From d4ed52e48eb52566dab91080eb25d8979fbb7d3e Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 17 Jul 2022 09:47:33 +0200 Subject: remove zeroize dependency this is not so much a problem as a possible source of false security for the readers. all secret keys we handle are serialized in some form, and those serialization buffers are *not* zeroed out after use. zeroing our raw buffers doesn't help much in that case, using a zero-on-free allocator would be much more helpful. --- Cargo.toml | 1 - 1 file changed, 1 deletion(-) (limited to 'Cargo.toml') diff --git a/Cargo.toml b/Cargo.toml index da84734..4025383 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,6 @@ subtle = "2.4.1" url = "2.2.2" validator = { version = "0.15", features = [ "derive" ] } web-push = "0.9.2" -zeroize = { version = "1.4.3", features = [ "zeroize_derive" ] } [dev-dependencies] hex-literal = "0.3.4" -- cgit v1.2.3