Used by hickory-proto used in libp2p waiting for a new libp2p release to fix it.
Contributor guide
Tech stack
rust
Domain
securitybackend
Issue type
security
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
blocked
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Rust basicsCargo dependency managementUnderstanding of security advisories
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
20
Research direction
The issue depends on a new libp2p release to fix RUSTSEC 2024-0421. Monitor the libp2p repository for the fixing release. Once available, update the libp2p dependency in fuel core's Cargo.toml and Cargo.lock, run cargo test to verify no regressions, and confirm the advisory is resolved. Check if hickory proto also needs to be updated. Ensure the dependency version satisfies the security fix without breaking changes.
Fix RUSTSEC-2024-0421 / Update libp2p · FuelLabs/fuel-core#2488 | Good First Issue
