Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/CVE 2024 32972 #157

Closed
wants to merge 12 commits into from
Closed

Fix/CVE 2024 32972 #157

wants to merge 12 commits into from

Conversation

endersonmaia
Copy link
Contributor

Close #156

guidanoli and others added 12 commits September 5, 2024 10:49
@guidanoli
Run CI on PRs (crypto-bug-hunters#146)
56d8026
@endersonmaia @guidanoli
Make build reproducible (crypto-bug-hunters#148)
24daede 
* chore: bump go version to 1.23.0

* chore: bump cartesi/sdk to 0.9.0

* chore: bump Ubuntu to 24.04

* feat: attempt to make resulting image reproducible

- lock baseimage to ubuntu:noble-20240801
- avoid using apt upgrade -y
- lock version of all packages installed via apt

It's not guaranteed since apt update will bring the current state of the
remote mirror used and because of that the dependecies for the installed
packages can change between runs.

* fixup! feat: attempt to make resulting image reproducible

* fix: enhance determinism of binaries

Co-authored-by: Guilherme Dantas <[email protected]>

---------

Co-authored-by: Guilherme Dantas <[email protected]>
@claudioantonio
Create bounty for solidity 0.8.27 (crypto-bug-hunters#147)
1665181 
* Create bounty for solidity 0.8.27

* Removing unused var and duplicated value definition
@guidanoli
Add line length limit in Solidity bounty (crypto-bug-hunters#150)
0fae649
@guidanoli
Fix populate script (bump latest Lua version) (crypto-bug-hunters#149)
314ee3a
@guidanoli
Make archive metadata deterministic (crypto-bug-hunters#151)
24b5048
@guidanoli
Specify package manager for root package (crypto-bug-hunters#153)
0adeee1
@endersonmaia
feat: use apt update --snapshot for reproducibility (crypto-bug-hun…
d518c9d 
…ters#154)
@endersonmaia
ci: add grype vulnerability scanner
73be8e0
@endersonmaia
fixup! ci: add grype vulnerability scanner
8d553ed
@endersonmaia
fixup! ci: add grype vulnerability scanner
c3893bf
@endersonmaia
fix: go-ethereum CVE-2024-32972
d622c87
@vercel Vercel
Copy link

vercel bot commented Sep 13, 2024

@endersonmaia is attempting to deploy a commit to the Bug Buster App Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - GHSA-4xc9-8hmq-j652 high vulnerability for github.com/ethereum/go-ethereum package
3 participants
@endersonmaia @guidanoli @claudioantonio