idna 0.4.0 vulnerability, idna needs to be upgraded to latest v1.0.3 #736
Description
cargo audit failing for my project using rust-web3
See: https://rustsec.org/advisories/RUSTSEC-2024-0421
Run cargo install cargo-audit
Updating crates.io index
Downloading crates ...
Downloaded cargo-audit v0.21.0
Ignored package `cargo-audit v0.21.0` is already installed, use --force to override
Fetching advisory database from `[https://github.com/RustSec/advisory-db.git`](https://github.com/RustSec/advisory-db.git%60)
Loaded 714 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (729 crate dependencies)
Crate: idna
Version: 0.4.0
Title: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Date: 2024-12-09
ID: RUSTSEC-2024-0421
URL: https://rustsec.org/advisories/RUSTSEC-2024-0421
Solution: Upgrade to >=1.0.0
Dependency tree:
idna 0.4.0
└── web3 0.19.0