Upgrade x25519-dalek to 2.0.0-pre.1

[jplatte]

The changes from the currently-used version are trivial, but they're required to upgrade to the latest version of zeroize in dependent crates.

[jplatte]

Oh, looks like rand is part of the public API of that crate. I'll look into updating rand usage.

[poljar]

It is, also that tag/release has been in the pre state for quite a while: https://github.com/dalek-cryptography/x25519-dalek/releases/tag/2.0.0-pre.1.

[jplatte]

Yeah it has, but I think we're better off with a release that's stable¹ but declared "pre" rathen than a proper release that's constantly causing issues (albeit only at build time).

¹ I would declare it as such based on the trivial diff from the stable release

[poljar]

What kind of issues are we talking about?

[jplatte]

Not being able to upgrade other dependencies because their latest version requires zeroize >=1.4. Also cargo outdated doesn't work inside the matrix-sdk workspace, probably because of one such dependency.

[jplatte]

sigh looks like we'd also need to use dalek-cryptography/ed25519-dalek#160 (through our own fork, I guess). I would still prefer that to the current state of things, but I understand if you don't want to go that route. Let me know if I should continue.

[poljar]

sigh looks like we'd also need to use dalek-cryptography/ed25519-dalek#160 (through our own fork, I guess). I would still prefer that to the current state of things, but I understand if you don't want to go that route. Let me know if I should continue.

I think curve25519-dalek will need to get the same treatment.

I would let that simmer a bit longer, maybe something happens: WebAssembly/wasi-crypto#63.

[jplatte]

curve25519-dalek seems to also have a pre-release using the latest version of rand_core. So we'd only need to have one fork.

[jplatte]

Alright, let's see where this goes: RustCrypto/elliptic-curves#497 (comment)

I'll close this for now.