Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update devbox and turn off govulncheck #57

Merged
merged 1 commit into from
May 18, 2024

Conversation

nieomylnieja
Copy link
Owner

govulncheck reports tend to block merges even when vulnerability has been already present in the current version of the code, most of the time detected in the Go code itself.
Due to the fact that we're not always able to bump the version of Go to the latest patch OR there the vulnerability might not yet have a patch version, I decided to turn it off and only run it on schedule, but not block merges with it.
For code based vulns we have both the linter and gosec anyway.

@nieomylnieja nieomylnieja merged commit b78ae64 into main May 18, 2024
1 check passed
@nieomylnieja nieomylnieja deleted the upgrade-devbox-packages branch May 18, 2024 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant