Upgrade dependencies

[Stentonian]

• What do we do about SMTree dependency? #12

[Stentonian]

This should be done at the end of the cleanup stage. Reason:

Some of the tests have been turned off because they take too long to run. If we upgrade now (before adjusting the tests) then we may break the tests unknowingly.

[Stentonian]

Useful https://stackoverflow.com/questions/61700920/is-it-good-practice-to-use-the-latest-versions-of-dependencies-when-publishing

[Stentonian]

Actually we still need to run the cargo command to upgrade the dependencies

[Stentonian]

curve25519_dalek_ng VS curve25519_dalek

The former has the following text:

This crate continues the curve25519-dalek series under a different package name. Unfortunately, one of the maintainers of the previous crate seized control of the dalek-cryptography GitHub organization and the subtle and curve25519-dalek crates by silently removing all other co-maintainers.

Relevant: dalek-cryptography/curve25519-dalek#345
Does not seem like there is a legitimate security concern with the original repo.

The former has not been updated in 2 years, but the latter was updated last week.

Going to rather use the original repo.

[Stentonian]

Turns out you cannot switch from curve25519_dalek_ng to curve25519_dalek without breaking the bulletproofs dependency, because it uses curve25519_dalek_ng

[Stentonian]

I raised a question on the bulletproofs repo: zkcrypto/bulletproofs#15

[Stentonian]

Just waiting on v5 to be published zkcrypto/bulletproofs#22