the same version in the lock file so that tests run in both repos using the same version. The unpinning was intended to be permanent. |
|
Closing this since we will be using stellar/stellar-core#4278 to track how to handle dependencies. We may go with the submodule approach in stellar/stellar-core#4456 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
We temporarily unpin the dalek version in order to unblock the downstream deps from updating to non-vulnerable version. We should pin this back after Core is updated to use new env for p22 or after v22 release (depending on whether unpinning works with prev+curr env build).
The text was updated successfully, but these errors were encountered: