Skip to content

fix: add Cargo.lock to the .gitattributes file#3606

Closed
juniorkrvl wants to merge 1 commit intoDataDog:masterfrom
juniorkrvl:add-cargo-lock-to-gitattributes
Closed

fix: add Cargo.lock to the .gitattributes file#3606
juniorkrvl wants to merge 1 commit intoDataDog:masterfrom
juniorkrvl:add-cargo-lock-to-gitattributes

Conversation

@juniorkrvl
Copy link

@juniorkrvl juniorkrvl commented Jan 28, 2026

Description

My vulnerability scanner flags tracing-subscriber during deployment. This MR updates .gitattributes to exclude Cargo.lock from the scan path, preventing false positives from vendor dependencies.

1 vulnerabilities found
0 Critical (0 fixable)
0 High (0 fixable)
1 Medium (1 fixable)
0 Low (0 fixable)
0 Negligible (0 fixable)
       PACKAGE        TYPE  VERSION  SUGGESTED FIX  CRITICAL  HIGH  MEDIUM  LOW  NEGLIGIBLE  EXPLOIT  
  tracing-subscriber  rust  0.3.19      0.3.20         0       0      1      0       0          0

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@juniorkrvl juniorkrvl requested a review from a team as a code owner January 28, 2026 17:41
bwoebi
bwoebi requested changes Feb 3, 2026
View reviewed changes
Copy link
Collaborator

@bwoebi bwoebi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cargo.lock is an exported artifact. It's not to be ignored. It's the versions of dependencies we build with and users should build off as well.

@bwoebi bwoebi closed this Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bwoebi bwoebi bwoebi requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@juniorkrvl @bwoebi