New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: dependencies should not point to upstream #87

Merged

fbac merged 8 commits into main from fix-dependencies

Jul 25, 2024

Merged

fix: dependencies should not point to upstream #87

chore: drop names

GitHub Advanced Security / govulncheck failed Jul 25, 2024 in 3s

11 new alerts including 8 errors

New alerts in code changed by this pull request

8 errors
3 notes

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 1 in go.mod

Code scanning / govulncheck

[GO-2022-0646] Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go Note

Your code depends on 1 vulnerable module (github.com/aws/aws-sdk-go), but doesn't appear to call any of the vulnerable symbols.

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2023-1821] The x/crisis package does not cause chain halt in github.com/cosmos/cosmos-sdk Error

Your code calls vulnerable functions in 1 package (github.com/cosmos/cosmos-sdk/x/crisis).

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2023-1881] The x/crisis package does not charge ConstantFee in github.com/cosmos/cosmos-sdk Error

Your code calls vulnerable functions in 1 package (github.com/cosmos/cosmos-sdk/x/crisis).

Check notice on line 1 in go.mod

Code scanning / govulncheck

[GO-2023-2402] Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto Note

Your code depends on 1 vulnerable module (golang.org/x/crypto), but doesn't appear to call any of the vulnerable symbols.

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2611] Infinite loop in JSON unmarshaling in google.golang.org/protobuf Error

Your code calls vulnerable functions in 2 packages (google.golang.org/protobuf/encoding/protojson and google.golang.org/protobuf/internal/encoding/json).

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2687] HTTP/2 CONTINUATION flood in net/http Error

Your code calls vulnerable functions in 1 package (golang.org/x/net/http2).

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2694] Potential Reentrancy using Timeout Callbacks in ibc-hooks in github.com/cosmos/ibc-go Error

Your code calls vulnerable functions in 1 package (github.com/cosmos/ibc-go/v7/modules/core/keeper).

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2800] Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter Error

Your code calls vulnerable functions in 1 package (github.com/hashicorp/go-getter).

Check notice on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2818] Consensus failures in github.com/btcsuite/btcd Note

Your code depends on 1 vulnerable module (github.com/btcsuite/btcd), but doesn't appear to call any of the vulnerable symbols.

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2948] Code Execution on Git update in github.com/hashicorp/go-getter Error

Your code calls vulnerable functions in 1 package (github.com/hashicorp/go-getter).

Check failure on line 1 in go.mod

Code scanning / govulncheck

[GO-2024-2951] Denial of service when syncing with a malicious peer in github.com/cometbft/cometbft Error

Your code calls vulnerable functions in 1 package (github.com/cometbft/cometbft/blocksync).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: dependencies should not point to upstream #87

fix: dependencies should not point to upstream #87

11 new alerts including 8 errors

New alerts in code changed by this pull request

Annotations

Re-running checks...