Skip to content

proposal: remove govulncheck CI job #4945

Closed
#4946
Closed
proposal: remove govulncheck CI job#4945
#4946
Labels
ciContinuous integration-relatedgoPull requests that update Go coderfcRequest for comments
@melekes

Description

@melekes
melekes
opened on Feb 10, 2025

Undoubtedly, govulncheck is helpful for node operators and app devs who want to ensure their apps are secure. But it doesn't make much sense for CometBFT - a library (even if it's run as a separate binary and ABCI communicates with it via sockets).

govulncheck forces CometBFT to bump the min Go version (MSRV), which applies upstream pressure on app devs and node operators. The argument is that node operators and app devs should themselves watch over Go vulnerabilities and bump the Go version accordingly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ciContinuous integration-relatedgoPull requests that update Go coderfcRequest for comments

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions