Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to latest Brownie and other packages #191

Open
Hg347 opened this issue Apr 6, 2024 · 2 comments
Open

Update to latest Brownie and other packages #191

Hg347 opened this issue Apr 6, 2024 · 2 comments

Comments

@Hg347
Copy link

Hg347 commented Apr 6, 2024

Overview

There are vulnerable packages in the pip dependencies that are defined by requirements.txt
It should contain:

  • cytools>=0.12.3
  • click>=8.1.3
  • pathspec>=0.12.1
  • black>=24.2.0
  • attrs>=23.2.0
  • vyper>=0.3.10rc4 # not directly required, pinned by Snyk to avoid a vulnerability
  • eth-brownie>=1.20.2
  • brownie-token-tester>=0.1.0
  • flake8>=3.8.4
  • isort>=5.7.0

Since curve deals with a lot of money, there should be a focus on fixing known vulnerabilities quickly.
Static code analysis scanners like snyk.io should be used for this purpose.
@Hg347
Copy link
Author

Hg347 commented Apr 6, 2024

Other option is to directly switch to ape framework since brownie is no longer maintained.

@Hg347
Copy link
Author

Hg347 commented Apr 7, 2024

Btw. Snyk does only analyze dependencies and python code but not vyper code. For vyper static analysis slither could be added to the build pipeline.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hg347