Bump the cargo group across 1 directory with 2 updates

[dependabot]

Bumps the cargo group with 1 update in the / directory: ed25519-dalek.

Updates ed25519-dalek from 1.0.1 to 2.0.0

Changelog

Sourced from ed25519-dalek's changelog.

2.0.0

• Fix a data modeling error in the serde feature pointed out by Trevor Perrin which caused points and scalars to be serialized with length fields rather than as fixed-size 32-byte arrays. This is a breaking change, but it fixes compatibility with serde-json and ensures that the serde-bincode encoding matches the conventional encoding for X/Ed25519.
• Update rand_core to 0.5, allowing use with new rand versions.
• Switch from clear_on_drop to zeroize (by Tony Arcieri).
• Require subtle = ^2.2.1 and remove the note advising nightly Rust, which is no longer required as of that version of subtle. See the subtle changelog for more details.
• Update README.md for 2.x series.
• Remove the build.rs hack which loaded the entire crate into its own build.rs to generate constants, and keep the constants in the source code.

The only significant change is the data model change to the serde feature; besides the rand_core version bump, there are no other user-visible changes.

1.2.3

• Fix an issue identified by a Quarkslab audit (and Jack Grigg), where manually constructing unreduced Scalar values, as needed for X/Ed25519, and then performing scalar/scalar arithmetic could compute incorrect results.
• Switch to upstream Rust intrinsics for the IFMA backend now that they exist in Rust and don't need to be defined locally.
• Ensure that the NAF computation works correctly, even for parameters never used elsewhere in the codebase.
• Minor refactoring to EdwardsPoint decompression.
• Fix broken links in documentation.
• Fix compilation on nightly broken due to changes to the #[doc(include)] path root (not quite correctly done in 1.2.2).

1.2.2

• Fix a typo in an internal doc-comment.
• Add the "crypto" tag to crate metadata.
• Fix compilation on nightly broken due to changes to the #[doc(include)] path root.

1.2.1

• Fix a bug in bucket index calculations in the Pippenger multiscalar algorithm for very large input sizes.
• Add a more extensive randomized multiscalar multiplication consistency check to the test suite to prevent regressions.
• Ensure that that multiscalar and NAF computations work correctly on extremal Scalar values constructed via from_bits.

1.2.0

... (truncated)

Commits

• d889ac8 Finalize 2.0.0
• db6a0b1 Merge branch 'master' into develop
• 58d32ea Merge branch 'release/2.0.0-alpha.2'
• 69d72f9 Bump version to 2.0.0-alpha.2 and update changelog.
• 0168816 Merge pull request #307 from dalek-cryptography/update-nightly-note-subtle
• 2b51978 Remove nightly recommendation now that subtle has stable opt barriers.
• 77203aa Merge pull request #306 from isislovecruft/feature/236-merge-rebase
• 4d1dfba Merge pull request #305 from isislovecruft/fix/unused-tmp2-warning
• 4423394 Fix warning that a temporary value isn't used.
• 57f19e0 Merge remote-tracking branch 'DebugSteven/zeroize' into feature/236-merge-rebase
• Additional commits viewable in compare view

Updates curve25519-dalek from 3.2.0 to 4.1.3

Release notes

Sourced from curve25519-dalek's releases.

v4.0.0-pre.5

curve25519-dalek is a library providing group operations on the Edwards and Montgomery forms of Curve25519, and on the prime-order Ristretto group.

Breaking changes in 4.0.0

• Update the MSRV from 1.41 to 1.56.1
• Update backend selection to be more automatic
• Remove std feature flag
• Remove nightly feature flag
• Make digest an optional feature
• Make rand_core an optional feature
• Replace methods Scalar::{zero, one} with constants Scalar::{ZERO, ONE}
• Scalar::from_canonical_bytes now returns CtOption
• Scalar::is_canonical now returns Choice
• Deprecate EdwardsPoint::hash_from_bytes and rename it EdwardsPoint::nonspec_map_to_curve
• Require including a new trait, use curve25519_dalek::traits::BasepointTable whenever using EdwardsBasepointTable or RistrettoBasepointTable

This release also does a lot of dependency updates and relaxations to unblock upstream build issues.

Commits

• 5312a03 curve: Bump version to 4.1.3 (#660)
• b4f9e4d SECURITY: fix timing variability in backend/serial/u32/scalar.rs (#661)
• 415892a SECURITY: fix timing variability in backend/serial/u64/scalar.rs (#659)
• 56bf398 Updates license field to valid SPDX format (#647)
• 9252fa5 Mitigate check-cfg until MSRV 1.77 (#652)
• 1efe6a9 Fix a minor typo in signing.rs (#649)
• cc3421a Indicate that the rand_core feature is required (#641)
• 858c4ca Address new nightly clippy unnecessary qualifications (#639)
• 31ccb67 Remove platforms in favor using CARGO_CFG_TARGET_POINTER_WIDTH (#636)
• 19c7f4a Fix new nightly redundant import lint warns (#638)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.