Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Bump libsecp256k1 to 0.5.0 #3490

Open
s3krit opened this issue Jul 19, 2021 · 6 comments · Fixed by #3502
Open

Bump libsecp256k1 to 0.5.0 #3490

s3krit opened this issue Jul 19, 2021 · 6 comments · Fixed by #3502

Comments

@s3krit
Copy link
Contributor

s3krit commented Jul 19, 2021

To resolve https://rustsec.org/advisories/RUSTSEC-2021-0076.html we should bump libsecp256k1 to v0.5.0.
cc @sorpaas

https://docs.rs/libsecp256k1/0.5.0/libsecp256k1/index.html
@bkchr
Copy link
Member

bkchr commented Jul 19, 2021

Duplicate of paritytech/substrate#9356

@bkchr bkchr marked this as a duplicate of paritytech/substrate#9356 Jul 19, 2021
@bkchr bkchr closed this as completed Jul 19, 2021
@trevor-crypto
Copy link

How will the polkadot repo bump the libsecp256k1 dependencies to 0.6.0? Is there a script that automatically looks at substrate and uses what it uses?

@bkchr
Copy link
Member

bkchr commented Jul 20, 2021

Yeah I didn't realized that we use it directly in Polkadot. Sorry! I thought we only do it through Substrate.

@bkchr bkchr reopened this Jul 20, 2021
@bkchr bkchr mentioned this issue Jul 20, 2021
Merged
@rphmeier rphmeier reopened this Jul 20, 2021
@rphmeier
Copy link
Contributor

Requires libp2p-core update as well.

@trevor-crypto
Copy link

Will this allow for my tests to pass here: paritytech/substrate#9391 ?

@ordian
Copy link
Member

ordian commented Jul 20, 2021

@trevor-crypto your tests will pass when we merge #3477

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update secp256k1 and remove unrequired usage paritytech/polkadot
5 participants
@s3krit @ordian @bkchr @rphmeier @trevor-crypto