Closed jkeys089 closed 1 year ago
/gcbrun
@dashpole I think the staticcheck step is failing due to an issue unrelated to this PR. Should we try to fix that in a separate PR or is it OK to ignore?
Edit: Actually, I just noticed you have golangci-lint which includes the checks from staticcheck. Perhaps we should just remove the redundant staticcheck step?
Yeah, looks like it is OK to ignore that.
@dashpole thanks for the quick review! As a followup question: is there a schedule for tagging new releases?
What
Why
To mitigate vulnerabilities reported by osv-scanner
Notes
We're not actually affected by the vulnerabilities listed above but it does create indirect dependencies that are flagged in downstream projects.