Skip to content

💩 (ci) Temporarily disable Trivy scan step for backend image #905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lebaudantoine merged 1 commit into from
Jan 25, 2026
Merged

💩 (ci) Temporarily disable Trivy scan step for backend image #905

lebaudantoine merged 1 commit into from
Jan 25, 2026

Conversation

@lebaudantoine
Copy link
Collaborator

@lebaudantoine lebaudantoine commented Jan 25, 2026

A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package.

A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available.

protocolbuffers/protobuf#25239

@lebaudantoine lebaudantoine marked this pull request as ready for review January 25, 2026 16:52
@lebaudantoine lebaudantoine force-pushed the fix-trivy-scan-20260994 branch from ee25745 to a818f4c Compare January 25, 2026 16:54
@lebaudantoine
💩(ci) disable temporarily Trivy scan step for backend image
ec2d392 
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed.
It affects protobuf libraries used by the livekit-api Python package.

A fix is in progress upstream, but the related PR has not yet been merged or
released. Since a release is required tonight, the Trivy scan step is
temporarily disabled to allow the build to proceed. This should be re-enabled
once a patched version is available.

protocolbuffers/protobuf#25239
@lebaudantoine lebaudantoine force-pushed the fix-trivy-scan-20260994 branch from a818f4c to ec2d392 Compare January 25, 2026 16:55
@socket-security
Copy link

socket-security bot commented Jan 25, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedtypescript-eslint@​8.35.11001007398100

View full report

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lebaudantoine lebaudantoine merged commit 39fb273 into main Jan 25, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lebaudantoine