Update libp2p from 0.46.1 to 0.48.0 #12267

nbaztec · 2022-09-14T12:58:57Z

Is there an existing issue?

I have searched the existing issues

Experiencing problems? Have you tried our Stack Exchange first?

This is not a support question.

Description of bug

Substrate currently has libp2p:0.46.1 as one of its dependencies, which via transitivity(libp2p-tcp > if-watch) depends upon windows:0.29.0 which contains a security vulnerability GHSA-x4mq-m75f-mx8m
If updated to the latest libp2p:0.48.0 (minimum 0.47.0), this is fixed. However since there has been a breaking change in libp2p:0.48.0, simply bumping the version isn't enough. Specifically this file breaks with the new Behavior api and I was unable to figure it out.

Perhaps someone from parity can take a look and address a good refactoring strategy?

Steps to reproduce

No response

The text was updated successfully, but these errors were encountered:

bkchr · 2022-09-14T14:16:09Z

@dmitry-markin is already working on this.

dmitry-markin · 2022-09-14T14:20:57Z

Here is the draft PR for reference: #12256

github-actions bot added the J2-unconfirmed Issue might be valid, but it’s not yet known. label Sep 14, 2022

dmitry-markin mentioned this issue Sep 15, 2022

Upgrade libp2p to 0.49.0 #12256

Merged

paritytech-processbot bot closed this as completed in #12256 Oct 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update libp2p from 0.46.1 to 0.48.0 #12267

Update libp2p from 0.46.1 to 0.48.0 #12267

nbaztec commented Sep 14, 2022

bkchr commented Sep 14, 2022

dmitry-markin commented Sep 14, 2022

Update libp2p from 0.46.1 to 0.48.0 #12267

Update libp2p from 0.46.1 to 0.48.0 #12267

Comments

nbaztec commented Sep 14, 2022

Is there an existing issue?

Experiencing problems? Have you tried our Stack Exchange first?

Description of bug

Steps to reproduce

bkchr commented Sep 14, 2022

dmitry-markin commented Sep 14, 2022