stable
Clone or download
Read-only
This contribution resolves 3 issues that are close to each other: * we are getting alerts for Go [1.22.0; 1.22.1] stdlib issues while we are using Go 1.22.2 * we have differences when we run `make scan-vuln-deps` locally after having built the whole stack and what the CI does * we are getting valid alerts Go stdlib for things that have been fixed in Go 1.22.3 and 1.22.4, those have no direct impact for our use cases so they will wait until Go 1.22.4 lands in nixpkgs cache Running `make scan-vuln-deps` should not yield any error locally. Closes request #38287 Adjust OSV Scanner setup to behave identically in CI and dev env and temporarily ignore Go 1.22.3+ sec issues Change-Id: I59c4b218afbe8453cac4c010487d0bd7fdcbece5
Modified Files
Name | ||||
---|---|---|---|---|
M | .gitignore | +6 | −0 | Go to diff View file |
D | plugins/mediawiki_standalone/additional-packages/mediawiki-extensions-1.35/.gitignore | +0 | −3 | Go to diff View file |
D | plugins/mediawiki_standalone/additional-packages/mediawiki-extensions-current-lts/.gitignore | +0 | −3 | Go to diff View file |
M | src/additional-packages/tuleap-mercure/go.mod | +1 | −3 | Go to diff View file |
M | tools/utils/CVE-2024-30246/.gitignore | +0 | −2 | Go to diff View file |
M | tools/utils/osv-scanner/config.toml | +17 | −0 | Go to diff View file |