search

celestiaorg / nmt

Namespaced Merkle Tree
Apache License 2.0
116 stars 42 forks source link

Investigating Snyk complaints about go.mod #225

Closed staheri14 closed 10 months ago

staheri14 commented 1 year ago

Problem

Starting from this PR, and following the addition of Snyk in the CIs, we have encountered failures in the CIs. These failures are occurring due to Snyk identifying 14 vulnerabilities in the go.mod changes.

For more details, please refer to the comment made by @rootulp:

Snyk claims this PR introduces 14 new vulnerabilities b/c the go.mod changes. I don't think we should block the PR on it though

This issue has been opened to track the problem and ensure that it is addressed, particularly if it is deemed to be a critical issue.

rootulp commented 1 year ago

Screenshot

Screenshot 2023-07-18 at 3 20 27 PM

there are more dependencies flagged by Snyk

staheri14 commented 10 months ago

Based on this recent test PR, It seems that Snyk has been disintegrated from this repo, if that is the case, then this issue is no longer needed and can be closed ccing @rootulp for confirmation

rootulp commented 10 months ago

yes please, good catch! Let's close as won't fix.