cloudbeat icon indicating copy to clipboard operation
cloudbeat copied to clipboard
verified publisher icon elastic

Dependency review CI reports false-positive beats vulnerability

Open orestisfl opened this issue 2 years ago • 0 comments

Motivation The dependency review CI always flags go.mod updates to the elastic/beats repo as it always detects CVE-2023-49922. This probably has to do with being forced to use a v7 tag+timestamp since the go.mod file in elastic/beats is not updated to v8.

Definition of done What needs to be completed at the end of this task

  • [ ] Make CI pass

Related tasks/epics

  • https://github.com/elastic/beats/issues/31202
  • https://github.com/elastic/cloudbeat/pull/1792: Example of failing CI

orestisfl avatar Jan 09 '24 09:01 orestisfl