Skip to content

chore(ci): added govulncheck, bump transitive deps#96

Merged
petruki merged 3 commits into
masterfrom
staging
Jul 1, 2026
Merged

chore(ci): added govulncheck, bump transitive deps#96
petruki merged 3 commits into
masterfrom
staging

Conversation

@petruki

@petruki petruki commented Jul 1, 2026

Copy link
Copy Markdown
Member

This pull request introduces automated Go vulnerability checks to the CI/CD workflow and updates some indirect dependencies. The main goal is to improve security by integrating govulncheck into build, release, and code quality pipelines, and to provide Makefile targets for running vulnerability checks locally.

Security and CI/CD improvements:

  • Added a "Vulnerability Check" step using golang/govulncheck-action@v1 to the master.yml, release.yml, and sonar.yml GitHub Actions workflows to automatically scan for known Go vulnerabilities during CI/CD runs. [1] [2] [3]
  • Updated the Makefile to add vulncheck-install and vulncheck targets, allowing developers to install and run govulncheck locally. [1] [2]

Dependency updates:

  • Bumped indirect dependencies: github.com/klauspost/compress to v1.19.0 and github.com/klauspost/cpuid/v2 to v2.4.0 in go.mod.

@petruki petruki added this to the v1.0.1 milestone Jul 1, 2026
@petruki petruki self-assigned this Jul 1, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

@petruki petruki merged commit 4154ef3 into master Jul 1, 2026
5 checks passed
@petruki petruki deleted the staging branch July 1, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant