From c75649557f35367f490d0ec24995552c95f1e91c Mon Sep 17 00:00:00 2001
From: Xavier Coulon <xcoulon@redhat.com>
Date: Tue, 9 Dec 2025 12:20:48 +0000
Subject: [PATCH 1/2] govulncheck-action: run from Container image

see https://github.com/codeready-toolchain/toolchain-cicd/pull/159

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>
---
 .github/workflows/govulncheck.yml        |  7 +++---
 .github/workflows/test-with-coverage.yml |  2 +-
 .govulncheck.yaml                        | 28 +++++++++++++++++-------
 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 013ae2114..17092272d 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -14,8 +14,7 @@ jobs:
       uses: actions/checkout@v6
 
     - name: Run govulncheck
-      uses: codeready-toolchain/toolchain-cicd/govulncheck-action@master
+      uses: xcoulon/toolchain-cicd/govulncheck-action@govulncheck_dockerfile
       with:
-        go-version-file: go.mod
-        cache: false
-        config: .govulncheck.yaml 
\ No newline at end of file
+        config: .govulncheck.yaml 
+        debug: true # optional (default = false)
\ No newline at end of file
diff --git a/.github/workflows/test-with-coverage.yml b/.github/workflows/test-with-coverage.yml
index 29ff38dec..8a4611c4f 100644
--- a/.github/workflows/test-with-coverage.yml
+++ b/.github/workflows/test-with-coverage.yml
@@ -25,7 +25,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v6
       with:
-        go-version file: go.mod
+        go-version-file: go.mod
 
     - name: generate
       run: |
diff --git a/.govulncheck.yaml b/.govulncheck.yaml
index bf1fb96ab..5b2fe040f 100644
--- a/.govulncheck.yaml
+++ b/.govulncheck.yaml
@@ -4,46 +4,58 @@ ignored-vulnerabilities:
   # Fixed in: crypto/x509@go1.24.8
   - id: GO-2025-4013
     info: https://pkg.go.dev/vuln/GO-2025-4013
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Lack of limit when parsing cookies can cause memory exhaustion in net/http
   # Found in: net/http@go1.23.12
   # Fixed in: net/http@go1.24.8
   - id: GO-2025-4012
     info: https://pkg.go.dev/vuln/GO-2025-4012
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Parsing DER payload can cause memory exhaustion in encoding/asn1
   # Found in: encoding/asn1@go1.23.12
   # Fixed in: encoding/asn1@go1.24.8
   - id: GO-2025-4011
     info: https://pkg.go.dev/vuln/GO-2025-4011
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Insufficient validation of bracketed IPv6 hostnames in net/url
   # Found in: net/url@go1.23.12
   # Fixed in: net/url@go1.24.8
   - id: GO-2025-4010
     info: https://pkg.go.dev/vuln/GO-2025-4010
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Quadratic complexity when parsing some invalid inputs in encoding/pem
   # Found in: encoding/pem@go1.23.12
   # Fixed in: encoding/pem@go1.24.8
   - id: GO-2025-4009
     info: https://pkg.go.dev/vuln/GO-2025-4009
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # ALPN negotiation error contains attacker controlled information in crypto/tls
   # Found in: crypto/tls@go1.23.12
   # Fixed in: crypto/tls@go1.24.8
   - id: GO-2025-4008
     info: https://pkg.go.dev/vuln/GO-2025-4008
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Quadratic complexity when checking name constraints in crypto/x509
   # Found in: crypto/x509@go1.23.12
   # Fixed in: crypto/x509@go1.24.9
   - id: GO-2025-4007
     info: https://pkg.go.dev/vuln/GO-2025-4007
-    silence-until: 2025-12-03
+    silence-until: 2026-01-03
   # Excessive CPU consumption in ParseAddress in net/mail
   # Found in: net/mail@go1.23.12
   # Fixed in: net/mail@go1.24.8
   - id: GO-2025-4006
     info: https://pkg.go.dev/vuln/GO-2025-4006
-    silence-until: 2025-12-03
\ No newline at end of file
+    silence-until: 2026-01-03
+  # Excessive resource consumption when printing error string for host certificate validation in crypto/x509
+  # Found in: crypto/x509@go1.23.12
+  # Fixed in: crypto/x509@go1.24.11
+  - id: GO-2025-4155
+    info: https://pkg.go.dev/vuln/GO-2025-4155
+    silence-until: 2026-01-03
+  # Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
+  # Found in: crypto/x509@go1.23.12
+  # Fixed in: crypto/x509@go1.24.11
+  - id: GO-2025-4175
+    info: https://pkg.go.dev/vuln/GO-2025-4175
+    silence-until: 2026-01-03
\ No newline at end of file

From aca72861402a1b9deff35ec0cd657ed80bb3540e Mon Sep 17 00:00:00 2001
From: Xavier Coulon <xcoulon@redhat.com>
Date: Wed, 10 Dec 2025 10:55:00 +0100
Subject: [PATCH 2/2] update link to action

Signed-off-by: Xavier Coulon <xcoulon@redhat.com>
---
 .github/workflows/govulncheck.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
index 17092272d..f640442b7 100644
--- a/.github/workflows/govulncheck.yml
+++ b/.github/workflows/govulncheck.yml
@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v6
 
     - name: Run govulncheck
-      uses: xcoulon/toolchain-cicd/govulncheck-action@govulncheck_dockerfile
+      uses: codeready-toolchain/toolchain-cicd/govulncheck-action@master
       with:
         config: .govulncheck.yaml 
         debug: true # optional (default = false)
\ No newline at end of file