Bump govulncheck version to 1.1.0

This commit will bump govulncheck version 1.0.1 -> 1.1.0 Additionally, handle govulncheck exit code returned It will handle the govulncheck exit code returned which returning 3 instead of 0 with the new v1.1.0 by adding `|| true` so that the verify job does not fail but logs the go vulnerability found. Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
2025-07-28 14:07:14 +00:00 · 2024-05-08 17:01:24 +05:30 · 2024-05-08 17:01:24 +05:30 · 2e0ce7960e
commit 2e0ce7960e
parent 027f346f60
1 changed files with 3 additions and 3 deletions
--- a/hack/verify-govulncheck.sh
+++ b/hack/verify-govulncheck.sh
@ -27,7 +27,7 @@ kube::util::ensure_clean_working_dir
 # This sets up the environment, like GOCACHE, which keeps the worktree cleaner.
 kube::golang::setup_env

-go install golang.org/x/vuln/cmd/govulncheck@v1.0.1
+go install golang.org/x/vuln/cmd/govulncheck@v1.1.0

 # KUBE_VERIFY_GIT_BRANCH is populated in verify CI jobs
 BRANCH="${KUBE_VERIFY_GIT_BRANCH:-master}"
@ -40,9 +40,9 @@ git worktree add -f "${WORKTREE}" "${BRANCH}"
 # Clean up the copy on exit
 kube::util::trap_add "git worktree remove -f ${WORKTREE}" EXIT

-govulncheck -scan module ./... > "${KUBE_TEMP}/head.txt"
+govulncheck -scan package ./... > "${KUBE_TEMP}/head.txt" || true
 pushd "${WORKTREE}" >/dev/null
-  govulncheck -scan module ./... > "${KUBE_TEMP}/pr-base.txt"
+  govulncheck -scan package ./... > "${KUBE_TEMP}/pr-base.txt" || true
 popd >/dev/null

 echo -e "\n HEAD: $(cat "${KUBE_TEMP}"/head.txt)"