From 2e0ce7960e0e46fc43018e355a9ac73b4287198f Mon Sep 17 00:00:00 2001
From: ArkaSaha30 <arkasaha30@gmail.com>
Date: Wed, 8 May 2024 17:01:24 +0530
Subject: [PATCH] Bump govulncheck version to 1.1.0

This commit will bump govulncheck version
1.0.1 -> 1.1.0

Additionally, handle govulncheck exit code returned

It will handle the govulncheck exit code returned
which returning 3 instead of 0 with the new v1.1.0
by adding `|| true` so that the verify job does not
fail but logs the go vulnerability found.

Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
---
 hack/verify-govulncheck.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hack/verify-govulncheck.sh b/hack/verify-govulncheck.sh
index 6502c35c298..e58eb6d9802 100755
--- a/hack/verify-govulncheck.sh
+++ b/hack/verify-govulncheck.sh
@@ -27,7 +27,7 @@ kube::util::ensure_clean_working_dir
 # This sets up the environment, like GOCACHE, which keeps the worktree cleaner.
 kube::golang::setup_env
 
-go install golang.org/x/vuln/cmd/govulncheck@v1.0.1
+go install golang.org/x/vuln/cmd/govulncheck@v1.1.0
 
 # KUBE_VERIFY_GIT_BRANCH is populated in verify CI jobs
 BRANCH="${KUBE_VERIFY_GIT_BRANCH:-master}"
@@ -40,9 +40,9 @@ git worktree add -f "${WORKTREE}" "${BRANCH}"
 # Clean up the copy on exit
 kube::util::trap_add "git worktree remove -f ${WORKTREE}" EXIT
 
-govulncheck -scan module ./... > "${KUBE_TEMP}/head.txt"
+govulncheck -scan package ./... > "${KUBE_TEMP}/head.txt" || true
 pushd "${WORKTREE}" >/dev/null
-  govulncheck -scan module ./... > "${KUBE_TEMP}/pr-base.txt"
+  govulncheck -scan package ./... > "${KUBE_TEMP}/pr-base.txt" || true
 popd >/dev/null
 
 echo -e "\n HEAD: $(cat "${KUBE_TEMP}"/head.txt)"