chore(deps): fallback to git repos due to RUSTSEC-2025-0009 (#42)

storopoli · web-flow · commit 4c724942ed66 · 2025-03-11T16:30:36.000-03:00
* chore(deps): fallback to git repos due to RUSTSEC-2025-0009

Waiting for a new tagged release for both libp2p and libp2p-identity

* fix: changes from libp2p git repos
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -12,7 +12,8 @@ bitcoin = { version = "0.32.5", features = [ # keep in sync with secp256k1
 ] }
 futures = "0.3.31"
 hex = "0.4.3"
-libp2p = { version = "0.54.1", features = [
+# FIXME: tag a new release to solve RUSTSEC-2025-0009
+libp2p = { git = "https://github.com/libp2p/rust-libp2p.git", rev = "b685b63dc6b98355d75234ff83a935ffa23d8eac", features = [
   "noise",
   "gossipsub",
   "tcp",
@@ -24,11 +25,6 @@ libp2p = { version = "0.54.1", features = [
   "yamux",
   "identify",
 ] }
-libp2p-identity = { version = "0.2.10", default-features = false, features = [
-  "secp256k1",
-  "peerid",
-  "rand",
-] }
 musig2 = { version = "0.1.0", features = ["serde"] }
 prost = "0.13.4"
 secp256k1 = { version = "0.29.0", features = [ # keep in sync with bitcoin
diff --git a/crates/db/Cargo.toml b/crates/db/Cargo.toml
@@ -27,7 +27,7 @@ serde_json = "1.0.135"
 threadpool.workspace = true
 tokio = { workspace = true, features = ["sync"] }
 
-libp2p-identity = { workspace = true, features = ["serde"] }
+libp2p = { workspace = true, features = ["serde"] }
 
 [dev-dependencies]
 secp256k1 = { workspace = true, features = ["rand"] }
diff --git a/crates/db/src/lib.rs b/crates/db/src/lib.rs
@@ -4,7 +4,7 @@
 
 use async_trait::async_trait;
 use bitcoin::{hashes::sha256, Txid, XOnlyPublicKey};
-use libp2p_identity::PeerId;
+use libp2p::identity::PeerId;
 use musig2::{PartialSignature, PubNonce};
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use strata_p2p_types::{P2POperatorPubKey, Scope, SessionId, StakeChainId, WotsPublicKeys};
diff --git a/crates/p2p/Cargo.toml b/crates/p2p/Cargo.toml
@@ -11,7 +11,7 @@ rust.unused_must_use = "deny"
 rust.rust_2018_idioms = { level = "deny", priority = -1 }
 
 [dependencies]
-libp2p = { version = "0.54.1", features = [
+libp2p = { workspace = true, features = [
   "noise",
   "gossipsub",
   "tcp",
diff --git a/crates/p2p/src/swarm/mod.rs b/crates/p2p/src/swarm/mod.rs
@@ -329,19 +329,20 @@ impl<DB: RepositoryExt> P2P<DB> {
 
         let event = Event::from(msg);
 
-        let _ = self
+        let propagation_result = self
             .swarm
             .behaviour_mut()
             .gossipsub
             .report_message_validation_result(
                 &message_id,
                 &propagation_source,
                 MessageAcceptance::Accept,
-            )
-            .inspect_err(
-                |err| error!(%err, ?event, "failed to propagate accepted message further"),
             );
 
+        if !propagation_result {
+            error!(?event, "failed to propagate accepted message further");
+        }
+
         // Do not broadcast new event to "handles" if it's not new.
         if !new_event {
             return Ok(());
@@ -531,25 +532,29 @@ impl<DB: RepositoryExt> P2P<DB> {
         event: RequestResponseEvent<GetMessageRequest, GetMessageResponse>,
     ) -> P2PResult<()> {
         match event {
-            RequestResponseEvent::Message { peer, message } => {
+            RequestResponseEvent::Message { peer, message, .. } => {
                 debug!(%peer, ?message, "Received message");
                 self.handle_message_event(peer, message).await?
             }
             RequestResponseEvent::OutboundFailure {
                 peer,
                 request_id,
                 error,
+                ..
             } => {
                 error!(%peer, %error, %request_id, "Outbound failure")
             }
             RequestResponseEvent::InboundFailure {
                 peer,
                 request_id,
                 error,
+                ..
             } => {
                 error!(%peer, %error, %request_id, "Inbound failure")
             }
-            RequestResponseEvent::ResponseSent { peer, request_id } => {
+            RequestResponseEvent::ResponseSent {
+                peer, request_id, ..
+            } => {
                 debug!(%peer, %request_id, "Response sent")
             }
         }
diff --git a/crates/types/Cargo.toml b/crates/types/Cargo.toml
@@ -17,7 +17,7 @@ rust.rust_2018_idioms = { level = "deny", priority = -1 }
 [dependencies]
 bitcoin.workspace = true
 hex = { workspace = true, features = ["serde"] }
-libp2p-identity.workspace = true
+libp2p.workspace = true
 proptest = { version = "1.6.0", optional = true }
 proptest-derive = { version = "0.5.1", optional = true }
 serde.workspace = true
diff --git a/crates/types/src/operator.rs b/crates/types/src/operator.rs
@@ -4,7 +4,7 @@
 use std::fmt;
 
 use hex::ToHex;
-use libp2p_identity::secp256k1::PublicKey;
+use libp2p::identity::secp256k1::PublicKey;
 
 /// P2P [`P2POperatorPubKey`] serves as an identifier of protocol entity.
 ///
