Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zeroize dependency version constraint is inflexible #3764

Open
akuzni2 opened this issue Nov 24, 2024 · 0 comments
Open

Zeroize dependency version constraint is inflexible #3764

akuzni2 opened this issue Nov 24, 2024 · 0 comments
Labels
community

Comments

@akuzni2
Copy link

akuzni2 commented Nov 24, 2024
edited
Loading

Problem

Solana < 2:

  • Users who are using solana_program SDK < version 2 are required to stick to zeroize 1.3 (cargo).
    this can cause friction when integrating with other libraries that depend on other zeroize versions and attempts at patching can be confusing or incompatible (popular issue)

Solana >= 2

  • Solana version V2 bumps this to version 1.7 of zeroize (cargo) but this may lead to similar issues.

Proposed Solution

A few potential solutions to discuss

  1. Do not restrict the zeroize version to 1 specific version and allow any matching version of "1" or within a reasonable range. If Solana V1 targets 1.3 and Solana V2 targets 1.7 then it might make sense that V2 should be at least backwards compatible to zeroize 1.3 to make it easier for users and other packages targeting integration with the Solana SDK to be compatible with both versions.

  2. Remove the zeroize dependency. Is it possible?

  3. If the above are not possible - can there be some example programs created that perform patches and compile successfully to use as a starting place?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@akuzni2