Issue with owning_ref

We are using libp2p rust and just ran into this issue where cargo audit failed.
When I looked into it I found that owning_ref has a vulnerability that was discovered on Jan 26 2022 which has not yet been fixed but we are noticing this issue now.

Have you faced this problem? Do you have a fix you can share?


Hi @betarelease,

Thanks for raising this. Let’s move the discussion to RUSTSEC-2022-0040: Multiple soundness issues in `owning_ref` · Issue #2794 · libp2p/rust-libp2p · GitHub