Error when building paseto #40
Comments
Yeah looks like they released a breaking API Change as part of a minor update 😭 , looks like sodiumoxide is also moving away to maintenance mode though. So we should probably be migrating away from it altogether. Thanks for catching this though! In the meantime you should be able to workaround without a patch by manually specifying a sodiumoxide dependency explicitly on 0.2.6. @anthonyjchriste to what extent would you like to be involved here? I'd appreciate any help, but don't want to put a lot on you here either! As I'll probably take an action item here to just move away entirely from sodiumoxide. |
I can help out with small patches. We make use of this library at work and I appreciate the effort put into it so far by all of the contributors. We have a vested interest in keeping this library updated. With that said, I don't have a security background, so I would mainly be interested in contributing in other technical matters (refactoring, library maintenance, etc). I'm happy to hear what you have in mind though. I'm certainly not opposed to moving away from sodiumoxide as long as someone else is able to help verify changes on the security side of things. |
Sounds good, I'll start working on switching over. To be clear I'm not suggesting changing the actual cryptography being used, just moving away from sodiumoxide as the one doing those operations! (E.g. moving to a crate that performs the same operations). I'll get working on the patch, and should have something up by EoD tomorrow if all goes well! |
That's great. Really appreciate it! Thanks for the absurdly quick response by open source standards! |
Hey @anthonyjchriste , This should all be good now, and a new patch release has been published too so you don't necessarily have to use trunk😉 . Thanks for pointing this out, and have a great rest of your day! |
I just updated and can confirm all is well. Dropping some c dependencies is similarly a big win. Thank you so much @Mythra! Your time is appreciated. |
Describe the bug
When I try to build the latest trunk branch, I get the following error.
To Reproduce
Steps to reproduce the behavior:
cargo update
to update compatible dependenciescargo check
Expected behavior
The crate should compile without error.
Versions (please complete the following information):
Additional context
It would appear that sodiumoxide updated their API which caused a breaking change in this library.
I've forked the repo and will look to provide a PR.
The text was updated successfully, but these errors were encountered: