CVE-2026-26014 in `pion/dtls/v2` Dependency

[eliasjf]

go-libp2p currently has an indirect dependency on pion/dtls/v2 which has a known vulnerability, CVE-2026-26014. In order to resolve this vulnerability, I believe the direct pion/* dependencies need to be updated. I want to check in and ask if the go-libp2p team is aware of this?

I tried to update the direct pion/* dependencies locally and the APIs are compatible. However, I noticed the TestWebRTCReuseAddrWithQUIC test fails after this upgrade.

Thank you for the help!

[eliasjf]

FYI, I believe this issue will be resolved when #3465 is merged.

[eliasjf]

I believe this has been resolved by #3469, thank you @sukunrt! I look forward to the next release.