Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govulncheck fails on main branch #1377

Closed
staheri14 opened this issue Jun 5, 2024 · 1 comment · Fixed by #1378 or #1379
Closed

govulncheck fails on main branch #1377

staheri14 opened this issue Jun 5, 2024 · 1 comment · Fixed by #1378 or #1379
Assignees
@staheri14

Comments

@staheri14
Copy link
Contributor

The govulncheck fails in the main branch with the following error:

 govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
      #1: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsLoopback
      #2: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsMulticast

Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 2 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.

Acceptance Criteria

The error above mandates updating the go version from go1.22.3 to go1.22.4.
@staheri14 staheri14 mentioned this issue Jun 5, 2024
Merged
@staheri14 staheri14 self-assigned this Jun 5, 2024
@staheri14
Copy link
Contributor Author

The same issue is present in the v0.34.x-celestia branch

govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
      #1: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsLoopback
      #2: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsMulticast

Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 2 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.

This was referenced Jun 5, 2024
Merged
Merged
staheri14 added a commit that referenced this issue Jun 5, 2024
@staheri14
chore: bumps go version to 1.22.4 in main (#1378)
68d87ab 
This together with #1379 close #1377
staheri14 added a commit that referenced this issue Jun 7, 2024
@staheri14
chore: bumps go version to 1.22.4 in v0.34.x-celestia (#1379)
fb9d656 
This together with
#1378 close
#1377
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@staheri14 staheri14

Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@staheri14