Upgrade go-libp2p-core v0.8.6 to go-libp2p-core v0.20.1 to remove ind…

[bsalunke]

Upgrade go-libp2p-core v0.8.6 to go-libp2p-core v0.20.1 to remove indirect dependacy of btcd module which is vulnerable to CVE-2022-44797.

The latest version of go-libp2p-core does not use btcd at all.

[welcome]

Thank you for submitting this PR!
A maintainer will be here shortly to review it.
We are super grateful, but we are also overloaded! Help us by making sure that:

• The context for this PR is clear, with relevant discussion, decisions
  and stakeholders linked/mentioned.

• Your contribution itself is clear (code comments, self-review for the
  rest) and in its best form. Follow the code contribution
  guidelines
  if they apply.

Getting other community members to do a review would be great help too on complex PRs (you can ask in the chats/forums). If you are unsure about something, just leave us a comment.
Next steps:

• A maintainer will triage and assign priority to this PR, commenting on
  any missing things and potentially assigning a reviewer for high
  priority items.

• The PR gets reviews, discussed and approvals as needed.

• The PR is merged by maintainers when it has been approved and comments addressed.

We currently aim to provide initial feedback/triaging within two business days. Please keep an eye on any labelling actions, as these will indicate priorities and status of your contribution.
We are very grateful for your contribution!

[AkihiroSuda]

The repo is archived and now moved to github.com/libp2p/go-libp2p

[bsalunke]

@AkihiroSuda Make sense.
How about if we just replace the package? e.g.

diff --git a/go.mod b/go.mod
index e257a6c..ed17912 100644
--- a/go.mod
+++ b/go.mod
@@ -1,5 +1,7 @@
 module github.com/ipfs/go-ipfs-http-client
 
+replace github.com/libp2p/go-libp2p-core v0.8.6 => github.com/libp2p/go-libp2p/core v0.24.0
+
 require (
        github.com/ipfs/go-block-format v0.0.3
        github.com/ipfs/go-cid v0.1.0

because the github.com/libp2p/go-libp2p-core package is getting used in multiple repos in github.com/ipfs/

 go-ipfs-http-client % go mod why -m github.com/btcsuite/btcd
# github.com/btcsuite/btcd
github.com/ipfs/go-ipfs-http-client
github.com/ipfs/go-ipfs-http-client.test
github.com/ipfs/iptb-plugins/local
github.com/ipfs/go-ipfs-config
github.com/libp2p/go-libp2p-core/crypto
github.com/btcsuite/btcd/btcec

Another options is to upgrade all the indirect dependancies of github.com/ipfs/go-ipfs-http-client to use the github.com/libp2p/go-libp2p/core.

What is your recommendation? Happy to create the PR based on the option we want to take.

[AkihiroSuda]

Upgrading all the deps seems better, but I'm not a maintainer