Used by hickory-proto used in libp2p waiting for a new libp2p release to fix it.
贡献者指南
技术栈
rust
领域
securitybackend
议题类型
security
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-3 hours
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
blocked
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
Rust basicsCargo dependency managementUnderstanding of security advisories
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
20
研究方向
The issue depends on a new libp2p release to fix RUSTSEC 2024-0421. Monitor the libp2p repository for the fixing release. Once available, update the libp2p dependency in fuel core's Cargo.toml and Cargo.lock, run cargo test to verify no regressions, and confirm the advisory is resolved. Check if hickory proto also needs to be updated. Ensure the dependency version satisfies the security fix without breaking changes.
Fix RUSTSEC-2024-0421 / Update libp2p · FuelLabs/fuel-core#2488 | Good First Issue
