Skip to content

Bump schnorrkel to 0.11.5 #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
haikoschol wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Bump schnorrkel to 0.11.5 #25

haikoschol wants to merge 3 commits into from

Conversation

@haikoschol
Copy link

@haikoschol haikoschol commented Sep 24, 2025

This change bumps the schnorrkel dependency to 0.11.5 in order to avoid indirectly depending on the potentially vulnerable crate curve25519-dalek-ng.

The motivation for doing this is to get rid of curve25519-dalek-ng in Polkadot SDK and verifiable is the last direct dependency which pulls it in:

polkadot-sdk$ cargo tree --invert curve25519-dalek-ng
curve25519-dalek-ng v4.1.1
└── schnorrkel v0.10.2
    └── verifiable v0.1.0

Related issue: paritytech/polkadot-sdk#4852

@haikoschol haikoschol mentioned this pull request Sep 24, 2025
Open
@eskimor
Copy link
Member

eskimor commented Oct 22, 2025

@Zebedeusz can we get this merged and a release cut?

@Zebedeusz
Copy link
Contributor

Zebedeusz commented Oct 23, 2025

@eskimor Let me do a few checks and I'll let you know. Today or tomorrow at the latest.

@Zebedeusz
Copy link
Contributor

Zebedeusz commented Oct 23, 2025

I had to make some changes to make it work - rand with getrandom was causing issues.

@gui1117
Copy link
Contributor

gui1117 commented Oct 28, 2025

I had to make some changes to make it work - rand with getrandom was causing issues.

what was causing issue? it is compiling fine to me without the rand change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eskimor eskimor eskimor approved these changes

@Zebedeusz Zebedeusz Zebedeusz approved these changes

@alexggh alexggh alexggh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@haikoschol @eskimor @Zebedeusz @gui1117 @alexggh