Bump go-libp2p#585
Conversation
|
👋 @vyzo @marten-seemann maybe you guys can help here in the reviews? context: go1.22 is affected by CVEs (https://osv.dev/vulnerability/GO-2024-3302) quic-go/quic-go#4729 Thank you in advance ! 🙇 |
marten-seemann
left a comment
marten-seemann
left a comment
There was a problem hiding this comment.
Misleading PR title. This is NOT fixing a test. It's simply bumping some deps.
The title refers to the tests failing on this PR: #584 |
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
jimmykarily
force-pushed
the
dependabot/go_modules/github.com/quic-go/quic-go-0.48.2
branch
from
a7832e1 to
2ed6398
Compare
Reworded the commit message to make more sense after merging |
|
What exactly is the issue? We usually bump go-libp2p only when there are breaking changes, the idea is not to force any particular version and make sure latest works. We do that as matter of policy because upgrading libp2p in upstream projects is kind of a big deal. Having said that, if there is a good reason for the bump, sure lets do it. |
|
the right way to do this is with a pr directly to master, dependabot can rebase. |
|
The quic-go vulnerability only shows up because quic-go is imported by go-libp2p. |
I don't see any difference but I can change it if you prefer that |
done: #586 |
jimmykarily
deleted the
dependabot/go_modules/github.com/quic-go/quic-go-0.48.2
branch
4 participants
Trying to fix tests from this PR: #584