mirror of
https://github.com/sourcegraph/sourcegraph.git
synced 2026-02-06 19:51:50 +00:00
11e13d6583
We had multiple CVEs reported for these dependencies. I don't think this affected us in practice, but this is a step towards a clean scan from trivy. I updated to the minimum version which supports the fix. go get github.com/moby/buildkit@v0.12.5 go get github.com/docker/docker@v24.0.7 go get -u github.com/crewjam/saml In the case of code.gitea.io/gitea@v1.18.0/modules/hostmatcher we couldn't update it due to lots of issues popping up in random transitive dependencies. However, we don't depend on the whole gitea project, rather just a tiny self contained package in it. So we vendor it in. Test Plan: CI and "trivy fs go.mod" reporting no issues. |
||
|---|---|---|
| .. | ||
| BUILD.bazel | ||
| hostmatcher_test.go | ||
| hostmatcher.go | ||
| http.go | ||
| LICENSE | ||
| README.md | ||
This is a vendored copy of the MIT licensed code code.gitea.io/gitea@v1.18.0/modules/hostmatcher
This was done since depending on the full gitea source code created issues in tracking dependencies due to the large number of deps that change in the gitea project. In particular we had trouble updating and resolving a CVE from the dependency.