dev: remove Nancy (#5047)

.github/workflows/pr-extra.yml

@@ -1,24 +0,0 @@
-name: Extra
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-
-jobs:
-  vulns:
-    name: Vulnerability scanner
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          # https://github.com/actions/setup-go#supported-version-syntax
-          # ex:
-          # - 1.18beta1 -> 1.18.0-beta.1
-          # - 1.18rc1 -> 1.18.0-rc.1
-          go-version: '1.23'
-      - name: Run go list
-        run: go list -json -m all > go.list
-      - name: Nancy
-        uses: sonatype-nexus-community/nancy-github-action@v1.0.3

.nancy-ignore

@@ -1,39 +0,0 @@
-# Skip for indirect dependency github.com/coreos/etcd@3.3.13
-CVE-2020-15114
-CVE-2020-15115
-CVE-2020-15136
-
-# Skip for indirect dependency github.com/gogo/protobuf@1.3.1
-CVE-2021-3121
-
-# Skip for indirect dependency github.com/dgrijalva/jwt-go@3.2.0
-CVE-2020-26160
-
-# Skip for indirect dependencies:
-# golang/github.com/hashicorp/consul/api@v1.12.0
-# golang/github.com/hashicorp/consul/sdk@v0.8.0
-CVE-2022-29153
-CVE-2022-24687
-CVE-2021-41803
-
-# Skip for indirect dependencies golang/github.com/valyala/fasthttp@v1.30.0
-CVE-2022-21221
-
-# Skip for indirect dependencies golang/golang.org/x/net
-CVE-2022-41723
-CVE-2023-3978
-
-# Skip for indirect dependencies golang/google.golang.org/grpc@v1.46.2
-CVE-2023-32731
-
-# Skip for indirect dependencies golang/golang.org/x/crypto@v0.14.0
-CVE-2023-48795
-
-#  Skip for indirect dependencies github.com/jackc/pgproto3 - github.com/jackc/pgx
-CVE-2024-27304
-
-# Skip for indirect dependencies golang/google.golang.org/protobuf
-CVE-2024-24786
-
-# Skip for indirect dependencies golang/golang.org/x/net@v0.28.0
-CVE-2024-8421