curve-contract icon indicating copy to clipboard operation
curve-contract copied to clipboard

Published 20 hours ago verified publisher icon curvefi

Update to latest Brownie and other packages

Open Hg347 opened this issue 10 months ago • 2 comments

Overview

There are vulnerable packages in the pip dependencies that are defined by requirements.txt It should contain:

  • cytools>=0.12.3
  • click>=8.1.3
  • pathspec>=0.12.1
  • black>=24.2.0
  • attrs>=23.2.0
  • vyper>=0.3.10rc4 # not directly required, pinned by Snyk to avoid a vulnerability
  • eth-brownie>=1.20.2
  • brownie-token-tester>=0.1.0
  • flake8>=3.8.4
  • isort>=5.7.0

Since curve deals with a lot of money, there should be a focus on fixing known vulnerabilities quickly. Static code analysis scanners like snyk.io should be used for this purpose.

Hg347 avatar Apr 06 '24 19:04 Hg347