Skip to content

Commit 504a27f

Browse files
raullenchaiRaullenenvestcc
authored
security: upgrade critical dependencies to fix vulnerabilities (#4779)
Co-authored-by: Raullen <raullenstudio@Raullens-Mac-Studio.local> Co-authored-by: envestcc <chen1233216@hotmail.com>
1 parent 825d826 commit 504a27f

File tree

7 files changed

+169
-312
lines changed

7 files changed

+169
-312
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM golang:1.23.0-alpine AS build
1+
FROM golang:1.24-alpine AS build
22

33
WORKDIR /go/apps/iotex-core
44

api/coreservice.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1859,7 +1859,7 @@ func (core *coreService) estimateExecutionGasConsumptionAt(ctx context.Context,
18591859
if !enough {
18601860
if receipt.Status == uint64(iotextypes.ReceiptStatus_ErrExecutionReverted) {
18611861
if len(receipt.ExecutionRevertMsg()) > 0 {
1862-
return 0, retval, status.Errorf(codes.InvalidArgument, fmt.Sprintf("execution simulation is reverted due to the reason: %s", receipt.ExecutionRevertMsg()))
1862+
return 0, retval, status.Errorf(codes.InvalidArgument, "execution simulation is reverted due to the reason: %s", receipt.ExecutionRevertMsg())
18631863
}
18641864
return 0, retval, status.Error(codes.InvalidArgument, "execution reverted")
18651865
}

db/trie/kvstoreimpl.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ func (s *kvStoreImpl) Get(key []byte) ([]byte, error) {
136136
_trieKeystoreMtc.WithLabelValues("get").Inc()
137137
value, err := s.dao.Get(s.bucket, key)
138138
if errors.Cause(err) == db.ErrNotExist {
139-
return nil, errors.Wrapf(ErrNotExist, err.Error())
139+
return nil, errors.Wrap(ErrNotExist, err.Error())
140140
}
141141

142142
return value, err

go.mod

Lines changed: 56 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
module github.com/iotexproject/iotex-core/v2
22

3-
go 1.23.0
4-
5-
toolchain go1.23.7
3+
go 1.24.6
64

75
require (
86
dario.cat/mergo v1.0.2
@@ -35,20 +33,20 @@ require (
3533
github.com/iotexproject/iotex-election v0.3.8-0.20251015031218-8df952babca1
3634
github.com/iotexproject/iotex-proto v0.6.6-0.20260211020747-f26bd969ed16
3735
github.com/ipfs/go-ipfs-api v0.7.0
38-
github.com/libp2p/go-libp2p v0.39.0
36+
github.com/libp2p/go-libp2p v0.46.0
3937
github.com/libp2p/go-libp2p-pubsub v0.13.0
4038
github.com/mackerelio/go-osstat v0.2.4
4139
github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1
4240
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
43-
github.com/multiformats/go-multiaddr v0.14.0
41+
github.com/multiformats/go-multiaddr v0.16.0
4442
github.com/pkg/errors v0.9.1
45-
github.com/prometheus/client_golang v1.20.5
46-
github.com/prometheus/client_model v0.6.1
43+
github.com/prometheus/client_golang v1.22.0
44+
github.com/prometheus/client_model v0.6.2
4745
github.com/rodaine/table v1.0.1
4846
github.com/schollz/progressbar/v2 v2.15.0
4947
github.com/shirou/gopsutil/v3 v3.24.3
5048
github.com/spf13/cobra v1.8.1
51-
github.com/stretchr/testify v1.10.0
49+
github.com/stretchr/testify v1.11.1
5250
github.com/tidwall/gjson v1.11.0
5351
github.com/tyler-smith/go-bip39 v1.1.0
5452
github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2
@@ -65,14 +63,14 @@ require (
6563
go.uber.org/config v1.3.1
6664
go.uber.org/mock v0.5.2
6765
go.uber.org/zap v1.27.0
68-
golang.org/x/crypto v0.36.0
69-
golang.org/x/net v0.37.0
70-
golang.org/x/sync v0.12.0
71-
golang.org/x/text v0.23.0
72-
golang.org/x/time v0.9.0
66+
golang.org/x/crypto v0.44.0
67+
golang.org/x/net v0.47.0
68+
golang.org/x/sync v0.18.0
69+
golang.org/x/text v0.31.0
70+
golang.org/x/time v0.12.0
7371
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
7472
google.golang.org/grpc v1.69.4
75-
google.golang.org/protobuf v1.36.4
73+
google.golang.org/protobuf v1.36.6
7674
gopkg.in/yaml.v2 v2.4.0
7775
)
7876

@@ -87,14 +85,14 @@ require (
8785
github.com/anacrolix/dht/v2 v2.21.1 // indirect
8886
github.com/anacrolix/envpprof v1.3.0 // indirect
8987
github.com/anacrolix/generics v0.0.0-20230816105729-c755655aee45 // indirect
90-
github.com/anacrolix/go-libutp v1.3.1 // indirect
88+
github.com/anacrolix/go-libutp v1.3.2 // indirect
9189
github.com/anacrolix/log v0.15.2 // indirect
9290
github.com/anacrolix/missinggo v1.3.0 // indirect
9391
github.com/anacrolix/missinggo/perf v1.0.0 // indirect
94-
github.com/anacrolix/missinggo/v2 v2.7.2-0.20230527121029-a582b4f397b9 // indirect
95-
github.com/anacrolix/mmsg v1.0.0 // indirect
92+
github.com/anacrolix/missinggo/v2 v2.10.0 // indirect
93+
github.com/anacrolix/mmsg v1.0.1 // indirect
9694
github.com/anacrolix/multiless v0.3.1-0.20221221005021-2d12701f83f7 // indirect
97-
github.com/anacrolix/stm v0.4.1-0.20221221005312-96d17df0e496 // indirect
95+
github.com/anacrolix/stm v0.5.0 // indirect
9896
github.com/anacrolix/sync v0.5.1 // indirect
9997
github.com/anacrolix/torrent v1.52.6-0.20231201115409-7ea994b6bbd8 // indirect
10098
github.com/anacrolix/upnp v0.1.3-0.20220123035249-922794e51c96 // indirect
@@ -115,9 +113,7 @@ require (
115113
github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
116114
github.com/cockroachdb/redact v1.1.5 // indirect
117115
github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 // indirect
118-
github.com/consensys/bavard v0.1.27 // indirect
119-
github.com/consensys/gnark-crypto v0.16.0 // indirect
120-
github.com/containerd/cgroups v1.1.0 // indirect
116+
github.com/consensys/gnark-crypto v0.18.1 // indirect
121117
github.com/containerd/cgroups/v3 v3.0.3 // indirect
122118
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
123119
github.com/crackcomm/go-gitignore v0.0.0-20241020182519-7843d2ba8fdf // indirect
@@ -128,12 +124,11 @@ require (
128124
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
129125
github.com/deckarep/golang-set v1.8.0 // indirect
130126
github.com/deckarep/golang-set/v2 v2.6.0 // indirect
131-
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
127+
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
132128
github.com/dlclark/regexp2 v1.7.0 // indirect
133129
github.com/dop251/goja v0.0.0-20230806174421-c933cf95e127 // indirect
134130
github.com/dustin/go-humanize v1.0.1 // indirect
135131
github.com/edsrzf/mmap-go v1.1.0 // indirect
136-
github.com/elastic/gosigar v0.14.3 // indirect
137132
github.com/emicklei/dot v1.6.1 // indirect
138133
github.com/erigontech/erigon-snapshot v1.3.0 // indirect
139134
github.com/erigontech/mdbx-go v0.27.24 // indirect
@@ -150,11 +145,10 @@ require (
150145
github.com/go-llsqlite/crawshaw v0.4.0 // indirect
151146
github.com/go-sourcemap/sourcemap v2.1.3+incompatible // indirect
152147
github.com/go-stack/stack v1.8.1 // indirect
153-
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
154148
github.com/goccy/go-json v0.10.4 // indirect
155149
github.com/godbus/dbus/v5 v5.1.0 // indirect
156150
github.com/gofrs/flock v0.8.1 // indirect
157-
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
151+
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
158152
github.com/golang/mock v1.6.0 // indirect
159153
github.com/golang/protobuf v1.5.4 // indirect
160154
github.com/google/btree v1.1.2 // indirect
@@ -178,27 +172,25 @@ require (
178172
github.com/inconshreveable/mousetrap v1.1.0 // indirect
179173
github.com/ipfs/boxo v0.27.2 // indirect
180174
github.com/ipfs/go-cid v0.5.0 // indirect
181-
github.com/ipfs/go-datastore v0.6.0 // indirect
175+
github.com/ipfs/go-datastore v0.8.2 // indirect
182176
github.com/ipfs/go-log/v2 v2.5.1 // indirect
183177
github.com/ipld/go-ipld-prime v0.21.0 // indirect
184178
github.com/jackpal/go-nat-pmp v1.0.2 // indirect
185179
github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
186-
github.com/jbenet/goprocess v0.1.4 // indirect
187180
github.com/json-iterator/go v1.1.12 // indirect
188-
github.com/klauspost/compress v1.17.11 // indirect
181+
github.com/klauspost/compress v1.18.0 // indirect
189182
github.com/kr/pretty v0.3.1 // indirect
190183
github.com/kr/text v0.2.0 // indirect
191184
github.com/mattn/go-colorable v0.1.13 // indirect
192185
github.com/mattn/go-isatty v0.0.20 // indirect
193186
github.com/mattn/go-runewidth v0.0.15 // indirect
194-
github.com/miekg/dns v1.1.63 // indirect
187+
github.com/miekg/dns v1.1.66 // indirect
195188
github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
196189
github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
197190
github.com/minio/sha256-simd v1.0.1 // indirect
198191
github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
199192
github.com/mitchellh/go-homedir v1.1.0 // indirect
200193
github.com/mitchellh/mapstructure v1.5.0 // indirect
201-
github.com/mmcloughlin/addchain v0.4.0 // indirect
202194
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
203195
github.com/modern-go/reflect2 v1.0.2 // indirect
204196
github.com/mschoch/smat v0.2.0 // indirect
@@ -207,29 +199,29 @@ require (
207199
github.com/pelletier/go-toml/v2 v2.2.1 // indirect
208200
github.com/pion/datachannel v1.5.10 // indirect
209201
github.com/pion/dtls/v2 v2.2.12 // indirect
210-
github.com/pion/dtls/v3 v3.0.4 // indirect
202+
github.com/pion/dtls/v3 v3.0.6 // indirect
211203
github.com/pion/ice/v2 v2.3.37 // indirect
212-
github.com/pion/ice/v4 v4.0.6 // indirect
213-
github.com/pion/interceptor v0.1.37 // indirect
204+
github.com/pion/ice/v4 v4.0.10 // indirect
205+
github.com/pion/interceptor v0.1.40 // indirect
214206
github.com/pion/logging v0.2.3 // indirect
215207
github.com/pion/mdns v0.0.12 // indirect
216208
github.com/pion/mdns/v2 v2.0.7 // indirect
217209
github.com/pion/randutil v0.1.0 // indirect
218210
github.com/pion/rtcp v1.2.15 // indirect
219-
github.com/pion/rtp v1.8.11 // indirect
220-
github.com/pion/sctp v1.8.35 // indirect
221-
github.com/pion/sdp/v3 v3.0.10 // indirect
211+
github.com/pion/rtp v1.8.19 // indirect
212+
github.com/pion/sctp v1.8.39 // indirect
213+
github.com/pion/sdp/v3 v3.0.13 // indirect
222214
github.com/pion/srtp/v2 v2.0.20 // indirect
223-
github.com/pion/srtp/v3 v3.0.4 // indirect
215+
github.com/pion/srtp/v3 v3.0.6 // indirect
224216
github.com/pion/stun v0.6.1 // indirect
225217
github.com/pion/stun/v2 v2.0.0 // indirect
226218
github.com/pion/stun/v3 v3.0.0 // indirect
227219
github.com/pion/transport/v2 v2.2.10 // indirect
228220
github.com/pion/transport/v3 v3.0.7 // indirect
229221
github.com/pion/turn/v2 v2.1.6 // indirect
230-
github.com/pion/turn/v4 v4.0.0 // indirect
222+
github.com/pion/turn/v4 v4.0.2 // indirect
231223
github.com/pion/webrtc/v3 v3.3.5 // indirect
232-
github.com/pion/webrtc/v4 v4.0.8 // indirect
224+
github.com/pion/webrtc/v4 v4.1.2 // indirect
233225
github.com/rivo/uniseg v0.2.0 // indirect
234226
github.com/rogpeppe/go-internal v1.13.1 // indirect
235227
github.com/supranational/blst v0.3.15 // indirect
@@ -239,12 +231,11 @@ require (
239231
github.com/ugorji/go/codec/codecgen v1.1.13 // indirect
240232
github.com/wlynxg/anet v0.0.5 // indirect
241233
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
242-
go.uber.org/dig v1.18.0 // indirect
243-
go.uber.org/fx v1.23.0 // indirect
244-
golang.org/x/mod v0.24.0 // indirect
245-
golang.org/x/tools v0.31.0 // indirect
234+
go.uber.org/dig v1.19.0 // indirect
235+
go.uber.org/fx v1.24.0 // indirect
236+
golang.org/x/mod v0.29.0 // indirect
237+
golang.org/x/tools v0.38.0 // indirect
246238
gonum.org/v1/gonum v0.15.1 // indirect
247-
rsc.io/tmplfunc v0.0.3 // indirect
248239
)
249240

250241
require (
@@ -256,15 +247,14 @@ require (
256247
github.com/dustinxie/gmsm v1.4.0 // indirect
257248
github.com/felixge/httpsnoop v1.0.4 // indirect
258249
github.com/flynn/noise v1.1.0 // indirect
259-
github.com/francoispqt/gojay v1.2.13 // indirect
260250
github.com/fsnotify/fsnotify v1.6.0 // indirect
261251
github.com/go-logr/logr v1.4.2 // indirect
262252
github.com/go-logr/stdr v1.2.2 // indirect
263253
github.com/go-ole/go-ole v1.3.0 // indirect
264254
github.com/gogo/protobuf v1.3.2 // indirect
265255
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
266-
github.com/klauspost/cpuid/v2 v2.2.9 // indirect
267-
github.com/koron/go-ssdp v0.0.5 // indirect
256+
github.com/klauspost/cpuid/v2 v2.2.10 // indirect
257+
github.com/koron/go-ssdp v0.0.6 // indirect
268258
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
269259
github.com/libp2p/go-cidranger v1.1.0 // indirect
270260
github.com/libp2p/go-flow-metrics v0.2.0 // indirect
@@ -274,10 +264,9 @@ require (
274264
github.com/libp2p/go-libp2p-record v0.3.1 // indirect
275265
github.com/libp2p/go-libp2p-routing-helpers v0.7.4 // indirect
276266
github.com/libp2p/go-msgio v0.3.0 // indirect
277-
github.com/libp2p/go-nat v0.2.0 // indirect
278-
github.com/libp2p/go-netroute v0.2.2 // indirect
267+
github.com/libp2p/go-netroute v0.3.0 // indirect
279268
github.com/libp2p/go-reuseport v0.4.0 // indirect
280-
github.com/libp2p/go-yamux/v4 v4.0.2 // indirect
269+
github.com/libp2p/go-yamux/v5 v5.0.1 // indirect
281270
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
282271
github.com/magefile/mage v1.9.0 // indirect
283272
github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
@@ -287,27 +276,26 @@ require (
287276
github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect
288277
github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
289278
github.com/multiformats/go-multibase v0.2.0 // indirect
290-
github.com/multiformats/go-multicodec v0.9.0 // indirect
279+
github.com/multiformats/go-multicodec v0.9.1 // indirect
291280
github.com/multiformats/go-multihash v0.2.3 // indirect
292-
github.com/multiformats/go-multistream v0.6.0 // indirect
281+
github.com/multiformats/go-multistream v0.6.1 // indirect
293282
github.com/multiformats/go-varint v0.0.7 // indirect
294283
github.com/olekukonko/tablewriter v0.0.5 // indirect
295-
github.com/onsi/ginkgo/v2 v2.22.2 // indirect
284+
github.com/onsi/gomega v1.36.2 // indirect
296285
github.com/opencontainers/runtime-spec v1.2.0 // indirect
297286
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
298287
github.com/pierrec/lz4 v2.0.5+incompatible // indirect
299288
github.com/pmezard/go-difflib v1.0.0 // indirect
300289
github.com/polydawn/refmt v0.89.0 // indirect
301290
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
302-
github.com/prometheus/common v0.62.0 // indirect
303-
github.com/prometheus/procfs v0.15.1 // indirect
291+
github.com/prometheus/common v0.64.0 // indirect
292+
github.com/prometheus/procfs v0.16.1 // indirect
304293
github.com/protolambda/ztyp v0.2.2 // indirect
305294
github.com/prysmaticlabs/gohashtree v0.0.3-alpha.0.20230502123415-aafd8b3ca202 // indirect
306295
github.com/quasilyte/go-ruleguard/dsl v0.3.22 // indirect
307-
github.com/quic-go/qpack v0.5.1 // indirect
308-
github.com/quic-go/quic-go v0.49.0 // indirect
309-
github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 // indirect
310-
github.com/raulk/go-watchdog v1.3.0 // indirect
296+
github.com/quic-go/qpack v0.6.0 // indirect
297+
github.com/quic-go/quic-go v0.57.1 // indirect
298+
github.com/quic-go/webtransport-go v0.9.0 // indirect
311299
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
312300
github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417 // indirect
313301
github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -317,7 +305,7 @@ require (
317305
github.com/sirupsen/logrus v1.9.3 // indirect
318306
github.com/spaolacci/murmur3 v1.1.0 // indirect
319307
github.com/spf13/afero v1.9.5 // indirect
320-
github.com/spf13/pflag v1.0.5 // indirect
308+
github.com/spf13/pflag v1.0.6 // indirect
321309
github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
322310
github.com/tidwall/match v1.1.1 // indirect
323311
github.com/tidwall/pretty v1.2.0 // indirect
@@ -331,13 +319,14 @@ require (
331319
go.opencensus.io v0.24.0 // indirect
332320
go.opentelemetry.io/otel/metric v1.34.0 // indirect
333321
go.uber.org/multierr v1.11.0 // indirect
334-
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
335-
golang.org/x/sys v0.31.0 // indirect
336-
golang.org/x/term v0.30.0 // indirect
322+
golang.org/x/exp v0.0.0-20250606033433-dcc06ee1d476 // indirect
323+
golang.org/x/sys v0.38.0 // indirect
324+
golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect
325+
golang.org/x/term v0.37.0 // indirect
337326
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 // indirect
338327
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
339328
gopkg.in/yaml.v3 v3.0.1 // indirect
340-
lukechampine.com/blake3 v1.3.0 // indirect
329+
lukechampine.com/blake3 v1.4.1 // indirect
341330
modernc.org/libc v1.62.1 // indirect
342331
modernc.org/mathutil v1.7.1 // indirect
343332
modernc.org/memory v1.9.1 // indirect
@@ -361,3 +350,6 @@ replace github.com/gballet/go-verkle => github.com/envestcc/go-verkle v0.0.0-202
361350
replace github.com/erigontech/erigon-snapshot => github.com/ledgerwatch/erigon-snapshot v1.3.1-0.20240805114253-42da880260bb
362351

363352
replace github.com/ethereum/go-ethereum/crypto/secp256k1 => github.com/erigontech/secp256k1 v1.1.0
353+
354+
// Fix for go-libutp compatibility with GCC 15+
355+
replace github.com/anacrolix/go-libutp => github.com/anacrolix/go-libutp v0.0.0-20251121015447-f294e5ed5b4d

0 commit comments

Comments
 (0)