mirror of
https://github.com/flutter/flutter.git
synced 2026-02-20 02:29:02 +08:00
4fa8327ffe
This change integrates directly with osv-scanner rather than using the OSV API to query each dependency for vulnerabilities. - use [lockfile format](https://github.com/flutter/engine/pull/49203) for third party deps rather than a flat file - let osv-scanner do the work of checking for vulns rather than API calls to OSV database - let osv-scanner create and populate the SARIF results A successful run of the vulnerability scanner can be seen in the tests of this PR. *If you had to change anything in the [flutter/tests] repo, include a link to the migration guide as per the [breaking change policy].* [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style