From 5b84f20eeea33b354a02246c5a7f14d514c81ea4 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 10:31:33 +0200 Subject: [PATCH 01/12] dev: add: codeQL --- .github/workflows/codeql.yml | 41 ++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..cc412883a9 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: "CodeQL" + +on: + push: + branches: [ "master", "develop" ] + pull_request: + branches: [ "master", "develop" ] + schedule: + - cron: '0 0 * * *' + +jobs: + analyze: + name: Analyze + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go', 'javascript-typescript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From fd596aac56f6e2254b803fce4d9d11278e839f61 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 12:17:10 +0200 Subject: [PATCH 02/12] dev: chg: solve codeQL high vulns --- accounts/usbwallet/trezor.go | 9 ++++++++- core/vm/contract.go | 8 ++++++-- log/logger.go | 9 +++++++++ p2p/enode/localnode.go | 8 ++++++-- 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go index 0201048ebd..8bf4b6817e 100644 --- a/accounts/usbwallet/trezor.go +++ b/accounts/usbwallet/trezor.go @@ -306,7 +306,14 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag return 0, err } - payload := make([]byte, 8+len(data)) + var payload []byte + + if 8+len(data) > 64*1024*1024 { + payload = make([]byte, 0) + } else { + payload = make([]byte, 8+len(data)) + } + copy(payload, []byte{0x23, 0x23}) binary.BigEndian.PutUint16(payload[2:], trezor.Type(req)) binary.BigEndian.PutUint32(payload[4:], uint32(len(data))) diff --git a/core/vm/contract.go b/core/vm/contract.go index 811f5b7816..3d4f249eda 100644 --- a/core/vm/contract.go +++ b/core/vm/contract.go @@ -17,6 +17,7 @@ package vm import ( + "math" "math/big" "github.com/ethereum/go-ethereum/common" @@ -146,8 +147,11 @@ func (c *Contract) AsDelegate() *Contract { // GetOp returns the n'th element in the contract's byte array func (c *Contract) GetOp(n uint64) OpCode { - if n < uint64(len(c.Code)) { - return OpCode(c.Code[n]) + if n > 0 && n <= math.MaxUint16 { + if n < uint64(len(c.Code)) { + return OpCode(c.Code[n]) + } + } return STOP diff --git a/log/logger.go b/log/logger.go index 4e4bc6e6ce..bc7399f921 100644 --- a/log/logger.go +++ b/log/logger.go @@ -215,6 +215,11 @@ func (l *logger) New(ctx ...interface{}) Logger { func newContext(prefix []interface{}, suffix []interface{}) []interface{} { normalizedSuffix := normalize(suffix) + + if len(prefix)+len(normalizedSuffix) > 64*1024*1024 { + return make([]interface{}, 0) + } + newCtx := make([]interface{}, len(prefix)+len(normalizedSuffix)) n := copy(newCtx, prefix) copy(newCtx[n:], normalizedSuffix) @@ -326,6 +331,10 @@ type Lazy struct { type Ctx map[string]interface{} func (c Ctx) toArray() []interface{} { + if len(c)*2 > 64*1024*1024 { + return make([]interface{}, 0) + } + arr := make([]interface{}, len(c)*2) i := 0 diff --git a/p2p/enode/localnode.go b/p2p/enode/localnode.go index 675350907e..66a56ad4e9 100644 --- a/p2p/enode/localnode.go +++ b/p2p/enode/localnode.go @@ -19,6 +19,7 @@ package enode import ( "crypto/ecdsa" "fmt" + "math" "net" "reflect" "strconv" @@ -211,8 +212,11 @@ func (ln *LocalNode) SetFallbackUDP(port int) { ln.mu.Lock() defer ln.mu.Unlock() - ln.endpoint4.fallbackUDP = uint16(port) - ln.endpoint6.fallbackUDP = uint16(port) + if port > 0 && port <= math.MaxUint16 { + ln.endpoint4.fallbackUDP = uint16(port) + ln.endpoint6.fallbackUDP = uint16(port) + } + ln.updateEndpoints() } From e5d77fe2b911eb1200fc0eaa0fd49f82f500df7b Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 12:35:56 +0200 Subject: [PATCH 03/12] dev: chg: remove js scan after dismissing relative issues --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cc412883a9..dd40670c8d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'javascript-typescript' ] + language: [ 'go' ] steps: - name: Checkout repository From a50c10d17e182585b9a943edd0aaea14f0196610 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 12:40:47 +0200 Subject: [PATCH 04/12] dev: chg: fix size allocation checks --- accounts/usbwallet/trezor.go | 5 ++--- core/vm/contract.go | 5 +---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go index 8bf4b6817e..2dda511046 100644 --- a/accounts/usbwallet/trezor.go +++ b/accounts/usbwallet/trezor.go @@ -25,6 +25,7 @@ import ( "errors" "fmt" "io" + "math" "math/big" "github.com/ethereum/go-ethereum/accounts" @@ -308,9 +309,7 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag var payload []byte - if 8+len(data) > 64*1024*1024 { - payload = make([]byte, 0) - } else { + if 8+len(data) < math.MaxInt { payload = make([]byte, 8+len(data)) } diff --git a/core/vm/contract.go b/core/vm/contract.go index 3d4f249eda..38882543c1 100644 --- a/core/vm/contract.go +++ b/core/vm/contract.go @@ -147,11 +147,8 @@ func (c *Contract) AsDelegate() *Contract { // GetOp returns the n'th element in the contract's byte array func (c *Contract) GetOp(n uint64) OpCode { - if n > 0 && n <= math.MaxUint16 { - if n < uint64(len(c.Code)) { + if len(c.Code) > 0 && len(c.Code) <= math.MaxUint16 && n < uint64(len(c.Code)) { return OpCode(c.Code[n]) - } - } return STOP From b7a471cf096eb892941af5ce4a9fe1869bd604f0 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 13:58:29 +0200 Subject: [PATCH 05/12] dev: chg: fix size allocation checks --- accounts/usbwallet/trezor.go | 3 +-- core/vm/contract.go | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go index 2dda511046..c2f4cd1e08 100644 --- a/accounts/usbwallet/trezor.go +++ b/accounts/usbwallet/trezor.go @@ -25,7 +25,6 @@ import ( "errors" "fmt" "io" - "math" "math/big" "github.com/ethereum/go-ethereum/accounts" @@ -309,7 +308,7 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag var payload []byte - if 8+len(data) < math.MaxInt { + if 8+len(data) < 64*1024*1024 { payload = make([]byte, 8+len(data)) } diff --git a/core/vm/contract.go b/core/vm/contract.go index 38882543c1..d7cbafcf7f 100644 --- a/core/vm/contract.go +++ b/core/vm/contract.go @@ -17,7 +17,6 @@ package vm import ( - "math" "math/big" "github.com/ethereum/go-ethereum/common" @@ -147,7 +146,7 @@ func (c *Contract) AsDelegate() *Contract { // GetOp returns the n'th element in the contract's byte array func (c *Contract) GetOp(n uint64) OpCode { - if len(c.Code) > 0 && len(c.Code) <= math.MaxUint16 && n < uint64(len(c.Code)) { + if len(c.Code) > 0 && len(c.Code) <= 64*1024*1024 && n < uint64(len(c.Code)) { return OpCode(c.Code[n]) } From c1edeeea0ac2c799e373b2d1a0a994c68a87881b Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 14:17:49 +0200 Subject: [PATCH 06/12] dev: chg: use math.MaxUint8 for incorrect coversion for integer --- core/vm/contract.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/vm/contract.go b/core/vm/contract.go index d7cbafcf7f..2f49c8f481 100644 --- a/core/vm/contract.go +++ b/core/vm/contract.go @@ -17,6 +17,7 @@ package vm import ( + "math" "math/big" "github.com/ethereum/go-ethereum/common" @@ -146,7 +147,7 @@ func (c *Contract) AsDelegate() *Contract { // GetOp returns the n'th element in the contract's byte array func (c *Contract) GetOp(n uint64) OpCode { - if len(c.Code) > 0 && len(c.Code) <= 64*1024*1024 && n < uint64(len(c.Code)) { + if len(c.Code) > 0 && len(c.Code) <= math.MaxUint8 && n < uint64(len(c.Code)) { return OpCode(c.Code[n]) } From ffa516165bc54d9953f344c0f6839882fdd0eb65 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 14:52:44 +0200 Subject: [PATCH 07/12] dev: chg: revert on one check / return error on trezorExchange func --- accounts/usbwallet/trezor.go | 2 ++ core/vm/contract.go | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go index c2f4cd1e08..10b82172ca 100644 --- a/accounts/usbwallet/trezor.go +++ b/accounts/usbwallet/trezor.go @@ -310,6 +310,8 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag if 8+len(data) < 64*1024*1024 { payload = make([]byte, 8+len(data)) + } else { + return 0, errors.New("data too large") } copy(payload, []byte{0x23, 0x23}) diff --git a/core/vm/contract.go b/core/vm/contract.go index 2f49c8f481..811f5b7816 100644 --- a/core/vm/contract.go +++ b/core/vm/contract.go @@ -17,7 +17,6 @@ package vm import ( - "math" "math/big" "github.com/ethereum/go-ethereum/common" @@ -147,8 +146,8 @@ func (c *Contract) AsDelegate() *Contract { // GetOp returns the n'th element in the contract's byte array func (c *Contract) GetOp(n uint64) OpCode { - if len(c.Code) > 0 && len(c.Code) <= math.MaxUint8 && n < uint64(len(c.Code)) { - return OpCode(c.Code[n]) + if n < uint64(len(c.Code)) { + return OpCode(c.Code[n]) } return STOP From ab57967db7e19b8d11cfef09b2584172e779c10b Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 15:26:18 +0200 Subject: [PATCH 08/12] dev: chg: remove checks on logger as not harmful --- accounts/usbwallet/trezor.go | 2 +- log/logger.go | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go index 10b82172ca..5acdff3c97 100644 --- a/accounts/usbwallet/trezor.go +++ b/accounts/usbwallet/trezor.go @@ -308,7 +308,7 @@ func (w *trezorDriver) trezorExchange(req proto.Message, results ...proto.Messag var payload []byte - if 8+len(data) < 64*1024*1024 { + if len(data) < 64*1024*1024 { payload = make([]byte, 8+len(data)) } else { return 0, errors.New("data too large") diff --git a/log/logger.go b/log/logger.go index bc7399f921..4e4bc6e6ce 100644 --- a/log/logger.go +++ b/log/logger.go @@ -215,11 +215,6 @@ func (l *logger) New(ctx ...interface{}) Logger { func newContext(prefix []interface{}, suffix []interface{}) []interface{} { normalizedSuffix := normalize(suffix) - - if len(prefix)+len(normalizedSuffix) > 64*1024*1024 { - return make([]interface{}, 0) - } - newCtx := make([]interface{}, len(prefix)+len(normalizedSuffix)) n := copy(newCtx, prefix) copy(newCtx[n:], normalizedSuffix) @@ -331,10 +326,6 @@ type Lazy struct { type Ctx map[string]interface{} func (c Ctx) toArray() []interface{} { - if len(c)*2 > 64*1024*1024 { - return make([]interface{}, 0) - } - arr := make([]interface{}, len(c)*2) i := 0 From e63953f94c250f2c90a980b520dd6c0b89c0bbc1 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 16:50:35 +0200 Subject: [PATCH 09/12] dev: chg: bump govuln action go versions --- .github/workflows/{security-ci.yml => govuln.yml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{security-ci.yml => govuln.yml} (87%) diff --git a/.github/workflows/security-ci.yml b/.github/workflows/govuln.yml similarity index 87% rename from .github/workflows/security-ci.yml rename to .github/workflows/govuln.yml index 540fd9a250..32161b53e1 100644 --- a/.github/workflows/security-ci.yml +++ b/.github/workflows/govuln.yml @@ -8,12 +8,12 @@ jobs: steps: - uses: actions/checkout@v3 - name: Running govulncheck - uses: Templum/govulncheck-action@v0.10.1 + uses: Templum/govulncheck-action@v1.0.0 continue-on-error: true env: DEBUG: "true" with: - go-version: 1.20.5 + go-version: 1.21 package: ./... github-token: ${{ secrets.GITHUB_TOKEN }} fail-on-vuln: true From 46f0b709d64ef51f1bf743556fca8aac5efde028 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Tue, 10 Oct 2023 17:11:03 +0200 Subject: [PATCH 10/12] dev: chg: name of CI for govuln --- .github/workflows/govuln.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govuln.yml b/.github/workflows/govuln.yml index 32161b53e1..3f508015c7 100644 --- a/.github/workflows/govuln.yml +++ b/.github/workflows/govuln.yml @@ -1,4 +1,4 @@ -name: Security CI +name: Govuln on: [ push, pull_request ] jobs: From f8b73c7508e50ee86afeda7308e82d14c7844059 Mon Sep 17 00:00:00 2001 From: marcello33 Date: Thu, 12 Oct 2023 09:53:56 +0200 Subject: [PATCH 11/12] dev: chg: bump x/net to 0.17 as per PR-1038 --- go.mod | 8 ++++---- go.sum | 13 ++++++++----- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 8c818ad99d..f16c476c74 100644 --- a/go.mod +++ b/go.mod @@ -77,11 +77,11 @@ require ( github.com/tendermint/tendermint v0.34.21 github.com/tyler-smith/go-bip39 v1.1.0 github.com/urfave/cli/v2 v2.17.2-0.20221006022127-8f469abc00aa - golang.org/x/crypto v0.11.0 + golang.org/x/crypto v0.14.0 golang.org/x/exp v0.0.0-20230206171751-46f607a40771 golang.org/x/sync v0.3.0 - golang.org/x/sys v0.12.0 - golang.org/x/text v0.11.0 + golang.org/x/sys v0.13.0 + golang.org/x/text v0.13.0 golang.org/x/time v0.3.0 golang.org/x/tools v0.10.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 @@ -159,7 +159,7 @@ require ( go.opentelemetry.io/otel/sdk v1.19.0 go.uber.org/goleak v1.2.1 golang.org/x/mod v0.11.0 // indirect - golang.org/x/net v0.12.0 // indirect + golang.org/x/net v0.17.0 // indirect gonum.org/v1/gonum v0.11.0 google.golang.org/grpc v1.58.2 google.golang.org/protobuf v1.31.0 diff --git a/go.sum b/go.sum index dd93d074de..b466e1cf66 100644 --- a/go.sum +++ b/go.sum @@ -2239,8 +2239,9 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2400,8 +2401,9 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2596,8 +2598,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2628,8 +2630,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 029998e2703d2db53826582a1b2d7bf96e86fc4e Mon Sep 17 00:00:00 2001 From: marcello33 Date: Thu, 12 Oct 2023 16:29:47 +0200 Subject: [PATCH 12/12] dev: chg: remove snyk files --- .snyk | 41 ----------------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 .snyk diff --git a/.snyk b/.snyk deleted file mode 100644 index 285024f5bb..0000000000 --- a/.snyk +++ /dev/null @@ -1,41 +0,0 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.25.0 -# ignores vulnerabilities until expiry date; change duration by modifying expiry date -ignore: - 'snyk:lic:golang:github.com:karalabe:usb:LGPL-3.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:06:37.028Z - 'snyk:lic:golang:github.com:mitchellh:cli:MPL-2.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:07:42.661Z - 'snyk:lic:golang:github.com:hashicorp:hcl:v2:MPL-2.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:08.112Z - 'snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:14.673Z - 'snyk:lic:golang:github.com:hashicorp:go-bexpr:MPL-2.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:21.843Z - 'snyk:lic:golang:github.com:hashicorp:errwrap:MPL-2.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:28.257Z - 'snyk:lic:golang:github.com:ethereum:go-ethereum:LGPL-3.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:35.273Z - 'snyk:lic:golang:github.com:maticnetwork:polyproto:GPL-3.0': - - '*': - reason: 'As open source org, we have no issues with licenses' - created: 2022-11-11T08:09:41.635Z - 'SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322': - - '*': - reason: 'grpc working on a release to fix the issue' - created: 2022-12-12T06:50:00.000Z -patch: {}