Bump libp2p from 0.29.1 to 0.35.1

[dependabot[bot]]

Bumps libp2p from 0.29.1 to 0.35.1.

Release notes

Sourced from libp2p's releases.

Version 0.30.0 [2020-11-09]

Among other changes, this release adds a requirement across all crates for multihash >= v0.11.3. Rust-libp2p versions in combination with multihash < v0.11.3 are vulnerable to DoS attacks. Given that e.g. PeerId::from_bytes is called with unsanitized data from possibly untrusted sources this call can panic with multihash < v0.11.3 see RustSec for details.

In case you run libp2p in untrusted environments please either (a) update to libp2p v0.30.0 or (b) make sure to run with multihash >=v0.11.3 via your downstream Cargo.lock file.

As always all other contained changes are listed in our CHANGELOG.md.

Changelog

Sourced from libp2p's changelog.

Version 0.35.1 [2021-02-17]

• Update libp2p-yamux to latest patch version.

Version 0.35.0 [2021-02-15]

• Use libp2p-swarm-derive, the former libp2p-core-derive.

• Update libp2p-deflate, libp2p-gossipsub, libp2p-mdns, libp2p-request-response, libp2p-swarm and libp2p-tcp.

Version 0.34.0 [2021-01-12]

• Update libp2p-core and all dependent crates.

• The tcp-async-std feature is now tcp-async-io, still enabled by default.

Version 0.33.0 [2020-12-17]

• Update libp2p-core and all dependent crates.

Version 0.32.2 [2020-12-10]

• Update libp2p-websocket.

Version 0.32.1 [2020-12-09]

• Update minimum patch version of libp2p-websocket.

Version 0.32.0 [2020-12-08]

• Update libp2p-request-response.

• Update to libp2p-mdns-0.26.

• Update libp2p-websocket minimum patch version.

Version 0.31.2 [2020-12-02]

• Bump minimum libp2p-core patch version.

Version 0.31.1 [2020-11-26]

• Bump minimum libp2p-tcp patch version.

Version 0.31.0 [2020-11-25]

• Update multistream-select and all dependent crates.

... (truncated)

Commits

• c072cd2 Update to yamux-0.8.1 (#1959)
• cda7c35 Prepare v0.35 (#1957)
• 26f6b96 *: Require at least if-watch v0.1.8 (#1956)
• 6499e92 Make clippy "happy". (#1950)
• 12557a3 swarm/behaviour: Document inject_connected called for first only (#1954)
• 2816023 Bump styfle/cancel-workflow-action from 0.7.0 to 0.8.0 (#1955)
• 639e5c6 Update unsigned-varint and asynchronous-codec (#1946)
• 5ddc8d4 README.md: Add Forest to users list (#1953)
• 40ce05f protocols/request-response: Test is_pending_outbound (#1938)
• 4d290c5 README: Remove dead-link badges (#1951)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually