diff --git a/.github/workflows/pr-extra.yml b/.github/workflows/pr-extra.yml deleted file mode 100644 index 83b6ca24c064..000000000000 --- a/.github/workflows/pr-extra.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Extra -on: - push: - branches: - - master - pull_request: - -jobs: - vulns: - name: Vulnerability scanner - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - # https://github.com/actions/setup-go#supported-version-syntax - # ex: - # - 1.18beta1 -> 1.18.0-beta.1 - # - 1.18rc1 -> 1.18.0-rc.1 - go-version: '1.23' - - name: Run go list - run: go list -json -m all > go.list - - name: Nancy - uses: sonatype-nexus-community/nancy-github-action@v1.0.3 diff --git a/.nancy-ignore b/.nancy-ignore deleted file mode 100644 index df03f6fd9631..000000000000 --- a/.nancy-ignore +++ /dev/null @@ -1,39 +0,0 @@ -# Skip for indirect dependency github.com/coreos/etcd@3.3.13 -CVE-2020-15114 -CVE-2020-15115 -CVE-2020-15136 - -# Skip for indirect dependency github.com/gogo/protobuf@1.3.1 -CVE-2021-3121 - -# Skip for indirect dependency github.com/dgrijalva/jwt-go@3.2.0 -CVE-2020-26160 - -# Skip for indirect dependencies: -# golang/github.com/hashicorp/consul/api@v1.12.0 -# golang/github.com/hashicorp/consul/sdk@v0.8.0 -CVE-2022-29153 -CVE-2022-24687 -CVE-2021-41803 - -# Skip for indirect dependencies golang/github.com/valyala/fasthttp@v1.30.0 -CVE-2022-21221 - -# Skip for indirect dependencies golang/golang.org/x/net -CVE-2022-41723 -CVE-2023-3978 - -# Skip for indirect dependencies golang/google.golang.org/grpc@v1.46.2 -CVE-2023-32731 - -# Skip for indirect dependencies golang/golang.org/x/crypto@v0.14.0 -CVE-2023-48795 - -# Skip for indirect dependencies github.com/jackc/pgproto3 - github.com/jackc/pgx -CVE-2024-27304 - -# Skip for indirect dependencies golang/google.golang.org/protobuf -CVE-2024-24786 - -# Skip for indirect dependencies golang/golang.org/x/net@v0.28.0 -CVE-2024-8421