search

celestiaorg / knuu

Integration Test Framework
Apache License 2.0
39 stars 34 forks source link

CI issue detected: `govulncheck` #424

Closed tty47 closed 3 months ago

tty47 commented 3 months ago

check this library:

Run govulncheck -C . -format text ./...
=== Symbol Results ===

Vulnerability #1: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
Error:       #1: pkg/instance/helper.go:398:29: instance.getFreePortTCP calls net.Listen, which eventually calls netip.Addr.IsLoopback
Error:       #2: pkg/instance/helper.go:398:29: instance.getFreePortTCP calls net.Listen, which eventually calls netip.Addr.IsMulticast

based on: https://github.com/celestiaorg/knuu/actions/runs/9396535604/job/25877900382

use: https://go.dev/blog/govulncheck

tty47 commented 3 months ago

close as done