Skip to content

chore(deps): bump ed25519-dalek from 2.2.0 to 3.0.0#643

Merged
enricopiovesan merged 2 commits into
mainfrom
claude/pr568-ed25519-dalek-3-0-0-rebase
Jul 13, 2026
Merged

chore(deps): bump ed25519-dalek from 2.2.0 to 3.0.0#643
enricopiovesan merged 2 commits into
mainfrom
claude/pr568-ed25519-dalek-3-0-0-rebase

Conversation

@enricopiovesan

@enricopiovesan enricopiovesan commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Supersedes chore(deps): bump ed25519-dalek from 2.2.0 to 3.0.0 #568, dependabot's original PR bumping ed25519-dalek from 2.2.0 to 3.0.0 in crates/traverse-runtime/Cargo.toml. That branch had accumulated a real merge conflict against main (Cargo.lock and crates/traverse-runtime/Cargo.toml, from unrelated dependency/feature changes landing on main since the PR opened), so this reopens it from a fresh branch rather than rewriting the bot-owned branch's history.
  • Rebased dependabot's original commit onto latest main, resolved the two-file conflict (kept main's other in-flight dependency versions — sha2 = "0.11", zeroize, optional wasmtime/wasmtime-wasi, uuid with the js feature — and took ed25519-dalek = "3.0.0" from the dependabot side), then regenerated Cargo.lock via cargo update -p ed25519-dalek rather than hand-editing lockfile conflict markers. Original dependabot commit authorship preserved.
  • traverse-cli has its own separate ed25519-dalek = "2.2.0" dependency, untouched — out of scope for this bump (dependabot only targeted traverse-runtime's usage).

Governing Spec

  • 030-security-identity-model

ed25519-dalek is used in crates/traverse-runtime/src/security.rs for signing/verification under this spec; version-bump only, no behavioral or API change in traverse-runtime's own code.

Project Item

N/A — dependency bump, not tracked against a Project 1 issue.

Validation

  • cargo build --workspace — clean
  • cargo test --workspace — all green, zero failures
  • cargo clippy --workspace --all-targets -- -D warnings — clean
  • cargo fmt --check — clean

🤖 Generated with Claude Code

dependabot Bot and others added 2 commits July 12, 2026 21:50
Bumps [ed25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases)
- [Changelog](https://github.com/dalek-cryptography/curve25519-dalek/blob/3.0.0/CHANGELOG.md)
- [Commits](dalek-cryptography/curve25519-dalek@ed25519-2.2.0...3.0.0)

---
updated-dependencies:
- dependency-name: ed25519-dalek
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@enricopiovesan enricopiovesan merged commit 99650b4 into main Jul 13, 2026
26 checks passed
@enricopiovesan enricopiovesan deleted the claude/pr568-ed25519-dalek-3-0-0-rebase branch July 13, 2026 05:17
@enricopiovesan

Copy link
Copy Markdown
Collaborator Author

Closing as redundant — the identical fix (ed25519-dalek 2.2.0→3.0.0, same rebase-off-a-fresh-branch approach) was independently completed and merged via #568 a few minutes ago. This branch is now a no-op against main (0 files changed after syncing).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant