2018-01-25 13:08:43 +00:00
|
|
|
[prune]
|
|
|
|
unused-packages = true
|
|
|
|
go-tests = true
|
2018-02-21 14:37:46 +00:00
|
|
|
non-go = true
|
2018-01-25 13:08:43 +00:00
|
|
|
|
|
|
|
[[prune.project]]
|
|
|
|
name = "github.com/karalabe/hid"
|
|
|
|
non-go = false
|
|
|
|
unused-packages = false
|
|
|
|
|
|
|
|
[[prune.project]]
|
|
|
|
name = "github.com/ethereum/go-ethereum"
|
|
|
|
unused-packages = false
|
2018-02-21 14:37:46 +00:00
|
|
|
non-go = false
|
2018-01-25 13:08:43 +00:00
|
|
|
|
2018-04-10 10:02:54 +00:00
|
|
|
|
2018-01-25 13:08:43 +00:00
|
|
|
# * * * * * constrained `status-go` dependencies * * * * *
|
|
|
|
# (for the full dependency list see `Gopkg.lock`)
|
|
|
|
|
2018-01-30 11:51:48 +00:00
|
|
|
[[constraint]]
|
2018-01-25 13:08:43 +00:00
|
|
|
# `btcutil` is required to be compatible with `btcd`
|
|
|
|
name = "github.com/btcsuite/btcutil"
|
|
|
|
revision = "dcd4997b0664bcfd6ef48e4ae9da8396e08b1cd9"
|
|
|
|
|
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/ethereum/go-ethereum"
|
2019-01-16 14:42:00 +00:00
|
|
|
version = "=v1.8.21"
|
2018-09-27 19:16:15 +00:00
|
|
|
source = "github.com/status-im/go-ethereum"
|
2018-01-25 13:08:43 +00:00
|
|
|
|
2018-10-19 09:09:13 +00:00
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/status-im/whisper"
|
2019-01-16 14:42:00 +00:00
|
|
|
version = "=v1.4.6"
|
2018-10-19 09:09:13 +00:00
|
|
|
|
2018-09-24 18:07:34 +00:00
|
|
|
[[override]]
|
|
|
|
name = "github.com/golang/protobuf"
|
|
|
|
version = "1.1.0"
|
|
|
|
|
2018-01-25 13:08:43 +00:00
|
|
|
# * * * * * `go-ethereum` dependencies * * * * *
|
|
|
|
# Pinned down SHAs from `go-ethereum/vendor/vendor.json`
|
|
|
|
# When upgrading upstream, upgrade these values too.
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/aristanetworks/goarista"
|
|
|
|
revision = "ea17b1a17847fb6e4c0a91de0b674704693469b0"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/btcsuite/btcd"
|
|
|
|
revision = "d06c0bb181529331be8f8d9350288c420d9e60e4"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/davecgh/go-spew"
|
|
|
|
revision = "346938d642f2ec3594ed81d874461961cd0faa76"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/edsrzf/mmap-go"
|
|
|
|
revision = "935e0e8a636ca4ba70b713f3e38a19e1b77739e8"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/go-stack/stack"
|
|
|
|
revision = "54be5f394ed2c3e19dac9134a40a95ba5a017f7b"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/golang/snappy"
|
|
|
|
revision = "553a641470496b2327abcac10b36396bd98e45c9"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/hashicorp/golang-lru"
|
|
|
|
revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/huin/goupnp"
|
|
|
|
revision = "679507af18f3c7ba2bcc7905392ce23e148661c3"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/jackpal/go-nat-pmp"
|
|
|
|
revision = "1fa385a6f45828c83361136b45b1a21a12139493"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/karalabe/hid"
|
|
|
|
revision = "f00545f9f3748e591590be3732d913c77525b10f"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/mattn/go-colorable"
|
|
|
|
revision = "5411d3eea5978e6cdc258b30de592b60df6aba96"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/mattn/go-isatty"
|
2018-11-14 07:03:58 +00:00
|
|
|
revision = "3fb116b820352b7f0c281308a4d6250c22d94e27"
|
2018-01-25 13:08:43 +00:00
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/pborman/uuid"
|
|
|
|
revision = "1b00554d822231195d1babd97ff4a781231955c9"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/pmezard/go-difflib"
|
|
|
|
revision = "792786c7400a136282c1664665ae0a8db921c6c2"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/prometheus/prometheus"
|
|
|
|
revision = "3101606756c53221ed58ba94ecba6b26adf89dcc"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/rcrowley/go-metrics"
|
|
|
|
revision = "1f30fe9094a513ce4c700b9a54458bbb0c96996c"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/rjeczalik/notify"
|
2018-10-04 15:57:39 +00:00
|
|
|
version="=v0.9.2"
|
2018-01-25 13:08:43 +00:00
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/robertkrimen/otto"
|
|
|
|
# (@mandrigin): This supposed to be contrained as:
|
|
|
|
#
|
|
|
|
# revision = "6a77b7cbc37d0c39f7d5fa5766826e541df31fd5"
|
|
|
|
#
|
|
|
|
# but it has relative imports that break everything.
|
|
|
|
# The following revision only differs from the source
|
|
|
|
# with fixing relative imports.
|
|
|
|
revision = "9c716adcc8cedb0c0e3c02be549f4ad20e0b216c"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/rs/cors"
|
|
|
|
revision = "a62a804a8a009876ca59105f7899938a1349f4b3"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/rs/xhandler"
|
|
|
|
revision = "ed27b6fd65218132ee50cd95f38474a3d8a2cd12"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/stretchr/testify"
|
|
|
|
revision = "890a5c3458b43e6104ff5da8dfa139d013d77544"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/syndtr/goleveldb"
|
2018-06-20 14:51:55 +00:00
|
|
|
revision = "5d6fca44a948d2be89a9702de7717f0168403d3d"
|
2018-02-19 15:32:58 +00:00
|
|
|
|
2018-05-04 08:23:38 +00:00
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/beevik/ntp"
|
|
|
|
version = "0.2.0"
|
2018-07-04 10:51:47 +00:00
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/multiformats/go-multiaddr"
|
|
|
|
revision = "f36800afeb9c141e1adb7da099e6f010dfd4c419"
|
|
|
|
|
|
|
|
# 1.0.8
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/multiformats/go-multihash"
|
|
|
|
revision = "8be2a682ab9f254311de1375145a2f78a809b07d"
|
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/satori/go.uuid"
|
|
|
|
revision = "36e9d2ebbde5e3f13ab2e25625fd453271d6522e"
|
|
|
|
|
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/status-im/rendezvous"
|
2018-11-14 07:03:58 +00:00
|
|
|
branch = "master"
|
2018-08-07 13:31:06 +00:00
|
|
|
|
|
|
|
[[override]]
|
|
|
|
name = "github.com/deckarep/golang-set"
|
|
|
|
revision = "504e848d77ea4752b3057b8fb46da0e7f746ccf3"
|
2018-09-27 19:16:15 +00:00
|
|
|
|
2018-09-24 18:07:34 +00:00
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/status-im/doubleratchet"
|
Change handling of skipped/deleted keys & add version (#1261)
- Skipped keys
The purpose of limiting the number of skipped keys generated is to avoid a dos
attack whereby an attacker would send a large N, forcing the device to
compute all the keys between currentN..N .
Previously the logic for handling skipped keys was:
- If in the current receiving chain there are more than maxSkip keys,
throw an error
This is problematic as in long-lived session dropped/unreceived messages starts
piling up, eventually reaching the threshold (1000 dropped/unreceived
messages).
This logic has been changed to be more inline with signals spec, and now
it is:
- If N is > currentN + maxSkip, throw an error
The purpose of limiting the number of skipped keys stored is to avoid a dos
attack whereby an attacker would force us to store a large number of
keys, filling up our storage.
Previously the logic for handling old keys was:
- Once you have maxKeep ratchet steps, delete any key from
currentRatchet - maxKeep.
This, in combination with the maxSkip implementation, capped the number of stored keys to
maxSkip * maxKeep.
The logic has been changed to:
- Keep a maximum of MaxMessageKeysPerSession
and additionally we delete any key that has a sequence number <
currentSeqNum - maxKeep
- Version
We check now the version of the bundle so that when we get a bundle from
the same installationID with a higher version, we mark the previous
bundle as expired and use the new bundle the next time a message is sent
2018-11-05 19:00:04 +00:00
|
|
|
revision = "4dcb6cba284ae9f97129e2a98b9277f629d9dbc4"
|
2018-09-24 18:07:34 +00:00
|
|
|
|
|
|
|
[[constraint]]
|
|
|
|
name = "github.com/status-im/migrate"
|
|
|
|
branch = "master"
|