diff --git a/Cargo.lock b/Cargo.lock index a6fd9cb4f1b..1a85ef01df4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1822,17 +1822,6 @@ dependencies = [ "syn 2.0.29", ] -[[package]] -name = "futures-rustls" -version = "0.22.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2411eed028cdf8c8034eaf21f9915f956b6c3abec4d4c7949ee67f0721127bd" -dependencies = [ - "futures-io", - "rustls 0.20.8", - "webpki 0.22.0", -] - [[package]] name = "futures-rustls" version = "0.24.0" @@ -3278,7 +3267,7 @@ name = "libp2p-tls" version = "0.2.0" dependencies = [ "futures", - "futures-rustls 0.24.0", + "futures-rustls", "hex", "hex-literal", "libp2p-core", @@ -3359,12 +3348,12 @@ dependencies = [ [[package]] name = "libp2p-websocket" -version = "0.42.0" +version = "0.42.1" dependencies = [ "async-std", "either", "futures", - "futures-rustls 0.22.2", + "futures-rustls", "libp2p-core", "libp2p-dns", "libp2p-identity", diff --git a/Cargo.toml b/Cargo.toml index 979365d1131..9c39f891542 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -99,7 +99,7 @@ libp2p-tls = { version = "0.2.0", path = "transports/tls" } libp2p-uds = { version = "0.39.0", path = "transports/uds" } libp2p-wasm-ext = { version = "0.40.0", path = "transports/wasm-ext" } libp2p-webrtc = { version = "0.6.0-alpha", path = "transports/webrtc" } -libp2p-websocket = { version = "0.42.0", path = "transports/websocket" } +libp2p-websocket = { version = "0.42.1", path = "transports/websocket" } libp2p-webtransport-websys = { version = "0.1.0", path = "transports/webtransport-websys" } libp2p-yamux = { version = "0.44.1", path = "muxers/yamux" } multistream-select = { version = "0.13.0", path = "misc/multistream-select" } diff --git a/transports/websocket/CHANGELOG.md b/transports/websocket/CHANGELOG.md index 5ae250a5fe6..6cd499f6284 100644 --- a/transports/websocket/CHANGELOG.md +++ b/transports/websocket/CHANGELOG.md @@ -1,4 +1,13 @@ -## 0.42.0 +## 0.42.1 - unreleased + +- Bump `futures-rustls` to `0.24.0`. + This is a part of the resolution of the [RUSTSEC-2023-0052]. + See [PR 4378]. + +[PR 4378]: https://github.com/libp2p/rust-libp2p/pull/4378 +[RUSTSEC-2023-0052]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html + +## 0.42.0 - Raise MSRV to 1.65. See [PR 3715]. diff --git a/transports/websocket/Cargo.toml b/transports/websocket/Cargo.toml index b33af22fe45..52d6df160a8 100644 --- a/transports/websocket/Cargo.toml +++ b/transports/websocket/Cargo.toml @@ -3,7 +3,7 @@ name = "libp2p-websocket" edition = "2021" rust-version = { workspace = true } description = "WebSocket transport for libp2p" -version = "0.42.0" +version = "0.42.1" authors = ["Parity Technologies "] license = "MIT" repository = "https://github.com/libp2p/rust-libp2p" @@ -11,7 +11,7 @@ keywords = ["peer-to-peer", "libp2p", "networking"] categories = ["network-programming", "asynchronous"] [dependencies] -futures-rustls = "0.22" +futures-rustls = "0.24.0" either = "1.9.0" futures = "0.3.28" libp2p-core = { workspace = true } diff --git a/transports/websocket/src/tls.rs b/transports/websocket/src/tls.rs index 63379db65cc..5bff818f34c 100644 --- a/transports/websocket/src/tls.rs +++ b/transports/websocket/src/tls.rs @@ -92,7 +92,7 @@ impl Config { /// Setup the rustls client configuration. fn client_root_store() -> rustls::RootCertStore { let mut client_root_store = rustls::RootCertStore::empty(); - client_root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| { + client_root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| { rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( ta.subject, ta.spki,