-
Notifications
You must be signed in to change notification settings - Fork 808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add govulncheck and dependency-review to CI workflow #1786
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
We should wait to merge this until we fix the vulnerabilities govulncheck is helping us find? |
Signed-off-by: Eddie Torres <[email protected]>
@AndrewSirenko Green now. The driver's container image is based on the Go version specified in the Dockerfile, which defaults to using the latest patch version of the minor version used, The http related vulnerability in Go's standard lib is fixed in the latest patch release for 1.21. Bumped up the Go version in the Dockerfile -- new builds will reference 1.21.3 which fixes the CVE. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: AndrewSirenko The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
/lgtm |
What is this PR about? / Why do we need it?
This PR adds govulncheck and dependency-review-action CI checks for pull request events.
What testing is done?
CI