chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406

It is not possible to tell vulncheck that Forgejo is not affected by CVE-2024-0406. Use a mirror of the repository to do that. Refs: https://github.com/mholt/archiver/issues/404 (cherry picked from commit 3bfec270acde189fe5e5e8f2e65be9e5a1be61d9) Conflicts: go.sum trivial context conflict
author: Earl Warren <contact@earl-warren.org> 2024-06-05 22:07:40 +0200
committer: Earl Warren <contact@earl-warren.org> 2024-06-05 22:19:30 +0200
commit: e7977767facf1aa0378dc5af73cc31faaa984b48 (patch)
tree: be778142da7be2c070481de4cfdca5272110f34c /go.mod
parent: Merge pull request '[gitea] week 2024-23-v7.0 cherry pick (release/v1.22 -> v... (diff)
download: forgejo-e7977767facf1aa0378dc5af73cc31faaa984b48.tar.xz
forgejo-e7977767facf1aa0378dc5af73cc31faaa984b48.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/go.mod b/go.mod
index 708c096f2e..a15219b83c 100644
--- a/go.mod
+++ b/go.mod
@@ -309,3 +309,5 @@ exclude github.com/gofrs/uuid v4.0.0+incompatible
 exclude github.com/goccy/go-json v0.4.11
 
 exclude github.com/satori/go.uuid v1.2.0
+
+replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
author	Earl Warren <contact@earl-warren.org>	2024-06-05 22:07:40 +0200
committer	Earl Warren <contact@earl-warren.org>	2024-06-05 22:19:30 +0200
commit	e7977767facf1aa0378dc5af73cc31faaa984b48 (patch)
tree	be778142da7be2c070481de4cfdca5272110f34c /go.mod
parent	Merge pull request '[gitea] week 2024-23-v7.0 cherry pick (release/v1.22 -> v... (diff)
download	forgejo-e7977767facf1aa0378dc5af73cc31faaa984b48.tar.xz forgejo-e7977767facf1aa0378dc5af73cc31faaa984b48.zip