-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add nancy #184
ci: add nancy #184
Conversation
We could move this to the |
@jeinfeldt please check the scheduled trigger and try to do a go get on etcd to override the vuln dependency |
dda9c29
to
c1f92a2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
very nice, thanks!
Hello,
we would benefit from using Nancy to check our dependencies.
@tessig opened a PR for this previously #69
before
go.mod
was fully supported.Since flamingo does not use travis anymore for CI, lets try with github actions.
Workflow suggested by: https://github.com/marketplace/actions/nancy-for-github-actions
For now I would suggest to only do this on PR, as we would otherwise break the CI on master.
After all vulnerabilities are fixed, we can adjust the behaviour.
Of course we can discuss how to integrate this workflow / naming things.
The current vulnerability is related to
spf13/viper#957
If we decide to merge this closes #69