⬆️ Bump github.com/docker/docker from 25.0.6+incompatible to 27.4.0+incompatible in /core #1016
dependabot[bot]ci.yml
on: pull_request
code-quality
9m 36s
Matrix: test
Annotations
11 errors and 12 warnings
|
test (ubuntu-latest):
core/container.go#L250
undefined: types.ImagePullOptions
|
|
test (ubuntu-latest):
core/container.go#L265
undefined: types.ImagePullOptions
|
|
test (ubuntu-latest)
Process completed with exit code 1.
|
|
test (windows-latest)
The job was canceled because "ubuntu-latest" failed.
|
|
test (windows-latest):
core/container.go#L250
undefined: types.ImagePullOptions
|
|
test (windows-latest):
core/container.go#L265
undefined: types.ImagePullOptions
|
|
test (windows-latest)
The operation was canceled.
|
|
test (macos-latest)
The job was canceled because "ubuntu-latest" failed.
|
|
test (macos-latest)
The operation was canceled.
|
|
code-quality
undefined: types.ImagePullOptions
|
|
code-quality
undefined: types.ImagePullOptions
|
|
test (ubuntu-latest)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
Constant condition:
platform/configurator.go#L196
Condition is always true
|
|
Constant condition:
core/container.go#L320
Condition is always true
|
|
Constant condition:
cloud/endpoints.go#L210
Condition is always false
|
|
Constant condition:
platform/ext_bitbucket.go#L155
Condition is always true
|
|
Error may be not nil:
platform/eap.go#L34
`buildDate` might have `nil` or other unexpected value as its corresponding error variable might be not `nil`
|
|
Potential nil dereference:
core/installers.go#L167
Method call `err.Error()` might lead to a nil pointer dereference
|
|
Potential nil dereference:
platform/cmd/scan.go#L40
Potential nil pointer dereference
|
|
Vulnerable declared dependency:
platform/go.mod#L59
Dependency go:golang.org/x/crypto:v0.24.0 is vulnerable , safe version 0.31.0
* [GHSA-v778-237x-gjrc](https://osv.dev/vulnerability/GHSA-v778-237x-gjrc) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
* [GO-2024-3321](https://osv.dev/vulnerability/GO-2024-3321) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Results powered by [OSV](https://osv.dev/)
|
|
Vulnerable declared dependency:
core/go.mod#L89
Dependency go:golang.org/x/crypto:v0.24.0 is vulnerable , safe version 0.31.0
* [GHSA-v778-237x-gjrc](https://osv.dev/vulnerability/GHSA-v778-237x-gjrc) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
* [GO-2024-3321](https://osv.dev/vulnerability/GO-2024-3321) 8.0 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Results powered by [OSV](https://osv.dev/)
|
|
code-quality
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
code-quality
Input 'use-nightly' has been deprecated with message: This option is for development purposes only. Do not use it in production.
|
Artifacts
Produced during runtime
| Name | Size | |
|---|---|---|
|
qodana-artifacts
|
2.7 MB |
|
|
qodana-report
|
2.67 MB |
|