Skip to content
This repository was archived by the owner on Mar 23, 2021. It is now read-only.

Bump libp2p from 0.29.1 to 0.32.0#3420

Closed
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/cargo/libp2p-0.32.0
Closed

Bump libp2p from 0.29.1 to 0.32.0#3420
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/cargo/libp2p-0.32.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2020

Bumps libp2p from 0.29.1 to 0.32.0.

Release notes

Sourced from libp2p's releases.

Version 0.30.0 [2020-11-09]

Among other changes, this release adds a requirement across all crates for multihash >= v0.11.3. Rust-libp2p versions in combination with multihash < v0.11.3 are vulnerable to DoS attacks. Given that e.g. PeerId::from_bytes is called with unsanitized data from possibly untrusted sources this call can panic with multihash < v0.11.3 see RustSec for details.

In case you run libp2p in untrusted environments please either (a) update to libp2p v0.30.0 or (b) make sure to run with multihash >=v0.11.3 via your downstream Cargo.lock file.

As always all other contained changes are listed in our CHANGELOG.md.

Changelog

Sourced from libp2p's changelog.

Version 0.32.0 [2020-12-08]

  • Update libp2p-request-response.

  • Update to libp2p-mdns-0.26.

  • Update libp2p-websocket minimum patch version.

Version 0.31.2 [2020-12-02]

  • Bump minimum libp2p-core patch version.

Version 0.31.1 [2020-11-26]

  • Bump minimum libp2p-tcp patch version.

Version 0.31.0 [2020-11-25]

  • Update multistream-select and all dependent crates.

Version 0.30.1 [2020-11-11]

  • Update libp2p-plaintext.

Version 0.30.0 [2020-11-09]

  • Update libp2p-mdns, libp2p-tcp and libp2p-uds as well as libp2p-core and all its dependers.
Commits
  • 9b5d5db Prepare v0.32 (#1879)
  • 0ef4c2d core/benches: Add PeerId sort_vec benchmark (#1878)
  • 4c1657e [mdns] Split response packets if necessary. (#1877)
  • e665a81 core/benches: Add rudimentary benchmark for PeerId::from_bytes and clone (#1875)
  • 3edc467 [request-response] Refine success & error reporting for inbound requests. (#1...
  • 12e50b1 Update top-level libp2p-websocket patch version.
  • 226e105 Prepare libp2p-websocket-0.26.1
  • e41a963 Update rustls requirement from 0.18.0 to 0.19.0 (#1852)
  • 505a17d Adds support for handling interface changes to mdns behaviour. (#1830)
  • 4bdb61b Prepare multistream-select-0.9.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot
Bump libp2p from 0.29.1 to 0.32.0
1abdc70 
Bumps [libp2p](https://github.com/libp2p/rust-libp2p) from 0.29.1 to 0.32.0.
- [Release notes](https://github.com/libp2p/rust-libp2p/releases)
- [Changelog](https://github.com/libp2p/rust-libp2p/blob/master/CHANGELOG.md)
- [Commits](libp2p/rust-libp2p@v0.29.1...v0.32.0)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 8, 2020
@dependabot dependabot bot mentioned this pull request Dec 8, 2020
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 10, 2020

Superseded by #3426.

@dependabot dependabot bot closed this Dec 10, 2020
@dependabot dependabot bot deleted the dependabot/cargo/libp2p-0.32.0 branch December 10, 2020 14:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants