Skip to content

Vulnerability with prost (a libp2p dependency) #2443

New issue
New issue
Closed
Closed
Vulnerability with prost (a libp2p dependency)#2443
Labels
blockedsecurityv1.5.0For inclusion in v1.5.0 release
@paulhauner

Description

@paulhauner
paulhauner
opened on Jul 9, 2021

Description

In #2436 I've ignored the following cargo audit vuln: https://github.com/libp2p/rust-libp2p/blob/master/core/Cargo.toml

We need to upgrade to prost >= 0.8.0 to resolve this vuln, however lip2p is still on 0.7: https://github.com/libp2p/rust-libp2p/blob/master/core/Cargo.toml

Steps to resolve

  1. Wait for libp2p to update.
  2. Remove the ignore from CI.

Metadata

Metadata

Assignees

No one assigned

    Labels

    blockedsecurityv1.5.0For inclusion in v1.5.0 release

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions