Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade libp2p from 0.26.2 to 0.32.4 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade libp2p from 0.26.2 to 0.32.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 73 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-08-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
372/1000
Why? Proof of Concept exploit, CVSS 5.3
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: libp2p
  • 0.32.4 - 2021-08-20
    No content.
  • 0.32.3 - 2021-08-16

    Bug Fixes

  • 0.32.2 - 2021-08-13

    Bug Fixes

    Features

  • 0.32.1 - 2021-07-22

    Bug Fixes

    • turn compliance tests into devDependency (#960) (0701de4)
  • 0.32.0 - 2021-07-15

    libp2p uses the new multiformats line and ships a smaller bundle

    🔦 Highlights

    🆕 Multiformats update

    We updated to the new multiformats stack, removing older multiformats modules that are no longer maintained. This is a library defining common interfaces and low level building blocks for various interrelated multiformat technologies (multicodec, multihash, multibase, and CID). They can be used to implement custom base encoders / decoders / codecs, codec encoders /decoders and multihash hashers that comply to the interface that layers above assume.

    Thanks to @ achingbrain for PRing all the libp2p modules ❤️

    🔒 libp2p-noise updated

    The new version of libp2p-noise is now faster and results in smaller bundles for applications built on top of libp2p. In short, bcrypto was replaced was by some of the goodies stablelib provides in an isolated fashion.

    • ~27% decrease on its bundle size, from 191.5kb to 141.2kb (minified+gzipped), which represents a full bundle size decrease by ~10% in js-ipfs

    • ~46% speed improvement

    @ mpetrun5 and @ mpetrunic ❤️

    Types

    libp2p-tcp and libp2p-bootstrap export types now 🎉 You can see the current state in #659

    Thanks to @ nazarhussain and @ acolytec3 for getting these in ❤️

    🏗 API Changes

    https://github.com/libp2p/js-libp2p/blob/master/doc/migrations/v0.31-v0.32.md

    chore

    BREAKING CHANGES

    • uses the CID class from the new multiformats module
  • 0.32.0-rc.0 - 2021-07-09

    Bug Fixes

    • do not allow dial to large number of multiaddrs (#954) (af723b3)

    chore

    BREAKING CHANGES

    • uses the CID class from the new multiformats module

    Co-authored-by: Vasco Santos vasco.santos@moxy.studio

  • 0.31.8 - 2021-09-03
  • 0.31.7 - 2021-06-14

    Bug Fixes

  • 0.31.6 - 2021-05-27

    Features

  • 0.31.5 - 2021-05-12

    Bug Fixes

    • store remote agent and protocol version during identify (#943) (818d2b2)
  • 0.31.4 - 2021-05-12
  • 0.31.3 - 2021-05-04
  • 0.31.2 - 2021-04-30
  • 0.31.1 - 2021-04-30
  • 0.31.0 - 2021-04-28
  • 0.31.0-rc.7 - 2021-04-27
  • 0.31.0-rc.6 - 2021-04-22
  • 0.31.0-rc.5 - 2021-04-21
  • 0.31.0-rc.4 - 2021-04-20
  • 0.31.0-rc.3 - 2021-04-19
  • 0.31.0-rc.2 - 2021-04-16
  • 0.31.0-rc.1 - 2021-04-16
  • 0.31.0-rc.0 - 2021-04-15
  • 0.30.13 - 2021-08-19
    No content.
  • 0.30.12 - 2021-03-27
  • 0.30.11 - 2021-03-23
  • 0.30.10 - 2021-03-09
  • 0.30.9 - 2021-02-25
  • 0.30.8 - 2021-02-11
  • 0.30.7 - 2021-02-01
  • 0.30.6 - 2021-01-29
  • 0.30.5 - 2021-01-28
  • 0.30.4 - 2021-01-27
  • 0.30.3 - 2021-01-27
  • 0.30.2 - 2021-01-21
  • 0.30.1 - 2021-01-18
  • 0.30.0 - 2020-12-16
  • 0.30.0-rc.2 - 2020-12-15
  • 0.30.0-rc.1 - 2020-12-11
  • 0.30.0-rc.0 - 2020-12-10
  • 0.29.4 - 2020-12-09
  • 0.29.3 - 2020-11-04
  • 0.29.2 - 2020-10-23
  • 0.29.1 - 2020-10-22
  • 0.29.0 - 2020-08-27
  • 0.29.0-rc.1 - 2020-08-27
  • 0.29.0-rc.0 - 2020-08-25
  • 0.28.10 - 2020-08-05
  • 0.28.9 - 2020-07-27
  • 0.28.8 - 2020-07-20
  • 0.28.7 - 2020-07-14
  • 0.28.6 - 2020-07-14
  • 0.28.5 - 2020-07-10
  • 0.28.4 - 2020-07-03
  • 0.28.3 - 2020-06-18
  • 0.28.2 - 2020-06-15
  • 0.28.1 - 2020-06-12
  • 0.28.0 - 2020-06-05
  • 0.28.0-rc.0 - 2020-05-28
  • 0.27.9 - 2020-07-13
  • 0.27.8 - 2020-05-06
  • 0.27.7 - 2020-04-24
  • 0.27.6 - 2020-04-16
  • 0.27.5 - 2020-04-06
  • 0.27.4 - 2020-03-31
  • 0.27.3 - 2020-02-11
  • 0.27.2 - 2020-02-05
  • 0.27.1 - 2020-02-03
  • 0.27.0 - 2020-01-28
  • 0.27.0-rc.0 - 2020-01-24
  • 0.27.0-pre.2 - 2020-01-07
  • 0.27.0-pre.1 - 2019-12-15
  • 0.27.0-pre.0 - 2019-12-12
  • 0.26.2 - 2019-09-24
from libp2p GitHub release notes
Commit messages
Package name: libp2p

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant