Closed jmrepetti closed 1 year ago
It uses https://pkg.go.dev/github.com/btcsuite/btcd/btcec/v2 which does the Schnorr Signatures.
It's unfortunate that it is mingled with some other Bitcoin-related packages. These vulnerabilities you found are strictly related to Bitcoin block parsing operations performed by the same library and we don't touch these things here at all (but we could update the dependency if you want just to make nancy happier).
Hello team,
why there are bitcoin related packages? What are they used for?
I ran this nancy vulnerabilioty check (1) and one of them is affected:
(1) https://github.com/sonatype-nexus-community/nancy