Closed Christewart closed 1 year ago
Hm, scodec-bits doesn't call UUID.randomUUID
and the stack trace looks like it's coming from ScalaTest? Any ideas @armanbilge?
Yup, this is https://github.com/scala-js/scala-js/security/advisories/GHSA-j2f9-w8wh-9ww4. You should be able to reproduce it by updating to Scala.js 1.10 without updating scodec-bits.
See the Scala.js release notes about how to upgrade to 1.10. https://www.scala-js.org/news/2022/04/04/announcing-scalajs-1.10.0/
Thanks!
The stack trace looks like this on the PR: https://github.com/bitcoin-s/bitcoin-s/runs/6490536713?check_suite_focus=true#step:5:415
This seems to be a regression introduced in
1.1.31