Skip to content
This repository has been archived by the owner on Mar 23, 2021. It is now read-only.

Bump libp2p from 0.29.1 to 0.35.1 #3537

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Bump libp2p from 0.29.1 to 0.35.1 #3537

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2021

Bumps libp2p from 0.29.1 to 0.35.1.

Release notes

Sourced from libp2p's releases.

Version 0.30.0 [2020-11-09]

Among other changes, this release adds a requirement across all crates for multihash >= v0.11.3. Rust-libp2p versions in combination with multihash < v0.11.3 are vulnerable to DoS attacks. Given that e.g. PeerId::from_bytes is called with unsanitized data from possibly untrusted sources this call can panic with multihash < v0.11.3 see RustSec for details.

In case you run libp2p in untrusted environments please either (a) update to libp2p v0.30.0 or (b) make sure to run with multihash >=v0.11.3 via your downstream Cargo.lock file.

As always all other contained changes are listed in our CHANGELOG.md.

Changelog

Sourced from libp2p's changelog.

Version 0.35.1 [2021-02-17]

  • Update libp2p-yamux to latest patch version.

Version 0.35.0 [2021-02-15]

  • Use libp2p-swarm-derive, the former libp2p-core-derive.

  • Update libp2p-deflate, libp2p-gossipsub, libp2p-mdns, libp2p-request-response, libp2p-swarm and libp2p-tcp.

Version 0.34.0 [2021-01-12]

  • Update libp2p-core and all dependent crates.

  • The tcp-async-std feature is now tcp-async-io, still enabled by default.

Version 0.33.0 [2020-12-17]

  • Update libp2p-core and all dependent crates.

Version 0.32.2 [2020-12-10]

  • Update libp2p-websocket.

Version 0.32.1 [2020-12-09]

  • Update minimum patch version of libp2p-websocket.

Version 0.32.0 [2020-12-08]

  • Update libp2p-request-response.

  • Update to libp2p-mdns-0.26.

  • Update libp2p-websocket minimum patch version.

Version 0.31.2 [2020-12-02]

  • Bump minimum libp2p-core patch version.

Version 0.31.1 [2020-11-26]

  • Bump minimum libp2p-tcp patch version.

Version 0.31.0 [2020-11-25]

  • Update multistream-select and all dependent crates.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 17, 2021
@dependabot dependabot bot mentioned this pull request Mar 17, 2021
Closed
@github-actions github-actions bot added the 3-days-old This PR has been open for more than 3 weekdays label Mar 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
3-days-old This PR has been open for more than 3 weekdays dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants