[bug]: CVE in codebase - Githubissues

keploy / keploy

Test generation for Developers. Generate tests and stubs for your application that actually work!

https://keploy.io

Apache License 2.0

3.37k stars 374 forks source link

[bug]: CVE in codebase #1845

Open shivamsouravjha opened 3 weeks ago

shivamsouravjha commented 3 weeks ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current behavior

There are some vulnerabilities because of dependencies which can be viewed through Red Hat Dependency Analytics

Steps to reproduce

Install Red Hat extension on VSCode.
Open go.mod file, the RHDA(Red Hat Dependency Analytics) would analyse and then show the report.
Click on the pop-up to view the analytics

Environment

None

Version

Cloud

Repository

keploy

aerowisca commented 1 week ago

seems the CVE was due to an older dependency of docker . go: upgraded github.com/docker/docker v24.0.4+incompatible => v26.1.1+incompatible This solves the issue but i hope we are not dependent on particular version for any specific task ? @shivamsouravjha

shivamsouravjha commented 2 days ago

nope we're not dependent on any particular docker version, but if we were to upgrade the docker version me must insure that any feature we use isn't downgraded.