search

ethereumjs / ethereumjs-monorepo

Monorepo for the Ethereum VM TypeScript Implementation
2.55k stars 731 forks source link

Multiaddr / PeerId dependencies. #2917

Open ScottyPoi opened 12 months ago

ScottyPoi commented 12 months ago

Follow-up issue to #2903 / #2912

The remaining security warnings all stem from multiaddr: "10.0.1" -- used by package DevP2P

The package is has been deprecated and succeeded by @multiformats/multiaddr. However, the update to @multiformats/multiaddr, was unsuccessful due to current ESM transition issues.

Similarly, the package peer-id has been deprecated, with @libp2p/interfaces-peer-id and @libp2p/peer-id-factory as the successors.
These packages are only used here: https://github.com/ethereumjs/ethereumjs-monorepo/tree/master/packages/client/libp2pBrowserBuild and can probably be removed entirely.

[ ] Look into /client/libp2pBrowserBuild and @libp2p dependencies

when possible [ ] Update 'multiaddr' to @multiformats/multiaddr

acolytec3 commented 12 months ago

You can definitely remove the peerId stuff. That's all just sitting there in case we want to revive devp2p over libp2p and isn't actually ever compiled or run. I think the multiaddr bits we use are pretty small and could probably be internalized.

holgerd77 commented 11 months ago

Have addressed the libp2p dependency removal in #2926