From 28a050ce5271d5445b552e40a1fe60c0ff2cbdff Mon Sep 17 00:00:00 2001 From: hanabi1224 Date: Wed, 21 Jan 2026 16:46:52 +0800 Subject: [PATCH] chore(deps): bump libp2p-* and resolve RUSTSEC-2026-0002 --- Cargo.lock | 40 +++++++++++++++++++--------------------- deny.toml | 1 - 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e2a86ab880ab..4c169715a66a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4132,8 +4132,6 @@ version = "0.15.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" dependencies = [ - "allocator-api2", - "equivalent", "foldhash 0.1.5", "serde", ] @@ -4158,6 +4156,15 @@ dependencies = [ "hashbrown 0.14.5", ] +[[package]] +name = "hashlink" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1" +dependencies = [ + "hashbrown 0.15.5", +] + [[package]] name = "hashlink" version = "0.11.0" @@ -5578,18 +5585,18 @@ dependencies = [ [[package]] name = "libp2p-swarm" -version = "0.47.0" +version = "0.47.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aa762e5215919a34e31c35d4b18bf2e18566ecab7f8a3d39535f4a3068f8b62" +checksum = "ce88c6c4bf746c8482480345ea3edfd08301f49e026889d1cbccfa1808a9ed9e" dependencies = [ "either", "fnv", "futures", "futures-timer", + "hashlink 0.10.0", "libp2p-core", "libp2p-identity", "libp2p-swarm-derive", - "lru", "multistream-select", "rand 0.8.5", "smallvec", @@ -5629,16 +5636,16 @@ dependencies = [ [[package]] name = "libp2p-tcp" -version = "0.44.0" +version = "0.44.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65b4e030c52c46c8d01559b2b8ca9b7c4185f10576016853129ca1fe5cd1a644" +checksum = "fb6585b9309699f58704ec9ab0bb102eca7a3777170fa91a8678d73ca9cafa93" dependencies = [ "futures", "futures-timer", "if-watch", "libc", "libp2p-core", - "socket2 0.5.10", + "socket2 0.6.1", "tokio", "tracing", ] @@ -5794,15 +5801,6 @@ dependencies = [ "prost-types 0.13.5", ] -[[package]] -name = "lru" -version = "0.12.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38" -dependencies = [ - "hashbrown 0.15.5", -] - [[package]] name = "lru-slab" version = "0.1.2" @@ -6490,9 +6488,9 @@ dependencies = [ [[package]] name = "openssl-probe" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f50d9b3dabb09ecd771ad0aa242ca6894994c130308ca3d7684634df8037391" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "option-ext" @@ -10969,9 +10967,9 @@ dependencies = [ [[package]] name = "zmij" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94f63c051f4fe3c1509da62131a678643c5b6fbdc9273b2b79d4378ebda003d2" +checksum = "dfcd145825aace48cff44a8844de64bf75feec3080e0aa5cdbde72961ae51a65" [[package]] name = "zstd" diff --git a/deny.toml b/deny.toml index faf283dd28dd..944d396e1b90 100644 --- a/deny.toml +++ b/deny.toml @@ -6,7 +6,6 @@ ignore = [ "RUSTSEC-2022-0061", # parity-wasm is deprecated "RUSTSEC-2024-0436", # paste is unmaintained "RUSTSEC-2025-0141", # bincode is unmaintained - "RUSTSEC-2026-0002", # soundness issue of lru which is a dependency of libp2p-swarm ] [licenses]