search

dedis / cothority

Scalable collective authority
Other
426 stars 106 forks source link

Updates dependencies with vulnerabilities #2480

Closed nkcr closed 2 years ago

nkcr commented 2 years ago

Updated:

Then go mod tidy

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

ineiti commented 2 years ago

The go-ethereum cannot be updated, as far as I remember. This is because in the new go-ethereum, there is no clear separation anymore between the database holding the contracts data and the chain. So we cannot use it.

@cgrigis can you confirm that?

cgrigis commented 2 years ago

As I remember looking at it at the time, 1.9.x introduced several changes in the data structures that we plug into with ByzCoin, and the modifications needed to adapt to it were not trivial. I have not looked at the latest evolution in go-ethereum since then, but I guess that will be a significant amount of work.

nkcr commented 2 years ago

Ok, I was aiming at "just a quick security update" thinking that backward compatibility was there for those libraries. Let's forget about it then.