search

celestiaorg / knuu

Integration Test Framework
Apache License 2.0
39 stars 34 forks source link

Fix the Vulnerability reported by govulncheck #427

Closed mojtaba-esk closed 3 months ago

mojtaba-esk commented 3 months ago 
Vulnerability #1: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
Error:       #1: pkg/instance/helper.go:399:29: instance.getFreePortTCP calls net.Listen, which eventually calls netip.Addr.IsLoopback
Error:       #2: pkg/instance/helper.go:399:29: instance.getFreePortTCP calls net.Listen, which eventually calls netip.Addr.IsMulticast

Your code is affected by 1 vulnerability from the Go standard library.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.
Use '-show verbose' for more details.
Error: Process completed with exit code 3.

link to the logs: https://github.com/celestiaorg/knuu/actions/runs/9397407907/job/25880563009#step:2:9723

tty47 commented 3 months ago

it's duplicated, just fixed here: https://github.com/celestiaorg/knuu/pull/425 https://github.com/celestiaorg/knuu/issues/424