From a44d961e7ea9241bf0c3c8af3c04da7823e06269 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 23 Aug 2022 10:43:44 +0200
Subject: [PATCH] Fix bumpalo issue

---
 fuzz/Cargo.toml             | 3 ---
 libraries/crypto/Cargo.toml | 5 +++++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 9d43c36..e00bac3 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -11,9 +11,6 @@ cargo-fuzz = true
 [dependencies]
 libfuzzer-sys = { version = "0.3" }
 fuzz_helper = { path = "fuzz_helper" }
-# We import to explicitly lock the version.
-# Remove this dependency once CTAP is a library.
-bumpalo = "=3.8.0"
 
 # Prevent this from interfering with workspaces
 [workspace]
diff --git a/libraries/crypto/Cargo.toml b/libraries/crypto/Cargo.toml
index 12944d0..3763bc8 100644
--- a/libraries/crypto/Cargo.toml
+++ b/libraries/crypto/Cargo.toml
@@ -21,6 +21,11 @@ serde = { version = "1.0", optional = true, features = ["derive"] }
 serde_json = { version = "=1.0.69", optional = true }
 regex = { version = "1", optional = true }
 
+# We explicitly lock the version of those transitive dependencies because their
+# Cargo.toml don't parse with the nightly compiler used by Tock. Remove this
+# whole block once CTAP is a library.
+bumpalo = "=3.8.0" # transitive dependency of ring
+
 [features]
 std = ["hex", "ring", "rng256/std", "untrusted", "serde", "serde_json", "regex"]
 with_ctap1 = []