commit | 925a28ef20617dd1d1dc86c01e742946a7c9135e | [log] [tgz] |
---|---|---|
author | Tatiana Bradley <tatianabradley@google.com> | Tue May 07 10:33:14 2024 -0400 |
committer | Tatiana Bradley <tatianabradley@google.com> | Wed May 08 17:42:57 2024 +0000 |
tree | f253af60a5d22224260f99371af862a0b01ab8b0 | |
parent | c387d46ab5e9f30939798d86222e5ea7691b0753 [diff] |
internal/report: add quick fix for module merging issue Previously, FixModules would attempt to merge versions even if it resulted in an invalid version list (e.g., with overlapping ranges). As a quick fix, bail out from the merge attempt if any of the results wouldn't make sense, and add a note to the report. This can be improved in the future by continuing to attempt to merge modules that can be merged instead of bailing out early. Change-Id: I5074cd3d04251423da9afa1a52933f0fbeab4b5f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/580435 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This repository contains the infrastructure and internal reports to create the Go Vulnerability Database.
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
Click here to report a public vulnerability in the Go ecosystem, or give feedback about the project.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY-4.0 license. See go.dev/security/vuln/database for information on how to access these entries.