Bump tendermint-rs dependencies to v0.34; MSRV 1.72 (#778)

This also includes a migration from `ed25519-dalek` to `ed25519-consensus`, where the latter implements ZIP-215 rules for consensus-critical Ed25519 verification. Bumps the following dependencies: - `cosmrs` v0.15 - `ed25519` v2 - `ed25519-dalek` => `ed25519-consensus` v2 - `elliptic-curve` v0.13 - `k256` v0.13 - `prost` v0.12 - `prost-derive` v0.12 - `rpassword` v7 - `signature` v2 - `tendermint` v0.34 - `tendermint-config` v0.34 - `tendermint-proto` v0.34 - `tendermint-p2p` v0.34 - `yubihsm` v0.42
iqlusioninc · Oct 12, 2023 · bd61203 · bd61203
1 parent 2c1dd87
commit bd61203
Show file tree

Hide file tree

Showing 27 changed files with 500 additions and 295 deletions.
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -4,6 +4,4 @@
 ignore = [
     "RUSTSEC-2019-0036", # failure: type confusion if __private_get_type_id__ is overridden
     "RUSTSEC-2020-0036", # failure is officially deprecated/unmaintained
-    "RUSTSEC-2022-0093", # ed25519-dalek: double public key signing function oracle attack
-    "RUSTSEC-2023-0033", # borsh: parsing borsh messages with ZST which are not-copy/clone is unsound
 ]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -50,7 +50,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.70.0 # MSRV
+          - 1.72.0 # MSRV
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -95,7 +95,7 @@ jobs:
       matrix:
         toolchain:
           - stable
-          - 1.70.0 # MSRV
+          - 1.72.0 # MSRV
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -222,7 +222,7 @@ jobs:
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.70.0 # MSRV
+          toolchain: 1.72.0 # MSRV
           override: true
 
       - name: Install libudev-dev