Used by hickory-proto used in libp2p waiting for a new libp2p release to fix it.
貢獻者指南
技術棧
rust
領域
securitybackend
議題類型
security
難度面向新貢獻者的預計實作難度,1 表示很小改動,5 表示專家級工作。
3
預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。
1-3 hours
活動狀態議題目前的可參與程度:新鮮、活躍、陳舊、阻塞或等待維護者輸入。
blocked
清晰度議題是否清楚說明預期改動、驗收標準和下一步。
clear
前置要求
Rust basicsCargo dependency managementUnderstanding of security advisories
新手友善度1-100 的估計分數,表示該議題對首次貢獻者的友善程度。
20
研究方向
The issue depends on a new libp2p release to fix RUSTSEC 2024-0421. Monitor the libp2p repository for the fixing release. Once available, update the libp2p dependency in fuel core's Cargo.toml and Cargo.lock, run cargo test to verify no regressions, and confirm the advisory is resolved. Check if hickory proto also needs to be updated. Ensure the dependency version satisfies the security fix without breaking changes.
