-
Notifications
You must be signed in to change notification settings - Fork 918
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Horusec report about vulnerabilities #13791
Comments
gm @ErnestK, thanks for this report. I think there are some opportunities here to grab the low hanging fruit.
To make things easier for review, I recommend sending multiple PRs to resolve the issues. I.e. send all minor dependency updates in one PR, any exclusions in another PR, any individual fixes in their own PRs. This makes review easier and makes maintainer bug hunting easier as we could review better scoped commits for issues. |
@ErnestK are you interested in submitting a PR to resolve some of these reported issues? |
@prestonvanloon Yes, I will analyze all the issues and endeavor to work on this task. |
@prestonvanloon |
I have sorted all vulnerabilities, eliminated duplicates, and ranked them
|
馃拵 Issue
Description
Hello,
I've been considering participating in the project and contributing. My attention was drawn to this task, #9975.
I ran horusec-beta on prysm, and the result was a bit different than I expected.
Most vulnerabilities are related to library versions, but they can be fixed.
Are library updates covered by tests?
Should I take on this task?
ps
report attached below
horusec_report.json
The text was updated successfully, but these errors were encountered: