dev: remove Nancy (#5047)

This commit is contained in:
Ludovic Fernandez 2024-09-29 20:39:02 +02:00 committed by GitHub
parent 3ed307e113
commit 8659611d67
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 0 additions and 63 deletions

View File

@ -1,24 +0,0 @@
name: Extra
on:
push:
branches:
- master
pull_request:
jobs:
vulns:
name: Vulnerability scanner
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
# https://github.com/actions/setup-go#supported-version-syntax
# ex:
# - 1.18beta1 -> 1.18.0-beta.1
# - 1.18rc1 -> 1.18.0-rc.1
go-version: '1.23'
- name: Run go list
run: go list -json -m all > go.list
- name: Nancy
uses: sonatype-nexus-community/nancy-github-action@v1.0.3

View File

@ -1,39 +0,0 @@
# Skip for indirect dependency github.com/coreos/etcd@3.3.13
CVE-2020-15114
CVE-2020-15115
CVE-2020-15136
# Skip for indirect dependency github.com/gogo/protobuf@1.3.1
CVE-2021-3121
# Skip for indirect dependency github.com/dgrijalva/jwt-go@3.2.0
CVE-2020-26160
# Skip for indirect dependencies:
# golang/github.com/hashicorp/consul/api@v1.12.0
# golang/github.com/hashicorp/consul/sdk@v0.8.0
CVE-2022-29153
CVE-2022-24687
CVE-2021-41803
# Skip for indirect dependencies golang/github.com/valyala/fasthttp@v1.30.0
CVE-2022-21221
# Skip for indirect dependencies golang/golang.org/x/net
CVE-2022-41723
CVE-2023-3978
# Skip for indirect dependencies golang/google.golang.org/grpc@v1.46.2
CVE-2023-32731
# Skip for indirect dependencies golang/golang.org/x/crypto@v0.14.0
CVE-2023-48795
# Skip for indirect dependencies github.com/jackc/pgproto3 - github.com/jackc/pgx
CVE-2024-27304
# Skip for indirect dependencies golang/google.golang.org/protobuf
CVE-2024-24786
# Skip for indirect dependencies golang/golang.org/x/net@v0.28.0
CVE-2024-8421