substrate icon indicating copy to clipboard operation
substrate copied to clipboard

Published 20 hours ago verified publisher icon paritytech

Update libp2p from 0.46.1 to 0.48.0

Open nbaztec opened this issue 1 year ago • 2 comments

Is there an existing issue?

  • [X] I have searched the existing issues

Experiencing problems? Have you tried our Stack Exchange first?

  • [X] This is not a support question.

Description of bug

Substrate currently has libp2p:0.46.1 as one of its dependencies, which via transitivity(libp2p-tcp > if-watch) depends upon windows:0.29.0 which contains a security vulnerability https://github.com/advisories/GHSA-x4mq-m75f-mx8m If updated to the latest libp2p:0.48.0 (minimum 0.47.0), this is fixed. However since there has been a breaking change in libp2p:0.48.0, simply bumping the version isn't enough. Specifically this file breaks with the new Behavior api and I was unable to figure it out.

Perhaps someone from parity can take a look and address a good refactoring strategy?

Steps to reproduce

No response

nbaztec avatar Sep 14 '22 12:09 nbaztec

@dmitry-markin is already working on this.

bkchr avatar Sep 14 '22 14:09 bkchr

Here is the draft PR for reference: https://github.com/paritytech/substrate/pull/12256

dmitry-markin avatar Sep 14 '22 14:09 dmitry-markin