Description Summary
CI govulncheck flags multiple stdlib vulnerabilities (GO-2025-4013/4012/4011/4010/4009/4008/4007/3956/3751/3750/3563/3447) on Go 1.22.12.
go-ethereum v1.10.19 is also flagged (GO-2024-2819). We currently mark govulncheck informational.
Scope
Raise Go to a patched release (>=1.24.8/1.24.9 once available, or latest LTS with fixes).
Bump github.com/ethereum/go-ethereum to a fixed version (>=v1.13.15 or newer stable).
Regenerate code if required, and update any breaking API changes.
Tasks
Update actions/setup-go and go.mod/go.sum to the target Go version.
Upgrade go-ethereum dependency and fix any compilation changes.
Run go mod tidy, go generate ./.../gen (if needed), go vet ./..., go test ./....
Re-enable blocking govulncheck (remove continue-on-error) and ensure it passes.
Update CHANGELOG.md with the upgrade note.
Acceptance Criteria
CI green with govulncheck passing without findings.
Code builds and tests pass on the new Go and go-ethereum versions.
Changelog documents the upgrades.
Reactions are currently unavailable
You can’t perform that action at this time.
Summary
Scope
github.com/ethereum/go-ethereumto a fixed version (>=v1.13.15 or newer stable).Tasks
actions/setup-goandgo.mod/go.sumto the target Go version.go mod tidy,go generate ./.../gen(if needed),go vet ./...,go test ./....continue-on-error) and ensure it passes.CHANGELOG.mdwith the upgrade note.Acceptance Criteria