fix: update digest import path for 0.11.0-rc.11 compatibility

[Jimmyh-world]

Summary

This PR fixes a compilation error when using curve25519-dalek 5.0.0-pre.1 with digest 0.11.0-rc.11.

The digest crate moved BlockSizeUser from digest::crypto_common to digest::common, causing:

error[E0432]: unresolved import `digest::crypto_common`
   --> curve25519-dalek-5.0.0-pre.1/src/edwards.rs:109:65
    |
109 |     FixedOutput, HashMarker, array::typenum::U64, consts::True, crypto_common::BlockSizeUser,
    |                                                                 ^^^^^^^^^^^^^ could not find `crypto_common` in `digest`

Changes

• Update import path from digest::crypto_common::BlockSizeUser to digest::common::BlockSizeUser

Context

This affects users of iroh (tested with 0.95.x and 0.96.0) which depends on curve25519-dalek =5.0.0-pre.1. The fix already exists in main branch (pre.5+) but the 5.0.0-pre.1 tag published to crates.io has the broken import.

Testing

Verified that iroh 0.96 compiles successfully with this fix applied via Cargo patch.

[Jimmyh-world]

I realize the main branch already has this fix in newer pre-releases (5.0.0-pre.5). This PR is mainly to highlight that 5.0.0-pre.1 on crates.io remains broken for users who depend on it transitively (e.g., via iroh → ed25519-dalek → curve25519-dalek =5.0.0-pre.1).

Would it be possible to either:

1. Publish a patched 5.0.0-pre.2 to crates.io, or
2. Yank the broken 5.0.0-pre.1?

Either would unblock downstream users without requiring Cargo patches. Happy to close this PR if there's a better path forward.

[dignifiedquire]

any update on this, we have quite a lot of broken code and need to a lot of manual pinning, based on the recent round of upgrades, and we can't yet upgrade to the latest as not everything has releases with [email protected]

[tarcieri]

As far as I can tell this was fixed in #875 and released as curve25519-dalek v5.0.0-pre.6 / ed25519-dalek 3.0.0-pre.6 release in #879, which was 5 days ago.

I think this PR is just stale? The lines on main looks like:

https://github.com/dalek-cryptography/curve25519-dalek/blob/main/curve25519-dalek/src/edwards.rs#L107-L111

#[cfg(feature = "digest")]
use digest::{
    FixedOutput, HashMarker, array::typenum::U64, common::BlockSizeUser, consts::True,
    typenum::IsGreater,
};

@dignifiedquire have you tried upgrading to pre.6?

@Jimmyh-world I have no idea what you're requesting here:

This PR is mainly to highlight that 5.0.0-pre.1 on crates.io remains broken for users who depend on it transitively (e.g., via iroh → ed25519-dalek → curve25519-dalek =5.0.0-pre.1).

Would it be possible to either:

Publish a patched 5.0.0-pre.2 to crates.io

curve25519-dalek v5.0.0-pre.2 was released 3 months ago. The latest version is pre.6 as noted above. That's what you need to upgrade to.

[dignifiedquire]

• upgrading to pre.6 wasn't possible, as it was a patch release, changing the rand version is really not a patch change
• I will try to upgrade in the next minor release the rand version, but it might not be possible, as I have to wait for the full dependency set to have upgraded

[Jimmyh-world]

Thanks for the update @tarcieri — understood, we'll look at moving to pre.6 when the time is right.

@dignifiedquire yeah, we hit the same wall with the rand version change. We ended up creating patched crates as a workaround while we're still in active development, so we're unblocked for now. Appreciate you flagging the rand issue here though — good to know it's not just us seeing that as a blocker for the upgrade path.

No rush on our end, happy to close this one out. Cheers!

[tarcieri]

changing the rand version is really not a patch change

It changed the rand_core version from v0.10.0-rc-6 to v0.10. And the version bump wasn't a "patch", these are all prereleases and those sorts of version bumps from rc versions to stable releases of upstream dependencies are exactly the sort of thing you should expect in something versioned pre.6.

The breaking changes in rand_core are annoying, but there's nothing we can do about it in curve25519-dalek. Everything should hopefully be on a new stable release track soon.