Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade libp2p from 0.23.1 to 0.27.3 #3

Open
wants to merge 1 commit into
base: CircleCI-v2
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade libp2p from 0.23.1 to 0.27.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 37 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-02-11.
Release notes
Package name: libp2p
  • 0.27.3 - 2020-02-11

    Bug Fixes

    • dont allow multiaddr dials without a peer id (#558) (a317a8b)
  • 0.27.2 - 2020-02-05

    Bug Fixes

  • 0.27.1 - 2020-02-03

    Bug Fixes

    • stop stream after first pong received (#545) (be8fc9d)
  • 0.27.0 - 2020-01-28

    The Async / Await Refactor and a whole lot more!

    🔦 Highlights

    📜 Improved docs

    We've done an overhaul of our docs to make libp2p easier to use. Among other docs in the new doc folder, you can find a full list of exposed methods in the API.md, and a guide on how to configure libp2p in CONFIGURATION.md. We've also created a Getting Started guide for anyone starting out with libp2p.

    ⌚️ Async/Await instead of Callbacks

    All callback APIs have been change to be async / await compliant. See the API.md readme for detailed usage. When migrating, you can leverage the migration guide to see samples on some of the common migrations you may need to make.

    🚰 Streaming Iterables instead of Pull Streams

    Now that readable streams are async iterable, we can leverage Streaming Iterables instead of Pull Streams to greatly simplify the internal stream logic of libp2p. Among other things, this makes debugging streams much easier. You can check out the it-awesome repo for a list of an increasing number of modules built for the streaming iterables ecosystem. This also includes modules to convert to and from pull streams if you need to refactor your applications over time. If you're having trouble migrating, please feel free to reach out on the discuss forums!

    📞 Clearer Connections

    We've created a whole new Connection Interface! Creating multiple streams off of a single connection is now much clearer, and every stream created is tracked in the Connection. This makes it much easier to keep track of every open stream, which greatly empowers resource management in js-libp2p.

    // Was
    libp2p.dialProtocol(remotePeerInfo, protocol, (error, stream) => { })
    

    // Now
    const connection = await libp2p.dial(remotePeerInfo)
    const { stream, protocol } = connection.newStream(protocols)
    const allStreams = connections.streams

    ⏹ Abortable Dials

    We've reconstructed transports and connections from the ground up. This gives us the ability to pass an AbortSignal when dialing, so we can now properly terminate connections early. This also means we'll be able to add proper support for parallel dials to reduce connection times without running the risk of lingering dials.

    const controller = new AbortController()
    libp2p.dial(remotePeerInfo, { signal: controller.signal })
    // after a short delay...
    controller.abort()

    🆔 The Identify Push Protocol

    Identify Push is now available in js-libp2p. As a libp2p node changes its Multiaddrs (changes in networks) or protocols, it will broadcast those changes to all connected peers. Once support for AutoNAT and AutoRelay is added to js-libp2p, we will be able to broadcast those changes maximizing the effectiveness of those protocols.

    🔍 Plaintext 2 for testing

    We've upgraded from Plaintext 1 to 2. If you need to test things locally without encryption to see what's going on over the wire, Plaintext 2 makes this more viable. Public Keys are now exchanged, which is required by many protocols. This should NEVER be used in production, happy testing!

    🙏 More polite connections

    Currently when two nodes connect, they will actively ask each other what protocols they support. This ends up being multiple checks in parallel, rather than getting the information from a single Identify check. js-libp2p will now only use Identify. This greatly reduces network chatter. The peerStore, formerly peerBook to better match common libp2p terminology, will now emit change events for protocols. Applications that need to check for protocol support can now politely listen for updates, instead of actively checking every peer that connects.

    libp2p.peerStore.on('change:protocols', ({ peerInfo, protocols }) => { ... })

    📊Stats (now Metrics) can now be enabled/disabled

    We're making stats disabled by default and they are now available at libp2p.metrics instead of libp2p.stats. You can enable metrics if you need them, but for performance reasons we have disabled them by default. Good news, if you need to run them they're more performant as we've moved away from event emitting in metrics. This greatly reduces the amount of processing that happens until you explicitly request something! You can read more about Metrics at METRICS.md.

    🏗 API Changes

    See the API.md readme for detailed usage on the new API. Significant breaking changes are detailed below.

    • Callbacks are no longer supported, async / await is now used for all asynchronous methods. See API.md for a full list of methods.
    • Pull streams have been replaced by Streaming Iterables
    • libp2p.peerBook is now libp2p.peerStore to match common libp2p terminology.
    • libp2p.stats is now libp2p.metrics.
    • libp2p.pubsub.ls is now libp2p.pubsub.getTopics.
    • libp2p.pubsub.peers is not libp2p.pubsub.getSubscribers.
    • libp2p.ping now simply returns the latency of the ping. See the migration guide for more details.

    Bug Fixes

    Features

  • 0.27.0-rc.0 - 2020-01-24

    Bug Fixes

  • 0.27.0-pre.2 - 2020-01-07

    Bug Fixes

    Features

    • add libp2p.connections getter (#522) (6ca19c5)
    • allow transport options to be passed on creation (#524) (0d4b2bd)
  • 0.27.0-pre.1 - 2019-12-15

    Features

  • 0.27.0-pre.0 - 2019-12-12

    Bug Fixes

    • clean up peer discovery flow (#494) (f3eb1f1)
    • clean up pending dials abort per feedback (7c3371b)
    • correct release readme (c4bc00b)
    • examples readme typos (#481) (35ac02d)
    • performance bottleneck in stat.js (#463) (93a1e42)
    • release tokens as soon as they are available (43440aa)
    • replace peerInfo addresses with listen addresses (#485) (acbbc0f)
    • token release logic (1838a64)

    Features

  • 0.26.2 - 2019-09-24

    Bug Fixes

  • 0.26.1 - 2019-08-21

    Bug Fixes

  • 0.26.0 - 2019-08-07
  • 0.26.0-rc.3 - 2019-08-06
  • 0.26.0-rc.2 - 2019-08-01
  • 0.26.0-rc.1 - 2019-07-31
  • 0.26.0-rc.0 - 2019-07-31
  • 0.25.6 - 2019-08-20
  • 0.25.5 - 2019-07-12
  • 0.25.4 - 2019-06-07
  • 0.25.3 - 2019-05-07
  • 0.25.2 - 2019-04-17
  • 0.25.1 - 2019-04-16
  • 0.25.0 - 2019-04-12
  • 0.25.0-rc.6 - 2019-04-11
  • 0.25.0-rc.5 - 2019-03-21
  • 0.25.0-rc.4 - 2019-03-06
  • 0.25.0-rc.3 - 2019-02-26
  • 0.25.0-rc.2 - 2019-02-26
  • 0.25.0-rc.1 - 2019-02-21
  • 0.25.0-rc.0 - 2019-02-05
  • 0.24.4 - 2019-01-04
  • 0.24.3 - 2018-12-14
  • 0.24.2 - 2018-12-04
  • 0.24.1 - 2018-12-03
  • 0.24.0 - 2018-11-16
  • 0.24.0-rc.3 - 2018-11-15
  • 0.24.0-rc.2 - 2018-10-25
  • 0.24.0-rc.1 - 2018-10-19
  • 0.23.1 - 2018-08-13
from libp2p GitHub release notes
Commit messages
Package name: libp2p
  • 0882dce chore: release version v0.27.3
  • b3d8132 chore: update contributors
  • a317a8b fix: dont allow multiaddr dials without a peer id (#558)
  • 8bed8f3 chore: release version v0.27.2
  • 58c0c7c chore: update contributors
  • f662fdc fix: ensure identify streams are closed (#551)
  • 5608178 test: add interop tests job in ci (#526)
  • dcd5869 chore(deps): bump err-code from 1.1.2 to 2.0.0
  • 8bf05e6 chore(deps-dev): bump abortable-iterator from 2.1.0 to 3.0.0
  • 0589d53 chore(deps-dev): bump nock from 10.0.6 to 11.7.2
  • eb2528c docs: fix chat url (#550)
  • 141cf90 chore: remove pdd test stories (#546)
  • f4ec459 chore: release version v0.27.1
  • 56a7842 chore: update contributors
  • be8fc9d fix: stop stream after first pong received (#545)
  • f39e8f0 docs: add migration guide from 0.26 to 0.27 (#543)
  • ed0c2cb docs: redirect to the npm docs for latest release (#541)
  • c6592c5 docs: fix api link formatting (#542)
  • 33cef10 chore: release version v0.27.0
  • 2d6408e chore: update contributors
  • 29a9669 test(fix): fix listening test for ci
  • 8b94cd1 chore: release version v0.27.0-rc.0
  • b838807 chore: update contributors
  • 560d708 refactor: examples-browser (#508)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update configuration validation (remove superstruct) Make pubsub option emitSelf configurable
1 participant