[cherrypick] 253 introducing pom for internal dependencies #2110
boneplci.yml
on: pull_request
code-quality
7m 42s
Matrix: test
Annotations
1 error, 22 warnings, and 15 notices
|
Check dependency licenses:
clang/go.mod#L0
Transitive dependency: 'github.com/juju/loggo' ('v0.0.0-20190526231331-6e530bcce5d8') 'LGPL-3.0-only' license is in the prohibited licenses list with project license 'Apache-2.0'
|
|
Check dependency licenses:
clang/go.mod#L0
Transitive dependency: 'github.com/bmizerany/assert' ('v0.0.0-20160611221934-b7ed37b82869') licenses cannot be recognized
|
|
Check dependency licenses:
clang/go.mod#L0
Transitive dependency: 'github.com/juju/loggo' ('v0.0.0-20190526231331-6e530bcce5d8') 'LGPL-3.0-linking-exception' is not in the allowed or the prohibited licenses lists with project license 'Apache-2.0'
|
|
Potential resource leak:
core/container.go#L80
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/utils/cmd.go#L140
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/qdcontainer/container.go#L63
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/utils/utils.go#L163
Potential resource leak: ensure `resp.Body` is closed on all execution paths
|
|
Potential resource leak:
platform/embed.go#L153
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/qdcontainer/container.go#L46
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/utils/utils.go#L139
Potential resource leak: ensure `resp.Body` is closed on all execution paths
|
|
Potential resource leak:
platform/qdcontainer/container.go#L108
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Potential resource leak:
platform/commoncontext/common.go#L358
Potential resource leak: ensure `resp.Body` is closed on all execution paths
|
|
Potential resource leak:
core/container.go#L263
Potential resource leak: ensure the resource is closed on all execution paths
|
|
Unhandled error:
core/contributors_mailmap_test.go#L87
Unhandled error
|
|
Vulnerable declared dependency:
cmd/go.mod#L119
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
clang/go.mod#L122
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
cli/go.mod#L120
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
platform/go.mod#L108
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
tooling/go.mod#L40
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
cdnet/go.mod#L119
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
core/go.mod#L104
Dependency go:golang.org/x/crypto:v0.41.0 is vulnerable , safe version v0.45.0
* [CVE-2025-47913](https://www.mend.io/vulnerability-database/CVE-2025-47913?utm_source=Jetbrains) 7.5 Insufficient Information
* [CVE-2025-58181](https://www.mend.io/vulnerability-database/CVE-2025-58181?utm_source=Jetbrains) 5.3 Insufficient Information
* [CVE-2025-47914](https://www.mend.io/vulnerability-database/CVE-2025-47914?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
code-quality
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
code-quality
Input 'use-nightly' has been deprecated with message: This option is for development purposes only. Do not use it in production.
|
|
Redundant 'else' in 'if':
platform/commoncontext/common.go#L146
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/msg/output.go#L271
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
clang/clang_test.go#L65
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/git/git.go#L105
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
core/startup/installers.go#L401
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
cdnet/cdnet_test.go#L85
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/tokenloader/token_loader.go#L99
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/effectiveconfig/config.go#L255
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/commoncontext/compute.go#L309
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/commoncontext/compute.go#L298
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
clang/run.go#L65
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/commoncontext/compute.go#L320
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/commoncontext/common.go#L366
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/sarif.go#L451
Redundant 'else' in 'if'
|
|
Redundant 'else' in 'if':
platform/tokenloader/token_loader.go#L153
Redundant 'else' in 'if'
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
qodana-artifacts
|
3.48 MB |
sha256:af54a2f98d47e8e4e5cd7f4680521a89cfd06bc4df591ecedaf8b8a98052bb70
|
|
|
qodana-report
|
3.4 MB |
sha256:cfce66dfdf309aa96801b90c50598c91e2dc83512c171117679b7d79fb27a91f
|
|