From 8659611d679e28d940d2fe29bf4197d8378d9c79 Mon Sep 17 00:00:00 2001
From: Ludovic Fernandez <ldez@users.noreply.github.com>
Date: Sun, 29 Sep 2024 20:39:02 +0200
Subject: [PATCH] dev: remove Nancy (#5047)

---
 .github/workflows/pr-extra.yml | 24 ---------------------
 .nancy-ignore                  | 39 ----------------------------------
 2 files changed, 63 deletions(-)
 delete mode 100644 .github/workflows/pr-extra.yml
 delete mode 100644 .nancy-ignore

diff --git a/.github/workflows/pr-extra.yml b/.github/workflows/pr-extra.yml
deleted file mode 100644
index 83b6ca24..00000000
--- a/.github/workflows/pr-extra.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-name: Extra
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-
-jobs:
-  vulns:
-    name: Vulnerability scanner
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          # https://github.com/actions/setup-go#supported-version-syntax
-          # ex:
-          # - 1.18beta1 -> 1.18.0-beta.1
-          # - 1.18rc1 -> 1.18.0-rc.1
-          go-version: '1.23'
-      - name: Run go list
-        run: go list -json -m all > go.list
-      - name: Nancy
-        uses: sonatype-nexus-community/nancy-github-action@v1.0.3
diff --git a/.nancy-ignore b/.nancy-ignore
deleted file mode 100644
index df03f6fd..00000000
--- a/.nancy-ignore
+++ /dev/null
@@ -1,39 +0,0 @@
-# Skip for indirect dependency github.com/coreos/etcd@3.3.13
-CVE-2020-15114
-CVE-2020-15115
-CVE-2020-15136
-
-# Skip for indirect dependency github.com/gogo/protobuf@1.3.1
-CVE-2021-3121
-
-# Skip for indirect dependency github.com/dgrijalva/jwt-go@3.2.0
-CVE-2020-26160
-
-# Skip for indirect dependencies:
-# golang/github.com/hashicorp/consul/api@v1.12.0
-# golang/github.com/hashicorp/consul/sdk@v0.8.0
-CVE-2022-29153
-CVE-2022-24687
-CVE-2021-41803
-
-# Skip for indirect dependencies golang/github.com/valyala/fasthttp@v1.30.0
-CVE-2022-21221
-
-# Skip for indirect dependencies golang/golang.org/x/net
-CVE-2022-41723
-CVE-2023-3978
-
-# Skip for indirect dependencies golang/google.golang.org/grpc@v1.46.2
-CVE-2023-32731
-
-# Skip for indirect dependencies golang/golang.org/x/crypto@v0.14.0
-CVE-2023-48795
-
-#  Skip for indirect dependencies github.com/jackc/pgproto3 - github.com/jackc/pgx
-CVE-2024-27304
-
-# Skip for indirect dependencies golang/google.golang.org/protobuf
-CVE-2024-24786
-
-# Skip for indirect dependencies golang/golang.org/x/net@v0.28.0
-CVE-2024-8421