`failure` dependency CVE-2019-25010

Hi, dependabot just informed me of HBBFT's `failure` dependency having a security relevant bug (CVE-2019-25010). We'll probably fix it in [fedimint/hbbft](https://github.com/fedimint/hbbft) at some point, are you guys still interested in upstream contributions or is the project pretty much dead (Iots of outdated dependencies, no activity etc.)?