From 7229edfa00049b2eda44a1ee8d307ddfd14dd09c Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 08:43:21 -0300
Subject: [PATCH 1/6] Bump futures-rustls at libp2p-websocket to 0.24.0

---
 Cargo.lock                      | 15 ++-------------
 transports/websocket/Cargo.toml |  2 +-
 transports/websocket/src/tls.rs |  2 +-
 3 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a6fd9cb4f1b..54c6336c2f7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1822,17 +1822,6 @@ dependencies = [
  "syn 2.0.29",
 ]
 
-[[package]]
-name = "futures-rustls"
-version = "0.22.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2411eed028cdf8c8034eaf21f9915f956b6c3abec4d4c7949ee67f0721127bd"
-dependencies = [
- "futures-io",
- "rustls 0.20.8",
- "webpki 0.22.0",
-]
-
 [[package]]
 name = "futures-rustls"
 version = "0.24.0"
@@ -3278,7 +3267,7 @@ name = "libp2p-tls"
 version = "0.2.0"
 dependencies = [
  "futures",
- "futures-rustls 0.24.0",
+ "futures-rustls",
  "hex",
  "hex-literal",
  "libp2p-core",
@@ -3364,7 +3353,7 @@ dependencies = [
  "async-std",
  "either",
  "futures",
- "futures-rustls 0.22.2",
+ "futures-rustls",
  "libp2p-core",
  "libp2p-dns",
  "libp2p-identity",
diff --git a/transports/websocket/Cargo.toml b/transports/websocket/Cargo.toml
index b33af22fe45..910155f5094 100644
--- a/transports/websocket/Cargo.toml
+++ b/transports/websocket/Cargo.toml
@@ -11,7 +11,7 @@ keywords = ["peer-to-peer", "libp2p", "networking"]
 categories = ["network-programming", "asynchronous"]
 
 [dependencies]
-futures-rustls = "0.22"
+futures-rustls = "0.24.0"
 either = "1.9.0"
 futures = "0.3.28"
 libp2p-core = { workspace = true }
diff --git a/transports/websocket/src/tls.rs b/transports/websocket/src/tls.rs
index 63379db65cc..5bff818f34c 100644
--- a/transports/websocket/src/tls.rs
+++ b/transports/websocket/src/tls.rs
@@ -92,7 +92,7 @@ impl Config {
 /// Setup the rustls client configuration.
 fn client_root_store() -> rustls::RootCertStore {
     let mut client_root_store = rustls::RootCertStore::empty();
-    client_root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
+    client_root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
         rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
             ta.subject,
             ta.spki,

From 2fcb249362d7f86e336427aaee273060c4240d58 Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 08:48:14 -0300
Subject: [PATCH 2/6] Bump the patch version of libp2p-websocket to 0.42.1

---
 Cargo.lock                      | 2 +-
 transports/websocket/Cargo.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 54c6336c2f7..1a85ef01df4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3348,7 +3348,7 @@ dependencies = [
 
 [[package]]
 name = "libp2p-websocket"
-version = "0.42.0"
+version = "0.42.1"
 dependencies = [
  "async-std",
  "either",
diff --git a/transports/websocket/Cargo.toml b/transports/websocket/Cargo.toml
index 910155f5094..52d6df160a8 100644
--- a/transports/websocket/Cargo.toml
+++ b/transports/websocket/Cargo.toml
@@ -3,7 +3,7 @@ name = "libp2p-websocket"
 edition = "2021"
 rust-version = { workspace = true }
 description = "WebSocket transport for libp2p"
-version = "0.42.0"
+version = "0.42.1"
 authors = ["Parity Technologies <admin@parity.io>"]
 license = "MIT"
 repository = "https://github.com/libp2p/rust-libp2p"

From bda8b2194d1b3b60b8c403749690911006f913d2 Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 08:50:34 -0300
Subject: [PATCH 3/6] Add changelog entry

---
 transports/websocket/CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/transports/websocket/CHANGELOG.md b/transports/websocket/CHANGELOG.md
index 5ae250a5fe6..10e13fd0d9a 100644
--- a/transports/websocket/CHANGELOG.md
+++ b/transports/websocket/CHANGELOG.md
@@ -1,4 +1,11 @@
-## 0.42.0 
+## 0.42.1
+
+- Bump `futures-rustls` to `0.24.0`.
+  See [PR 4378].
+
+[PR 4378]: https://github.com/libp2p/rust-libp2p/pull/4378
+
+## 0.42.0
 
 - Raise MSRV to 1.65.
   See [PR 3715].

From 0ad6dc5f741d4dc4f1ba5d7edd75158865cbc2ed Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 09:05:16 -0300
Subject: [PATCH 4/6] Update transports/websocket/CHANGELOG.md

Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
---
 transports/websocket/CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/transports/websocket/CHANGELOG.md b/transports/websocket/CHANGELOG.md
index 10e13fd0d9a..1866f4a3b7b 100644
--- a/transports/websocket/CHANGELOG.md
+++ b/transports/websocket/CHANGELOG.md
@@ -1,4 +1,4 @@
-## 0.42.1
+## 0.42.1 - unreleased
 
 - Bump `futures-rustls` to `0.24.0`.
   See [PR 4378].

From da48e9fb90fa747a97873ec92ec4aa2c5cbaae65 Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 09:08:28 -0300
Subject: [PATCH 5/6] Bump the libp2p-websocket to the workspace root to 0.42.1

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 979365d1131..9c39f891542 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -99,7 +99,7 @@ libp2p-tls = { version = "0.2.0", path = "transports/tls" }
 libp2p-uds = { version = "0.39.0", path = "transports/uds" }
 libp2p-wasm-ext = { version = "0.40.0", path = "transports/wasm-ext" }
 libp2p-webrtc = { version = "0.6.0-alpha", path = "transports/webrtc" }
-libp2p-websocket = { version = "0.42.0", path = "transports/websocket" }
+libp2p-websocket = { version = "0.42.1", path = "transports/websocket" }
 libp2p-webtransport-websys = { version = "0.1.0", path = "transports/webtransport-websys" }
 libp2p-yamux = { version = "0.44.1", path = "muxers/yamux" }
 multistream-select = { version = "0.13.0", path = "misc/multistream-select" }

From 86db2397b9ac700cd3dc103f0db0da8fcb69ab41 Mon Sep 17 00:00:00 2001
From: MOZGIII <mike-n@narod.ru>
Date: Wed, 23 Aug 2023 09:10:15 -0300
Subject: [PATCH 6/6] Note the RUSTSEC-2023-0052

---
 transports/websocket/CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/transports/websocket/CHANGELOG.md b/transports/websocket/CHANGELOG.md
index 1866f4a3b7b..6cd499f6284 100644
--- a/transports/websocket/CHANGELOG.md
+++ b/transports/websocket/CHANGELOG.md
@@ -1,9 +1,11 @@
 ## 0.42.1 - unreleased
 
 - Bump `futures-rustls` to `0.24.0`.
+  This is a part of the resolution of the [RUSTSEC-2023-0052].
   See [PR 4378].
 
 [PR 4378]: https://github.com/libp2p/rust-libp2p/pull/4378
+[RUSTSEC-2023-0052]: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
 
 ## 0.42.0