Closed mattheworris closed 1 year ago
A pull-request has been created in the rust-cid repo, but no action from the maintainers. https://github.com/multiformats/rust-cid/pull/135
@mattheworris I think it is time to either fork and apply our fix or solve for it ourselves. Thoughts?
@mattheworris I think it is time to either fork and apply our fix or solve for it ourselves. Thoughts?
As the problem lies with a transitive dependency, and the cid
dependency = 0.18.0
which is compatible with the correct 0.18.1
version, I suggest adding the following to our Cargo.toml:
[patch."https://github.com/multiformats/rust-cid"]
multihash = "0.18.1"
This will ensure that Frequency uses the correct version of multihash
and should ensure the cid
crate remains compatible with the fix version. If, in the future, the cid
crate changes then cargo would let us know if there was an incompatibility.
@mattheworris Sounds good to me. Put a comment it about it so we can know if we can remove it later.
The
cid
andmultihash
crates work together to evaluate Content Identifiers for IPFS.multihash
is a dependency ofcid
, and in v0.18.0 it has a bug that causes a panic on bad strings.cid
should update its dependency tomultihash:0.18.1
, at which point Frequency dependency oncid
should be updated.