Actions
Bug #19279
closed
For plugins, we need to skip CVE check on provided dependencies
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
Description
For plugins, and for reasons (#12171), we need to specify all rudder libraries and dependencies as provided (else they are included in plugins).
The exact version of the lib used can be bit of, because plugins don't use last version of rudder for ABI compat.
All that leads to false positive in CVE check in dependencies.
So we need to skip dependencies with scope "provided" in plugins (of course, the plugin own dependencies, which don't have that scope, will be checked).
Note: perhaps system properties should be skipped too, but I will let them for now, and we will see when the case arise if it's relevant.
Updated by 
Updated by 
Updated by
Actions