Skip to content

fix: upgrade deps for CVE fixes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
revitteth merged 1 commit into from
Feb 11, 2026
Merged

fix: upgrade deps for CVE fixes #1

revitteth merged 1 commit into from
Feb 11, 2026
+51 −53

Conversation

@revitteth
Copy link
Contributor

@revitteth revitteth commented Feb 9, 2026

Summary

  • Upgrade go-ethereum v1.14.12 → v1.16.8 (3 p2p DoS CVEs)
  • Upgrade gnark-crypto v0.12.1 → v0.18.1 (memory allocation CVE)
  • Bump Go toolchain 1.25.0 → 1.25.7 (stdlib CVEs: crypto/tls, crypto/x509, net/url, net/http, encoding/asn1)

Test plan

  • go build ./... passes
  • go test -race ./... — all 16 packages pass
  • govulncheck ./... — zero vulnerabilities

🤖 Generated with Claude Code

@revitteth @claude
fix: upgrade go-ethereum, gnark-crypto and Go toolchain for CVE fixes
fc1177f 
- go-ethereum v1.14.12 -> v1.16.8 (fixes 3 p2p DoS CVEs)
- gnark-crypto v0.12.1 -> v0.18.1 (fixes memory allocation vuln)
- Go toolchain 1.25.0 -> 1.25.7 (fixes crypto/tls, crypto/x509,
  net/url, net/http, encoding/asn1 stdlib vulns)

govulncheck reports zero vulnerabilities after this change.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@revitteth revitteth merged commit 61abdc8 into main Feb 11, 2026
4 of 5 checks passed
@revitteth revitteth deleted the fix/deps-audit branch February 11, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@revitteth