⬆️ Bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /cli #1012
dependabot[bot]ci.yml
on: pull_request
code-quality
9m 39s
Matrix: test
Annotations
19 warnings
|
test (ubuntu-latest)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
test (ubuntu-latest)
You are using an unofficial Qodana linter: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
test (ubuntu-latest)
You are running a Qodana linter without an exact version tag: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
test (ubuntu-latest)
You are using an unofficial Qodana linter: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
test (ubuntu-latest)
You are running a Qodana linter without an exact version tag: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
test (ubuntu-latest)
You are using an unofficial Qodana linter: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
test (ubuntu-latest)
You are running a Qodana linter without an exact version tag: registry.jetbrains.team/p/sa/containers/qodana-dotnet:latest
|
|
Constant condition:
platform/configurator.go#L196
Condition is always true
|
|
Constant condition:
core/container.go#L320
Condition is always true
|
|
Constant condition:
cloud/endpoints.go#L210
Condition is always false
|
|
Constant condition:
platform/ext_bitbucket.go#L155
Condition is always true
|
|
Error may be not nil:
platform/eap.go#L34
`buildDate` might have `nil` or other unexpected value as its corresponding error variable might be not `nil`
|
|
Potential nil dereference:
core/installers.go#L167
Method call `err.Error()` might lead to a nil pointer dereference
|
|
Potential nil dereference:
platform/cmd/scan.go#L40
Potential nil pointer dereference
|
|
Vulnerable declared dependency:
platform/go.mod#L59
Dependency go:golang.org/x/crypto:v0.24.0 is vulnerable , safe version 0.31.0
* [GO-2024-3321](https://osv.dev/vulnerability/GO-2024-3321) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
* [GHSA-v778-237x-gjrc](https://osv.dev/vulnerability/GHSA-v778-237x-gjrc) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Results powered by [OSV](https://osv.dev/)
|
|
Vulnerable declared dependency:
core/go.mod#L88
Dependency go:golang.org/x/crypto:v0.24.0 is vulnerable , safe version 0.31.0
* [GO-2024-3321](https://osv.dev/vulnerability/GO-2024-3321) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
* [GHSA-v778-237x-gjrc](https://osv.dev/vulnerability/GHSA-v778-237x-gjrc) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Results powered by [OSV](https://osv.dev/)
|
|
Vulnerable declared dependency:
cmd/go.mod#L104
Dependency go:golang.org/x/crypto:v0.26.0 is vulnerable , safe version 0.31.0
* [GHSA-v778-237x-gjrc](https://osv.dev/vulnerability/GHSA-v778-237x-gjrc) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
* [GO-2024-3321](https://osv.dev/vulnerability/GO-2024-3321) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Results powered by [OSV](https://osv.dev/)
|
|
code-quality
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
code-quality
Input 'use-nightly' has been deprecated with message: This option is for development purposes only. Do not use it in production.
|
Artifacts
Produced during runtime
| Name | Size | |
|---|---|---|
|
qodana-artifacts
|
2.7 MB |
|
|
qodana-report
|
2.66 MB |
|