Consensys / web3signer

Web3Signer is an open-source signing service capable of signing on multiple platforms (Ethereum1 and 2, Filecoin) using private keys stored in an external vault, or encrypted on a disk.
https://docs.web3signer.consensys.net/
Apache License 2.0
201 stars 78 forks source link

Libraries upgrade to fix reported CVE #989

Closed usmansaleem closed 7 months ago

usmansaleem commented 7 months ago

PR Description

fix: Update transitive dependency threetenbp and google cloud secretmanager library CVE-2024-23082, CVE-2024-23081 fix: Update bouncycastle libraries CVE-2024-29857, CVE-2024-30171, CVE-2024-30172 build: assign dependency scan nvd api key from env variable

Fixed Issue(s)

Documentation

Changelog

Testing