status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
21,333 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Michael Zalimeni 86b0818c1f
[NET-8601] security: upgrade vault/api to remove go-jose.v2 (#20910) 
security: upgrade vault/api to remove go-jose.v2

This dependency has an open vulnerability (GO-2024-2631), and is no
longer needed by the latest `vault/api`. This is a follow-up to the
upgrade of `go-jose/v3` in this repository to make all our dependencies
consolidate on v3.

Also remove the recently added security scan triage block for
GO-2024-2631, which was added due to incorrect reports that
`go-jose/v3@3.0.3` was impacted; in reality, is was this indirect
client dependency (not impacted by CVE) that the scanner was flagging. A
bug report has been filed to address the incorrect reporting.
 2024-05-04 00:18:51 +00:00
Michael Zalimeni 159fcfb2fa
security: ignore test and internal tool modules (#20963) 2024-04-08 17:30:04 -04:00
Michael Zalimeni cc959dcdf4
security: triage false positive for go-jose/v3 (#20901) 
Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
 2024-03-26 21:27:50 +00:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978) 
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
 2023-12-21 15:11:05 +00:00