search

sigp / lighthouse

Ethereum consensus client in Rust
https://lighthouse.sigmaprime.io/
Apache License 2.0
2.96k stars 763 forks source link

Update `warp` to upstream #3947

Open michaelsproul opened 1 year ago

michaelsproul commented 1 year ago

Description

We currently depend on a forked version of warp with some extra TLS features added.

It would be great to upstream those features so we can depend on the main crate again. This would allow us to keep up with security updates more easily, e.g. this recent advisory:

https://github.com/advisories/GHSA-8v4j-7jgf-5rg9

That advisory doesn't affect Lighthouse, but it would still be nice to update so that automated tools understand this.

michaelsproul commented 1 year ago

Another reason to update, two warp deps are likely to stop compiling with Rust's next edition:

warning: the following packages contain code that will be rejected by a future version of Rust: buf_redux v0.8.4, multipart v0.18.0 note: to see what the problems were, use the option --future-incompat-report, or run cargo report future-incompatibilities --id 2

macladson commented 1 year ago

The TLS features in question seem like they could be upstreamed without too much effort. I'll see if I can get things moving on that front.

We also depend on additional CORS features. @paulhauner might know a bit more about what's involved for that to be upstreamed.