Google Git
Sign in
go / vulndb / 925a28ef20617dd1d1dc86c01e742946a7c9135e
commit925a28ef20617dd1d1dc86c01e742946a7c9135e[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Tue May 07 10:33:14 2024 -0400
committerTatiana Bradley <tatianabradley@google.com>Wed May 08 17:42:57 2024 +0000
treef253af60a5d22224260f99371af862a0b01ab8b0
parentc387d46ab5e9f30939798d86222e5ea7691b0753 [diff]
internal/report: add quick fix for module merging issue

Previously, FixModules would attempt to merge versions even if it
resulted in an invalid version list (e.g., with overlapping ranges).

As a quick fix, bail out from the merge attempt if any of the
results wouldn't make sense, and add a note to the report.

This can be improved in the future by continuing to attempt to merge
modules that can be merged instead of bailing out early.

Change-Id: I5074cd3d04251423da9afa1a52933f0fbeab4b5f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/580435
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
3 files changed
tree: f253af60a5d22224260f99371af862a0b01ab8b0
  1. .github/
  2. cmd/
  3. data/
  4. deploy/
  5. devtools/
  6. doc/
  7. internal/
  8. terraform/
  9. webconfig/
  10. .gitignore
  11. all_test.go
  12. checks.bash
  13. CONTRIBUTING.md
  14. go.mod
  15. go.sum
  16. LICENSE
  17. PATENTS
  18. README.md
  19. tools_test.go
README.md

The Go Vulnerability Database

Go Reference

This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.

Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.

Reporting a vulnerability or feedback

Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.

Privacy Policy

The privacy policy for govulncheck can be found at https://vuln.go.dev/privacy.

License

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.