Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix go lockfile generation #1246

Merged
merged 2 commits into from
Oct 5, 2023
Merged

Fix go lockfile generation #1246

merged 2 commits into from
Oct 5, 2023

Conversation

cd-work
Copy link
Contributor

@cd-work cd-work commented Oct 4, 2023

While lockfile generation was already implemented, it was never actually enabled in the lockfile crate. This patch enables the Go generator, which has been tested both with workspaces and normal go projects.

@cd-work cd-work requested a review from a team as a code owner October 4, 2023 11:19
@cd-work cd-work requested a review from kylewillmon October 4, 2023 11:19
@phylum-io
Copy link

phylum-io bot commented Oct 4, 2023

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: webpki@0.22.1 failed.

webpki@0.22.1 is vulnerable to webpki: CPU denial of service in certificate path building

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

@cd-work
Fix go lockfile generation
6727fbe 
While lockfile generation was already implemented, it was never actually
enabled in the `lockfile` crate. This patch enables the Go generator,
which has been tested both with workspaces and normal go projects.
@maxrake
Copy link
Contributor

maxrake commented Oct 4, 2023

It is kind of odd how the Phylum GitHub App reported no dependency changes in this PR but still put a comment on it showing a (new) high vulnerability finding for the webpki@0.22.1 package.

@cd-work cd-work merged commit 4f082d7 into main Oct 5, 2023
13 checks passed
@cd-work cd-work deleted the go_workspaces branch October 5, 2023 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylewillmon kylewillmon kylewillmon approved these changes

Assignees

@cd-work cd-work

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cd-work @maxrake @kylewillmon