chore(deps): update module github.com/docker/cli to v26.1.4+incompatible #1170
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Nancy 3p Vulnerability Scan | |
| on: | |
| push: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| jobs: | |
| nancy: | |
| name: Run nancy to identify 3p go vulnerabilities | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up git repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Set up Go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 | |
| with: | |
| go-version: '1.22' | |
| - name: Write go.list | |
| run: | | |
| go list -json -deps ./... | jq 'select(. | tostring | test("helm|apiserver"; "i") | not)' > go.list | |
| # We are excluding helm dependencies and apiserver from the go.list file for now | |
| # because they are noisy and some of them are not fixed in the latest version. | |
| # We will revisit this in the future: | |
| # run: go list -json -deps ./... > go.list | |
| - name: Run nancy to check for vulnerabilities | |
| uses: sonatype-nexus-community/nancy-github-action@main |