Skip to content

fix(deps): update discv5 to 0.10.4, removing lru 0.12.5 (low GHSA-rhfx-m35p-ff5j)#220

Open
github-actions[bot] wants to merge 1 commit intomainfrom
fix/security-lru-5
Open

fix(deps): update discv5 to 0.10.4, removing lru 0.12.5 (low GHSA-rhfx-m35p-ff5j)#220
github-actions[bot] wants to merge 1 commit intomainfrom
fix/security-lru-5

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 22, 2026

Description

Bumps discv5 from 0.10.2 to 0.10.4 which drops its dependency on lru 0.12.5, resolving a low severity vulnerability.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Security Alert

Change

lru 0.12.5 is a transitive dependency of discv5 0.10.2 (via reth-network v1.11.0). discv5 0.10.4 replaces its lru usage with hashlink 0.11.0, completely removing the vulnerable lru 0.12.5 from the dependency tree. Also updated hashlink v0.9.1 -> v0.11.0. No source file changes required.

Checklist

  • I have reviewed the relevant code guidelines in the docs/ folder
  • My code follows the coding standards of this project
  • I have performed a self-review of my own code

@github-actions @claude
fix(deps): update discv5 to 0.10.4 to drop lru 0.12.5 (GHSA-rhfx-m35p…
548d56e 
…-ff5j)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants