Overview
There are vulnerable packages in the pip dependencies that are defined by requirements.txt
It should contain:
- cytools>=0.12.3
- click>=8.1.3
- pathspec>=0.12.1
- black>=24.2.0
- attrs>=23.2.0
- vyper>=0.3.10rc4 # not directly required, pinned by Snyk to avoid a vulnerability
- eth-brownie>=1.20.2
- brownie-token-tester>=0.1.0
- flake8>=3.8.4
- isort>=5.7.0
Since curve deals with a lot of money, there should be a focus on fixing known vulnerabilities quickly.
Static code analysis scanners like snyk.io should be used for this purpose.
Overview
There are vulnerable packages in the pip dependencies that are defined by requirements.txt
It should contain:
Since curve deals with a lot of money, there should be a focus on fixing known vulnerabilities quickly.
Static code analysis scanners like snyk.io should be used for this purpose.