NO-JIRA: Bump gitignore dependency#2303
Conversation
joelanford/ignore pulls in a vulnerable version of go-git. Vulnerable code isn't in the execution path, but gets flagged in security scans. See https://redhat.atlassian.net/browse/OCPBUGS-97660 Updating ignore dependency to latest, which pulls in a non-vulnerable go-git and doesn't trip security scans.
|
@rh-roman: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Caution Review failedAn error occurred during the review process. Please try again later. WalkthroughThis change updates four indirect Go module dependency versions in go.mod: joelanford/ignore, golang.org/x/net, go-git/go-billy and go-git/v5, and golang.org/x/exp, without altering any exported or public entities. ChangesDependency updates
Estimated code review effort: 1 (Trivial) | ~3 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Tools execution failed with the following error: Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error) Comment |
|
/lgtm |
|
@atiratree: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: atiratree, rh-roman The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@rh-roman: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
joelanford/ignorepulls in a vulnerable version of go-git. Vulnerablecode isn't in the execution path, but gets flagged in security scans.
See https://redhat.atlassian.net/browse/OCPBUGS-97660
Updating ignore dependency to latest, which pulls in a non-vulnerable
go-git and doesn't trip security scans.
Summary by CodeRabbit