ethereumjs-monorepo icon indicating copy to clipboard operation
ethereumjs-monorepo copied to clipboard

Published 20 hours ago verified publisher icon ethereumjs

Multiaddr / PeerId dependencies.

Open ScottyPoi opened this issue 2 years ago • 2 comments

Follow-up issue to #2903 / #2912

The remaining security warnings all stem from multiaddr: "10.0.1" -- used by package DevP2P

The package is has been deprecated and succeeded by @multiformats/multiaddr. However, the update to @multiformats/multiaddr, was unsuccessful due to current ESM transition issues.

Similarly, the package peer-id has been deprecated, with @libp2p/interfaces-peer-id and @libp2p/peer-id-factory as the successors.
These packages are only used here: https://github.com/ethereumjs/ethereumjs-monorepo/tree/master/packages/client/libp2pBrowserBuild and can probably be removed entirely.

[ ] Look into /client/libp2pBrowserBuild and @libp2p dependencies

when possible [ ] Update 'multiaddr' to @multiformats/multiaddr

ScottyPoi avatar Jul 26 '23 01:07 ScottyPoi

You can definitely remove the peerId stuff. That's all just sitting there in case we want to revive devp2p over libp2p and isn't actually ever compiled or run. I think the multiaddr bits we use are pretty small and could probably be internalized.

acolytec3 avatar Jul 26 '23 01:07 acolytec3

Have addressed the libp2p dependency removal in #2926

holgerd77 avatar Jul 31 '23 16:07 holgerd77