[Snyk] Upgrade libp2p from 0.26.2 to 0.32.4 #1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade libp2p from 0.26.2 to 0.32.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 5.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: libp2p
No content.
Bug Fixes
Bug Fixes
Features
Bug Fixes
🔦 Highlights
🆕 Multiformats update
We updated to the new multiformats stack, removing older multiformats modules that are no longer maintained. This is a library defining common interfaces and low level building blocks for various interrelated multiformat technologies (multicodec, multihash, multibase, and CID). They can be used to implement custom base encoders / decoders / codecs, codec encoders /decoders and multihash hashers that comply to the interface that layers above assume.
Thanks to @ achingbrain for PRing all the libp2p modules ❤️
🔒 libp2p-noise updated
The new version of libp2p-noise is now faster and results in smaller bundles for applications built on top of libp2p. In short, bcrypto was replaced was by some of the goodies stablelib provides in an isolated fashion.
~27% decrease on its bundle size, from 191.5kb to 141.2kb (minified+gzipped), which represents a full bundle size decrease by ~10% in js-ipfs
~46% speed improvement
Types
libp2p-tcp
andlibp2p-bootstrap
export types now 🎉 You can see the current state in #659Thanks to @ nazarhussain and @ acolytec3 for getting these in ❤️
🏗 API Changes
https://github.com/libp2p/js-libp2p/blob/master/doc/migrations/v0.31-v0.32.md
chore
BREAKING CHANGES
Bug Fixes
chore
BREAKING CHANGES
Co-authored-by: Vasco Santos vasco.santos@moxy.studio
Bug Fixes
Features
Bug Fixes
No content.
Commit messages
Package name: libp2p
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs