Skip to content
This repository has been archived by the owner on Aug 9, 2022. It is now read-only.

chore(deps): bump libp2p from 0.28.10 to 0.29.0 #31

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump libp2p from 0.28.10 to 0.29.0 #31

wants to merge 1 commit into from

Conversation

dependabot-preview[bot]
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Aug 31, 2020
edited
Loading

Bumps libp2p from 0.28.10 to 0.29.0.

Release notes

Sourced from libp2p's releases.

v0.29.0

🔦 Highlights

🔒Signed Peer Records

A libp2p node shares its data publicly (e.g through the DHT) or relies on potentially untrustworthy intermediaries to relay information. This might have consequences as the peer data can be tempered by a third party.

A Signed Peer Record is an all-purpose data container that includes a signature of the data, so we can verify that the data came from a specific peer and that it hasn't been tampered with.

Signed peer records are now exchanged in the identify protocol and in gossipsub peer exchange (introduced in gossipsub 1.1).

🛡️Gossipsub v1.1

The libp2p-gossipsub javascript implementation is now upgraded according to the Gossipsub v1.1 spec and it packs several security hardening extensions, thanks to ChainSafe ❤️ . You can read more about it in its release blogpost.

We leveraged this update to rethink the pubsub interface, in order to make it easier and straightforward, as well as to be consistent with the API of the routers. Moreover, the interface was also reconstructed to ease new pubsub router implementations. This means less code in the libp2p bundle, as well as less code to maintain and test.

Uint8array replace Buffer

Aiming to improve libp2p browser support, we are moving away from node core modules unless we can guarantee that the code we are writing will not run in a browser. It is worth mentioning that modern JavaScript runtimes have TypedArrays such as Uint8Array backed by ArrayBuffers. All libp2p dependencies were also updated to use Uint8Array.

Part of the larger endeavour in ipfs/js-ipfs#3220

🏗 API Changes

The pubsub API is being updated to be consistent with the new js-libp2p-interfaces/src/pubsub.

All the API parameters and return values that used Buffer are now using Uint8array.

You can check the full details about these changes in the Migrating to libp2p@0.29 doc.

Bug Fixes

  • do not return self on peerstore.peers (15613cc)
  • peer record interop with go (#739) (93dda74)
  • replace node buffers with uint8arrays (#730) (1e86971)
  • revert new identify protocol versions (3158366)
  • signature compliant with spec (4ab125e)

Chores

  • update travis to use node lts and stable (098f3d1)

Features

  • cerified addressbook (8f2e690)
  • create self peer record in identify (8a97dde)
  • exchange signed peer records in identify (e50f0ee)
Changelog

Sourced from libp2p's changelog.

0.29.0 (2020-08-27)

Bug Fixes

  • do not return self on peerstore.peers (15613cc)
  • peer record interop with go (#739) (93dda74)
  • replace node buffers with uint8arrays (#730) (1e86971)
  • revert new identify protocol versions (3158366)
  • signature compliant with spec (4ab125e)

Chores

  • update travis to use node lts and stable (098f3d1)

Features

  • cerified addressbook (8f2e690)
  • create self peer record in identify (8a97dde)
  • exchange signed peer records in identify (e50f0ee)
  • gossipsub 1.1 (#733) (55c9bfa)
  • signed peer records record manager (3e5d450)

Reverts

  • reapply "fix: throw if no conn encryption module provided (#665)" (689f90a)

BREAKING CHANGES

  • pubsub implementation is now directly exposed and its API was updated according to the new pubsub interface in js-libp2p-interfaces repo

  • chore: use gossipsub branch with src added

  • fix: add pubsub handlers adapter

  • chore: fix deps

  • chore: update pubsub docs and examples

  • chore: apply suggestions from code review

Co-authored-by: Jacob Heun jacobheun@gmail.com

  • chore: use new floodsub

  • chore: change validator doc set

Commits
  • bbf8ef7 chore: release version v0.29.0
  • d6d1a74 chore: update contributors
  • 28b79a7 test: fix pubsub intermittent test (#741)
  • 81e70df chore: update interop version (#740)
  • e9478ce chore: release version v0.29.0-rc.1
  • 7be17a3 chore: update contributors
  • 93dda74 fix: peer record interop with go (#739)
  • cfbd52d chore: migration to 0.29 should use webrtc-star0.20
  • 6cd23ea chore: use gossipsub0.6
  • 9b75a0f chore: bump libp2p-webrtc-star
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
chore(deps): bump libp2p from 0.28.10 to 0.29.0
ed609ae 
Bumps [libp2p](https://github.com/libp2p/js-libp2p) from 0.28.10 to 0.29.0.
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Changelog](https://github.com/libp2p/js-libp2p/blob/master/CHANGELOG.md)
- [Commits](libp2p/js-libp2p@v0.28.10...v0.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Aug 31, 2020
@dependabot-preview
Copy link
Contributor Author

Looks like libp2p is up-to-date now, so this is no longer needed.

@dependabot-preview dependabot-preview bot deleted the dependabot/npm_and_yarn/libp2p-0.29.0 branch October 5, 2020 15:47
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants