Closed staheri14 closed 3 months ago
The same issue is present in the v0.34.x-celestia
branch
govulncheck ./...
=== Symbol Results ===
Vulnerability #1: GO-2024-2887
Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
net/netip
More info: https://pkg.go.dev/vuln/GO-2024-2887
Standard library
Found in: net/netip@go1.22.3
Fixed in: net/netip@go1.22.4
Example traces found:
#1: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsLoopback
#2: p2p/upnp/upnp.go:40:33: upnp.Discover calls net.ResolveUDPAddr, which eventually calls netip.Addr.IsMulticast
Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 2 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
The
govulncheck
fails in the main branch with the following error:Acceptance Criteria
The error above mandates updating the go version from go1.22.3 to go1.22.4.