Bug #19279
closed
For plugins, we need to skip CVE check on provided dependencies
Description
For plugins, and for reasons (#12171), we need to specify all rudder libraries and dependencies as provided (else they are included in plugins).
The exact version of the lib used can be bit of, because plugins don't use last version of rudder for ABI compat.
All that leads to false positive in CVE check in dependencies.
So we need to skip dependencies with scope "provided" in plugins (of course, the plugin own dependencies, which don't have that scope, will be checked).
Note: perhaps system properties should be skipped too, but I will let them for now, and we will see when the case arise if it's relevant.
Updated by François ARMAND almost 3 years ago
- Status changed from New to In progress
Updated by François ARMAND almost 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/375
Updated by François ARMAND almost 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-plugins|91cd74097de5e8f2ec8012bbf3afab189d2fd00c.
Updated by Alexis Mousset almost 3 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ almost 3 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.14 and 6.2.8 which were released today.