Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add exception to get go-vuln passing #3516

Closed
1 task
evan-forbes opened this issue May 29, 2024 · 1 comment · Fixed by #3529
Closed
1 task

Add exception to get go-vuln passing #3516

evan-forbes opened this issue May 29, 2024 · 1 comment · Fixed by #3529
Assignees
@rootulp
Labels
WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc

Comments

@evan-forbes
Copy link
Member

evan-forbes commented May 29, 2024
edited by ninabarbakadze
Loading

Description

There is rightfully a vuln in ibc v6.2, so the ci will fail. This vuln doesn't affect celestia-app since cosmwasm is not installed, therefore we can add an exception to avoid the red x in CI

Acceptance Criteria

  • go-vuln CI to passes after adding an exception to ibc v6.2.2
@evan-forbes evan-forbes added the WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc label May 29, 2024
@rootulp
Copy link
Collaborator

rootulp commented Jun 4, 2024

Doesn't seem possible to ignore a particular vulerability per

@rootulp rootulp mentioned this issue Jun 4, 2024
Merged
rootulp added a commit that referenced this issue Jun 5, 2024
@rootulp
ci: remove govulncheck (#3529)
fd4b75b 
Closes #3516
Opens #3530

This PR removes govulncheck from CI because govulncheck does not support
ignoring a particular vulnerability. Since we're on ibc-go v6.2.x which
has a vulnerability, CI will report a red X on all future PRs because
govulncheck fails. We can re-enable govulncheck when it adds support for
ignoring a particular vulnerability.
0xchainlover pushed a commit to celestia-org/celestia-app that referenced this issue Aug 1, 2024
@rootulp
ci: remove govulncheck (#3529)
8451e3a 
Closes celestiaorg/celestia-app#3516
Opens celestiaorg/celestia-app#3530

This PR removes govulncheck from CI because govulncheck does not support
ignoring a particular vulnerability. Since we're on ibc-go v6.2.x which
has a vulnerability, CI will report a red X on all future PRs because
govulncheck fails. We can re-enable govulncheck when it adds support for
ignoring a particular vulnerability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rootulp rootulp

Labels
WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: remove govulncheck rootulp/celestia-app
2 participants
@rootulp @evan-forbes